Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/a0b605-56fb-4cba-8ddc-b585417910eb/1/bWkzDjoyXp1j-qZqgWYsRC5CuDw.roa
File:                     bWkzDjoyXp1j-qZqgWYsRC5CuDw.roa (raw, json)
Hash identifier:          +Se3L4OH81c744mhhDr0vSFFcNI0VPir7WMuZ7dt6OY=
Subject key identifier:   6D:69:33:0E:3A:32:5E:9D:63:FA:A6:6A:81:66:2C:44:2E:42:B8:3C
Certificate issuer:       /CN=07a19f46a17b9d4869df66493cfb05d7d82894a6
Certificate serial:       019420683A0CB29BB8C7899AE8507815AAAE
Authority key identifier: 07:A1:9F:46:A1:7B:9D:48:69:DF:66:49:3C:FB:05:D7:D8:28:94:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B6GfRqF7nUhp32ZJPPsF19golKY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/a0b605-56fb-4cba-8ddc-b585417910eb/1/bWkzDjoyXp1j-qZqgWYsRC5CuDw.roa
Signing time:             Wed 01 Jan 2025 05:48:09 +0000
ROA not before:           Wed 01 Jan 2025 05:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44065
IP address blocks:        79.98.152.0/21 maxlen: 21
                          217.29.0.0/20 maxlen: 20
                          2a02:3c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/a0b605-56fb-4cba-8ddc-b585417910eb/1/B6GfRqF7nUhp32ZJPPsF19golKY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/a0b605-56fb-4cba-8ddc-b585417910eb/1/B6GfRqF7nUhp32ZJPPsF19golKY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B6GfRqF7nUhp32ZJPPsF19golKY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:3a:0c:b2:9b:b8:c7:89:9a:e8:50:78:15:aa:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07a19f46a17b9d4869df66493cfb05d7d82894a6
        Validity
            Not Before: Jan  1 05:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6d69330e3a325e9d63faa66a81662c442e42b83c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:85:d9:96:76:5d:d5:f0:82:36:72:1d:ae:58:
                    22:8c:1a:4c:b1:86:96:93:6f:e0:f9:7b:8b:83:c9:
                    27:b2:be:5c:a5:45:b1:38:03:5a:1e:20:1e:b7:98:
                    d1:28:20:61:0b:8a:09:91:2f:2e:a6:84:88:0d:9e:
                    17:cc:d8:7f:9b:a7:c1:ea:4d:fd:2b:fd:5c:cd:84:
                    2c:14:f6:02:85:f8:9e:e0:0c:a5:b4:1f:af:ad:e7:
                    e5:1a:c4:2b:0a:6a:b7:a2:cf:f7:c5:a5:60:95:37:
                    cb:4f:5f:ed:d5:ef:e6:3d:9f:b7:2d:09:73:9b:45:
                    52:b1:fe:e3:62:f6:70:e6:7b:9e:07:bb:24:eb:87:
                    14:61:fd:96:86:00:33:83:25:c3:d7:6d:f2:fa:9e:
                    6e:42:bb:46:15:ae:8d:65:09:f9:13:22:76:f5:14:
                    e4:45:87:62:cc:63:16:c5:60:06:14:92:eb:4f:87:
                    1c:b6:9c:54:64:23:f3:31:bb:45:43:34:bb:37:cb:
                    f5:ef:46:ad:bf:0a:7a:17:a1:4e:91:8b:db:78:8e:
                    da:65:0a:13:0c:75:2d:7c:5e:10:cb:b6:2b:c0:b8:
                    03:bb:97:f0:79:6a:52:41:46:a1:ec:c4:2b:cd:e9:
                    55:ed:24:69:38:8f:62:a0:c4:dd:74:a8:6f:99:e7:
                    02:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:69:33:0E:3A:32:5E:9D:63:FA:A6:6A:81:66:2C:44:2E:42:B8:3C
            X509v3 Authority Key Identifier:
                keyid:07:A1:9F:46:A1:7B:9D:48:69:DF:66:49:3C:FB:05:D7:D8:28:94:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B6GfRqF7nUhp32ZJPPsF19golKY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/a0b605-56fb-4cba-8ddc-b585417910eb/1/bWkzDjoyXp1j-qZqgWYsRC5CuDw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/a0b605-56fb-4cba-8ddc-b585417910eb/1/B6GfRqF7nUhp32ZJPPsF19golKY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.98.152.0/21
                  217.29.0.0/20
                IPv6:
                  2a02:3c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         75:c8:03:bf:ed:0b:e0:d9:e2:97:ea:82:54:26:59:bc:97:ed:
         f5:60:f7:f9:6e:b4:29:a1:62:fe:5d:1c:08:00:45:8a:e2:f4:
         40:06:48:86:af:e3:63:b3:97:d2:06:40:88:78:51:03:00:ad:
         e7:0b:ec:22:42:17:a2:fd:0f:8f:b8:79:84:f5:12:24:18:e4:
         29:79:c5:df:29:5b:9d:95:c6:25:50:e6:79:63:9e:20:2a:e6:
         22:ff:b2:7f:5d:97:ca:a7:e7:9a:cb:91:c1:fb:cc:97:2c:e2:
         46:c0:f1:d6:b4:97:eb:e3:5a:6a:0f:43:3e:77:b3:6c:53:33:
         8d:45:60:73:fe:73:5f:61:df:1f:78:16:d4:be:76:fb:ad:32:
         94:b6:ba:8d:0a:e6:6e:11:67:4f:b0:03:f5:d2:12:1e:11:d5:
         80:65:2f:4d:f8:6b:21:1f:34:23:78:7d:29:59:73:cd:32:2d:
         c1:cb:af:ed:21:cc:ae:1c:02:63:6e:2e:c9:78:f2:d0:8a:11:
         eb:31:c7:d2:97:3a:a6:a7:6e:1e:cd:2c:56:5e:52:60:9e:49:
         e2:81:15:c3:e8:ff:fa:54:aa:9d:c2:0c:97:5c:c1:82:1f:b9:
         ce:6a:eb:b4:38:87:f8:1c:44:54:42:f4:25:c3:7b:2c:c1:c9:
         5b:dd:8d:dd
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQgaDoMspu4x4ma6FB4FaquMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3YTE5ZjQ2YTE3YjlkNDg2OWRmNjY0OTNjZmIwNWQ3ZDgy
ODk0YTYwHhcNMjUwMTAxMDU0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDY5MzMwZTNhMzI1ZTlkNjNmYWE2NmE4MTY2MmM0NDJlNDJiODNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4IXZlnZd1fCCNnIdrlgijBpMsYaW
k2/g+XuLg8knsr5cpUWxOANaHiAet5jRKCBhC4oJkS8upoSIDZ4XzNh/m6fB6k39
K/1czYQsFPYChfie4AyltB+vreflGsQrCmq3os/3xaVglTfLT1/t1e/mPZ+3LQlz
m0VSsf7jYvZw5nueB7sk64cUYf2WhgAzgyXD123y+p5uQrtGFa6NZQn5EyJ29RTk
RYdizGMWxWAGFJLrT4cctpxUZCPzMbtFQzS7N8v170atvwp6F6FOkYvbeI7aZQoT
DHUtfF4Qy7YrwLgDu5fweWpSQUah7MQrzelV7SRpOI9ioMTddKhvmecCewIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFG1pMw46Ml6dY/qmaoFmLEQuQrg8MB8GA1UdIwQY
MBaAFAehn0ahe51Iad9mSTz7BdfYKJSmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjZHZlJxRjduVWhwMzJaSlBQc0YxOWdvbEtZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC9hMGI2MDUtNTZmYi00Y2JhLThkZGMt
YjU4NTQxNzkxMGViLzEvYldrekRqb3lYcDFqLXFacWdXWXNSQzVDdUR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC9hMGI2MDUtNTZmYi00Y2JhLThkZGMtYjU4NTQxNzkxMGVi
LzEvQjZHZlJxRjduVWhwMzJaSlBQc0YxOWdvbEtZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDT2KYAwQE
2R0AMA0EAgACMAcDBQMqAgPAMA0GCSqGSIb3DQEBCwUAA4IBAQB1yAO/7Qvg2eKX
6oJUJlm8l+31YPf5brQpoWL+XRwIAEWK4vRABkiGr+Njs5fSBkCIeFEDAK3nC+wi
Qhei/Q+PuHmE9RIkGOQpecXfKVudlcYlUOZ5Y54gKuYi/7J/XZfKp+eay5HB+8yX
LOJGwPHWtJfr41pqD0M+d7NsUzONRWBz/nNfYd8feBbUvnb7rTKUtrqNCuZuEWdP
sAP10hIeEdWAZS9N+GshHzQjeH0pWXPNMi3By6/tIcyuHAJjbi7JePLQihHrMcfS
lzqmp24ezSxWXlJgnknigRXD6P/6VKqdwgyXXMGCH7nOauu0OIf4HERUQvQlw3ss
wclb3Y3d
-----END CERTIFICATE-----