Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/7dda4f-f0c7-4008-9ab9-dfa0b8052614/1/Fy9dAaWIGt3DDwam3RK8I1POnD0.roa
File:                     Fy9dAaWIGt3DDwam3RK8I1POnD0.roa (raw, json)
Hash identifier:          mN5AYrqpl0VfVq4+AtyPnI39fV2fuW1S27zeiDc2nYY=
Subject key identifier:   17:2F:5D:01:A5:88:1A:DD:C3:0F:06:A6:DD:12:BC:23:53:CE:9C:3D
Certificate issuer:       /CN=ec2e821d88de7a011341704202346f7c2bb9ebcf
Certificate serial:       019425FD3289C437051638DF33FFE5004FC4
Authority key identifier: EC:2E:82:1D:88:DE:7A:01:13:41:70:42:02:34:6F:7C:2B:B9:EB:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7C6CHYjeegETQXBCAjRvfCu5688.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/7dda4f-f0c7-4008-9ab9-dfa0b8052614/1/Fy9dAaWIGt3DDwam3RK8I1POnD0.roa
Signing time:             Thu 02 Jan 2025 07:48:57 +0000
ROA not before:           Thu 02 Jan 2025 07:48:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35720
IP address blocks:        194.79.24.0/22 maxlen: 22
                          194.79.24.0/23 maxlen: 23
                          194.79.26.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/7dda4f-f0c7-4008-9ab9-dfa0b8052614/1/7C6CHYjeegETQXBCAjRvfCu5688.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/7dda4f-f0c7-4008-9ab9-dfa0b8052614/1/7C6CHYjeegETQXBCAjRvfCu5688.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7C6CHYjeegETQXBCAjRvfCu5688.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 21:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:32:89:c4:37:05:16:38:df:33:ff:e5:00:4f:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec2e821d88de7a011341704202346f7c2bb9ebcf
        Validity
            Not Before: Jan  2 07:48:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=172f5d01a5881addc30f06a6dd12bc2353ce9c3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:2c:b2:65:d8:6f:58:a5:9a:3d:ee:aa:23:14:
                    f0:2d:32:fa:a6:ab:a8:97:56:6c:07:f9:1d:1c:08:
                    41:73:53:71:b6:32:91:6e:d9:e3:cd:43:0b:4a:03:
                    eb:fa:99:6b:be:63:0e:d5:a2:df:04:ca:4d:fc:c9:
                    e3:6c:12:3b:e2:89:79:27:95:fc:25:d5:55:7d:5a:
                    b3:a2:14:e7:07:72:a7:be:fb:8d:19:6b:f1:58:73:
                    f0:c0:cf:7e:bc:a2:7a:bd:a5:2f:17:07:e0:63:02:
                    69:e5:5e:f6:a8:14:a3:0a:22:20:33:ad:b6:e2:77:
                    e9:59:39:85:5f:c5:98:88:e4:7c:27:25:8f:bf:ec:
                    2a:a4:bf:e6:3e:fc:ea:2f:26:26:e3:54:5e:de:80:
                    c8:ef:fa:ca:77:73:b1:d3:47:d4:d3:6c:24:66:40:
                    7f:a3:5b:7f:e3:04:73:63:bd:13:e7:37:d7:8c:b5:
                    af:0b:d1:3c:6c:0c:5e:d9:8b:dd:15:9c:ed:39:c1:
                    f2:6f:c9:a1:cc:37:de:85:fb:18:3b:4a:20:ee:51:
                    d6:d5:82:0e:aa:9b:e9:ba:dd:80:b3:e2:c2:33:57:
                    f7:05:26:32:60:7d:34:06:8c:e1:92:54:6e:fa:1a:
                    f2:07:54:b8:c2:c0:2b:e9:97:36:dd:0a:43:39:f6:
                    9a:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:2F:5D:01:A5:88:1A:DD:C3:0F:06:A6:DD:12:BC:23:53:CE:9C:3D
            X509v3 Authority Key Identifier:
                keyid:EC:2E:82:1D:88:DE:7A:01:13:41:70:42:02:34:6F:7C:2B:B9:EB:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7C6CHYjeegETQXBCAjRvfCu5688.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/7dda4f-f0c7-4008-9ab9-dfa0b8052614/1/Fy9dAaWIGt3DDwam3RK8I1POnD0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/7dda4f-f0c7-4008-9ab9-dfa0b8052614/1/7C6CHYjeegETQXBCAjRvfCu5688.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.79.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         d6:a4:6e:d9:5e:b4:59:a5:48:9e:e0:ea:ba:70:0a:81:51:e3:
         e6:a4:b8:94:b6:3f:ce:1a:b2:ca:50:03:e7:a2:f0:05:8e:7a:
         67:c7:08:c5:fe:a2:fd:e8:56:40:d2:63:e9:8d:f9:6c:4a:16:
         06:25:a2:52:7d:e3:1e:ac:a7:c5:73:3e:24:07:1b:75:c8:73:
         5d:e4:5a:90:55:56:90:be:bc:c6:c5:71:46:1d:66:90:10:9a:
         68:6e:ae:ae:2d:81:8e:c1:4f:66:38:d0:40:66:49:0e:56:ee:
         db:a9:22:87:0a:82:94:b2:25:49:65:17:84:5e:30:36:9e:f9:
         bd:6e:f2:6f:38:a4:75:fd:4c:d0:5d:46:2b:a5:4b:06:c2:a8:
         a7:80:75:d3:57:95:39:59:79:32:1e:3c:4f:4a:f1:32:ba:07:
         b7:66:db:39:46:12:27:f0:1a:94:cc:13:d8:87:2c:00:13:fe:
         79:8e:b0:96:7d:1d:a6:80:48:00:ad:4d:48:29:3e:35:bc:0d:
         85:c5:1b:bb:cc:b4:8f:8c:a2:79:86:d7:d4:ba:25:84:9d:7f:
         d4:8a:a8:94:28:95:38:8b:ec:e3:17:9b:55:68:db:0e:d2:8b:
         64:06:48:a8:fe:55:e6:d4:b7:c1:3c:c9:d4:f5:34:65:f0:55:
         3a:a8:c2:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/TKJxDcFFjjfM//lAE/EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjMmU4MjFkODhkZTdhMDExMzQxNzA0MjAyMzQ2ZjdjMmJi
OWViY2YwHhcNMjUwMTAyMDc0ODU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzJmNWQwMWE1ODgxYWRkYzMwZjA2YTZkZDEyYmMyMzUzY2U5YzNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjSyyZdhvWKWaPe6qIxTwLTL6pquo
l1ZsB/kdHAhBc1NxtjKRbtnjzUMLSgPr+plrvmMO1aLfBMpN/MnjbBI74ol5J5X8
JdVVfVqzohTnB3KnvvuNGWvxWHPwwM9+vKJ6vaUvFwfgYwJp5V72qBSjCiIgM622
4nfpWTmFX8WYiOR8JyWPv+wqpL/mPvzqLyYm41Re3oDI7/rKd3Ox00fU02wkZkB/
o1t/4wRzY70T5zfXjLWvC9E8bAxe2YvdFZztOcHyb8mhzDfehfsYO0og7lHW1YIO
qpvput2As+LCM1f3BSYyYH00BozhklRu+hryB1S4wsAr6Zc23QpDOfaa2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBcvXQGliBrdww8Gpt0SvCNTzpw9MB8GA1UdIwQY
MBaAFOwugh2I3noBE0FwQgI0b3wruevPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0M2Q0hZamVlZ0VUUVhCQ0FqUnZmQ3U1Njg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy83ZGRhNGYtZjBjNy00MDA4LTlhYjkt
ZGZhMGI4MDUyNjE0LzEvRnk5ZEFhV0lHdDNERHdhbTNSSzhJMVBPbkQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy83ZGRhNGYtZjBjNy00MDA4LTlhYjktZGZhMGI4MDUyNjE0
LzEvN0M2Q0hZamVlZ0VUUVhCQ0FqUnZmQ3U1Njg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwk8YMA0G
CSqGSIb3DQEBCwUAA4IBAQDWpG7ZXrRZpUie4Oq6cAqBUePmpLiUtj/OGrLKUAPn
ovAFjnpnxwjF/qL96FZA0mPpjflsShYGJaJSfeMerKfFcz4kBxt1yHNd5FqQVVaQ
vrzGxXFGHWaQEJpobq6uLYGOwU9mONBAZkkOVu7bqSKHCoKUsiVJZReEXjA2nvm9
bvJvOKR1/UzQXUYrpUsGwqingHXTV5U5WXkyHjxPSvEyuge3Zts5RhIn8BqUzBPY
hywAE/55jrCWfR2mgEgArU1IKT41vA2FxRu7zLSPjKJ5htfUuiWEnX/UiqiUKJU4
i+zjF5tVaNsO0otkBkio/lXm1LfBPMnU9TRl8FU6qMLB
-----END CERTIFICATE-----