Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/cc37cf-b056-41d9-b57b-1dd5dab36f9f/1/Rs-Hb7Ce7VPVhger173QDLpRVns.roa
File:                     Rs-Hb7Ce7VPVhger173QDLpRVns.roa (raw, json)
Hash identifier:          FHoraum22ekUFk3RVeKBH0jOAMKTEJcQ/5EYQf5cotU=
Subject key identifier:   46:CF:87:6F:B0:9E:ED:53:D5:86:07:AB:D7:BD:D0:0C:BA:51:56:7B
Certificate issuer:       /CN=2983841bc09f1fd4fe3de991016c0b7126fba52e
Certificate serial:       0198200A0A6F540904581B897B1957AB44B6
Authority key identifier: 29:83:84:1B:C0:9F:1F:D4:FE:3D:E9:91:01:6C:0B:71:26:FB:A5:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KYOEG8CfH9T-PemRAWwLcSb7pS4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/cc37cf-b056-41d9-b57b-1dd5dab36f9f/1/Rs-Hb7Ce7VPVhger173QDLpRVns.roa
Signing time:             Sat 19 Jul 2025 00:16:25 +0000
ROA not before:           Sat 19 Jul 2025 00:16:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     329007
IP address blocks:        79.110.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/cc37cf-b056-41d9-b57b-1dd5dab36f9f/1/KYOEG8CfH9T-PemRAWwLcSb7pS4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/cc37cf-b056-41d9-b57b-1dd5dab36f9f/1/KYOEG8CfH9T-PemRAWwLcSb7pS4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KYOEG8CfH9T-PemRAWwLcSb7pS4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 14:17:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:20:0a:0a:6f:54:09:04:58:1b:89:7b:19:57:ab:44:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2983841bc09f1fd4fe3de991016c0b7126fba52e
        Validity
            Not Before: Jul 19 00:16:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=46cf876fb09eed53d58607abd7bdd00cba51567b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:82:61:6d:14:f8:49:aa:30:72:b4:82:ca:c5:
                    6e:6c:14:7a:8e:16:0a:0a:84:c0:33:b2:48:42:e2:
                    74:85:94:c7:99:ae:49:87:e6:2d:0e:0b:fd:3c:9e:
                    78:74:76:9d:84:b9:40:ce:f4:da:67:6d:23:cd:65:
                    ed:43:dd:67:fb:bf:8e:08:50:1b:ae:11:85:28:5c:
                    87:2c:84:35:fe:30:fd:7d:64:95:13:e9:ab:f8:c2:
                    a8:47:82:2d:31:f8:6b:ed:d8:fb:78:e6:0c:88:1e:
                    cb:60:3f:de:fb:ec:a6:a0:d5:a4:d1:66:a8:eb:d6:
                    de:5a:01:a0:a7:b6:07:2d:57:7f:91:b6:92:58:a6:
                    97:12:02:21:cc:8b:6e:be:2b:ae:30:fa:04:12:7e:
                    25:a9:e6:52:8c:98:e2:91:e0:58:49:9f:d8:9a:e1:
                    68:35:f8:96:0b:ab:dc:bc:5f:d3:d4:3f:26:02:ad:
                    41:bd:eb:36:11:56:0b:7e:85:81:9a:2d:f1:c5:7f:
                    75:34:3d:41:40:dd:dd:5e:30:fa:60:e7:29:62:59:
                    a7:d3:3f:cc:16:d9:91:ed:41:de:c6:90:ad:c1:8d:
                    d5:41:7a:18:37:6e:bd:0a:24:4e:58:b0:95:ad:9a:
                    d0:e4:47:3f:4d:32:c8:22:8b:a6:96:44:ec:a8:aa:
                    e1:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:CF:87:6F:B0:9E:ED:53:D5:86:07:AB:D7:BD:D0:0C:BA:51:56:7B
            X509v3 Authority Key Identifier:
                keyid:29:83:84:1B:C0:9F:1F:D4:FE:3D:E9:91:01:6C:0B:71:26:FB:A5:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KYOEG8CfH9T-PemRAWwLcSb7pS4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/cc37cf-b056-41d9-b57b-1dd5dab36f9f/1/Rs-Hb7Ce7VPVhger173QDLpRVns.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/cc37cf-b056-41d9-b57b-1dd5dab36f9f/1/KYOEG8CfH9T-PemRAWwLcSb7pS4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.110.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:34:a6:c6:b3:59:f7:8a:c9:c4:1b:4b:7b:15:ee:6e:93:2c:
         dd:31:10:50:72:e2:26:46:70:5c:54:97:e8:21:04:18:35:13:
         21:dd:0c:96:cd:c3:6c:b4:88:13:ca:8d:00:5a:37:34:4b:36:
         1e:ef:59:fe:4f:af:c8:85:c6:7d:3f:34:d5:53:80:73:09:aa:
         82:a8:e5:88:a2:4c:5d:f7:27:4f:d3:2a:32:e9:a8:60:6b:89:
         69:93:f2:0f:58:11:43:0c:39:22:96:82:14:08:1c:cc:b5:04:
         d6:18:ca:0c:ce:9a:f7:a2:c4:e8:53:bb:ec:e2:7b:82:68:47:
         ed:b1:d8:e8:fb:ee:d6:7e:36:fc:49:d1:57:62:b1:a5:69:a5:
         05:4a:fd:93:c5:fa:26:7c:f2:49:bb:f8:a0:df:ba:69:80:c6:
         f9:0c:68:48:12:25:5f:f5:3c:eb:26:b5:cd:15:7e:9f:c5:18:
         b1:ed:ef:3e:2e:b6:1c:44:94:48:1f:5d:5c:68:c3:fb:a7:d2:
         f5:07:57:e3:d1:37:57:4e:29:2a:0d:ce:7f:95:4c:4f:e3:5d:
         09:99:79:63:0a:97:e7:7b:e3:ab:91:01:9a:45:69:2a:50:ea:
         89:1d:fd:ec:a2:68:c1:13:c4:83:d9:f1:b6:74:b8:4b:a6:fa:
         a0:65:8e:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZggCgpvVAkEWBuJexlXq0S2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ODM4NDFiYzA5ZjFmZDRmZTNkZTk5MTAxNmMwYjcxMjZm
YmE1MmUwHhcNMjUwNzE5MDAxNjI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmNmODc2ZmIwOWVlZDUzZDU4NjA3YWJkN2JkZDAwY2JhNTE1NjdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwIJhbRT4SaowcrSCysVubBR6jhYK
CoTAM7JIQuJ0hZTHma5Jh+YtDgv9PJ54dHadhLlAzvTaZ20jzWXtQ91n+7+OCFAb
rhGFKFyHLIQ1/jD9fWSVE+mr+MKoR4ItMfhr7dj7eOYMiB7LYD/e++ymoNWk0Wao
69beWgGgp7YHLVd/kbaSWKaXEgIhzItuviuuMPoEEn4lqeZSjJjikeBYSZ/YmuFo
NfiWC6vcvF/T1D8mAq1Bves2EVYLfoWBmi3xxX91ND1BQN3dXjD6YOcpYlmn0z/M
FtmR7UHexpCtwY3VQXoYN269CiROWLCVrZrQ5Ec/TTLIIoumlkTsqKrhWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEbPh2+wnu1T1YYHq9e90Ay6UVZ7MB8GA1UdIwQY
MBaAFCmDhBvAnx/U/j3pkQFsC3Em+6UuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1lPRUc4Q2ZIOVQtUGVtUkFXd0xjU2I3cFM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9jYzM3Y2YtYjA1Ni00MWQ5LWI1N2It
MWRkNWRhYjM2ZjlmLzEvUnMtSGI3Q2U3VlBWaGdlcjE3M1FETHBSVm5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9jYzM3Y2YtYjA1Ni00MWQ5LWI1N2ItMWRkNWRhYjM2Zjlm
LzEvS1lPRUc4Q2ZIOVQtUGVtUkFXd0xjU2I3cFM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT26nMA0G
CSqGSIb3DQEBCwUAA4IBAQA1NKbGs1n3isnEG0t7Fe5ukyzdMRBQcuImRnBcVJfo
IQQYNRMh3QyWzcNstIgTyo0AWjc0SzYe71n+T6/IhcZ9PzTVU4BzCaqCqOWIokxd
9ydP0yoy6ahga4lpk/IPWBFDDDkiloIUCBzMtQTWGMoMzpr3osToU7vs4nuCaEft
sdjo++7Wfjb8SdFXYrGlaaUFSv2TxfomfPJJu/ig37ppgMb5DGhIEiVf9TzrJrXN
FX6fxRix7e8+LrYcRJRIH11caMP7p9L1B1fj0TdXTikqDc5/lUxP410JmXljCpfn
e+OrkQGaRWkqUOqJHf3somjBE8SD2fG2dLhLpvqgZY7i
-----END CERTIFICATE-----