Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/cc37cf-b056-41d9-b57b-1dd5dab36f9f/1/tG9g7Co1XH6U8tZyoXMC-RjzpsI.roa
File:                     tG9g7Co1XH6U8tZyoXMC-RjzpsI.roa (raw, json)
Hash identifier:          f5hLHvCO22cXuPn8MfVWI6zy/RfS3YcwLYdVmDvuy/U=
Subject key identifier:   B4:6F:60:EC:2A:35:5C:7E:94:F2:D6:72:A1:73:02:F9:18:F3:A6:C2
Certificate issuer:       /CN=2983841bc09f1fd4fe3de991016c0b7126fba52e
Certificate serial:       0194B18EB28AAFA42ADE83A348F4A588A4AE
Authority key identifier: 29:83:84:1B:C0:9F:1F:D4:FE:3D:E9:91:01:6C:0B:71:26:FB:A5:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KYOEG8CfH9T-PemRAWwLcSb7pS4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/cc37cf-b056-41d9-b57b-1dd5dab36f9f/1/tG9g7Co1XH6U8tZyoXMC-RjzpsI.roa
Signing time:             Wed 29 Jan 2025 10:15:06 +0000
ROA not before:           Wed 29 Jan 2025 10:15:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     152460
IP address blocks:        79.110.164.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/cc37cf-b056-41d9-b57b-1dd5dab36f9f/1/KYOEG8CfH9T-PemRAWwLcSb7pS4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/cc37cf-b056-41d9-b57b-1dd5dab36f9f/1/KYOEG8CfH9T-PemRAWwLcSb7pS4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KYOEG8CfH9T-PemRAWwLcSb7pS4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b1:8e:b2:8a:af:a4:2a:de:83:a3:48:f4:a5:88:a4:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2983841bc09f1fd4fe3de991016c0b7126fba52e
        Validity
            Not Before: Jan 29 10:15:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b46f60ec2a355c7e94f2d672a17302f918f3a6c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:cf:1c:74:3b:f8:aa:01:5e:32:dd:32:7a:8f:
                    33:52:d1:da:d4:ef:2d:53:4c:65:5e:cf:01:af:57:
                    17:93:b1:fc:b9:74:20:2e:85:44:86:ea:c8:84:89:
                    f6:22:62:5b:e4:34:1c:b9:ff:fc:57:68:57:bc:e3:
                    98:c7:8e:71:7b:fa:1d:8f:ef:b4:7e:8b:e9:b0:f0:
                    68:87:f5:b1:f7:e9:2b:16:50:31:ce:67:a7:1b:9b:
                    63:cd:4f:f9:4d:e4:02:59:14:2c:83:b4:87:aa:3e:
                    ed:ca:c8:82:7a:82:a6:05:e6:09:9e:67:c8:8f:0e:
                    fc:fb:6b:84:eb:2e:99:8e:d8:20:5d:be:43:51:63:
                    c5:16:6c:9d:12:ee:fd:c8:b8:dc:10:ca:f7:fd:e3:
                    4e:bb:e7:d4:86:78:a6:f1:c3:9a:d3:ec:1a:d3:d3:
                    d7:26:77:45:fc:66:1c:90:f1:ef:c7:2c:b0:4f:55:
                    72:1f:29:98:59:45:9f:3f:32:19:8a:1d:d8:9a:4c:
                    e9:2a:e7:66:d5:46:3c:5f:c3:90:23:60:81:a7:98:
                    3e:df:b8:ff:e7:22:32:f7:54:11:3d:ab:b9:cd:84:
                    3a:cc:3d:5c:d3:c7:3c:be:70:49:5d:e9:1f:cf:8e:
                    29:66:6b:5e:a0:b0:e3:6d:43:45:df:50:5c:05:78:
                    21:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:6F:60:EC:2A:35:5C:7E:94:F2:D6:72:A1:73:02:F9:18:F3:A6:C2
            X509v3 Authority Key Identifier:
                keyid:29:83:84:1B:C0:9F:1F:D4:FE:3D:E9:91:01:6C:0B:71:26:FB:A5:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KYOEG8CfH9T-PemRAWwLcSb7pS4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/cc37cf-b056-41d9-b57b-1dd5dab36f9f/1/tG9g7Co1XH6U8tZyoXMC-RjzpsI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/cc37cf-b056-41d9-b57b-1dd5dab36f9f/1/KYOEG8CfH9T-PemRAWwLcSb7pS4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.110.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:be:82:c7:c7:fb:33:63:1d:19:dc:e0:f8:f4:ab:6f:62:30:
         95:51:f1:d8:5c:04:d7:99:7d:a7:06:7e:4d:27:fc:c4:a9:b0:
         78:eb:06:be:88:d8:9b:6d:51:c8:9b:db:92:69:70:0b:90:64:
         b3:b6:a6:32:55:52:ef:ac:8a:e5:7f:a8:5b:17:6d:ba:3f:3b:
         6e:38:54:c0:8d:44:d1:29:4f:ee:ee:61:6c:73:e1:59:4f:79:
         16:3c:18:6a:3d:90:d6:31:e3:e6:f6:32:53:39:0e:e3:67:df:
         39:fe:95:4a:e7:bb:0b:4d:22:ea:a6:09:5b:62:78:1e:c9:16:
         3e:e1:f0:f3:99:da:02:22:02:4d:a1:45:43:64:a1:2d:03:f0:
         04:2e:5b:a5:da:db:84:c4:72:89:b5:51:48:6f:51:9e:58:cb:
         ef:9e:71:61:f0:a4:ba:21:e5:55:a5:83:dc:21:25:10:73:f6:
         f9:98:0e:ae:77:c5:df:dd:ff:dd:94:94:2b:ff:51:4a:c7:5b:
         74:22:ef:e6:f0:9d:de:f3:71:45:e4:22:65:21:54:bf:86:98:
         4f:50:ca:3a:e2:ed:e8:ea:b4:d6:e6:16:75:f3:91:24:25:62:
         71:14:89:2e:47:9e:eb:a7:aa:17:e8:9f:76:9d:46:ac:1a:76:
         cc:60:3c:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSxjrKKr6Qq3oOjSPSliKSuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ODM4NDFiYzA5ZjFmZDRmZTNkZTk5MTAxNmMwYjcxMjZm
YmE1MmUwHhcNMjUwMTI5MTAxNTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDZmNjBlYzJhMzU1YzdlOTRmMmQ2NzJhMTczMDJmOTE4ZjNhNmMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzc8cdDv4qgFeMt0yeo8zUtHa1O8t
U0xlXs8Br1cXk7H8uXQgLoVEhurIhIn2ImJb5DQcuf/8V2hXvOOYx45xe/odj++0
fovpsPBoh/Wx9+krFlAxzmenG5tjzU/5TeQCWRQsg7SHqj7tysiCeoKmBeYJnmfI
jw78+2uE6y6ZjtggXb5DUWPFFmydEu79yLjcEMr3/eNOu+fUhnim8cOa0+wa09PX
JndF/GYckPHvxyywT1VyHymYWUWfPzIZih3YmkzpKudm1UY8X8OQI2CBp5g+37j/
5yIy91QRPau5zYQ6zD1c08c8vnBJXekfz44pZmteoLDjbUNF31BcBXghVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLRvYOwqNVx+lPLWcqFzAvkY86bCMB8GA1UdIwQY
MBaAFCmDhBvAnx/U/j3pkQFsC3Em+6UuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1lPRUc4Q2ZIOVQtUGVtUkFXd0xjU2I3cFM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9jYzM3Y2YtYjA1Ni00MWQ5LWI1N2It
MWRkNWRhYjM2ZjlmLzEvdEc5ZzdDbzFYSDZVOHRaeW9YTUMtUmp6cHNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9jYzM3Y2YtYjA1Ni00MWQ5LWI1N2ItMWRkNWRhYjM2Zjlm
LzEvS1lPRUc4Q2ZIOVQtUGVtUkFXd0xjU2I3cFM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT26kMA0G
CSqGSIb3DQEBCwUAA4IBAQAIvoLHx/szYx0Z3OD49KtvYjCVUfHYXATXmX2nBn5N
J/zEqbB46wa+iNibbVHIm9uSaXALkGSztqYyVVLvrIrlf6hbF226PztuOFTAjUTR
KU/u7mFsc+FZT3kWPBhqPZDWMePm9jJTOQ7jZ985/pVK57sLTSLqpglbYngeyRY+
4fDzmdoCIgJNoUVDZKEtA/AELlul2tuExHKJtVFIb1GeWMvvnnFh8KS6IeVVpYPc
ISUQc/b5mA6ud8Xf3f/dlJQr/1FKx1t0Iu/m8J3e83FF5CJlIVS/hphPUMo64u3o
6rTW5hZ185EkJWJxFIkuR57rp6oX6J92nUasGnbMYDzB
-----END CERTIFICATE-----