Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/79lt-80txKIWQWCp9jNMLc2IHAs.roa
File:                     79lt-80txKIWQWCp9jNMLc2IHAs.roa (raw, json)
Hash identifier:          8V+u82sHy+GzDpyon/8u7WM8JnJcqgS9AiUeL6z8Iug=
Subject key identifier:   EF:D9:6D:FB:CD:2D:C4:A2:16:41:60:A9:F6:33:4C:2D:CD:88:1C:0B
Certificate issuer:       /CN=f19918ed219e7d3d922737ecdc731f0ca60a68b8
Certificate serial:       0194214429BBF7E3277371F7A045645472AD
Authority key identifier: F1:99:18:ED:21:9E:7D:3D:92:27:37:EC:DC:73:1F:0C:A6:0A:68:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8ZkY7SGefT2SJzfs3HMfDKYKaLg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/79lt-80txKIWQWCp9jNMLc2IHAs.roa
Signing time:             Wed 01 Jan 2025 09:48:22 +0000
ROA not before:           Wed 01 Jan 2025 09:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5488
IP address blocks:        195.66.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/8ZkY7SGefT2SJzfs3HMfDKYKaLg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/8ZkY7SGefT2SJzfs3HMfDKYKaLg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8ZkY7SGefT2SJzfs3HMfDKYKaLg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 00:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:29:bb:f7:e3:27:73:71:f7:a0:45:64:54:72:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f19918ed219e7d3d922737ecdc731f0ca60a68b8
        Validity
            Not Before: Jan  1 09:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=efd96dfbcd2dc4a2164160a9f6334c2dcd881c0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:b9:2f:a1:c3:48:13:ab:bb:59:9c:14:b3:9b:
                    94:84:f2:ee:88:1c:af:a1:98:46:27:3e:77:37:53:
                    d4:32:0d:b9:5a:f6:9c:e4:1e:4e:57:09:a4:91:48:
                    35:89:2b:09:67:5f:51:fa:33:87:e5:50:4a:94:7b:
                    33:43:b2:f2:51:90:99:b1:95:07:5f:ea:a6:f4:15:
                    2a:7e:63:75:cf:05:fc:52:f0:61:8b:29:f0:83:84:
                    c7:d3:8e:24:07:05:b7:36:28:f3:5d:00:8a:09:22:
                    aa:45:15:42:6d:39:45:1b:bf:58:58:51:e4:c2:fa:
                    48:24:f7:49:db:c5:05:a2:e6:0d:13:27:2a:9b:24:
                    98:75:16:17:17:1f:fe:92:13:51:30:45:18:02:ab:
                    4c:da:c4:83:79:db:52:99:51:08:cd:b3:a8:08:b5:
                    04:64:d9:94:4f:2d:c1:2b:05:c7:9a:b8:4a:a9:22:
                    0f:27:9f:db:2e:4b:7a:aa:52:45:78:41:b2:fe:28:
                    f0:c5:cb:e1:5f:ee:fd:c8:60:eb:04:a0:bf:44:4e:
                    f6:d3:d9:3a:80:83:8d:8a:51:02:dc:6c:06:f2:75:
                    50:7c:9d:db:e0:ae:94:d0:0f:47:b6:be:10:38:c3:
                    c0:24:c4:f6:7a:9e:d7:70:da:9e:f0:bb:30:6b:ec:
                    a2:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:D9:6D:FB:CD:2D:C4:A2:16:41:60:A9:F6:33:4C:2D:CD:88:1C:0B
            X509v3 Authority Key Identifier:
                keyid:F1:99:18:ED:21:9E:7D:3D:92:27:37:EC:DC:73:1F:0C:A6:0A:68:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8ZkY7SGefT2SJzfs3HMfDKYKaLg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/79lt-80txKIWQWCp9jNMLc2IHAs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/8ZkY7SGefT2SJzfs3HMfDKYKaLg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.66.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:72:59:28:4c:5b:f0:92:c8:48:73:c0:96:73:83:90:aa:22:
         c8:1b:89:b4:ee:26:4c:51:db:d8:17:ee:8c:51:7e:7d:07:c6:
         66:e7:f7:3b:80:00:38:dd:41:61:d1:85:56:ee:4e:5e:52:b3:
         d8:bb:b6:89:a3:58:50:11:fb:33:ad:76:0c:04:d9:06:dd:5f:
         be:96:a1:ea:99:46:6d:c2:89:c6:c6:99:0d:51:ba:f5:a1:ac:
         4d:18:d5:aa:31:ad:d5:30:73:dd:d3:fe:b5:18:bf:89:b8:15:
         37:86:18:12:5b:22:e8:bf:b7:4d:7a:f9:d4:9b:0a:9c:2f:8e:
         f0:42:63:f2:f9:c0:78:e9:63:ec:62:8d:7f:a1:13:43:6c:b9:
         16:91:d0:16:7f:2f:d5:de:18:fe:14:0c:13:7b:37:92:51:87:
         9f:f6:ec:24:fc:1a:93:a0:aa:8d:d0:c0:dc:58:6e:d2:31:9f:
         7d:3f:59:c6:ce:50:46:15:18:67:9b:d5:96:c1:5a:bc:b3:d2:
         62:67:70:19:e5:39:16:e6:dd:fa:72:79:ed:e4:5d:ff:9b:c8:
         c2:a9:73:36:09:3a:df:07:06:40:9c:e2:16:93:03:3d:68:dc:
         04:dd:a1:9e:a2:bd:bc:d7:cc:46:81:4d:36:79:66:41:40:c9:
         1f:33:69:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRCm79+Mnc3H3oEVkVHKtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxOTkxOGVkMjE5ZTdkM2Q5MjI3MzdlY2RjNzMxZjBjYTYw
YTY4YjgwHhcNMjUwMTAxMDk0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmQ5NmRmYmNkMmRjNGEyMTY0MTYwYTlmNjMzNGMyZGNkODgxYzBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo7kvocNIE6u7WZwUs5uUhPLuiByv
oZhGJz53N1PUMg25Wvac5B5OVwmkkUg1iSsJZ19R+jOH5VBKlHszQ7LyUZCZsZUH
X+qm9BUqfmN1zwX8UvBhiynwg4TH044kBwW3NijzXQCKCSKqRRVCbTlFG79YWFHk
wvpIJPdJ28UFouYNEycqmySYdRYXFx/+khNRMEUYAqtM2sSDedtSmVEIzbOoCLUE
ZNmUTy3BKwXHmrhKqSIPJ5/bLkt6qlJFeEGy/ijwxcvhX+79yGDrBKC/RE7209k6
gIONilEC3GwG8nVQfJ3b4K6U0A9Htr4QOMPAJMT2ep7XcNqe8Lswa+yiewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO/ZbfvNLcSiFkFgqfYzTC3NiBwLMB8GA1UdIwQY
MBaAFPGZGO0hnn09kic37NxzHwymCmi4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFprWTdTR2VmVDJTSnpmczNITWZES1lLYUxnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS82MmIwOTgtNTY4ZC00ODcyLWEwMzIt
MzEzZWZlYjBiMTlkLzEvNzlsdC04MHR4S0lXUVdDcDlqTk1MYzJJSEFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS82MmIwOTgtNTY4ZC00ODcyLWEwMzItMzEzZWZlYjBiMTlk
LzEvOFprWTdTR2VmVDJTSnpmczNITWZES1lLYUxnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0JrMA0G
CSqGSIb3DQEBCwUAA4IBAQA7clkoTFvwkshIc8CWc4OQqiLIG4m07iZMUdvYF+6M
UX59B8Zm5/c7gAA43UFh0YVW7k5eUrPYu7aJo1hQEfszrXYMBNkG3V++lqHqmUZt
wonGxpkNUbr1oaxNGNWqMa3VMHPd0/61GL+JuBU3hhgSWyLov7dNevnUmwqcL47w
QmPy+cB46WPsYo1/oRNDbLkWkdAWfy/V3hj+FAwTezeSUYef9uwk/BqToKqN0MDc
WG7SMZ99P1nGzlBGFRhnm9WWwVq8s9JiZ3AZ5TkW5t36cnnt5F3/m8jCqXM2CTrf
BwZAnOIWkwM9aNwE3aGeor2818xGgU02eWZBQMkfM2kJ
-----END CERTIFICATE-----