Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/7a11b5-a405-41cb-81cb-f6bccf1e531f/1/h2By371OCvj77wNVdyQcqgznsSg.roa
File:                     h2By371OCvj77wNVdyQcqgznsSg.roa (raw, json)
Hash identifier:          soUA/0DY5+xPnyfK/0AF2K5yBnM6iGB14VNuRKlaQjI=
Subject key identifier:   87:60:72:DF:BD:4E:0A:F8:FB:EF:03:55:77:24:1C:AA:0C:E7:B1:28
Certificate issuer:       /CN=d914da56e1a934649da02964ac12eba34c5cb84f
Certificate serial:       0196D3B5FBD76B2F8F5FCC78AE4EF2F8317B
Authority key identifier: D9:14:DA:56:E1:A9:34:64:9D:A0:29:64:AC:12:EB:A3:4C:5C:B8:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2RTaVuGpNGSdoClkrBLro0xcuE8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/7a11b5-a405-41cb-81cb-f6bccf1e531f/1/h2By371OCvj77wNVdyQcqgznsSg.roa
Signing time:             Thu 15 May 2025 11:30:41 +0000
ROA not before:           Thu 15 May 2025 11:30:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212586
IP address blocks:        79.174.2.0/24 maxlen: 24
                          185.231.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/7a11b5-a405-41cb-81cb-f6bccf1e531f/1/2RTaVuGpNGSdoClkrBLro0xcuE8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/7a11b5-a405-41cb-81cb-f6bccf1e531f/1/2RTaVuGpNGSdoClkrBLro0xcuE8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2RTaVuGpNGSdoClkrBLro0xcuE8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 08:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:d3:b5:fb:d7:6b:2f:8f:5f:cc:78:ae:4e:f2:f8:31:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d914da56e1a934649da02964ac12eba34c5cb84f
        Validity
            Not Before: May 15 11:30:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=876072dfbd4e0af8fbef035577241caa0ce7b128
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:91:a8:67:30:33:47:d1:66:f2:c1:35:9b:e7:
                    a4:f3:e7:89:87:4d:4b:34:0a:d8:33:f6:27:8a:18:
                    d2:c9:50:75:70:10:0c:42:3d:33:a3:d6:f7:23:54:
                    ea:e7:b8:72:eb:63:1a:4b:0e:46:ad:85:66:a9:af:
                    8e:d5:2b:e8:5b:0e:7c:92:92:43:1e:39:c4:32:0e:
                    16:e6:71:92:aa:04:78:bf:d6:09:9c:9c:86:19:fa:
                    65:f5:81:58:ea:76:14:ba:14:f5:34:e9:ba:14:43:
                    06:82:16:15:49:04:f9:08:86:7c:4d:a9:af:bc:c3:
                    59:29:d0:0a:8e:7a:64:f0:69:42:c5:13:34:ab:bc:
                    37:66:e3:14:43:72:a4:87:92:c5:22:d0:2b:93:19:
                    59:21:dd:fd:d0:6f:6a:7d:6a:3a:06:63:ec:87:5f:
                    70:09:a5:5e:00:03:08:1d:ec:06:67:16:98:b1:48:
                    21:cd:5a:fb:88:76:a3:86:ff:1c:d2:46:cc:74:32:
                    29:e7:42:7f:72:90:0e:d2:2b:91:12:ff:db:b4:c6:
                    c0:74:7b:1b:26:60:be:07:73:dd:1b:e0:27:be:81:
                    78:ea:5f:a4:31:3c:38:0d:9a:ac:38:55:88:f4:d1:
                    ca:52:b3:f1:94:b3:32:7e:09:91:df:cc:74:a2:ec:
                    8a:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:60:72:DF:BD:4E:0A:F8:FB:EF:03:55:77:24:1C:AA:0C:E7:B1:28
            X509v3 Authority Key Identifier:
                keyid:D9:14:DA:56:E1:A9:34:64:9D:A0:29:64:AC:12:EB:A3:4C:5C:B8:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2RTaVuGpNGSdoClkrBLro0xcuE8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/7a11b5-a405-41cb-81cb-f6bccf1e531f/1/h2By371OCvj77wNVdyQcqgznsSg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/7a11b5-a405-41cb-81cb-f6bccf1e531f/1/2RTaVuGpNGSdoClkrBLro0xcuE8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.174.2.0/24
                  185.231.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c4:58:69:47:e1:a0:2a:59:e4:81:e0:89:06:43:cf:28:8b:6c:
         23:ab:27:8c:33:5e:46:70:d0:f6:c0:7b:a1:6f:d8:4c:5a:eb:
         30:0a:43:f1:97:d2:b7:7a:4b:a6:3e:c4:44:bb:59:0a:55:ef:
         8f:ca:27:79:84:a0:52:ad:58:af:02:7a:d7:13:f3:a3:5f:fc:
         64:ce:e7:be:b6:08:ef:a7:1c:16:db:87:19:f0:60:ba:b4:e3:
         05:77:39:c4:c7:c8:0a:7c:90:92:dc:a2:1d:bc:eb:da:3e:cc:
         e5:9e:d0:04:4a:e6:25:53:f2:67:1d:f6:a9:c8:d3:9a:95:c9:
         ad:ee:b7:ca:4c:d9:70:99:1e:ca:c8:65:fb:c2:6c:27:b1:a7:
         8d:cc:63:c8:87:c5:ed:b7:0a:d2:0e:ff:81:4c:44:55:7f:35:
         34:61:0f:1a:28:69:e3:b3:c8:e4:5a:b4:ec:0b:36:af:88:12:
         87:0c:e4:e8:82:25:3d:41:9f:a8:03:69:b3:fd:ed:06:db:d8:
         85:9c:75:46:7c:27:40:14:3f:47:81:86:85:61:67:08:29:e4:
         f6:b4:ab:fd:61:ba:9c:f6:e7:cb:0a:6e:fc:3c:1d:d1:bd:94:
         41:fc:c6:c0:71:9c:ab:33:a9:9d:d8:dc:ec:46:62:16:19:cd:
         92:7b:6a:b4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZbTtfvXay+PX8x4rk7y+DF7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5MTRkYTU2ZTFhOTM0NjQ5ZGEwMjk2NGFjMTJlYmEzNGM1
Y2I4NGYwHhcNMjUwNTE1MTEzMDQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzYwNzJkZmJkNGUwYWY4ZmJlZjAzNTU3NzI0MWNhYTBjZTdiMTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu5GoZzAzR9Fm8sE1m+ek8+eJh01L
NArYM/YnihjSyVB1cBAMQj0zo9b3I1Tq57hy62MaSw5GrYVmqa+O1SvoWw58kpJD
HjnEMg4W5nGSqgR4v9YJnJyGGfpl9YFY6nYUuhT1NOm6FEMGghYVSQT5CIZ8Tamv
vMNZKdAKjnpk8GlCxRM0q7w3ZuMUQ3Kkh5LFItArkxlZId390G9qfWo6BmPsh19w
CaVeAAMIHewGZxaYsUghzVr7iHajhv8c0kbMdDIp50J/cpAO0iuREv/btMbAdHsb
JmC+B3PdG+AnvoF46l+kMTw4DZqsOFWI9NHKUrPxlLMyfgmR38x0ouyKCQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIdgct+9Tgr4++8DVXckHKoM57EoMB8GA1UdIwQY
MBaAFNkU2lbhqTRknaApZKwS66NMXLhPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlJUYVZ1R3BOR1Nkb0Nsa3JCTHJvMHhjdUU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS83YTExYjUtYTQwNS00MWNiLTgxY2It
ZjZiY2NmMWU1MzFmLzEvaDJCeTM3MU9Ddmo3N3dOVmR5UWNxZ3puc1NnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS83YTExYjUtYTQwNS00MWNiLTgxY2ItZjZiY2NmMWU1MzFm
LzEvMlJUYVZ1R3BOR1Nkb0Nsa3JCTHJvMHhjdUU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAT64CAwQA
uefqMA0GCSqGSIb3DQEBCwUAA4IBAQDEWGlH4aAqWeSB4IkGQ88oi2wjqyeMM15G
cND2wHuhb9hMWuswCkPxl9K3ekumPsREu1kKVe+Pyid5hKBSrVivAnrXE/OjX/xk
zue+tgjvpxwW24cZ8GC6tOMFdznEx8gKfJCS3KIdvOvaPszlntAESuYlU/JnHfap
yNOalcmt7rfKTNlwmR7KyGX7wmwnsaeNzGPIh8XttwrSDv+BTERVfzU0YQ8aKGnj
s8jkWrTsCzaviBKHDOTogiU9QZ+oA2mz/e0G29iFnHVGfCdAFD9HgYaFYWcIKeT2
tKv9Ybqc9ufLCm78PB3RvZRB/MbAcZyrM6md2NzsRmIWGc2Se2q0
-----END CERTIFICATE-----