Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/0UvwT0IeP_tTxzvp7hEfgihtyE4.roa
File:                     0UvwT0IeP_tTxzvp7hEfgihtyE4.roa (raw, json)
Hash identifier:          /vM+gs8Osx6Pj+33pvuPbhT8IYth4DHTAn5Yckv8oJ0=
Subject key identifier:   D1:4B:F0:4F:42:1E:3F:FB:53:C7:3B:E9:EE:11:1F:82:28:6D:C8:4E
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       01960B37D2984BAB85810E36FCB999E08D3A
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/0UvwT0IeP_tTxzvp7hEfgihtyE4.roa
Signing time:             Sun 06 Apr 2025 13:08:49 +0000
ROA not before:           Sun 06 Apr 2025 13:08:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213918
IP address blocks:        79.172.200.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:0b:37:d2:98:4b:ab:85:81:0e:36:fc:b9:99:e0:8d:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Apr  6 13:08:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d14bf04f421e3ffb53c73be9ee111f82286dc84e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:ca:2c:96:c9:d4:2f:24:7d:49:fd:bf:9f:74:
                    dc:79:34:24:8c:95:fa:64:05:67:db:ed:e7:95:fe:
                    05:78:51:d1:ff:f2:da:c7:9e:a4:b9:29:57:8e:ad:
                    26:de:5a:3b:28:9d:cb:46:42:27:ad:e7:d9:06:95:
                    df:dc:a5:f8:9c:e3:c3:a8:57:1b:de:ee:e0:bf:08:
                    c4:02:36:8d:15:fd:e5:d0:65:f8:e9:c9:4c:c3:76:
                    f2:cd:30:ad:6d:b4:8b:5a:07:e2:cf:4e:7c:50:57:
                    66:5b:02:cb:67:b7:78:5e:60:a1:d8:5e:74:7a:b7:
                    8f:c5:64:6c:c4:74:3e:45:11:2f:01:d9:81:0b:d9:
                    65:e5:fc:b4:3b:e0:46:9f:87:fa:f8:fe:80:60:23:
                    49:c1:58:11:af:60:d8:b9:b4:93:c7:22:2a:7f:b0:
                    8a:40:15:a5:ea:ca:c5:27:e2:7c:53:d9:dd:e4:3b:
                    1c:ec:68:01:b9:1b:fa:3a:9a:1f:e9:8c:f9:27:05:
                    d9:36:a5:63:5f:35:f4:9c:ca:6a:8d:66:d6:06:21:
                    39:ee:92:8f:85:91:19:0a:e6:9d:11:32:86:1c:f0:
                    2f:41:70:f4:f1:3d:b4:92:fe:51:ed:04:50:ff:f8:
                    63:8e:99:2f:44:d9:be:84:1e:b0:23:e3:8b:6d:b2:
                    b6:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:4B:F0:4F:42:1E:3F:FB:53:C7:3B:E9:EE:11:1F:82:28:6D:C8:4E
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/0UvwT0IeP_tTxzvp7hEfgihtyE4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.172.200.0/23

    Signature Algorithm: sha256WithRSAEncryption
         60:a8:a5:2b:98:09:27:ca:dd:7a:8f:26:4a:55:84:b2:b0:ab:
         82:06:d2:6b:bc:0d:94:44:f1:32:e0:c8:37:19:94:ec:a3:dc:
         99:ad:b5:ec:a9:c3:a1:65:9a:29:b6:f2:98:e0:45:96:de:56:
         bc:be:35:11:f2:d3:d4:31:c7:c2:52:10:81:c1:2e:14:8e:58:
         6e:0c:f7:f0:74:3a:78:4a:d0:85:7e:d9:de:4d:35:5b:c9:a6:
         1b:5d:e0:5c:8f:f5:dd:2a:b4:66:d4:31:a3:84:1e:ac:a3:5e:
         c8:be:f0:27:92:e9:e2:b3:15:46:d9:60:f4:74:2c:1f:eb:58:
         16:74:7d:a0:1e:22:12:cf:6d:77:d4:87:a6:e9:25:f5:3c:81:
         89:21:75:cd:11:60:54:29:8e:90:c1:b0:30:13:70:53:d9:62:
         22:9d:e0:28:eb:63:93:12:3f:50:41:df:27:62:af:f3:e5:4d:
         18:2e:74:c9:89:18:24:87:6c:fb:61:6b:a1:69:40:97:87:eb:
         e8:d2:8d:13:83:14:f7:6b:32:a2:c8:df:3e:52:77:b6:32:1f:
         7f:0f:9b:5d:92:c9:bd:4d:5b:3f:08:8f:c6:09:b1:e2:3c:6f:
         32:68:a1:f2:0e:92:8b:37:fc:f0:5c:56:ff:e8:b4:bf:a4:79:
         04:e9:d6:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYLN9KYS6uFgQ42/LmZ4I06MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjUwNDA2MTMwODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTRiZjA0ZjQyMWUzZmZiNTNjNzNiZTllZTExMWY4MjI4NmRjODRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApsoslsnULyR9Sf2/n3TceTQkjJX6
ZAVn2+3nlf4FeFHR//Lax56kuSlXjq0m3lo7KJ3LRkInrefZBpXf3KX4nOPDqFcb
3u7gvwjEAjaNFf3l0GX46clMw3byzTCtbbSLWgfiz058UFdmWwLLZ7d4XmCh2F50
erePxWRsxHQ+RREvAdmBC9ll5fy0O+BGn4f6+P6AYCNJwVgRr2DYubSTxyIqf7CK
QBWl6srFJ+J8U9nd5Dsc7GgBuRv6Opof6Yz5JwXZNqVjXzX0nMpqjWbWBiE57pKP
hZEZCuadETKGHPAvQXD08T20kv5R7QRQ//hjjpkvRNm+hB6wI+OLbbK2LQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNFL8E9CHj/7U8c76e4RH4IobchOMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvMFV2d1QwSWVQX3RUeHp2cDdoRWZnaWh0eUU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBT6zIMA0G
CSqGSIb3DQEBCwUAA4IBAQBgqKUrmAknyt16jyZKVYSysKuCBtJrvA2URPEy4Mg3
GZTso9yZrbXsqcOhZZoptvKY4EWW3la8vjUR8tPUMcfCUhCBwS4UjlhuDPfwdDp4
StCFftneTTVbyaYbXeBcj/XdKrRm1DGjhB6so17IvvAnkunisxVG2WD0dCwf61gW
dH2gHiISz2131Iem6SX1PIGJIXXNEWBUKY6QwbAwE3BT2WIineAo62OTEj9QQd8n
Yq/z5U0YLnTJiRgkh2z7YWuhaUCXh+vo0o0TgxT3azKiyN8+Une2Mh9/D5tdksm9
TVs/CI/GCbHiPG8yaKHyDpKLN/zwXFb/6LS/pHkE6dao
-----END CERTIFICATE-----