Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/4UfwxmbTHOjOPnjmaoeLXNkzBiQ.roa
File:                     4UfwxmbTHOjOPnjmaoeLXNkzBiQ.roa (raw, json)
Hash identifier:          7JvsjGe4F71DpUbr+CYQkKo7KzRIS4AZcpdRu100mS0=
Subject key identifier:   E1:47:F0:C6:66:D3:1C:E8:CE:3E:78:E6:6A:87:8B:5C:D9:33:06:24
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       018CC500CE97D66C24C7BB1E5D9FA2717BF7
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/4UfwxmbTHOjOPnjmaoeLXNkzBiQ.roa
Signing time:             Mon 01 Jan 2024 12:30:13 +0000
ROA not before:           Mon 01 Jan 2024 12:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210579
IP address blocks:        79.172.221.0/24 maxlen: 24
                          79.172.222.0/23 maxlen: 24
                          79.172.224.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 05:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:ce:97:d6:6c:24:c7:bb:1e:5d:9f:a2:71:7b:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Jan  1 12:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e147f0c666d31ce8ce3e78e66a878b5cd9330624
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:27:f5:16:e2:cb:41:52:98:19:ae:c9:ce:6a:
                    58:a2:f7:7e:56:28:ab:99:e3:83:51:ff:92:e3:f2:
                    ff:9e:f0:3a:56:14:73:36:57:e6:a9:50:4f:c6:4e:
                    15:32:b7:c3:a2:ee:bb:f8:da:ba:1e:a2:3d:c6:e8:
                    82:97:7d:ec:84:a6:3e:30:91:88:ce:fd:55:15:5b:
                    0b:b3:0c:1e:d5:08:e2:57:1c:cb:66:5a:57:96:1f:
                    86:61:4b:aa:49:0e:49:35:35:a4:b6:ff:18:bc:a8:
                    4d:8b:6d:5a:66:f3:6e:65:ce:3d:2f:74:7d:95:16:
                    ff:53:80:c6:ba:89:54:02:81:f4:d3:1a:ee:05:ef:
                    02:25:8f:72:a0:f2:3f:21:f3:19:a7:01:08:2a:32:
                    53:6a:45:95:5d:12:52:a1:b5:50:45:0b:db:4a:50:
                    d4:c7:f1:b2:d9:ad:df:d8:2f:7d:37:6f:60:7a:3d:
                    4e:33:c7:9b:4b:dc:41:ff:5d:c9:9f:ec:bb:a2:ee:
                    e4:72:15:d4:c6:0c:61:24:64:5b:cf:36:af:fb:c6:
                    f2:c8:53:dc:41:70:c1:c8:0a:ca:41:a6:94:52:73:
                    15:e1:a0:15:12:c7:24:94:23:ea:20:85:9c:7b:8f:
                    fe:61:96:40:5d:2c:7a:26:bb:80:7c:6d:d8:26:a3:
                    6c:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:47:F0:C6:66:D3:1C:E8:CE:3E:78:E6:6A:87:8B:5C:D9:33:06:24
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/4UfwxmbTHOjOPnjmaoeLXNkzBiQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.172.221.0-79.172.224.255

    Signature Algorithm: sha256WithRSAEncryption
         2e:e6:51:12:c0:62:e1:7d:bc:31:6c:0a:f6:5f:9d:87:ca:97:
         4a:2a:55:ea:fc:e1:6b:0b:c2:b2:eb:7c:3e:9a:ff:24:f0:87:
         12:52:cc:7f:3c:9c:88:98:b6:37:bf:bb:5f:2c:df:38:df:c1:
         b5:79:90:da:ac:27:32:a7:25:53:f9:64:20:15:6c:c0:21:c9:
         3b:73:73:30:99:8d:02:61:c5:7d:cc:bf:ff:e6:9f:91:5d:37:
         bc:c6:ae:34:72:c1:e8:90:77:37:5e:72:1a:21:93:f8:3a:de:
         51:79:e9:de:58:e1:46:e7:35:e2:7a:b3:4a:94:49:5b:31:5f:
         9a:db:e1:63:49:20:ae:3a:66:24:b0:04:93:bf:bb:d6:79:72:
         8b:91:e6:0f:95:a5:68:f4:5a:ed:e2:7d:07:c3:36:61:64:9c:
         6f:c7:c5:51:49:72:78:c8:30:b4:5c:83:4b:71:a6:53:a3:c2:
         c4:53:5e:5b:45:c7:f8:07:ac:35:a2:eb:8d:e7:09:6d:d6:d7:
         62:15:26:19:45:8d:71:22:39:53:66:c3:2e:ab:7a:ac:50:e2:
         c9:43:a8:b0:d9:f2:da:c7:27:3c:44:c4:b9:3b:5c:b8:e1:9d:
         72:1e:66:d6:16:65:6f:b5:d0:01:bf:e5:61:84:c6:f4:e6:d2:
         84:f2:86:c3
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzFAM6X1mwkx7seXZ+icXv3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjQwMTAxMTIzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTQ3ZjBjNjY2ZDMxY2U4Y2UzZTc4ZTY2YTg3OGI1Y2Q5MzMwNjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqif1FuLLQVKYGa7JzmpYovd+Viir
meODUf+S4/L/nvA6VhRzNlfmqVBPxk4VMrfDou67+Nq6HqI9xuiCl33shKY+MJGI
zv1VFVsLswwe1QjiVxzLZlpXlh+GYUuqSQ5JNTWktv8YvKhNi21aZvNuZc49L3R9
lRb/U4DGuolUAoH00xruBe8CJY9yoPI/IfMZpwEIKjJTakWVXRJSobVQRQvbSlDU
x/Gy2a3f2C99N29gej1OM8ebS9xB/13Jn+y7ou7kchXUxgxhJGRbzzav+8byyFPc
QXDByArKQaaUUnMV4aAVEscklCPqIIWce4/+YZZAXSx6JruAfG3YJqNsOQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFOFH8MZm0xzozj545mqHi1zZMwYkMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvNFVmd3htYlRIT2pPUG5qbWFvZUxYTmt6QmlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABPrN0D
BABPrOAwDQYJKoZIhvcNAQELBQADggEBAC7mURLAYuF9vDFsCvZfnYfKl0oqVer8
4WsLwrLrfD6a/yTwhxJSzH88nIiYtje/u18s3zjfwbV5kNqsJzKnJVP5ZCAVbMAh
yTtzczCZjQJhxX3Mv//mn5FdN7zGrjRyweiQdzdechohk/g63lF56d5Y4UbnNeJ6
s0qUSVsxX5rb4WNJIK46ZiSwBJO/u9Z5couR5g+VpWj0Wu3ifQfDNmFknG/HxVFJ
cnjIMLRcg0txplOjwsRTXltFx/gHrDWi643nCW3W12IVJhlFjXEiOVNmwy6reqxQ
4slDqLDZ8trHJzxExLk7XLjhnXIeZtYWZW+10AG/5WGExvTm0oTyhsM=
-----END CERTIFICATE-----