Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/G2jdnjmyYe6bzJSkMb9yT8HIsWE.roa
File:                     G2jdnjmyYe6bzJSkMb9yT8HIsWE.roa (raw, json)
Hash identifier:          Vc03XO/UkqgysYDyfx9eTpPHe6h0/5JGFVdNB8QxN3c=
Subject key identifier:   1B:68:DD:9E:39:B2:61:EE:9B:CC:94:A4:31:BF:72:4F:C1:C8:B1:61
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       019937597E75E87312B3E5DB5FA866719719
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/G2jdnjmyYe6bzJSkMb9yT8HIsWE.roa
Signing time:             Thu 11 Sep 2025 05:57:15 +0000
ROA not before:           Thu 11 Sep 2025 05:57:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        79.172.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Sep 2025 11:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:37:59:7e:75:e8:73:12:b3:e5:db:5f:a8:66:71:97:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Sep 11 05:57:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1b68dd9e39b261ee9bcc94a431bf724fc1c8b161
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:a3:21:a5:24:03:c2:0a:b4:72:25:c9:15:8c:
                    c0:91:5e:34:b6:bf:11:52:a6:dc:de:31:f7:ff:b6:
                    3f:fd:77:d7:f2:7c:18:32:ce:2f:92:32:db:42:40:
                    06:53:cf:4e:ac:94:ea:a6:50:e4:46:33:dd:13:96:
                    c3:77:ab:93:e3:82:bb:04:59:b3:4b:10:7e:f8:f6:
                    19:3f:04:db:0b:ac:66:6c:73:69:2a:9c:8c:9c:9f:
                    5a:2e:f0:0c:32:87:7a:90:44:53:f4:62:67:d9:33:
                    fd:74:85:5d:82:d9:97:16:59:c4:10:16:21:0f:a6:
                    ba:d5:ba:d0:d9:2b:25:37:d1:ad:ec:bc:11:b7:9a:
                    e2:91:4e:fa:db:f8:c6:35:36:6c:8e:25:49:93:58:
                    7e:93:a3:44:79:91:03:53:52:1d:b6:46:ca:e3:2a:
                    bd:26:b8:90:d5:30:51:5a:79:ae:36:a4:59:3d:67:
                    1e:66:ed:c1:a7:31:cb:d1:d9:cc:e5:f5:ff:79:6b:
                    39:ab:14:c9:0d:1a:4e:5b:2f:63:e5:09:8f:15:ef:
                    8b:73:18:da:00:b0:01:cb:9f:73:2b:62:bb:c7:3f:
                    71:ff:69:f0:a2:cd:ee:f0:b2:dd:8e:25:95:0f:98:
                    6e:c5:2e:2c:bb:5a:76:ec:88:01:88:6b:2e:39:16:
                    3d:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:68:DD:9E:39:B2:61:EE:9B:CC:94:A4:31:BF:72:4F:C1:C8:B1:61
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/G2jdnjmyYe6bzJSkMb9yT8HIsWE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.172.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:02:26:93:52:b3:4c:f9:bf:f2:9a:bf:2f:b7:1b:6f:ef:17:
         3f:e8:b4:8b:f6:8f:4a:ea:b3:a9:04:a5:cc:ca:72:08:32:9b:
         1e:75:63:97:61:27:a0:1d:a0:d5:fe:d0:69:04:da:7f:e6:44:
         9a:09:52:d1:a6:38:f7:f8:d2:87:4e:25:f5:7d:3e:72:d8:93:
         ca:51:6c:72:1c:e1:72:91:d4:63:5e:c6:b7:70:9e:da:e8:b8:
         93:92:3c:00:48:ef:1d:81:7e:31:be:9d:25:04:cd:d4:a7:31:
         2e:7e:0d:8f:2b:a1:fe:9e:77:c9:f0:ed:0a:aa:bc:7a:6e:dd:
         ff:88:03:f8:f3:39:67:a0:f8:6f:7c:34:44:9f:a3:db:08:32:
         04:84:86:cd:03:c8:0e:e9:ae:c4:e8:ef:8c:7c:33:ff:0d:fa:
         89:93:78:9b:94:ce:74:e4:a0:2d:dd:fd:0f:38:2e:2b:b3:60:
         53:78:b2:b3:fa:47:b8:83:56:21:39:c8:39:34:32:90:8b:c9:
         aa:3a:5f:3f:87:f5:f2:96:6f:d8:22:ea:3d:23:7b:0b:14:7c:
         3f:d7:bf:d3:6e:ce:3f:f1:c9:61:d5:29:9f:a6:20:39:81:e3:
         b6:5f:3a:59:70:79:51:c4:bf:61:a5:db:a4:89:cb:a2:85:ae:
         e8:a2:7b:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZk3WX516HMSs+XbX6hmcZcZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjUwOTExMDU1NzE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjY4ZGQ5ZTM5YjI2MWVlOWJjYzk0YTQzMWJmNzI0ZmMxYzhiMTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA96MhpSQDwgq0ciXJFYzAkV40tr8R
Uqbc3jH3/7Y//XfX8nwYMs4vkjLbQkAGU89OrJTqplDkRjPdE5bDd6uT44K7BFmz
SxB++PYZPwTbC6xmbHNpKpyMnJ9aLvAMMod6kERT9GJn2TP9dIVdgtmXFlnEEBYh
D6a61brQ2SslN9Gt7LwRt5rikU762/jGNTZsjiVJk1h+k6NEeZEDU1IdtkbK4yq9
JriQ1TBRWnmuNqRZPWceZu3BpzHL0dnM5fX/eWs5qxTJDRpOWy9j5QmPFe+Lcxja
ALABy59zK2K7xz9x/2nwos3u8LLdjiWVD5huxS4su1p27IgBiGsuORY9hQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBto3Z45smHum8yUpDG/ck/ByLFhMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvRzJqZG5qbXlZZTZiekpTa01iOXlUOEhJc1dFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT6zbMA0G
CSqGSIb3DQEBCwUAA4IBAQBHAiaTUrNM+b/ymr8vtxtv7xc/6LSL9o9K6rOpBKXM
ynIIMpsedWOXYSegHaDV/tBpBNp/5kSaCVLRpjj3+NKHTiX1fT5y2JPKUWxyHOFy
kdRjXsa3cJ7a6LiTkjwASO8dgX4xvp0lBM3UpzEufg2PK6H+nnfJ8O0Kqrx6bt3/
iAP48zlnoPhvfDREn6PbCDIEhIbNA8gO6a7E6O+MfDP/DfqJk3iblM505KAt3f0P
OC4rs2BTeLKz+ke4g1YhOcg5NDKQi8mqOl8/h/Xylm/YIuo9I3sLFHw/17/Tbs4/
8clh1SmfpiA5geO2XzpZcHlRxL9hpdukicuiha7oonvH
-----END CERTIFICATE-----