Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/H9fjtusZZxJihI5NFymrljtyZpE.roa
File:                     H9fjtusZZxJihI5NFymrljtyZpE.roa (raw, json)
Hash identifier:          DXBeLQ4UCGTtiAKiES3Wl2xn1Z3M6rWJOuw+mye9Rbs=
Subject key identifier:   1F:D7:E3:B6:EB:19:67:12:62:84:8E:4D:17:29:AB:96:3B:72:66:91
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       0194D527DBC33096A3648FDA1DDD3E437145
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/H9fjtusZZxJihI5NFymrljtyZpE.roa
Signing time:             Wed 05 Feb 2025 08:09:06 +0000
ROA not before:           Wed 05 Feb 2025 08:09:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39679
IP address blocks:        79.172.220.0/24 maxlen: 24
                          87.229.71.0/24 maxlen: 24
                          213.181.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:d5:27:db:c3:30:96:a3:64:8f:da:1d:dd:3e:43:71:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Feb  5 08:09:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1fd7e3b6eb19671262848e4d1729ab963b726691
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:fb:8e:96:57:37:5b:ad:c3:37:ce:90:99:16:
                    3a:fe:4e:53:d6:06:fe:72:0a:6a:39:6d:2e:b2:50:
                    81:9d:0f:07:bd:62:32:69:88:d6:e2:ae:b7:6e:a7:
                    7c:14:d2:a6:b0:1c:6a:fd:21:80:f5:28:01:ed:1f:
                    06:0f:32:a2:c6:09:e3:3d:7a:13:67:06:97:f6:a8:
                    59:f7:d8:c1:72:67:b8:7b:86:8d:f7:ce:19:49:ff:
                    6e:61:eb:9e:02:fe:11:c7:fb:7f:9f:60:60:34:ee:
                    03:39:96:ae:62:8c:eb:e9:73:ed:55:99:1d:6a:fd:
                    75:20:3e:3f:89:5f:05:09:d1:ac:71:2b:83:93:b0:
                    cb:96:db:0d:bc:15:60:bb:17:9c:cf:24:ad:6f:91:
                    6d:7f:e2:1e:74:4e:5c:9c:cf:b1:aa:1e:bb:6c:bc:
                    2c:11:10:a1:f8:bc:15:83:2d:64:2d:af:f9:05:59:
                    20:06:17:bf:9e:65:d1:dc:95:a0:5a:32:1a:46:2a:
                    a4:a4:d4:6b:41:8b:23:29:ae:74:14:54:9e:7c:8c:
                    f4:12:f2:c7:e5:5c:9a:45:d4:61:35:6b:96:07:3e:
                    21:e8:f0:4d:d5:01:a5:30:d3:8e:b2:d1:c6:75:5a:
                    4f:f3:60:dc:64:3a:f9:60:7e:38:8b:0d:bf:3e:13:
                    47:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:D7:E3:B6:EB:19:67:12:62:84:8E:4D:17:29:AB:96:3B:72:66:91
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/H9fjtusZZxJihI5NFymrljtyZpE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.172.220.0/24
                  87.229.71.0/24
                  213.181.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:d6:c7:53:85:37:38:31:52:16:41:44:28:03:44:1b:67:a2:
         0e:47:45:42:e6:04:95:8f:07:9e:49:e0:9a:cd:ec:a4:18:58:
         a2:1f:d9:fd:9a:42:43:bc:17:1f:ed:6f:ce:40:e9:a9:df:45:
         99:5f:b5:bc:c2:96:1d:41:7b:2b:35:d0:ff:89:95:ab:f4:7f:
         6b:dc:4a:7a:f3:7f:e6:ac:6b:d1:56:c7:f1:18:de:68:c2:db:
         06:2f:4b:76:07:74:cf:1e:82:d2:c3:f3:4a:da:76:47:60:19:
         96:d1:7a:32:d7:57:51:61:6a:80:d1:d4:2f:bc:2e:6e:d0:10:
         13:de:47:66:4c:53:29:4e:c6:a7:06:85:fd:08:29:6a:c2:ec:
         e9:97:97:52:45:0a:40:ce:10:c3:bb:fe:d1:1d:5d:54:16:a1:
         83:bf:b6:9d:5c:0e:de:65:68:ac:20:ea:5f:61:6c:0d:da:92:
         22:d8:84:ca:69:9d:b1:2d:38:24:ec:67:48:9a:46:22:fe:57:
         21:57:75:3a:d8:90:16:ec:d3:81:b2:37:61:7b:b3:6d:ac:aa:
         4f:26:45:65:da:2a:bf:f6:58:5e:8f:e7:55:34:35:1d:41:9b:
         af:aa:c0:bc:f5:ef:f7:98:f1:65:e3:db:4c:41:2e:4a:c4:f0:
         01:96:5c:f9
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZTVJ9vDMJajZI/aHd0+Q3FFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjUwMjA1MDgwOTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmQ3ZTNiNmViMTk2NzEyNjI4NDhlNGQxNzI5YWI5NjNiNzI2NjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkPuOllc3W63DN86QmRY6/k5T1gb+
cgpqOW0uslCBnQ8HvWIyaYjW4q63bqd8FNKmsBxq/SGA9SgB7R8GDzKixgnjPXoT
ZwaX9qhZ99jBcme4e4aN984ZSf9uYeueAv4Rx/t/n2BgNO4DOZauYozr6XPtVZkd
av11ID4/iV8FCdGscSuDk7DLltsNvBVguxeczyStb5Ftf+IedE5cnM+xqh67bLws
ERCh+LwVgy1kLa/5BVkgBhe/nmXR3JWgWjIaRiqkpNRrQYsjKa50FFSefIz0EvLH
5VyaRdRhNWuWBz4h6PBN1QGlMNOOstHGdVpP82DcZDr5YH44iw2/PhNHmwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFB/X47brGWcSYoSOTRcpq5Y7cmaRMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvSDlmanR1c1paeEppaEk1TkZ5bXJsanR5WnBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAT6zcAwQA
V+VHAwQA1bXJMA0GCSqGSIb3DQEBCwUAA4IBAQAR1sdThTc4MVIWQUQoA0QbZ6IO
R0VC5gSVjweeSeCazeykGFiiH9n9mkJDvBcf7W/OQOmp30WZX7W8wpYdQXsrNdD/
iZWr9H9r3Ep683/mrGvRVsfxGN5owtsGL0t2B3TPHoLSw/NK2nZHYBmW0Xoy11dR
YWqA0dQvvC5u0BAT3kdmTFMpTsanBoX9CClqwuzpl5dSRQpAzhDDu/7RHV1UFqGD
v7adXA7eZWisIOpfYWwN2pIi2ITKaZ2xLTgk7GdImkYi/lchV3U62JAW7NOBsjdh
e7NtrKpPJkVl2iq/9lhej+dVNDUdQZuvqsC89e/3mPFl49tMQS5KxPABllz5
-----END CERTIFICATE-----