Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/o2EypK3FCz3aMIncG1xc5QI3qkg.roa
File:                     o2EypK3FCz3aMIncG1xc5QI3qkg.roa (raw, json)
Hash identifier:          S/pw+xcXDGr6Qxs43Saa66FAsSh+Or68e+yyGNnSZiY=
Subject key identifier:   A3:61:32:A4:AD:C5:0B:3D:DA:30:89:DC:1B:5C:5C:E5:02:37:AA:48
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       01942827C68A86C9E29C91B9616DD20EF277
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/o2EypK3FCz3aMIncG1xc5QI3qkg.roa
Signing time:             Thu 02 Jan 2025 17:54:42 +0000
ROA not before:           Thu 02 Jan 2025 17:54:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210579
IP address blocks:        79.172.221.0/24 maxlen: 24
                          79.172.222.0/23 maxlen: 24
                          79.172.224.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:c6:8a:86:c9:e2:9c:91:b9:61:6d:d2:0e:f2:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Jan  2 17:54:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a36132a4adc50b3dda3089dc1b5c5ce50237aa48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:9a:42:f7:7d:97:85:fa:ab:6c:91:b8:e1:bb:
                    c0:3f:cc:4c:98:8a:11:2d:38:3f:40:46:c0:56:5a:
                    3f:0f:c2:00:e4:01:b6:f8:73:a4:9e:f4:3b:88:00:
                    e3:dc:11:7e:54:5d:a4:58:dc:3a:75:c7:fc:2b:b7:
                    f6:5a:5a:1d:d1:7b:ff:dd:48:39:3a:c3:d9:be:53:
                    21:c2:78:e4:18:2b:7f:e0:d1:c2:d0:84:7b:ef:3b:
                    32:80:0f:8b:ac:da:d3:7b:d3:30:ae:b2:a2:09:c5:
                    78:6d:ac:24:69:e8:5c:93:bb:98:9f:00:a0:5a:87:
                    53:c0:bc:9a:74:55:81:16:05:51:c2:79:bb:48:e4:
                    1c:2b:e2:22:f3:fb:6e:30:a0:b7:bc:64:c7:8f:b9:
                    f5:66:0e:e6:75:d7:56:49:13:96:88:f0:9c:08:53:
                    7f:9f:a4:48:41:96:e3:df:8c:a2:3c:1a:a9:56:af:
                    73:73:4d:e6:dc:63:23:5f:66:2d:39:44:80:ea:02:
                    33:2f:8c:e0:96:fb:be:c8:a6:9b:b7:d9:09:d9:1e:
                    ed:6a:1e:03:50:c7:11:bf:d0:17:23:c1:fe:0e:5c:
                    22:52:c8:cb:ab:c5:77:49:8b:c0:7b:ad:de:3c:60:
                    24:1d:65:f3:8b:31:1e:97:f8:bb:b7:fd:6d:e8:3c:
                    91:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:61:32:A4:AD:C5:0B:3D:DA:30:89:DC:1B:5C:5C:E5:02:37:AA:48
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/o2EypK3FCz3aMIncG1xc5QI3qkg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.172.221.0-79.172.224.255

    Signature Algorithm: sha256WithRSAEncryption
         a0:79:b4:51:ee:b6:7e:be:f6:24:6e:28:1f:76:e8:d5:ab:60:
         c3:62:65:86:9c:69:b8:17:1a:83:be:da:39:55:23:86:ae:79:
         c2:ef:67:c0:de:51:d9:6b:f3:4d:ca:1c:a8:a8:b7:86:2f:a9:
         21:5e:8b:fd:70:d8:db:29:86:d4:8f:d0:65:25:f3:1d:6d:e6:
         96:a4:82:39:e0:68:40:e4:5c:84:9f:60:ab:87:29:14:fb:23:
         ca:22:44:de:40:d6:36:50:ad:24:5c:d6:c0:d5:7d:3b:10:bd:
         4d:74:57:08:a2:a2:e7:f3:a5:fe:36:49:09:63:62:4c:89:ef:
         ae:44:7b:9e:2f:a7:35:f9:38:89:2f:9d:00:bf:52:39:7a:e4:
         66:56:74:3d:60:25:59:b6:bc:27:79:86:a5:a9:e0:c8:7c:c7:
         49:1e:c2:2c:42:82:93:29:95:c8:4f:8c:c1:17:28:0d:63:9a:
         c0:cb:07:88:16:50:0a:3a:ad:48:bc:25:eb:51:d2:66:85:90:
         d5:21:25:17:f9:33:1d:f2:a1:50:04:0d:42:f5:c8:e9:07:57:
         2d:1b:c0:5f:22:d0:93:f7:35:42:be:05:3c:ab:15:92:4f:bb:
         ce:95:c4:cf:8c:d7:09:05:d6:69:1e:00:5f:16:d7:6c:ce:b9:
         8b:ae:e3:6b
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQoJ8aKhsninJG5YW3SDvJ3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjUwMTAyMTc1NDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzYxMzJhNGFkYzUwYjNkZGEzMDg5ZGMxYjVjNWNlNTAyMzdhYTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ZpC932XhfqrbJG44bvAP8xMmIoR
LTg/QEbAVlo/D8IA5AG2+HOknvQ7iADj3BF+VF2kWNw6dcf8K7f2Wlod0Xv/3Ug5
OsPZvlMhwnjkGCt/4NHC0IR77zsygA+LrNrTe9MwrrKiCcV4bawkaehck7uYnwCg
WodTwLyadFWBFgVRwnm7SOQcK+Ii8/tuMKC3vGTHj7n1Zg7mdddWSROWiPCcCFN/
n6RIQZbj34yiPBqpVq9zc03m3GMjX2YtOUSA6gIzL4zglvu+yKabt9kJ2R7tah4D
UMcRv9AXI8H+DlwiUsjLq8V3SYvAe63ePGAkHWXzizEel/i7t/1t6DyRIwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFKNhMqStxQs92jCJ3BtcXOUCN6pIMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvbzJFeXBLM0ZDejNhTUluY0cxeGM1UUkzcWtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABPrN0D
BABPrOAwDQYJKoZIhvcNAQELBQADggEBAKB5tFHutn6+9iRuKB926NWrYMNiZYac
abgXGoO+2jlVI4auecLvZ8DeUdlr803KHKiot4YvqSFei/1w2NsphtSP0GUl8x1t
5pakgjngaEDkXISfYKuHKRT7I8oiRN5A1jZQrSRc1sDVfTsQvU10Vwiioufzpf42
SQljYkyJ765Ee54vpzX5OIkvnQC/Ujl65GZWdD1gJVm2vCd5hqWp4Mh8x0kewixC
gpMplchPjMEXKA1jmsDLB4gWUAo6rUi8JetR0maFkNUhJRf5Mx3yoVAEDUL1yOkH
Vy0bwF8i0JP3NUK+BTyrFZJPu86VxM+M1wkF1mkeAF8W12zOuYuu42s=
-----END CERTIFICATE-----