Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/v__Oc3JhmqwYZp2FPCWtPaa71vc.roa
File:                     v__Oc3JhmqwYZp2FPCWtPaa71vc.roa (raw, json)
Hash identifier:          fO8vwLbnCTJPW4wV7D7PEd4uSBX6ZJmDL7Q2nnqv19U=
Subject key identifier:   BF:FF:CE:73:72:61:9A:AC:18:66:9D:85:3C:25:AD:3D:A6:BB:D6:F7
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       0196C8745A1D79F0E91AE3B36CDD09D42719
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/v__Oc3JhmqwYZp2FPCWtPaa71vc.roa
Signing time:             Tue 13 May 2025 07:03:10 +0000
ROA not before:           Tue 13 May 2025 07:03:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     136501
IP address blocks:        79.172.218.0/24 maxlen: 24
                          79.172.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 07:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c8:74:5a:1d:79:f0:e9:1a:e3:b3:6c:dd:09:d4:27:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: May 13 07:03:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bfffce7372619aac18669d853c25ad3da6bbd6f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:8b:f7:78:95:9d:8e:54:11:24:e3:8d:20:0a:
                    c4:53:b6:9f:87:26:4d:61:1d:ac:d4:66:89:99:6e:
                    f3:49:8f:29:36:23:3a:81:ff:13:ad:9b:25:e7:d6:
                    ce:b2:03:e7:ee:83:3a:43:31:5c:3c:ad:12:b7:38:
                    bd:5b:4b:ce:7d:10:19:6f:33:51:7e:54:3f:01:8f:
                    ec:54:d3:5c:96:e7:21:9b:b6:24:38:ae:7f:c0:8d:
                    a5:34:6a:f3:9b:d7:9a:52:dd:b3:16:e9:d1:4d:2d:
                    56:68:0f:7f:e3:73:81:ec:32:3c:6e:c4:16:69:c6:
                    d4:56:5a:42:6d:24:bd:42:b0:3c:f9:d7:aa:e7:07:
                    e6:fa:6c:40:e3:cc:cc:53:23:09:4c:cd:e5:74:1c:
                    85:96:80:d5:25:14:eb:75:ea:56:22:66:1a:50:18:
                    6a:71:66:3c:33:18:3f:fb:30:3e:11:80:8c:53:4f:
                    52:42:d7:99:fa:45:ae:60:40:2f:73:b8:e1:6a:45:
                    2c:87:ca:86:0c:59:8e:4c:b2:20:8f:81:d5:73:ce:
                    cf:90:bc:48:25:d7:2a:cd:1a:43:f6:3f:1e:ca:e7:
                    52:f4:e6:80:db:e6:28:72:28:85:dc:84:6f:8b:2c:
                    66:e3:eb:c4:6e:e3:e1:1f:ce:fd:72:ad:e4:41:31:
                    c7:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:FF:CE:73:72:61:9A:AC:18:66:9D:85:3C:25:AD:3D:A6:BB:D6:F7
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/v__Oc3JhmqwYZp2FPCWtPaa71vc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.172.218.0/24
                  79.172.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:ae:a5:85:10:77:5f:a2:87:44:8f:8a:36:ad:25:ea:6f:1c:
         e9:09:35:28:11:00:f5:9f:58:53:5b:ad:be:56:75:66:d5:7c:
         b6:88:d9:12:0c:8f:5d:11:96:c1:db:6b:a2:38:c4:65:24:ee:
         60:16:b9:d1:b5:ad:cb:d2:09:0c:4c:6f:75:7b:84:a8:54:ca:
         e7:e1:38:fb:67:83:fa:c2:a8:d7:96:86:5c:ad:51:0b:93:78:
         25:ed:4e:88:9b:fb:a9:35:6c:88:78:c1:28:38:df:fa:8b:56:
         81:21:b8:eb:55:e3:76:4b:1d:ea:c5:b7:c9:b1:6a:24:63:77:
         1e:17:11:ea:81:f6:c0:12:d3:e8:66:ee:9f:e1:82:1f:3c:5c:
         d4:c2:ea:c5:bf:59:f7:bf:17:98:c5:b8:fb:85:27:a7:5a:20:
         53:d1:00:7e:0e:8d:2f:9c:66:ef:b8:d4:7d:09:e5:0b:ea:c0:
         7a:ef:12:a3:db:7a:f8:9a:e9:96:5b:6c:9c:15:ce:e8:e9:4c:
         ad:f2:cf:e3:36:a0:80:3b:95:ac:fd:92:d8:88:3c:55:50:9f:
         42:30:3e:62:d2:7e:12:9e:d6:11:ff:9d:13:95:73:f5:81:b0:
         98:e2:05:42:fd:a1:07:1d:1e:05:09:8c:09:6f:85:cd:cc:4b:
         3f:d2:4e:c1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZbIdFodefDpGuOzbN0J1CcZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjUwNTEzMDcwMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmZmY2U3MzcyNjE5YWFjMTg2NjlkODUzYzI1YWQzZGE2YmJkNmY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr4v3eJWdjlQRJOONIArEU7afhyZN
YR2s1GaJmW7zSY8pNiM6gf8TrZsl59bOsgPn7oM6QzFcPK0Stzi9W0vOfRAZbzNR
flQ/AY/sVNNcluchm7YkOK5/wI2lNGrzm9eaUt2zFunRTS1WaA9/43OB7DI8bsQW
acbUVlpCbSS9QrA8+deq5wfm+mxA48zMUyMJTM3ldByFloDVJRTrdepWImYaUBhq
cWY8Mxg/+zA+EYCMU09SQteZ+kWuYEAvc7jhakUsh8qGDFmOTLIgj4HVc87PkLxI
JdcqzRpD9j8eyudS9OaA2+YociiF3IRviyxm4+vEbuPhH879cq3kQTHHtwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL//znNyYZqsGGadhTwlrT2mu9b3MB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvdl9fT2MzSmhtcXdZWnAyRlBDV3RQYWE3MXZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAT6zaAwQA
T6zyMA0GCSqGSIb3DQEBCwUAA4IBAQAYrqWFEHdfoodEj4o2rSXqbxzpCTUoEQD1
n1hTW62+VnVm1Xy2iNkSDI9dEZbB22uiOMRlJO5gFrnRta3L0gkMTG91e4SoVMrn
4Tj7Z4P6wqjXloZcrVELk3gl7U6Im/upNWyIeMEoON/6i1aBIbjrVeN2Sx3qxbfJ
sWokY3ceFxHqgfbAEtPoZu6f4YIfPFzUwurFv1n3vxeYxbj7hSenWiBT0QB+Do0v
nGbvuNR9CeUL6sB67xKj23r4mumWW2ycFc7o6Uyt8s/jNqCAO5Ws/ZLYiDxVUJ9C
MD5i0n4SntYR/50TlXP1gbCY4gVC/aEHHR4FCYwJb4XNzEs/0k7B
-----END CERTIFICATE-----