Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/26e4d1-12c8-4144-a37d-833295e04e37/1/_JzEQSr5OZqDWs8nTia735Fx54o.roa
File:                     _JzEQSr5OZqDWs8nTia735Fx54o.roa (raw, json)
Hash identifier:          n/vl1VjbI5NvAsfCuLgcPjpEvc0iKrJUQhClyjm4L3c=
Subject key identifier:   FC:9C:C4:41:2A:F9:39:9A:83:5A:CF:27:4E:26:BB:DF:91:71:E7:8A
Certificate issuer:       /CN=2b9bec0211f61eaf119ceb2d40c5a0fe3aa8c2a0
Certificate serial:       019421441E469B17BC0F66C0EBF8AB8E868B
Authority key identifier: 2B:9B:EC:02:11:F6:1E:AF:11:9C:EB:2D:40:C5:A0:FE:3A:A8:C2:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K5vsAhH2Hq8RnOstQMWg_jqowqA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/26e4d1-12c8-4144-a37d-833295e04e37/1/_JzEQSr5OZqDWs8nTia735Fx54o.roa
Signing time:             Wed 01 Jan 2025 09:48:19 +0000
ROA not before:           Wed 01 Jan 2025 09:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30781
IP address blocks:        185.65.79.0/24 maxlen: 24
                          185.116.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/26e4d1-12c8-4144-a37d-833295e04e37/1/K5vsAhH2Hq8RnOstQMWg_jqowqA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/26e4d1-12c8-4144-a37d-833295e04e37/1/K5vsAhH2Hq8RnOstQMWg_jqowqA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K5vsAhH2Hq8RnOstQMWg_jqowqA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 23:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:1e:46:9b:17:bc:0f:66:c0:eb:f8:ab:8e:86:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b9bec0211f61eaf119ceb2d40c5a0fe3aa8c2a0
        Validity
            Not Before: Jan  1 09:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fc9cc4412af9399a835acf274e26bbdf9171e78a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:e6:6c:95:33:cd:19:bb:7e:73:22:9b:ab:98:
                    b0:86:81:70:c0:1e:bb:2d:e8:17:77:03:ed:74:0c:
                    e8:62:8d:45:fd:17:04:e7:e8:ee:c8:71:3f:7f:1d:
                    ce:35:5b:cd:5a:d4:d8:ec:70:c9:a6:85:47:54:7c:
                    80:30:77:be:ba:2c:b1:be:36:57:3a:0b:38:e0:a0:
                    db:0a:70:c2:0f:5d:58:da:d3:26:64:20:3f:86:37:
                    8e:3e:e3:39:2e:52:b5:38:be:5f:f8:0a:64:c3:16:
                    44:44:d6:d3:58:62:17:dd:9a:bc:38:2b:5a:37:89:
                    ef:6f:80:15:6b:59:41:5b:13:b5:84:39:5e:0c:19:
                    97:c6:45:c2:b7:4b:a1:e8:f3:b2:97:80:c7:1a:1c:
                    96:a0:ba:22:89:70:e1:bd:12:df:c2:be:3a:d9:18:
                    2c:28:33:79:5e:14:eb:f3:7f:79:54:44:02:d4:c3:
                    f6:90:cd:f1:f6:e0:55:ef:b8:ea:a9:ed:79:3d:d9:
                    68:7b:6b:9d:70:ef:34:2c:80:17:a0:99:16:aa:45:
                    22:0a:d3:d4:77:c9:30:06:29:51:82:2e:01:8b:b5:
                    69:05:68:86:3c:da:89:20:38:92:aa:a8:b1:12:64:
                    a2:97:c6:8c:bf:68:05:a0:97:c6:17:ef:e3:f7:cf:
                    62:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:9C:C4:41:2A:F9:39:9A:83:5A:CF:27:4E:26:BB:DF:91:71:E7:8A
            X509v3 Authority Key Identifier:
                keyid:2B:9B:EC:02:11:F6:1E:AF:11:9C:EB:2D:40:C5:A0:FE:3A:A8:C2:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K5vsAhH2Hq8RnOstQMWg_jqowqA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/26e4d1-12c8-4144-a37d-833295e04e37/1/_JzEQSr5OZqDWs8nTia735Fx54o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/26e4d1-12c8-4144-a37d-833295e04e37/1/K5vsAhH2Hq8RnOstQMWg_jqowqA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.65.79.0/24
                  185.116.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:68:63:8a:12:da:b8:c1:cc:45:fa:71:f6:2f:44:85:41:73:
         1a:04:b1:1d:a8:4e:c8:ac:a0:55:3e:f0:98:56:33:ce:fc:ae:
         df:14:53:7b:a1:ea:f6:a8:5d:0c:67:59:1d:17:14:b8:e0:0c:
         88:43:28:27:e5:2c:ac:c5:5d:09:e1:77:a8:7d:bf:40:d2:b5:
         3a:61:13:8d:48:c7:f0:0d:07:7c:22:25:3e:f2:df:d0:fe:8c:
         29:28:ee:b4:c0:b7:70:ab:10:0a:67:4f:77:53:9d:33:99:01:
         6a:73:a3:55:ca:55:1e:fb:73:77:49:cb:70:66:fa:74:0f:c4:
         00:40:9f:86:71:42:0c:a7:88:d3:41:4e:e3:ae:42:18:58:75:
         b2:f0:63:6f:93:92:c6:f3:8f:60:45:60:5e:4e:a1:96:5d:2f:
         ab:9f:b5:3f:7f:9c:36:33:dd:1c:1e:b2:4b:32:3b:9f:c4:f0:
         44:b5:83:ce:ee:21:6b:3d:42:47:20:99:cd:bf:82:f8:ed:58:
         f2:41:77:bd:53:d1:a2:85:f4:d9:02:c6:87:a7:d2:74:6a:b1:
         08:a9:a5:18:bf:db:9b:78:b2:e6:8a:f2:fd:c0:31:17:e9:b6:
         92:67:e3:7e:2f:1d:f0:4a:9b:43:d4:1a:ee:56:c7:42:4c:26:
         61:d1:49:7a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhRB5Gmxe8D2bA6/irjoaLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiOWJlYzAyMTFmNjFlYWYxMTljZWIyZDQwYzVhMGZlM2Fh
OGMyYTAwHhcNMjUwMTAxMDk0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzljYzQ0MTJhZjkzOTlhODM1YWNmMjc0ZTI2YmJkZjkxNzFlNzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApeZslTPNGbt+cyKbq5iwhoFwwB67
LegXdwPtdAzoYo1F/RcE5+juyHE/fx3ONVvNWtTY7HDJpoVHVHyAMHe+uiyxvjZX
Ogs44KDbCnDCD11Y2tMmZCA/hjeOPuM5LlK1OL5f+ApkwxZERNbTWGIX3Zq8OCta
N4nvb4AVa1lBWxO1hDleDBmXxkXCt0uh6POyl4DHGhyWoLoiiXDhvRLfwr462Rgs
KDN5XhTr8395VEQC1MP2kM3x9uBV77jqqe15Pdloe2udcO80LIAXoJkWqkUiCtPU
d8kwBilRgi4Bi7VpBWiGPNqJIDiSqqixEmSil8aMv2gFoJfGF+/j989iAQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPycxEEq+Tmag1rPJ04mu9+RceeKMB8GA1UdIwQY
MBaAFCub7AIR9h6vEZzrLUDFoP46qMKgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzV2c0FoSDJIcThSbk9zdFFNV2dfanFvd3FBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi8yNmU0ZDEtMTJjOC00MTQ0LWEzN2Qt
ODMzMjk1ZTA0ZTM3LzEvX0p6RVFTcjVPWnFEV3M4blRpYTczNUZ4NTRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi8yNmU0ZDEtMTJjOC00MTQ0LWEzN2QtODMzMjk1ZTA0ZTM3
LzEvSzV2c0FoSDJIcThSbk9zdFFNV2dfanFvd3FBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuUFPAwQA
uXQ/MA0GCSqGSIb3DQEBCwUAA4IBAQCRaGOKEtq4wcxF+nH2L0SFQXMaBLEdqE7I
rKBVPvCYVjPO/K7fFFN7oer2qF0MZ1kdFxS44AyIQygn5SysxV0J4Xeofb9A0rU6
YRONSMfwDQd8IiU+8t/Q/owpKO60wLdwqxAKZ093U50zmQFqc6NVylUe+3N3Sctw
Zvp0D8QAQJ+GcUIMp4jTQU7jrkIYWHWy8GNvk5LG849gRWBeTqGWXS+rn7U/f5w2
M90cHrJLMjufxPBEtYPO7iFrPUJHIJnNv4L47VjyQXe9U9GihfTZAsaHp9J0arEI
qaUYv9ubeLLmivL9wDEX6baSZ+N+Lx3wSptD1BruVsdCTCZh0Ul6
-----END CERTIFICATE-----