Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/7xBwrzDU-Q3LgBd_pCCkSVZJ8r8.roa
File:                     7xBwrzDU-Q3LgBd_pCCkSVZJ8r8.roa (raw, json)
Hash identifier:          I4+USeGM9vUX6KcuBfkfPPLNkgp4BpNTxxlqHARIlaA=
Subject key identifier:   EF:10:70:AF:30:D4:F9:0D:CB:80:17:7F:A4:20:A4:49:56:49:F2:BF
Certificate issuer:       /CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
Certificate serial:       019421B1D1C99338717CF8EED18E22E40148
Authority key identifier: 83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/7xBwrzDU-Q3LgBd_pCCkSVZJ8r8.roa
Signing time:             Wed 01 Jan 2025 11:48:09 +0000
ROA not before:           Wed 01 Jan 2025 11:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61052
IP address blocks:        79.133.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:d1:c9:93:38:71:7c:f8:ee:d1:8e:22:e4:01:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
        Validity
            Not Before: Jan  1 11:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ef1070af30d4f90dcb80177fa420a4495649f2bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:3f:2a:72:1a:af:68:d9:f7:cc:22:3c:ee:ae:
                    89:37:53:ce:c7:94:b5:46:87:48:74:37:18:d9:52:
                    6f:02:de:4f:c7:4b:69:ad:ca:4c:2e:38:6a:e3:9d:
                    26:c7:ce:d5:1e:cc:13:f0:01:7d:60:2a:0b:c8:e6:
                    84:63:02:c6:fa:d7:05:4d:96:65:45:4a:60:1a:e1:
                    c8:7d:11:11:f1:21:d7:89:39:22:d3:fd:23:82:d3:
                    af:75:6b:d0:1e:29:28:37:3e:e0:47:36:f4:b0:9a:
                    57:fb:4f:4a:fa:4e:06:a8:b2:9b:b0:70:7e:1b:fc:
                    78:fc:88:bf:62:0b:93:d2:92:28:5a:dc:6d:4a:a2:
                    51:c1:be:a2:95:5d:4e:15:37:3c:a9:20:0e:34:e3:
                    44:99:71:b0:14:f2:8e:75:f1:97:80:36:0f:64:2c:
                    d0:89:87:dc:1d:fd:0d:ac:40:f3:b7:23:0d:ae:5a:
                    ea:c7:ea:6b:52:05:5b:c2:94:4d:6b:13:9b:58:59:
                    e2:c8:9c:f8:5b:d6:7b:90:25:44:a0:1d:7f:d9:6c:
                    34:53:dd:51:e8:86:aa:0d:ba:52:d3:05:96:97:9a:
                    33:41:9e:38:f9:fd:dc:77:3c:5a:4a:8b:d9:e2:9d:
                    b4:ba:93:d8:46:81:ac:43:ac:a5:49:f7:37:91:3a:
                    a7:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:10:70:AF:30:D4:F9:0D:CB:80:17:7F:A4:20:A4:49:56:49:F2:BF
            X509v3 Authority Key Identifier:
                keyid:83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/7xBwrzDU-Q3LgBd_pCCkSVZJ8r8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.133.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:4d:cb:e7:98:6f:13:29:d3:8f:62:77:fa:9b:1f:c8:ac:6f:
         df:f5:43:20:8a:dc:14:0c:d8:e0:7a:ab:5d:4a:59:a6:85:17:
         08:c0:51:4e:9e:1a:c6:d8:ee:7d:b1:f9:d6:58:da:06:f2:69:
         1d:64:8a:11:e6:16:10:0b:9e:05:f8:a5:28:f8:56:01:f1:b1:
         df:b4:43:d5:f2:b2:ce:45:24:b1:71:f8:08:4f:24:30:46:db:
         e6:04:97:45:3d:d3:12:af:62:88:e3:5f:2d:89:94:d7:af:7f:
         44:30:70:42:3d:91:41:1e:91:3e:10:11:84:ae:dd:3c:42:72:
         35:dc:1b:58:12:4e:c4:28:66:78:5f:2b:d7:88:d3:07:eb:77:
         95:a4:a2:a1:e5:f4:4e:f1:98:13:e0:e0:f5:8a:56:5c:4f:8c:
         41:5a:1f:c7:05:f8:8c:83:73:53:66:28:ad:0c:18:fe:71:33:
         39:9a:62:51:02:4e:0d:c8:32:5c:c0:59:2c:fe:45:4e:bc:5d:
         38:81:72:ad:a6:09:15:b6:b2:d1:e5:bb:ad:90:5d:c2:ff:91:
         2d:23:23:4c:f5:1c:d9:6c:42:90:14:99:4f:26:f6:a6:4a:b1:
         03:7b:6e:8b:e6:85:55:f0:3a:37:5a:54:64:59:38:57:c3:be:
         f1:02:7c:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsdHJkzhxfPju0Y4i5AFIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMzhlZjQxYjJjMDEwNWE5MWNjYmI5Yzg5MzM3ZmFlYjEy
OWZmODQwHhcNMjUwMTAxMTE0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjEwNzBhZjMwZDRmOTBkY2I4MDE3N2ZhNDIwYTQ0OTU2NDlmMmJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApj8qchqvaNn3zCI87q6JN1POx5S1
RodIdDcY2VJvAt5Px0tprcpMLjhq450mx87VHswT8AF9YCoLyOaEYwLG+tcFTZZl
RUpgGuHIfRER8SHXiTki0/0jgtOvdWvQHikoNz7gRzb0sJpX+09K+k4GqLKbsHB+
G/x4/Ii/YguT0pIoWtxtSqJRwb6ilV1OFTc8qSAONONEmXGwFPKOdfGXgDYPZCzQ
iYfcHf0NrEDztyMNrlrqx+prUgVbwpRNaxObWFniyJz4W9Z7kCVEoB1/2Ww0U91R
6IaqDbpS0wWWl5ozQZ44+f3cdzxaSovZ4p20upPYRoGsQ6ylSfc3kTqnkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO8QcK8w1PkNy4AXf6QgpElWSfK/MB8GA1UdIwQY
MBaAFIM470GywBBakcy7nIkzf66xKf+EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3Mzgt
MjhmYzc3OTY3NzYzLzEvN3hCd3J6RFUtUTNMZ0JkX3BDQ2tTVlpKOHI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3MzgtMjhmYzc3OTY3NzYz
LzEvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT4VoMA0G
CSqGSIb3DQEBCwUAA4IBAQBMTcvnmG8TKdOPYnf6mx/IrG/f9UMgitwUDNjgeqtd
SlmmhRcIwFFOnhrG2O59sfnWWNoG8mkdZIoR5hYQC54F+KUo+FYB8bHftEPV8rLO
RSSxcfgITyQwRtvmBJdFPdMSr2KI418tiZTXr39EMHBCPZFBHpE+EBGErt08QnI1
3BtYEk7EKGZ4XyvXiNMH63eVpKKh5fRO8ZgT4OD1ilZcT4xBWh/HBfiMg3NTZiit
DBj+cTM5mmJRAk4NyDJcwFks/kVOvF04gXKtpgkVtrLR5butkF3C/5EtIyNM9RzZ
bEKQFJlPJvamSrEDe26L5oVV8Do3WlRkWThXw77xAnyJ
-----END CERTIFICATE-----