Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/MiH69dfcyCIB23Qa5GvglWS530s.roa
File:                     MiH69dfcyCIB23Qa5GvglWS530s.roa (raw, json)
Hash identifier:          ib+HOhPLu/yX/AwfYmsfgR2RDO6fgoZuxLt0/b+SAbc=
Subject key identifier:   32:21:FA:F5:D7:DC:C8:22:01:DB:74:1A:E4:6B:E0:95:64:B9:DF:4B
Certificate issuer:       /CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
Certificate serial:       019421B1D4D945AD87EFC561C8848AA5257A
Authority key identifier: 83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/MiH69dfcyCIB23Qa5GvglWS530s.roa
Signing time:             Wed 01 Jan 2025 11:48:09 +0000
ROA not before:           Wed 01 Jan 2025 11:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201247
IP address blocks:        79.133.97.0/24 maxlen: 24
                          185.13.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:d4:d9:45:ad:87:ef:c5:61:c8:84:8a:a5:25:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
        Validity
            Not Before: Jan  1 11:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3221faf5d7dcc82201db741ae46be09564b9df4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:e3:fe:39:31:38:89:68:2d:13:53:13:ee:53:
                    84:85:be:6f:ef:37:a8:35:8b:23:fc:2e:3d:8c:31:
                    3d:b7:ac:66:cd:c7:cc:0a:e4:63:f2:13:ac:35:12:
                    e1:c7:c5:a0:a0:7a:db:89:a7:6a:e2:c1:6f:ec:97:
                    69:1c:88:38:e5:ae:0a:32:6a:aa:66:50:0e:90:af:
                    97:4a:74:1d:8e:3e:21:3f:09:5e:6b:dd:0e:a6:48:
                    4d:2d:3f:2b:23:85:2c:3c:e4:ad:6f:36:65:f1:f3:
                    be:c2:5a:75:1f:18:b0:6a:ce:73:1e:a3:c1:ca:25:
                    b4:34:00:4c:d1:1b:fc:7b:d2:2d:31:ed:b5:e4:40:
                    ae:46:b3:8b:18:2c:7e:7e:b2:4c:b6:5c:22:bc:37:
                    45:48:f1:00:39:1c:30:fa:42:ec:ad:82:60:04:29:
                    06:b8:25:5c:10:36:19:f5:0c:2d:b5:b7:5b:fa:0e:
                    eb:f7:af:f6:7a:5a:2a:4f:71:09:78:ea:d5:9e:80:
                    06:71:70:8e:66:12:7d:86:de:21:28:93:02:1d:97:
                    92:dc:d6:41:90:73:96:89:c4:24:7b:0f:1e:25:6e:
                    9c:1f:5d:66:68:98:23:d6:5a:ed:2b:78:f1:b8:3e:
                    93:a1:da:3d:c7:a4:2a:bb:05:43:c8:fb:65:d5:0f:
                    89:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:21:FA:F5:D7:DC:C8:22:01:DB:74:1A:E4:6B:E0:95:64:B9:DF:4B
            X509v3 Authority Key Identifier:
                keyid:83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/MiH69dfcyCIB23Qa5GvglWS530s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.133.97.0/24
                  185.13.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:96:73:93:a7:f6:c2:93:09:12:99:22:cb:6f:f2:a8:e5:82:
         ae:68:12:1b:a3:e7:56:5a:56:59:c8:5d:09:6b:61:e8:90:66:
         33:97:0f:78:8d:0b:7a:bb:b0:d8:d1:58:9d:e7:a1:e3:0b:92:
         53:19:f4:e1:bb:bf:bd:d4:8f:6a:7e:b3:31:0b:98:41:69:ae:
         95:3c:cd:7c:4f:81:d0:33:26:64:9a:03:9b:38:55:95:fd:4b:
         e0:48:87:93:a9:49:9e:69:66:57:7b:98:f0:ad:91:80:0d:bb:
         6f:cc:f6:65:c8:f3:b6:30:7d:6f:54:ff:ab:de:56:48:b9:ab:
         e6:71:a8:51:20:08:96:9c:0c:4a:b3:1b:92:48:b7:af:81:17:
         fe:45:47:0f:f9:fb:76:a5:72:37:5f:34:64:9d:6e:3c:05:b7:
         03:6e:06:1b:60:25:69:dd:9e:4e:46:cd:b7:a9:88:e3:93:5c:
         34:00:a6:6b:d4:73:c9:95:52:e6:b0:3e:ab:58:81:be:15:b6:
         a9:34:f2:2e:79:1c:ca:cb:6f:39:8c:4e:58:da:18:d2:79:a8:
         a0:34:3a:26:42:02:b8:33:cc:52:a0:8b:78:fa:59:a8:ce:f0:
         ed:e3:2b:57:42:30:ba:fa:55:56:9f:af:47:c4:07:c4:c1:e2:
         0b:48:56:a4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhsdTZRa2H78VhyISKpSV6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMzhlZjQxYjJjMDEwNWE5MWNjYmI5Yzg5MzM3ZmFlYjEy
OWZmODQwHhcNMjUwMTAxMTE0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjIxZmFmNWQ3ZGNjODIyMDFkYjc0MWFlNDZiZTA5NTY0YjlkZjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+P+OTE4iWgtE1MT7lOEhb5v7zeo
NYsj/C49jDE9t6xmzcfMCuRj8hOsNRLhx8WgoHrbiadq4sFv7JdpHIg45a4KMmqq
ZlAOkK+XSnQdjj4hPwlea90OpkhNLT8rI4UsPOStbzZl8fO+wlp1Hxiwas5zHqPB
yiW0NABM0Rv8e9ItMe215ECuRrOLGCx+frJMtlwivDdFSPEAORww+kLsrYJgBCkG
uCVcEDYZ9Qwttbdb+g7r96/2eloqT3EJeOrVnoAGcXCOZhJ9ht4hKJMCHZeS3NZB
kHOWicQkew8eJW6cH11maJgj1lrtK3jxuD6Todo9x6QquwVDyPtl1Q+JwQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDIh+vXX3MgiAdt0GuRr4JVkud9LMB8GA1UdIwQY
MBaAFIM470GywBBakcy7nIkzf66xKf+EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3Mzgt
MjhmYzc3OTY3NzYzLzEvTWlINjlkZmN5Q0lCMjNRYTVHdmdsV1M1MzBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3MzgtMjhmYzc3OTY3NzYz
LzEvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAT4VhAwQA
uQ0iMA0GCSqGSIb3DQEBCwUAA4IBAQArlnOTp/bCkwkSmSLLb/Ko5YKuaBIbo+dW
WlZZyF0Ja2HokGYzlw94jQt6u7DY0Vid56HjC5JTGfThu7+91I9qfrMxC5hBaa6V
PM18T4HQMyZkmgObOFWV/UvgSIeTqUmeaWZXe5jwrZGADbtvzPZlyPO2MH1vVP+r
3lZIuavmcahRIAiWnAxKsxuSSLevgRf+RUcP+ft2pXI3XzRknW48BbcDbgYbYCVp
3Z5ORs23qYjjk1w0AKZr1HPJlVLmsD6rWIG+FbapNPIueRzKy285jE5Y2hjSeaig
NDomQgK4M8xSoIt4+lmozvDt4ytXQjC6+lVWn69HxAfEweILSFak
-----END CERTIFICATE-----