Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/442e17-4198-435b-96f4-6467f44b43bf/1/B-nM1GTMLKr4Gk1KLpOo23YK3j8.roa
File:                     B-nM1GTMLKr4Gk1KLpOo23YK3j8.roa (raw, json)
Hash identifier:          0wOg2hC46+mvVWLdy3l+GE8WwSTmGrLshzLKyEpaIwQ=
Subject key identifier:   07:E9:CC:D4:64:CC:2C:AA:F8:1A:4D:4A:2E:93:A8:DB:76:0A:DE:3F
Certificate issuer:       /CN=df904155ee3acfe3fea8bbfee86e97c58c8991f4
Certificate serial:       019427B5C9CBE635D3177962B647A469662D
Authority key identifier: DF:90:41:55:EE:3A:CF:E3:FE:A8:BB:FE:E8:6E:97:C5:8C:89:91:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/35BBVe46z-P-qLv-6G6XxYyJkfQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/442e17-4198-435b-96f4-6467f44b43bf/1/B-nM1GTMLKr4Gk1KLpOo23YK3j8.roa
Signing time:             Thu 02 Jan 2025 15:50:12 +0000
ROA not before:           Thu 02 Jan 2025 15:50:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60793
IP address blocks:        79.99.194.192/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/442e17-4198-435b-96f4-6467f44b43bf/1/35BBVe46z-P-qLv-6G6XxYyJkfQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/442e17-4198-435b-96f4-6467f44b43bf/1/35BBVe46z-P-qLv-6G6XxYyJkfQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/35BBVe46z-P-qLv-6G6XxYyJkfQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 12:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:c9:cb:e6:35:d3:17:79:62:b6:47:a4:69:66:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df904155ee3acfe3fea8bbfee86e97c58c8991f4
        Validity
            Not Before: Jan  2 15:50:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=07e9ccd464cc2caaf81a4d4a2e93a8db760ade3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:90:39:49:9a:54:b6:71:e4:3e:7b:ff:b9:a6:
                    3c:62:6a:4a:b1:dd:6c:a1:70:82:9d:6f:93:54:b5:
                    3f:2d:95:cd:fa:9f:9b:c3:ec:de:71:46:24:21:bc:
                    4b:b6:90:2a:0d:67:7e:19:3e:f5:86:e8:92:dc:14:
                    99:c4:f8:13:e9:8f:a4:2c:08:0a:a3:83:ba:67:3b:
                    db:17:5c:7d:68:52:e2:d3:6f:78:65:5b:34:05:0b:
                    0e:69:c8:47:1b:19:90:c0:3e:88:ab:43:d3:0a:a2:
                    5c:21:9f:44:5e:11:1f:08:a4:a5:17:2b:f4:b7:e3:
                    f4:52:a0:63:95:29:dd:57:f4:33:de:f8:6f:29:24:
                    c0:cc:e8:92:a3:51:b1:03:d6:38:4e:c7:a8:77:92:
                    58:60:e9:05:21:a1:71:78:26:d7:de:c5:4b:1c:ac:
                    18:d7:cd:95:b6:18:3d:5d:10:4a:e4:da:08:a2:43:
                    6b:f1:52:6e:d0:3e:df:b6:82:b1:26:75:fa:ce:2a:
                    9e:e1:98:63:93:f7:63:c9:42:d8:a8:1e:ed:6f:e3:
                    8b:9e:59:cf:ce:96:eb:e4:63:72:60:dc:a2:6f:c4:
                    59:3a:a9:fc:ff:91:d6:b4:45:b5:f8:0a:ac:6d:64:
                    e7:80:f0:a6:3c:4c:0e:24:ec:ed:02:cd:77:d7:46:
                    5b:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:E9:CC:D4:64:CC:2C:AA:F8:1A:4D:4A:2E:93:A8:DB:76:0A:DE:3F
            X509v3 Authority Key Identifier:
                keyid:DF:90:41:55:EE:3A:CF:E3:FE:A8:BB:FE:E8:6E:97:C5:8C:89:91:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/35BBVe46z-P-qLv-6G6XxYyJkfQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/442e17-4198-435b-96f4-6467f44b43bf/1/B-nM1GTMLKr4Gk1KLpOo23YK3j8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/442e17-4198-435b-96f4-6467f44b43bf/1/35BBVe46z-P-qLv-6G6XxYyJkfQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.99.194.192/29

    Signature Algorithm: sha256WithRSAEncryption
         37:6c:8f:44:33:9c:32:13:3f:4d:ed:c2:d5:58:4a:70:8d:af:
         b9:7c:7e:c7:ad:ac:13:21:fd:2e:d4:45:2c:8d:5d:41:af:f3:
         76:52:0c:9c:9a:46:7e:ef:4b:f6:5c:64:e2:73:6d:8e:7c:5a:
         69:66:29:68:53:5e:27:4d:9e:99:8a:d8:95:23:d7:41:d6:d7:
         3e:10:4c:53:5f:1f:f2:6f:a5:f9:78:9b:ca:4d:70:37:5a:22:
         02:01:c7:ce:d5:46:c0:b3:11:76:ca:a4:b7:a4:aa:47:86:c1:
         2a:dc:3d:4e:a0:a3:93:15:29:fb:aa:91:ef:2c:e0:53:e1:5a:
         42:4c:5e:7f:e6:b0:1f:f9:ea:2f:9d:90:70:b4:f3:19:03:24:
         42:6e:5d:ab:62:d0:1d:a8:e2:bd:bb:6a:33:da:f1:20:e6:4d:
         8f:54:df:be:e0:fa:9b:22:1d:25:e4:00:ee:1d:a0:45:15:06:
         50:c2:e0:18:13:9e:2e:cb:74:a1:81:d6:c9:1b:8b:57:90:7e:
         db:7b:b0:80:e1:0d:02:0f:c0:28:e8:9c:60:e2:18:40:6b:f2:
         05:a7:23:57:0b:1b:ed:15:86:d9:fe:84:4e:b4:3a:78:94:4e:
         43:82:77:36:f0:55:62:67:8b:52:f9:3b:6f:e1:0b:d0:a5:96:
         0e:ba:c6:5e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQntcnL5jXTF3litkekaWYtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmOTA0MTU1ZWUzYWNmZTNmZWE4YmJmZWU4NmU5N2M1OGM4
OTkxZjQwHhcNMjUwMTAyMTU1MDEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2U5Y2NkNDY0Y2MyY2FhZjgxYTRkNGEyZTkzYThkYjc2MGFkZTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZA5SZpUtnHkPnv/uaY8YmpKsd1s
oXCCnW+TVLU/LZXN+p+bw+zecUYkIbxLtpAqDWd+GT71huiS3BSZxPgT6Y+kLAgK
o4O6ZzvbF1x9aFLi0294ZVs0BQsOachHGxmQwD6Iq0PTCqJcIZ9EXhEfCKSlFyv0
t+P0UqBjlSndV/Qz3vhvKSTAzOiSo1GxA9Y4Tseod5JYYOkFIaFxeCbX3sVLHKwY
182Vthg9XRBK5NoIokNr8VJu0D7ftoKxJnX6ziqe4Zhjk/djyULYqB7tb+OLnlnP
zpbr5GNyYNyib8RZOqn8/5HWtEW1+AqsbWTngPCmPEwOJOztAs1310ZbhwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFAfpzNRkzCyq+BpNSi6TqNt2Ct4/MB8GA1UdIwQY
MBaAFN+QQVXuOs/j/qi7/uhul8WMiZH0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzVCQlZlNDZ6LVAtcUx2LTZHNlh4WXlKa2ZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS80NDJlMTctNDE5OC00MzViLTk2ZjQt
NjQ2N2Y0NGI0M2JmLzEvQi1uTTFHVE1MS3I0R2sxS0xwT28yM1lLM2o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS80NDJlMTctNDE5OC00MzViLTk2ZjQtNjQ2N2Y0NGI0M2Jm
LzEvMzVCQlZlNDZ6LVAtcUx2LTZHNlh4WXlKa2ZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUDT2PCwDAN
BgkqhkiG9w0BAQsFAAOCAQEAN2yPRDOcMhM/Te3C1VhKcI2vuXx+x62sEyH9LtRF
LI1dQa/zdlIMnJpGfu9L9lxk4nNtjnxaaWYpaFNeJ02emYrYlSPXQdbXPhBMU18f
8m+l+Xibyk1wN1oiAgHHztVGwLMRdsqkt6SqR4bBKtw9TqCjkxUp+6qR7yzgU+Fa
Qkxef+awH/nqL52QcLTzGQMkQm5dq2LQHajivbtqM9rxIOZNj1TfvuD6myIdJeQA
7h2gRRUGUMLgGBOeLst0oYHWyRuLV5B+23uwgOENAg/AKOicYOIYQGvyBacjVwsb
7RWG2f6ETrQ6eJROQ4J3NvBVYmeLUvk7b+EL0KWWDrrGXg==
-----END CERTIFICATE-----