Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/eZ1cRx3gybpqb2t5DIdc9lKoWSs.roa
File:                     eZ1cRx3gybpqb2t5DIdc9lKoWSs.roa (raw, json)
Hash identifier:          myxabJOxojQXN371FMx0a9t9OWL5caHOuMBYaxsxR4g=
Subject key identifier:   79:9D:5C:47:1D:E0:C9:BA:6A:6F:6B:79:0C:87:5C:F6:52:A8:59:2B
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       0196E7D370D7490E61B2D098F9350158A1B6
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/eZ1cRx3gybpqb2t5DIdc9lKoWSs.roa
Signing time:             Mon 19 May 2025 09:15:15 +0000
ROA not before:           Mon 19 May 2025 09:15:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213020
IP address blocks:        79.110.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:e7:d3:70:d7:49:0e:61:b2:d0:98:f9:35:01:58:a1:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: May 19 09:15:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=799d5c471de0c9ba6a6f6b790c875cf652a8592b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:0f:12:4e:16:e9:75:59:91:e4:76:91:0a:7c:
                    2f:84:54:9b:2c:fc:a7:4d:7e:dd:29:06:24:ca:0d:
                    f5:22:a5:91:81:2a:31:fe:c2:cc:e9:5c:4a:54:7f:
                    6f:82:1b:34:a6:ae:ed:9e:f4:64:dc:b3:e7:48:c2:
                    28:9e:6e:28:72:6e:74:14:81:45:cd:2b:20:34:fd:
                    d3:fd:c2:33:01:32:f3:c8:3f:07:54:f0:c6:32:00:
                    9e:1d:8d:83:d0:30:69:0f:fe:56:d1:4f:98:11:12:
                    a6:65:75:c5:a9:b6:83:b1:d8:aa:b8:e0:f5:8d:ad:
                    90:1d:c0:60:db:64:ca:d7:7a:46:63:d1:db:8a:64:
                    8b:45:22:e4:f4:79:85:94:66:bf:d3:9f:0c:25:8d:
                    99:18:25:c9:dc:21:88:68:47:70:33:5e:b2:17:c7:
                    71:ff:7d:12:0a:90:0c:16:ea:61:2e:68:4c:f3:db:
                    66:f9:e8:22:61:c3:c7:12:c0:b1:3d:92:92:20:af:
                    b4:49:41:9c:f3:e3:bd:c9:f8:f2:b0:d0:3b:7b:89:
                    1d:79:85:49:6c:3d:d6:81:a9:01:84:07:80:88:cb:
                    8d:c7:d3:47:55:55:f1:4c:ac:f1:84:e5:20:12:75:
                    81:ae:b5:09:36:a8:6b:3a:de:0b:bf:35:79:31:6f:
                    90:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:9D:5C:47:1D:E0:C9:BA:6A:6F:6B:79:0C:87:5C:F6:52:A8:59:2B
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/eZ1cRx3gybpqb2t5DIdc9lKoWSs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.110.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:27:a6:0d:b9:17:45:47:ab:1c:23:58:a9:de:cf:c3:df:5f:
         54:9a:d7:be:51:5b:8d:34:e3:8c:13:dc:35:da:83:9f:4e:79:
         6a:69:dd:32:24:bc:06:1f:fc:68:e7:3c:3e:82:37:ea:c3:9d:
         a6:8c:35:3e:8d:2b:54:f1:39:f5:3a:a7:f5:de:26:1a:f8:a1:
         7e:82:57:ba:9f:65:8b:ce:bc:db:85:16:81:d6:20:e5:fb:80:
         7d:0e:44:ea:14:7c:f1:80:11:45:28:fd:f1:0d:24:98:61:c2:
         39:5c:8f:94:f7:6d:23:bc:f7:22:59:3e:89:6f:99:22:a8:83:
         ef:9e:78:06:ef:10:ab:e8:84:dc:4d:c1:29:1a:95:f6:7f:ee:
         69:70:cb:45:a0:6f:90:a4:94:3a:59:47:d9:a5:46:24:0e:89:
         4e:f3:7d:7b:a4:6c:9b:33:73:5f:48:02:e4:e4:77:05:ed:b2:
         dd:7f:2b:4b:09:ee:24:ae:89:00:04:7e:f3:8e:2f:9c:1f:03:
         0e:c0:7a:04:a2:ad:7e:5d:79:62:37:27:a9:88:e0:9b:c9:73:
         3d:27:4f:5d:8b:c5:29:cb:03:a7:71:8e:a3:77:2b:40:65:40:
         61:51:53:9c:49:9b:0a:4b:3f:2e:94:c1:32:cb:b1:18:a0:73:
         11:35:51:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbn03DXSQ5hstCY+TUBWKG2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjUwNTE5MDkxNTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTlkNWM0NzFkZTBjOWJhNmE2ZjZiNzkwYzg3NWNmNjUyYTg1OTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyA8SThbpdVmR5HaRCnwvhFSbLPyn
TX7dKQYkyg31IqWRgSox/sLM6VxKVH9vghs0pq7tnvRk3LPnSMIonm4ocm50FIFF
zSsgNP3T/cIzATLzyD8HVPDGMgCeHY2D0DBpD/5W0U+YERKmZXXFqbaDsdiquOD1
ja2QHcBg22TK13pGY9HbimSLRSLk9HmFlGa/058MJY2ZGCXJ3CGIaEdwM16yF8dx
/30SCpAMFuphLmhM89tm+egiYcPHEsCxPZKSIK+0SUGc8+O9yfjysNA7e4kdeYVJ
bD3WgakBhAeAiMuNx9NHVVXxTKzxhOUgEnWBrrUJNqhrOt4LvzV5MW+QjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHmdXEcd4Mm6am9reQyHXPZSqFkrMB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvZVoxY1J4M2d5YnBxYjJ0NURJZGM5bEtvV1NzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT27oMA0G
CSqGSIb3DQEBCwUAA4IBAQAXJ6YNuRdFR6scI1ip3s/D319Umte+UVuNNOOME9w1
2oOfTnlqad0yJLwGH/xo5zw+gjfqw52mjDU+jStU8Tn1Oqf13iYa+KF+gle6n2WL
zrzbhRaB1iDl+4B9DkTqFHzxgBFFKP3xDSSYYcI5XI+U920jvPciWT6Jb5kiqIPv
nngG7xCr6ITcTcEpGpX2f+5pcMtFoG+QpJQ6WUfZpUYkDolO8317pGybM3NfSALk
5HcF7bLdfytLCe4krokABH7zji+cHwMOwHoEoq1+XXliNyepiOCbyXM9J09di8Up
ywOncY6jdytAZUBhUVOcSZsKSz8ulMEyy7EYoHMRNVG6
-----END CERTIFICATE-----