Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/2406ab-3bcb-41bc-a942-368608385883/1/ePEq_iR8SghIv87pTKid6AVEFNA.roa
File:                     ePEq_iR8SghIv87pTKid6AVEFNA.roa (raw, json)
Hash identifier:          JKXKaBC2B7MQ6+tg8cpfMIILPOh/OoQhr9iR79J36DU=
Subject key identifier:   78:F1:2A:FE:24:7C:4A:08:48:BF:CE:E9:4C:A8:9D:E8:05:44:14:D0
Certificate issuer:       /CN=c0747fbe26c9cdd7628adfedb57b78be8de75e29
Certificate serial:       019423D72A854136BD9E4EEC7070F46B4B6D
Authority key identifier: C0:74:7F:BE:26:C9:CD:D7:62:8A:DF:ED:B5:7B:78:BE:8D:E7:5E:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wHR_vibJzddiit_ttXt4vo3nXik.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/2406ab-3bcb-41bc-a942-368608385883/1/ePEq_iR8SghIv87pTKid6AVEFNA.roa
Signing time:             Wed 01 Jan 2025 21:48:11 +0000
ROA not before:           Wed 01 Jan 2025 21:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15169
IP address blocks:        2a00:79e0::/31 maxlen: 48
                          2a00:79e1:380::/42 maxlen: 48
                          2a00:79e1:f00::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/2406ab-3bcb-41bc-a942-368608385883/1/wHR_vibJzddiit_ttXt4vo3nXik.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/2406ab-3bcb-41bc-a942-368608385883/1/wHR_vibJzddiit_ttXt4vo3nXik.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wHR_vibJzddiit_ttXt4vo3nXik.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:2a:85:41:36:bd:9e:4e:ec:70:70:f4:6b:4b:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c0747fbe26c9cdd7628adfedb57b78be8de75e29
        Validity
            Not Before: Jan  1 21:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=78f12afe247c4a0848bfcee94ca89de8054414d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:d9:5a:27:ec:aa:be:75:f3:60:76:98:df:bf:
                    8b:96:22:7e:fe:18:b4:e0:09:16:04:41:cb:26:59:
                    8c:8c:ec:d6:79:97:c6:0a:b3:30:4e:7f:8b:b4:34:
                    9a:b9:00:4e:16:7b:a4:c1:65:b9:7d:59:1b:cd:a3:
                    8b:83:7e:3a:d9:bb:4e:c8:bf:42:96:41:49:9a:1a:
                    9b:88:6d:67:42:a5:7b:f3:f3:bc:6b:cd:93:e8:d1:
                    83:1e:45:0b:2a:62:c3:db:ae:50:c9:ec:b5:c4:65:
                    6f:d0:f3:26:39:ed:50:0b:aa:ef:4f:31:f3:55:8f:
                    ea:33:04:a8:76:ea:09:c7:73:71:d7:85:0b:d1:b8:
                    fd:e5:dd:65:c5:e9:13:35:18:08:4a:52:23:8b:de:
                    43:dc:75:5d:cf:ba:86:b4:62:8a:b4:9e:cc:1f:a6:
                    6a:d8:77:0c:25:44:28:74:25:0f:78:46:ef:4d:0a:
                    c0:78:7b:68:15:19:6f:89:4d:db:57:d0:bf:d7:db:
                    66:52:ff:1c:29:aa:55:f0:d0:79:22:4a:e1:95:0b:
                    e7:56:e0:3c:e5:5b:56:7c:7d:5d:32:b2:1f:58:e1:
                    89:aa:af:86:8c:9d:e3:6e:fa:2e:ed:a2:e7:37:bf:
                    07:d8:16:6b:d2:f3:03:13:39:ff:0e:f1:46:41:a2:
                    b3:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:F1:2A:FE:24:7C:4A:08:48:BF:CE:E9:4C:A8:9D:E8:05:44:14:D0
            X509v3 Authority Key Identifier:
                keyid:C0:74:7F:BE:26:C9:CD:D7:62:8A:DF:ED:B5:7B:78:BE:8D:E7:5E:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wHR_vibJzddiit_ttXt4vo3nXik.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/2406ab-3bcb-41bc-a942-368608385883/1/ePEq_iR8SghIv87pTKid6AVEFNA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/2406ab-3bcb-41bc-a942-368608385883/1/wHR_vibJzddiit_ttXt4vo3nXik.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:79e0::/31

    Signature Algorithm: sha256WithRSAEncryption
         70:0a:d6:28:b7:a1:b1:be:00:07:8d:e2:fb:aa:a0:26:ce:fb:
         3d:95:d9:52:95:7d:b7:83:34:c0:68:33:39:2a:5b:77:86:29:
         83:d5:82:8c:2c:95:86:2d:13:98:cc:ff:a8:3e:42:0a:84:28:
         4a:af:4f:00:85:48:23:3a:ad:d1:6e:b8:65:a0:3d:80:57:ff:
         4f:0c:7a:5c:f2:b9:73:d5:0f:68:bc:5a:ef:43:83:36:82:6b:
         8c:90:e2:3d:eb:1c:8a:7f:79:a9:e9:03:0a:9e:07:12:7e:20:
         d3:68:89:4a:4d:0f:cc:a9:33:86:3d:d3:ec:4e:08:e0:4c:07:
         d1:10:ae:9c:e4:7e:6d:32:a6:bf:e7:1a:6e:d8:29:f4:3b:88:
         3d:15:a9:4f:47:a0:cd:bf:b8:1c:b6:e8:d9:b1:86:f8:bc:43:
         84:1c:4f:93:b5:9f:84:05:73:e5:f7:63:9d:6f:0e:81:55:5f:
         c0:cc:fa:6b:78:79:15:5c:c0:e7:c0:8d:93:6a:56:bd:44:19:
         b7:28:73:64:fd:45:7e:da:f3:18:9d:fd:5f:eb:09:eb:db:68:
         98:5d:3c:9c:82:c2:61:87:5e:6d:bd:fd:d2:f5:65:96:f4:e4:
         de:7c:59:79:7b:d4:31:9c:15:ea:a8:f0:76:d5:f3:fb:c2:c5:
         db:96:d8:a5
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQj1yqFQTa9nk7scHD0a0ttMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwNzQ3ZmJlMjZjOWNkZDc2MjhhZGZlZGI1N2I3OGJlOGRl
NzVlMjkwHhcNMjUwMTAxMjE0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OGYxMmFmZTI0N2M0YTA4NDhiZmNlZTk0Y2E4OWRlODA1NDQxNGQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4dlaJ+yqvnXzYHaY37+LliJ+/hi0
4AkWBEHLJlmMjOzWeZfGCrMwTn+LtDSauQBOFnukwWW5fVkbzaOLg3462btOyL9C
lkFJmhqbiG1nQqV78/O8a82T6NGDHkULKmLD265Qyey1xGVv0PMmOe1QC6rvTzHz
VY/qMwSoduoJx3Nx14UL0bj95d1lxekTNRgISlIji95D3HVdz7qGtGKKtJ7MH6Zq
2HcMJUQodCUPeEbvTQrAeHtoFRlviU3bV9C/19tmUv8cKapV8NB5IkrhlQvnVuA8
5VtWfH1dMrIfWOGJqq+GjJ3jbvou7aLnN78H2BZr0vMDEzn/DvFGQaKz4QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHjxKv4kfEoISL/O6UyonegFRBTQMB8GA1UdIwQY
MBaAFMB0f74myc3XYorf7bV7eL6N514pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0hSX3ZpYkp6ZGRpaXRfdHRYdDR2bzNuWGlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC8yNDA2YWItM2JjYi00MWJjLWE5NDIt
MzY4NjA4Mzg1ODgzLzEvZVBFcV9pUjhTZ2hJdjg3cFRLaWQ2QVZFRk5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC8yNDA2YWItM2JjYi00MWJjLWE5NDItMzY4NjA4Mzg1ODgz
LzEvd0hSX3ZpYkp6ZGRpaXRfdHRYdDR2bzNuWGlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUBKgB54DAN
BgkqhkiG9w0BAQsFAAOCAQEAcArWKLehsb4AB43i+6qgJs77PZXZUpV9t4M0wGgz
OSpbd4Ypg9WCjCyVhi0TmMz/qD5CCoQoSq9PAIVIIzqt0W64ZaA9gFf/Twx6XPK5
c9UPaLxa70ODNoJrjJDiPescin95qekDCp4HEn4g02iJSk0PzKkzhj3T7E4I4EwH
0RCunOR+bTKmv+cabtgp9DuIPRWpT0egzb+4HLbo2bGG+LxDhBxPk7WfhAVz5fdj
nW8OgVVfwMz6a3h5FVzA58CNk2pWvUQZtyhzZP1FftrzGJ39X+sJ69tomF08nILC
YYdebb390vVllvTk3nxZeXvUMZwV6qjwdtXz+8LF25bYpQ==
-----END CERTIFICATE-----