Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/958fef-0d55-4c00-be8a-cc580521d00f/1/UyiCJXS5zLJCJ-mb2r3uZMMtApg.roa
File:                     UyiCJXS5zLJCJ-mb2r3uZMMtApg.roa (raw, json)
Hash identifier:          6+o4TOXaHYgYpVjpt7E7at5geUDl0m5s/WhQVOEUlU0=
Subject key identifier:   53:28:82:25:74:B9:CC:B2:42:27:E9:9B:DA:BD:EE:64:C3:2D:02:98
Certificate issuer:       /CN=87943cb86e3a703813778fab790d65f0da21615a
Certificate serial:       019619CDFC78B5481D914EDD4B634307FAF4
Authority key identifier: 87:94:3C:B8:6E:3A:70:38:13:77:8F:AB:79:0D:65:F0:DA:21:61:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h5Q8uG46cDgTd4-reQ1l8NohYVo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/958fef-0d55-4c00-be8a-cc580521d00f/1/UyiCJXS5zLJCJ-mb2r3uZMMtApg.roa
Signing time:             Wed 09 Apr 2025 09:07:32 +0000
ROA not before:           Wed 09 Apr 2025 09:07:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43882
IP address blocks:        79.133.160.0/21 maxlen: 24
                          79.133.172.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/958fef-0d55-4c00-be8a-cc580521d00f/1/h5Q8uG46cDgTd4-reQ1l8NohYVo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/958fef-0d55-4c00-be8a-cc580521d00f/1/h5Q8uG46cDgTd4-reQ1l8NohYVo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h5Q8uG46cDgTd4-reQ1l8NohYVo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 15:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:19:cd:fc:78:b5:48:1d:91:4e:dd:4b:63:43:07:fa:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=87943cb86e3a703813778fab790d65f0da21615a
        Validity
            Not Before: Apr  9 09:07:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5328822574b9ccb24227e99bdabdee64c32d0298
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:cc:34:92:4f:d9:ed:95:45:2c:e8:73:30:5f:
                    2b:3f:3d:57:8c:84:e8:20:34:48:71:60:8c:cc:b5:
                    56:33:d1:fa:fa:cd:07:ac:4b:01:2c:14:e9:59:08:
                    70:7c:21:7c:8e:ba:69:09:28:18:2f:cd:47:bd:f6:
                    63:ef:c2:ca:60:c8:cd:79:e9:d9:98:27:44:10:aa:
                    ad:65:15:b5:5c:d8:3c:22:01:9b:d0:4b:6e:b8:6d:
                    2d:b4:bd:0c:78:ee:9a:d1:18:40:ab:4f:65:e7:0c:
                    ae:a0:54:15:96:3b:ad:ac:57:e2:62:71:96:1b:f6:
                    f0:d5:17:42:3b:f7:66:cb:bd:e7:70:52:67:87:55:
                    b8:e0:f9:0e:8f:da:8b:57:f3:8c:50:71:3d:13:93:
                    99:68:a8:f8:a5:ff:5e:0c:b3:16:48:f0:2c:af:cd:
                    42:7e:73:90:88:3f:08:e2:97:26:5d:70:70:5a:2a:
                    d7:17:e5:60:3e:d0:73:69:4a:d3:3c:3f:a3:02:24:
                    86:5b:6d:09:15:02:ec:c6:9a:1f:3c:fb:aa:ad:1d:
                    bb:d9:cd:88:ed:eb:02:b6:47:04:19:da:f0:7f:d5:
                    bc:f0:a6:c7:70:bf:88:bf:16:1f:43:8b:af:1d:28:
                    9f:77:18:1f:cb:54:fe:b6:29:9c:f7:d3:a9:40:db:
                    6c:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:28:82:25:74:B9:CC:B2:42:27:E9:9B:DA:BD:EE:64:C3:2D:02:98
            X509v3 Authority Key Identifier:
                keyid:87:94:3C:B8:6E:3A:70:38:13:77:8F:AB:79:0D:65:F0:DA:21:61:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h5Q8uG46cDgTd4-reQ1l8NohYVo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/958fef-0d55-4c00-be8a-cc580521d00f/1/UyiCJXS5zLJCJ-mb2r3uZMMtApg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/958fef-0d55-4c00-be8a-cc580521d00f/1/h5Q8uG46cDgTd4-reQ1l8NohYVo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.133.160.0/21
                  79.133.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6c:70:6e:5e:4d:eb:ed:48:1c:52:26:97:10:63:d3:72:bd:72:
         84:cd:2f:84:ac:74:fa:d6:bd:e2:87:00:38:27:62:01:4a:b7:
         d8:67:fe:39:ae:9e:2e:ec:4d:22:df:40:14:6b:af:7b:c9:f2:
         de:81:c6:8a:83:6e:38:f8:29:15:88:83:b0:1c:76:9e:ce:19:
         aa:21:49:df:b1:73:fd:30:fb:fc:28:29:9f:5d:91:54:67:ef:
         93:12:ec:01:00:e1:ae:ca:9b:ce:09:06:8c:65:23:99:60:c8:
         3c:a2:6b:f7:37:57:f5:cb:bc:95:15:de:1c:1d:5e:47:bb:88:
         e3:a3:34:f1:51:68:64:7a:84:7a:62:ad:06:55:e3:f6:b2:ad:
         d0:f1:21:4c:4b:56:28:be:d7:0e:1e:ae:eb:62:51:10:1d:4d:
         0d:2d:83:22:5c:41:f6:d6:1f:09:78:12:97:4f:67:c6:96:16:
         6f:01:a9:24:d5:07:6a:a1:3d:d9:f5:b7:bf:55:5b:de:6a:38:
         22:91:ef:d4:c7:13:ae:af:11:59:8f:ce:cb:b4:40:bb:fe:be:
         08:db:17:56:15:c2:98:1b:bd:be:16:0f:98:5c:bd:ad:34:84:
         9a:f7:ae:18:64:67:df:0e:e7:4a:60:15:2a:01:ef:07:23:c2:
         1b:c7:d9:e8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZYZzfx4tUgdkU7dS2NDB/r0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3OTQzY2I4NmUzYTcwMzgxMzc3OGZhYjc5MGQ2NWYwZGEy
MTYxNWEwHhcNMjUwNDA5MDkwNzMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzI4ODIyNTc0YjljY2IyNDIyN2U5OWJkYWJkZWU2NGMzMmQwMjk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwsw0kk/Z7ZVFLOhzMF8rPz1XjITo
IDRIcWCMzLVWM9H6+s0HrEsBLBTpWQhwfCF8jrppCSgYL81HvfZj78LKYMjNeenZ
mCdEEKqtZRW1XNg8IgGb0EtuuG0ttL0MeO6a0RhAq09l5wyuoFQVljutrFfiYnGW
G/bw1RdCO/dmy73ncFJnh1W44PkOj9qLV/OMUHE9E5OZaKj4pf9eDLMWSPAsr81C
fnOQiD8I4pcmXXBwWirXF+VgPtBzaUrTPD+jAiSGW20JFQLsxpofPPuqrR272c2I
7esCtkcEGdrwf9W88KbHcL+IvxYfQ4uvHSifdxgfy1T+timc99OpQNtsyQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFMogiV0ucyyQifpm9q97mTDLQKYMB8GA1UdIwQY
MBaAFIeUPLhuOnA4E3ePq3kNZfDaIWFaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDVROHVHNDZjRGdUZDQtcmVRMWw4Tm9oWVZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi85NThmZWYtMGQ1NS00YzAwLWJlOGEt
Y2M1ODA1MjFkMDBmLzEvVXlpQ0pYUzV6TEpDSi1tYjJyM3VaTU10QXBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi85NThmZWYtMGQ1NS00YzAwLWJlOGEtY2M1ODA1MjFkMDBm
LzEvaDVROHVHNDZjRGdUZDQtcmVRMWw4Tm9oWVZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDT4WgAwQC
T4WsMA0GCSqGSIb3DQEBCwUAA4IBAQBscG5eTevtSBxSJpcQY9NyvXKEzS+ErHT6
1r3ihwA4J2IBSrfYZ/45rp4u7E0i30AUa697yfLegcaKg244+CkViIOwHHaezhmq
IUnfsXP9MPv8KCmfXZFUZ++TEuwBAOGuypvOCQaMZSOZYMg8omv3N1f1y7yVFd4c
HV5Hu4jjozTxUWhkeoR6Yq0GVeP2sq3Q8SFMS1YovtcOHq7rYlEQHU0NLYMiXEH2
1h8JeBKXT2fGlhZvAakk1QdqoT3Z9be/VVveajgike/UxxOurxFZj87LtEC7/r4I
2xdWFcKYG72+Fg+YXL2tNISa964YZGffDudKYBUqAe8HI8Ibx9no
-----END CERTIFICATE-----