Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/7lxVna_a0xg23I1zjghxq6R0RXo.roa
File:                     7lxVna_a0xg23I1zjghxq6R0RXo.roa (raw, json)
Hash identifier:          tXqQs9pDj0utpLVKfAdmZ32ratdKDLdXwvY9QAYFHbQ=
Subject key identifier:   EE:5C:55:9D:AF:DA:D3:18:36:DC:8D:73:8E:08:71:AB:A4:74:45:7A
Certificate issuer:       /CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
Certificate serial:       01942444DD180F64228B1E4F589620B75357
Authority key identifier: 51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/7lxVna_a0xg23I1zjghxq6R0RXo.roa
Signing time:             Wed 01 Jan 2025 23:48:00 +0000
ROA not before:           Wed 01 Jan 2025 23:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400866
IP address blocks:        194.79.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 00:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:dd:18:0f:64:22:8b:1e:4f:58:96:20:b7:53:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
        Validity
            Not Before: Jan  1 23:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ee5c559dafdad31836dc8d738e0871aba474457a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:24:ac:ac:ab:83:ae:09:c1:39:02:d6:b0:12:
                    a9:60:d4:5a:e9:33:20:00:d3:4c:42:ac:c6:3c:39:
                    db:a8:f5:c7:ae:91:23:cc:60:61:2d:da:f9:61:2c:
                    fa:98:7e:5e:cd:71:90:6d:4a:c6:ec:24:ce:15:50:
                    89:2b:64:e6:6d:76:a9:16:b4:48:30:1d:d1:c6:80:
                    e2:2d:13:00:ab:4e:4d:7e:cf:3c:f4:2c:44:0f:94:
                    5e:0a:1a:52:a0:3b:ff:66:77:51:7d:61:24:ad:d1:
                    cd:eb:8e:d3:3b:b5:6d:53:fe:32:e6:d5:06:ef:80:
                    f7:00:48:29:f4:68:24:53:b4:da:80:2d:a8:70:be:
                    9a:1f:d9:d1:5d:06:c3:e8:39:89:ee:04:6a:a3:05:
                    a9:50:07:65:96:67:42:68:8f:20:49:2c:0d:ae:1d:
                    16:88:09:c9:1e:31:2d:ab:1a:15:cd:2a:27:e1:a2:
                    6f:01:b8:9b:0f:66:de:80:d2:7e:1b:04:76:ce:06:
                    ed:59:d5:ea:dd:1a:ee:f2:45:82:79:b9:05:a5:e1:
                    6b:31:c2:3a:29:6e:d4:98:58:ad:13:50:b4:b7:72:
                    24:63:04:28:99:d8:dd:96:51:9b:13:90:14:30:06:
                    02:a8:20:06:bf:c9:50:56:2b:5c:f3:fb:bc:32:69:
                    14:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:5C:55:9D:AF:DA:D3:18:36:DC:8D:73:8E:08:71:AB:A4:74:45:7A
            X509v3 Authority Key Identifier:
                keyid:51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/7lxVna_a0xg23I1zjghxq6R0RXo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.79.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:bc:5d:34:80:24:ab:07:2b:08:75:99:f4:94:03:c2:07:b3:
         d1:8b:aa:0d:fc:a8:78:f0:74:99:43:d0:18:27:da:26:75:79:
         45:51:32:23:c9:ea:1a:03:b7:7f:aa:2c:b3:9e:2a:45:54:7e:
         ea:b3:2f:c9:3a:e5:62:80:76:21:22:95:ff:11:1b:b6:5a:48:
         c7:62:94:26:54:c6:c2:6a:bb:74:83:95:d3:fe:c1:14:f0:0d:
         c2:56:7a:20:d7:69:ea:a3:19:2f:cc:32:61:dd:60:a5:3c:53:
         76:a0:d2:c7:3e:2e:a2:d1:b8:7c:92:1e:16:57:2b:cf:c4:af:
         a3:d9:bb:1b:86:82:ee:ac:e5:97:93:f8:bf:6b:9b:0e:bb:a9:
         59:c3:ab:a3:87:74:ca:c9:5b:70:3a:86:b3:cc:b4:d7:51:6c:
         b4:c8:93:80:6c:96:03:99:d7:57:c3:dc:57:5d:b5:79:15:b8:
         5d:14:f4:1d:de:7b:48:7c:21:aa:a4:86:3a:18:08:f7:4c:ef:
         cb:78:71:a6:46:68:d5:8c:4a:24:26:f5:30:7a:ff:d4:51:03:
         10:2a:90:be:30:16:08:a7:0a:a3:c2:df:36:09:7e:93:be:cb:
         d1:1e:a2:c8:9a:62:be:f1:23:8c:35:1f:b8:a6:ed:66:54:46:
         6a:87:d5:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRN0YD2Qiix5PWJYgt1NXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxMjRmYmExZTQwMWMwM2U1YmExY2Q3N2FlOWVlMzljZmQ2
MzFiZmIwHhcNMjUwMTAxMjM0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTVjNTU5ZGFmZGFkMzE4MzZkYzhkNzM4ZTA4NzFhYmE0NzQ0NTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmySsrKuDrgnBOQLWsBKpYNRa6TMg
ANNMQqzGPDnbqPXHrpEjzGBhLdr5YSz6mH5ezXGQbUrG7CTOFVCJK2TmbXapFrRI
MB3RxoDiLRMAq05Nfs889CxED5ReChpSoDv/ZndRfWEkrdHN647TO7VtU/4y5tUG
74D3AEgp9GgkU7TagC2ocL6aH9nRXQbD6DmJ7gRqowWpUAdllmdCaI8gSSwNrh0W
iAnJHjEtqxoVzSon4aJvAbibD2begNJ+GwR2zgbtWdXq3Rru8kWCebkFpeFrMcI6
KW7UmFitE1C0t3IkYwQomdjdllGbE5AUMAYCqCAGv8lQVitc8/u8MmkUsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO5cVZ2v2tMYNtyNc44IcaukdEV6MB8GA1UdIwQY
MBaAFFEk+6HkAcA+W6HNd66e45z9Yxv7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEt
YWI4ZjFmMzM4N2VlLzEvN2x4Vm5hX2EweGcyM0kxempnaHhxNlIwUlhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEtYWI4ZjFmMzM4N2Vl
LzEvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwk8PMA0G
CSqGSIb3DQEBCwUAA4IBAQBdvF00gCSrBysIdZn0lAPCB7PRi6oN/Kh48HSZQ9AY
J9omdXlFUTIjyeoaA7d/qiyznipFVH7qsy/JOuVigHYhIpX/ERu2WkjHYpQmVMbC
art0g5XT/sEU8A3CVnog12nqoxkvzDJh3WClPFN2oNLHPi6i0bh8kh4WVyvPxK+j
2bsbhoLurOWXk/i/a5sOu6lZw6ujh3TKyVtwOoazzLTXUWy0yJOAbJYDmddXw9xX
XbV5FbhdFPQd3ntIfCGqpIY6GAj3TO/LeHGmRmjVjEokJvUwev/UUQMQKpC+MBYI
pwqjwt82CX6TvsvRHqLImmK+8SOMNR+4pu1mVEZqh9Ul
-----END CERTIFICATE-----