Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/eRoiwHCGGWzsakU0Sd9_pvvGdAc.roa
File:                     eRoiwHCGGWzsakU0Sd9_pvvGdAc.roa (raw, json)
Hash identifier:          rIC53m0wk/AEJI6S30/Y82l7fTBuA5MUe7EOXE+qyks=
Subject key identifier:   79:1A:22:C0:70:86:19:6C:EC:6A:45:34:49:DF:7F:A6:FB:C6:74:07
Certificate issuer:       /CN=5b52634a2eb03f8565b5e33dc2b9f49041f7cfb0
Certificate serial:       0194228DEC145FDD7DA3B201851350F00A42
Authority key identifier: 5B:52:63:4A:2E:B0:3F:85:65:B5:E3:3D:C2:B9:F4:90:41:F7:CF:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W1JjSi6wP4VlteM9wrn0kEH3z7A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/eRoiwHCGGWzsakU0Sd9_pvvGdAc.roa
Signing time:             Wed 01 Jan 2025 15:48:33 +0000
ROA not before:           Wed 01 Jan 2025 15:48:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43415
IP address blocks:        79.127.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/W1JjSi6wP4VlteM9wrn0kEH3z7A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/W1JjSi6wP4VlteM9wrn0kEH3z7A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W1JjSi6wP4VlteM9wrn0kEH3z7A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 19:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:ec:14:5f:dd:7d:a3:b2:01:85:13:50:f0:0a:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b52634a2eb03f8565b5e33dc2b9f49041f7cfb0
        Validity
            Not Before: Jan  1 15:48:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=791a22c07086196cec6a453449df7fa6fbc67407
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:9b:45:ba:46:30:d7:ec:f8:53:88:2d:9c:4f:
                    a1:4b:75:01:dd:17:7e:1e:e1:a6:87:de:fb:d1:d3:
                    2d:73:3c:8b:9a:d8:29:6a:73:62:98:25:5f:7e:50:
                    8b:8f:96:53:aa:bf:16:7e:7d:20:b8:d5:6d:7f:49:
                    8a:f1:e7:11:f6:29:2c:e1:a1:b4:57:5c:61:18:d1:
                    60:e5:a1:85:cc:22:8a:ff:85:3a:b5:73:64:38:9f:
                    96:53:34:c8:37:39:db:6e:5e:a9:10:d4:de:c3:e7:
                    90:3f:23:af:6c:83:00:da:3d:48:7b:dd:ae:a3:c4:
                    16:26:d7:de:2a:04:ee:9f:76:7f:e0:1f:c9:f1:2f:
                    ff:8a:ea:f4:11:1c:80:a9:ba:77:34:0d:fd:c3:c7:
                    8c:d1:d7:13:56:fb:73:12:21:07:1e:db:bb:b5:35:
                    73:d4:f3:43:a8:cc:32:ff:ae:39:d9:41:85:f0:6f:
                    e0:a2:6e:6d:64:f5:00:79:b9:f0:b7:b4:eb:25:11:
                    5c:12:9a:3b:04:25:02:90:c3:b0:36:a8:41:5a:63:
                    e3:62:ae:3b:4d:28:ce:30:9a:98:87:07:47:97:08:
                    84:13:6f:c9:0a:57:5b:d0:13:60:03:8b:ac:6a:9d:
                    56:b8:04:4a:ce:57:99:2c:45:03:96:a9:3e:9b:b4:
                    2b:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:1A:22:C0:70:86:19:6C:EC:6A:45:34:49:DF:7F:A6:FB:C6:74:07
            X509v3 Authority Key Identifier:
                keyid:5B:52:63:4A:2E:B0:3F:85:65:B5:E3:3D:C2:B9:F4:90:41:F7:CF:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W1JjSi6wP4VlteM9wrn0kEH3z7A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/eRoiwHCGGWzsakU0Sd9_pvvGdAc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/W1JjSi6wP4VlteM9wrn0kEH3z7A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.127.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:34:f3:cf:be:d0:32:7f:5f:35:a6:50:27:5e:69:5a:4a:4d:
         c1:f9:c4:72:8f:3e:7e:c8:b1:de:cf:ec:63:71:87:23:77:df:
         c7:c9:eb:1e:51:92:ab:54:ec:38:66:18:65:9a:0f:a8:c2:da:
         c4:4a:8b:16:ac:59:72:3e:0e:41:d1:a7:1d:50:75:08:9d:08:
         29:08:b8:dd:d7:c7:68:cc:8e:84:9f:a6:50:6d:76:24:91:ef:
         87:c9:37:01:85:22:8b:ec:33:e2:61:db:ee:37:42:fe:6d:8b:
         cd:33:da:5b:1d:ea:8c:ab:8b:cc:4d:50:3e:86:66:cf:3f:3d:
         11:ef:bf:e3:24:d0:c2:4f:c0:cf:c5:63:58:11:fe:72:dd:ad:
         8b:6c:b1:d5:96:1d:fd:f1:8b:42:54:6d:25:74:eb:23:88:8d:
         09:64:5a:90:a9:f0:1d:52:f9:d1:a7:d0:3d:8b:1a:13:64:fd:
         90:7c:07:d5:de:36:ca:c8:4d:65:c4:09:40:75:4b:79:30:45:
         86:2d:83:07:75:ba:86:82:80:ca:19:eb:c1:3b:7f:1e:59:c8:
         13:f3:45:25:ed:d2:e6:81:0f:8c:ed:41:90:83:8f:33:0e:87:
         4c:0f:b1:d3:45:97:3a:86:00:fe:06:6a:f6:f6:ab:f5:53:3f:
         76:68:96:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijewUX919o7IBhRNQ8ApCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViNTI2MzRhMmViMDNmODU2NWI1ZTMzZGMyYjlmNDkwNDFm
N2NmYjAwHhcNMjUwMTAxMTU0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTFhMjJjMDcwODYxOTZjZWM2YTQ1MzQ0OWRmN2ZhNmZiYzY3NDA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA55tFukYw1+z4U4gtnE+hS3UB3Rd+
HuGmh9770dMtczyLmtgpanNimCVfflCLj5ZTqr8Wfn0guNVtf0mK8ecR9iks4aG0
V1xhGNFg5aGFzCKK/4U6tXNkOJ+WUzTINznbbl6pENTew+eQPyOvbIMA2j1Ie92u
o8QWJtfeKgTun3Z/4B/J8S//iur0ERyAqbp3NA39w8eM0dcTVvtzEiEHHtu7tTVz
1PNDqMwy/6452UGF8G/gom5tZPUAebnwt7TrJRFcEpo7BCUCkMOwNqhBWmPjYq47
TSjOMJqYhwdHlwiEE2/JCldb0BNgA4usap1WuARKzleZLEUDlqk+m7Qr+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHkaIsBwhhls7GpFNEnff6b7xnQHMB8GA1UdIwQY
MBaAFFtSY0ousD+FZbXjPcK59JBB98+wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzFKalNpNndQNFZsdGVNOXdybjBrRUgzejdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC83YTViNDQtNmIxOC00MmQzLWE4ZDUt
ZGM2NTU0ZmQxMjM1LzEvZVJvaXdIQ0dHV3pzYWtVMFNkOV9wdnZHZEFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC83YTViNDQtNmIxOC00MmQzLWE4ZDUtZGM2NTU0ZmQxMjM1
LzEvVzFKalNpNndQNFZsdGVNOXdybjBrRUgzejdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT38uMA0G
CSqGSIb3DQEBCwUAA4IBAQBuNPPPvtAyf181plAnXmlaSk3B+cRyjz5+yLHez+xj
cYcjd9/HyeseUZKrVOw4Zhhlmg+owtrESosWrFlyPg5B0acdUHUInQgpCLjd18do
zI6En6ZQbXYkke+HyTcBhSKL7DPiYdvuN0L+bYvNM9pbHeqMq4vMTVA+hmbPPz0R
77/jJNDCT8DPxWNYEf5y3a2LbLHVlh398YtCVG0ldOsjiI0JZFqQqfAdUvnRp9A9
ixoTZP2QfAfV3jbKyE1lxAlAdUt5MEWGLYMHdbqGgoDKGevBO38eWcgT80Ul7dLm
gQ+M7UGQg48zDodMD7HTRZc6hgD+Bmr29qv1Uz92aJbE
-----END CERTIFICATE-----