Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/iXyw4CJeCTCBDoOmqw9S5M03Oho.roa
File:                     iXyw4CJeCTCBDoOmqw9S5M03Oho.roa (raw, json)
Hash identifier:          /0Njq6baGydQf0hCnZDNdpKQZB7dTLuwHGMng0slCJk=
Subject key identifier:   89:7C:B0:E0:22:5E:09:30:81:0E:83:A6:AB:0F:52:E4:CD:37:3A:1A
Certificate issuer:       /CN=5b52634a2eb03f8565b5e33dc2b9f49041f7cfb0
Certificate serial:       0194228DEADE1173A17D883E4F04F76AA4E1
Authority key identifier: 5B:52:63:4A:2E:B0:3F:85:65:B5:E3:3D:C2:B9:F4:90:41:F7:CF:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W1JjSi6wP4VlteM9wrn0kEH3z7A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/iXyw4CJeCTCBDoOmqw9S5M03Oho.roa
Signing time:             Wed 01 Jan 2025 15:48:33 +0000
ROA not before:           Wed 01 Jan 2025 15:48:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34837
IP address blocks:        79.127.65.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/W1JjSi6wP4VlteM9wrn0kEH3z7A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/W1JjSi6wP4VlteM9wrn0kEH3z7A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W1JjSi6wP4VlteM9wrn0kEH3z7A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 19:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:ea:de:11:73:a1:7d:88:3e:4f:04:f7:6a:a4:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b52634a2eb03f8565b5e33dc2b9f49041f7cfb0
        Validity
            Not Before: Jan  1 15:48:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=897cb0e0225e0930810e83a6ab0f52e4cd373a1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:60:7d:f1:0a:81:54:65:82:3c:80:24:02:68:
                    c2:2a:f5:7e:7e:c8:69:4a:38:96:49:e7:53:ed:d2:
                    74:e7:38:7d:68:a0:fd:c7:ca:be:ed:e7:09:15:07:
                    34:45:eb:9a:30:06:62:76:18:3d:fe:7b:cd:f1:0b:
                    1f:0b:70:df:39:6e:44:4d:fc:70:69:bb:6e:8e:e4:
                    40:8c:08:1b:a3:93:bc:a6:0a:5c:f5:35:f0:24:58:
                    0e:39:7e:dd:c7:fa:f5:a1:46:9c:fa:64:2a:dd:74:
                    6f:12:45:e1:1a:26:7c:ad:0d:de:88:83:bf:9d:9b:
                    2a:7f:f3:84:72:c6:d8:70:66:3b:b0:5e:25:69:03:
                    01:ba:02:8e:ee:8d:da:d9:58:23:2a:37:2b:d0:24:
                    de:b4:86:92:b5:ee:27:a2:d5:fd:52:45:25:d5:a4:
                    d5:03:79:39:82:14:66:6a:85:30:15:96:7b:93:a8:
                    44:0b:69:dc:e7:f2:ea:fd:2f:56:3b:62:a2:01:1f:
                    bd:2b:41:75:69:55:21:0d:2a:64:34:ab:c0:a4:cc:
                    60:46:ed:3a:4a:92:46:4c:b5:b4:80:a9:3c:22:00:
                    87:43:09:1c:b7:68:45:2c:35:f4:48:f9:bb:49:c5:
                    62:76:dc:2d:9e:99:df:1a:d3:18:0d:b5:73:7f:8e:
                    78:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:7C:B0:E0:22:5E:09:30:81:0E:83:A6:AB:0F:52:E4:CD:37:3A:1A
            X509v3 Authority Key Identifier:
                keyid:5B:52:63:4A:2E:B0:3F:85:65:B5:E3:3D:C2:B9:F4:90:41:F7:CF:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W1JjSi6wP4VlteM9wrn0kEH3z7A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/iXyw4CJeCTCBDoOmqw9S5M03Oho.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/W1JjSi6wP4VlteM9wrn0kEH3z7A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.127.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d8:c6:6f:26:ce:c1:68:97:16:01:cc:6c:c3:f0:1c:fa:47:75:
         f5:9b:15:aa:13:dd:f6:cb:0b:04:80:1e:4f:e1:e5:3b:ed:ad:
         bc:17:ab:bd:ad:de:d9:c0:26:14:26:06:77:95:62:e2:b7:39:
         69:62:99:f6:04:40:db:2b:b4:08:f0:9a:25:b9:5e:ac:d6:29:
         a0:01:46:6d:04:ad:d3:fd:31:4e:84:01:99:29:46:3a:87:2a:
         49:81:a0:d2:6d:50:c5:08:40:ef:ce:7c:9a:ec:f5:21:09:8a:
         86:b5:dc:88:ea:db:67:7f:dc:ef:91:16:97:06:36:73:40:b6:
         0b:63:7f:66:d7:1d:e7:19:83:bf:1f:43:36:c0:f1:cb:2d:1a:
         c1:c5:81:6c:7b:d7:bf:c7:7f:e0:5f:68:22:87:a0:f4:c5:b5:
         b3:f4:04:40:e6:d4:af:55:8e:e7:02:45:e1:9e:fc:1b:7f:c9:
         1c:1b:c2:93:c8:b6:0c:15:c3:1d:74:8f:8c:55:d9:b1:fd:32:
         92:2e:26:0e:80:ab:1e:d4:90:27:43:6e:d6:2c:57:79:2d:06:
         56:5d:56:f5:ef:b3:be:00:94:fc:5f:93:4c:6c:47:3c:d3:c2:
         7c:47:49:ee:36:04:ca:1b:0e:47:45:a3:cd:5e:89:d8:86:56:
         fa:61:61:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijereEXOhfYg+TwT3aqThMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViNTI2MzRhMmViMDNmODU2NWI1ZTMzZGMyYjlmNDkwNDFm
N2NmYjAwHhcNMjUwMTAxMTU0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTdjYjBlMDIyNWUwOTMwODEwZTgzYTZhYjBmNTJlNGNkMzczYTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGB98QqBVGWCPIAkAmjCKvV+fshp
SjiWSedT7dJ05zh9aKD9x8q+7ecJFQc0ReuaMAZidhg9/nvN8QsfC3DfOW5ETfxw
abtujuRAjAgbo5O8pgpc9TXwJFgOOX7dx/r1oUac+mQq3XRvEkXhGiZ8rQ3eiIO/
nZsqf/OEcsbYcGY7sF4laQMBugKO7o3a2VgjKjcr0CTetIaSte4notX9UkUl1aTV
A3k5ghRmaoUwFZZ7k6hEC2nc5/Lq/S9WO2KiAR+9K0F1aVUhDSpkNKvApMxgRu06
SpJGTLW0gKk8IgCHQwkct2hFLDX0SPm7ScVidtwtnpnfGtMYDbVzf454pwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIl8sOAiXgkwgQ6DpqsPUuTNNzoaMB8GA1UdIwQY
MBaAFFtSY0ousD+FZbXjPcK59JBB98+wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzFKalNpNndQNFZsdGVNOXdybjBrRUgzejdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC83YTViNDQtNmIxOC00MmQzLWE4ZDUt
ZGM2NTU0ZmQxMjM1LzEvaVh5dzRDSmVDVENCRG9PbXF3OVM1TTAzT2hvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC83YTViNDQtNmIxOC00MmQzLWE4ZDUtZGM2NTU0ZmQxMjM1
LzEvVzFKalNpNndQNFZsdGVNOXdybjBrRUgzejdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT39BMA0G
CSqGSIb3DQEBCwUAA4IBAQDYxm8mzsFolxYBzGzD8Bz6R3X1mxWqE932ywsEgB5P
4eU77a28F6u9rd7ZwCYUJgZ3lWLitzlpYpn2BEDbK7QI8JoluV6s1imgAUZtBK3T
/TFOhAGZKUY6hypJgaDSbVDFCEDvznya7PUhCYqGtdyI6ttnf9zvkRaXBjZzQLYL
Y39m1x3nGYO/H0M2wPHLLRrBxYFse9e/x3/gX2gih6D0xbWz9ARA5tSvVY7nAkXh
nvwbf8kcG8KTyLYMFcMddI+MVdmx/TKSLiYOgKse1JAnQ27WLFd5LQZWXVb177O+
AJT8X5NMbEc808J8R0nuNgTKGw5HRaPNXonYhlb6YWHb
-----END CERTIFICATE-----