Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/pM84h9NKkkwXGLtMIPbJpgkc55c.roa
File:                     pM84h9NKkkwXGLtMIPbJpgkc55c.roa (raw, json)
Hash identifier:          kTHVs/be3Tv2n1C0vv3DFuVKeuz0WY3EFxZXtvfz3Os=
Subject key identifier:   A4:CF:38:87:D3:4A:92:4C:17:18:BB:4C:20:F6:C9:A6:09:1C:E7:97
Certificate issuer:       /CN=5b52634a2eb03f8565b5e33dc2b9f49041f7cfb0
Certificate serial:       0194228DF21AB863E41C7DFAEE04C3128EC5
Authority key identifier: 5B:52:63:4A:2E:B0:3F:85:65:B5:E3:3D:C2:B9:F4:90:41:F7:CF:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W1JjSi6wP4VlteM9wrn0kEH3z7A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/pM84h9NKkkwXGLtMIPbJpgkc55c.roa
Signing time:             Wed 01 Jan 2025 15:48:35 +0000
ROA not before:           Wed 01 Jan 2025 15:48:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214263
IP address blocks:        79.127.73.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/W1JjSi6wP4VlteM9wrn0kEH3z7A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/W1JjSi6wP4VlteM9wrn0kEH3z7A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W1JjSi6wP4VlteM9wrn0kEH3z7A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 19:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:f2:1a:b8:63:e4:1c:7d:fa:ee:04:c3:12:8e:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b52634a2eb03f8565b5e33dc2b9f49041f7cfb0
        Validity
            Not Before: Jan  1 15:48:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a4cf3887d34a924c1718bb4c20f6c9a6091ce797
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:c6:3e:b0:be:54:22:5c:cf:3d:74:1d:5a:6c:
                    8f:fe:90:ff:cb:c4:3f:a0:bb:fa:9b:96:54:c6:5b:
                    ac:35:16:54:f8:ff:fe:a0:2f:e8:ad:dd:3d:f2:74:
                    01:82:8c:5e:fd:4a:b6:6f:0d:94:2d:82:96:13:d8:
                    ff:5c:21:b9:5c:91:da:5d:47:fe:4f:c1:c6:d9:cd:
                    a0:20:71:d3:34:95:7c:b5:c2:50:7c:4b:a5:8e:9f:
                    be:2f:12:04:7a:09:b1:16:ba:9c:4d:50:af:76:26:
                    df:3e:0a:6f:7a:51:8c:19:01:56:b3:45:e2:ae:32:
                    63:46:11:55:3a:1e:1e:3c:2b:d5:88:75:fc:02:9a:
                    0e:ca:89:e8:ca:b2:3a:2f:ea:07:7b:12:00:47:b8:
                    d1:4d:fc:ae:dd:31:77:b6:ac:b1:b1:9b:e5:d3:22:
                    a9:6b:1f:e9:41:83:a9:1b:5a:74:a5:60:72:ba:53:
                    20:10:38:55:f6:ea:e1:8f:13:67:ba:ad:ec:71:63:
                    c4:88:88:29:b9:72:a0:65:b5:bc:9b:53:37:85:75:
                    d3:ec:be:5f:a8:f6:89:fb:be:c6:19:11:be:33:e0:
                    eb:0b:43:52:57:9f:ab:b3:74:2a:17:2d:1a:de:d9:
                    ab:96:58:e4:59:f5:84:e8:56:1d:27:e1:74:7e:92:
                    37:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:CF:38:87:D3:4A:92:4C:17:18:BB:4C:20:F6:C9:A6:09:1C:E7:97
            X509v3 Authority Key Identifier:
                keyid:5B:52:63:4A:2E:B0:3F:85:65:B5:E3:3D:C2:B9:F4:90:41:F7:CF:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W1JjSi6wP4VlteM9wrn0kEH3z7A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/pM84h9NKkkwXGLtMIPbJpgkc55c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/W1JjSi6wP4VlteM9wrn0kEH3z7A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.127.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:22:ab:8a:ba:3b:a6:49:b5:24:2c:b3:49:06:50:57:92:97:
         df:74:b8:57:da:8e:bf:86:cd:3c:80:63:32:64:74:68:d1:a3:
         dd:7b:57:bc:5e:de:67:cc:fc:16:f4:71:33:ed:9e:bc:8f:e5:
         30:37:9c:d8:72:f0:ae:c1:b2:40:f4:b6:ac:91:a9:8f:07:cf:
         bb:25:72:e0:80:45:86:2b:3f:6f:a7:26:3a:cb:b7:02:a4:b7:
         86:3e:8f:cc:39:16:ea:68:8e:81:05:7f:0c:dc:43:4f:94:2b:
         0e:bc:30:9f:38:8e:85:4a:12:70:90:c6:8d:bc:0b:72:3f:5a:
         86:d5:b2:87:b7:ff:af:8e:ec:74:8d:f1:a1:d7:6e:35:00:d6:
         7d:1e:09:22:c1:69:4b:87:c1:ba:a0:85:cd:90:d1:25:4a:63:
         b7:fe:6d:eb:b2:ae:2a:9d:37:84:5a:ea:d1:38:01:70:8d:0b:
         cf:73:2f:7b:c3:a4:6f:0c:99:df:2b:95:7c:71:ed:51:ba:43:
         14:a6:8c:33:b5:bd:01:af:05:0b:dc:a8:10:f0:41:f3:e3:76:
         2f:db:27:86:a0:d7:3e:6c:d4:d2:86:74:5e:c9:31:41:bc:ab:
         62:ff:23:07:cc:4d:e1:db:c1:83:11:5e:5c:7a:4a:8b:7a:8b:
         39:26:87:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijfIauGPkHH367gTDEo7FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViNTI2MzRhMmViMDNmODU2NWI1ZTMzZGMyYjlmNDkwNDFm
N2NmYjAwHhcNMjUwMTAxMTU0ODM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGNmMzg4N2QzNGE5MjRjMTcxOGJiNGMyMGY2YzlhNjA5MWNlNzk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu8Y+sL5UIlzPPXQdWmyP/pD/y8Q/
oLv6m5ZUxlusNRZU+P/+oC/ord098nQBgoxe/Uq2bw2ULYKWE9j/XCG5XJHaXUf+
T8HG2c2gIHHTNJV8tcJQfEuljp++LxIEegmxFrqcTVCvdibfPgpvelGMGQFWs0Xi
rjJjRhFVOh4ePCvViHX8ApoOyonoyrI6L+oHexIAR7jRTfyu3TF3tqyxsZvl0yKp
ax/pQYOpG1p0pWByulMgEDhV9urhjxNnuq3scWPEiIgpuXKgZbW8m1M3hXXT7L5f
qPaJ+77GGRG+M+DrC0NSV5+rs3QqFy0a3tmrlljkWfWE6FYdJ+F0fpI3FwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKTPOIfTSpJMFxi7TCD2yaYJHOeXMB8GA1UdIwQY
MBaAFFtSY0ousD+FZbXjPcK59JBB98+wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzFKalNpNndQNFZsdGVNOXdybjBrRUgzejdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC83YTViNDQtNmIxOC00MmQzLWE4ZDUt
ZGM2NTU0ZmQxMjM1LzEvcE04NGg5Tktra3dYR0x0TUlQYkpwZ2tjNTVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC83YTViNDQtNmIxOC00MmQzLWE4ZDUtZGM2NTU0ZmQxMjM1
LzEvVzFKalNpNndQNFZsdGVNOXdybjBrRUgzejdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT39JMA0G
CSqGSIb3DQEBCwUAA4IBAQATIquKujumSbUkLLNJBlBXkpffdLhX2o6/hs08gGMy
ZHRo0aPde1e8Xt5nzPwW9HEz7Z68j+UwN5zYcvCuwbJA9LaskamPB8+7JXLggEWG
Kz9vpyY6y7cCpLeGPo/MORbqaI6BBX8M3ENPlCsOvDCfOI6FShJwkMaNvAtyP1qG
1bKHt/+vjux0jfGh1241ANZ9HgkiwWlLh8G6oIXNkNElSmO3/m3rsq4qnTeEWurR
OAFwjQvPcy97w6RvDJnfK5V8ce1RukMUpowztb0BrwUL3KgQ8EHz43Yv2yeGoNc+
bNTShnReyTFBvKti/yMHzE3h28GDEV5cekqLeos5JofZ
-----END CERTIFICATE-----