Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/0ce569-ab8e-4712-949a-cec9e17f504b/1/rUnY51YPiwbRbm0um6mPTqnei4E.roa
File:                     rUnY51YPiwbRbm0um6mPTqnei4E.roa (raw, json)
Hash identifier:          wFuBlsraqakBJqLWGUkRh8WpK6rLnJF7HWgWqq0rAM8=
Subject key identifier:   AD:49:D8:E7:56:0F:8B:06:D1:6E:6D:2E:9B:A9:8F:4E:A9:DE:8B:81
Certificate issuer:       /CN=61fbd8887da84471318d83884ac005f01b44fd49
Certificate serial:       019425221686E474AFC37CD16FCB21DC3EF1
Authority key identifier: 61:FB:D8:88:7D:A8:44:71:31:8D:83:88:4A:C0:05:F0:1B:44:FD:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YfvYiH2oRHExjYOISsAF8BtE_Uk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/0ce569-ab8e-4712-949a-cec9e17f504b/1/rUnY51YPiwbRbm0um6mPTqnei4E.roa
Signing time:             Thu 02 Jan 2025 03:49:38 +0000
ROA not before:           Thu 02 Jan 2025 03:49:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203412
IP address blocks:        79.142.44.0/22 maxlen: 22
                          185.125.172.0/22 maxlen: 22
                          2a07:f00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/0ce569-ab8e-4712-949a-cec9e17f504b/1/YfvYiH2oRHExjYOISsAF8BtE_Uk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/0ce569-ab8e-4712-949a-cec9e17f504b/1/YfvYiH2oRHExjYOISsAF8BtE_Uk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YfvYiH2oRHExjYOISsAF8BtE_Uk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:16:86:e4:74:af:c3:7c:d1:6f:cb:21:dc:3e:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61fbd8887da84471318d83884ac005f01b44fd49
        Validity
            Not Before: Jan  2 03:49:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ad49d8e7560f8b06d16e6d2e9ba98f4ea9de8b81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:6b:1f:22:6d:63:b6:fe:b5:b9:fa:a1:82:65:
                    b4:80:93:43:8e:1b:4a:cf:c0:25:44:e7:fc:96:75:
                    29:2a:c5:19:75:d2:fa:86:0d:c3:0d:49:00:d6:e9:
                    48:5d:d6:39:07:88:e6:fb:d8:54:a4:6c:35:18:12:
                    92:b5:f2:c4:23:f3:9b:9e:0d:c6:70:e4:99:d0:1f:
                    f7:d0:c0:b0:10:7e:e3:3d:b3:9a:53:0c:0e:30:79:
                    cd:04:e6:f4:e9:ab:f6:c9:a0:70:2f:15:85:7a:32:
                    f4:3d:15:95:fd:e1:5b:91:0c:59:fb:bf:e2:ca:f9:
                    ea:96:e6:bb:38:13:b9:84:b1:8c:ae:66:57:e3:60:
                    30:ba:ec:2d:59:bb:3c:8d:50:50:84:97:9f:35:9f:
                    07:bc:34:68:c7:16:d9:5c:4d:99:e3:ef:34:47:f7:
                    77:55:b5:8e:39:84:d1:dc:3f:d7:00:28:fd:87:0d:
                    73:75:62:7b:0a:46:05:a7:1d:fe:cb:2d:b2:09:da:
                    67:08:78:8c:02:c3:9e:6e:3d:0d:8d:1a:12:48:49:
                    2f:ee:20:88:ee:c7:21:83:9c:a4:3a:42:94:99:cf:
                    2b:06:41:b3:c8:fd:91:35:41:df:06:27:22:00:a1:
                    11:0e:2c:14:1d:7e:80:b6:ee:19:fa:a5:e2:4a:35:
                    83:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:49:D8:E7:56:0F:8B:06:D1:6E:6D:2E:9B:A9:8F:4E:A9:DE:8B:81
            X509v3 Authority Key Identifier:
                keyid:61:FB:D8:88:7D:A8:44:71:31:8D:83:88:4A:C0:05:F0:1B:44:FD:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YfvYiH2oRHExjYOISsAF8BtE_Uk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/0ce569-ab8e-4712-949a-cec9e17f504b/1/rUnY51YPiwbRbm0um6mPTqnei4E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/0ce569-ab8e-4712-949a-cec9e17f504b/1/YfvYiH2oRHExjYOISsAF8BtE_Uk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.142.44.0/22
                  185.125.172.0/22
                IPv6:
                  2a07:f00::/29

    Signature Algorithm: sha256WithRSAEncryption
         4f:c4:3c:3b:fc:6e:6d:3b:d8:4b:a6:b8:3c:f0:a4:d6:82:50:
         1b:95:6d:9d:37:9e:a8:58:86:46:00:b9:4c:7c:4d:fc:ca:d4:
         b3:ff:52:c1:fd:8e:ac:21:4e:4b:2c:56:57:fa:02:45:de:81:
         eb:a4:4d:5a:32:c8:c4:ae:47:ae:f6:92:66:a7:e0:29:8d:f5:
         e6:ea:88:26:27:2c:8a:7d:33:58:94:78:3b:2e:85:1b:e6:2b:
         19:cd:05:23:26:f4:74:08:3c:f1:4d:15:ed:94:af:a1:4d:f0:
         aa:95:c9:2f:69:ca:ae:03:1a:2f:a2:06:ab:f9:e1:0e:ea:7c:
         04:00:13:b9:47:76:f1:80:e9:b6:e2:9b:1c:ab:d2:4a:0c:83:
         42:90:56:3f:41:e2:81:c3:13:96:c0:7f:21:5b:5a:37:86:ce:
         55:b4:10:52:2b:6f:94:2b:db:1a:e1:31:b2:e4:48:ee:ed:ce:
         e3:eb:ea:f1:0d:eb:93:bb:69:1e:fc:a5:49:ff:68:63:1c:ce:
         61:58:68:13:04:d8:0c:e4:a5:84:ed:76:9f:0a:bc:b3:80:2e:
         32:bf:a1:42:e6:a6:dd:97:75:bf:e7:c5:48:e4:50:76:c3:20:
         18:11:cc:69:a3:5e:a6:b8:0b:f3:fb:81:db:2b:e9:51:66:26:
         a9:0a:6b:b8
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQlIhaG5HSvw3zRb8sh3D7xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxZmJkODg4N2RhODQ0NzEzMThkODM4ODRhYzAwNWYwMWI0
NGZkNDkwHhcNMjUwMTAyMDM0OTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDQ5ZDhlNzU2MGY4YjA2ZDE2ZTZkMmU5YmE5OGY0ZWE5ZGU4YjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsWsfIm1jtv61ufqhgmW0gJNDjhtK
z8AlROf8lnUpKsUZddL6hg3DDUkA1ulIXdY5B4jm+9hUpGw1GBKStfLEI/Obng3G
cOSZ0B/30MCwEH7jPbOaUwwOMHnNBOb06av2yaBwLxWFejL0PRWV/eFbkQxZ+7/i
yvnqlua7OBO5hLGMrmZX42AwuuwtWbs8jVBQhJefNZ8HvDRoxxbZXE2Z4+80R/d3
VbWOOYTR3D/XACj9hw1zdWJ7CkYFpx3+yy2yCdpnCHiMAsOebj0NjRoSSEkv7iCI
7schg5ykOkKUmc8rBkGzyP2RNUHfBiciAKERDiwUHX6Atu4Z+qXiSjWDDQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFK1J2OdWD4sG0W5tLpupj06p3ouBMB8GA1UdIwQY
MBaAFGH72Ih9qERxMY2DiErABfAbRP1JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWZ2WWlIMm9SSEV4allPSVNzQUY4QnRFX1VrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS8wY2U1NjktYWI4ZS00NzEyLTk0OWEt
Y2VjOWUxN2Y1MDRiLzEvclVuWTUxWVBpd2JSYm0wdW02bVBUcW5laTRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS8wY2U1NjktYWI4ZS00NzEyLTk0OWEtY2VjOWUxN2Y1MDRi
LzEvWWZ2WWlIMm9SSEV4allPSVNzQUY4QnRFX1VrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCT44sAwQC
uX2sMA0EAgACMAcDBQMqBw8AMA0GCSqGSIb3DQEBCwUAA4IBAQBPxDw7/G5tO9hL
prg88KTWglAblW2dN56oWIZGALlMfE38ytSz/1LB/Y6sIU5LLFZX+gJF3oHrpE1a
MsjErkeu9pJmp+ApjfXm6ogmJyyKfTNYlHg7LoUb5isZzQUjJvR0CDzxTRXtlK+h
TfCqlckvacquAxovogar+eEO6nwEABO5R3bxgOm24pscq9JKDINCkFY/QeKBwxOW
wH8hW1o3hs5VtBBSK2+UK9sa4TGy5Eju7c7j6+rxDeuTu2ke/KVJ/2hjHM5hWGgT
BNgM5KWE7XafCryzgC4yv6FC5qbdl3W/58VI5FB2wyAYEcxpo16muAvz+4HbK+lR
ZiapCmu4
-----END CERTIFICATE-----