Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/fb8db5-1189-4351-bde7-206bcca78421/1/RRxWR41Hund7xXvTLqB2r5qi970.roa
File:                     RRxWR41Hund7xXvTLqB2r5qi970.roa (raw, json)
Hash identifier:          rUpiHcsIUELuq5TefHF1+krXhbgfuQVPMP1TCObsJG4=
Subject key identifier:   45:1C:56:47:8D:47:BA:77:7B:C5:7B:D3:2E:A0:76:AF:9A:A2:F7:BD
Certificate issuer:       /CN=f9e659e7eef6d73b686eb1d2956c71f3be5bbd77
Certificate serial:       0194258F3CA4795EECC824E31B5BC3F3FAF7
Authority key identifier: F9:E6:59:E7:EE:F6:D7:3B:68:6E:B1:D2:95:6C:71:F3:BE:5B:BD:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-eZZ5-721ztobrHSlWxx875bvXc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/fb8db5-1189-4351-bde7-206bcca78421/1/RRxWR41Hund7xXvTLqB2r5qi970.roa
Signing time:             Thu 02 Jan 2025 05:48:51 +0000
ROA not before:           Thu 02 Jan 2025 05:48:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15657
IP address blocks:        185.79.208.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/fb8db5-1189-4351-bde7-206bcca78421/1/1-eZZ5-721ztobrHSlWxx875bvXc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/fb8db5-1189-4351-bde7-206bcca78421/1/1-eZZ5-721ztobrHSlWxx875bvXc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-eZZ5-721ztobrHSlWxx875bvXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:3c:a4:79:5e:ec:c8:24:e3:1b:5b:c3:f3:fa:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f9e659e7eef6d73b686eb1d2956c71f3be5bbd77
        Validity
            Not Before: Jan  2 05:48:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=451c56478d47ba777bc57bd32ea076af9aa2f7bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:71:d4:2d:15:e2:13:4c:9f:79:de:15:17:a5:
                    54:38:cb:6e:06:8b:83:fd:cd:f5:a7:d7:a8:93:e8:
                    1b:b5:cc:c6:81:02:87:a9:7f:8d:39:a2:76:88:d8:
                    12:ad:55:03:c5:67:9e:bd:b9:67:a1:13:f5:8c:16:
                    57:4c:e6:b7:d1:7b:3f:d4:c9:43:25:bb:40:20:97:
                    a0:33:5f:54:c4:29:8f:4d:32:61:40:5b:3f:04:5d:
                    ce:54:ff:b2:a2:67:98:cf:52:7c:6e:18:50:ad:ae:
                    1f:d0:16:14:17:6f:bd:10:6f:6c:de:b6:20:e0:3c:
                    a0:a2:ee:d5:8e:12:51:9b:38:0c:12:e5:5c:77:60:
                    62:c6:42:57:d6:32:7c:c9:5a:fb:f5:36:24:72:12:
                    66:bc:13:07:d4:71:c5:aa:c2:96:40:d6:a8:17:09:
                    24:3c:af:15:9e:38:d8:84:53:00:fd:94:ad:b5:9d:
                    c0:f2:c9:48:5f:af:4a:49:0c:1b:0b:82:14:5e:db:
                    f4:fc:04:0a:8a:59:19:36:41:49:f1:ed:af:b4:e6:
                    8a:b2:a5:22:ad:78:b2:c5:05:28:72:8c:94:0e:f8:
                    7f:49:18:7f:95:52:1d:4d:f5:b9:81:d9:0d:31:81:
                    e5:22:01:b2:75:74:f8:02:f6:a3:84:fe:5c:83:9b:
                    63:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:1C:56:47:8D:47:BA:77:7B:C5:7B:D3:2E:A0:76:AF:9A:A2:F7:BD
            X509v3 Authority Key Identifier:
                keyid:F9:E6:59:E7:EE:F6:D7:3B:68:6E:B1:D2:95:6C:71:F3:BE:5B:BD:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-eZZ5-721ztobrHSlWxx875bvXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/fb8db5-1189-4351-bde7-206bcca78421/1/RRxWR41Hund7xXvTLqB2r5qi970.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/fb8db5-1189-4351-bde7-206bcca78421/1/1-eZZ5-721ztobrHSlWxx875bvXc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.79.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1e:85:a7:c3:fc:43:b5:e8:d0:93:37:18:59:7a:2c:10:0d:07:
         fe:e6:de:8c:73:db:22:ac:ce:fc:6f:70:03:9d:56:2d:13:57:
         1f:d2:a9:e8:87:08:6b:4f:78:7e:a1:70:70:78:d5:8f:ed:e6:
         83:3e:ab:55:f2:ca:1f:02:a1:dc:41:24:8c:8d:6a:74:74:34:
         54:54:e7:cd:de:23:42:79:a3:95:7b:b4:02:a9:d3:ef:c8:ba:
         2b:71:75:ad:22:27:b2:52:12:5d:89:8d:41:59:81:5b:23:97:
         aa:20:d4:bf:f2:79:74:4e:3b:77:e7:2b:f3:98:c0:f1:78:61:
         49:13:a4:28:de:86:ab:e4:69:4c:44:da:17:0b:a9:73:b8:82:
         55:33:23:90:33:c7:56:28:f8:5b:31:3b:aa:5e:5a:0b:ae:7a:
         75:25:a1:a2:db:97:5a:0f:48:6f:ab:c7:bf:76:d9:70:c7:a1:
         3f:64:e7:e9:d8:bf:24:77:97:4a:f6:3a:4d:18:ca:ed:33:30:
         a5:52:32:39:2b:1d:f1:e7:2a:f2:e8:6e:c4:af:45:b7:3e:95:
         dd:32:5a:e8:e0:24:70:43:6e:c0:40:5f:bc:a7:72:80:c1:b6:
         63:6e:e0:30:ff:7c:7f:1c:4a:3f:b9:66:24:f2:30:4f:e6:4c:
         2d:c7:22:aa
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQljzykeV7syCTjG1vD8/r3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5ZTY1OWU3ZWVmNmQ3M2I2ODZlYjFkMjk1NmM3MWYzYmU1
YmJkNzcwHhcNMjUwMTAyMDU0ODUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTFjNTY0NzhkNDdiYTc3N2JjNTdiZDMyZWEwNzZhZjlhYTJmN2JkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuXHULRXiE0yfed4VF6VUOMtuBouD
/c31p9eok+gbtczGgQKHqX+NOaJ2iNgSrVUDxWeevblnoRP1jBZXTOa30Xs/1MlD
JbtAIJegM19UxCmPTTJhQFs/BF3OVP+yomeYz1J8bhhQra4f0BYUF2+9EG9s3rYg
4Dygou7VjhJRmzgMEuVcd2BixkJX1jJ8yVr79TYkchJmvBMH1HHFqsKWQNaoFwkk
PK8VnjjYhFMA/ZSttZ3A8slIX69KSQwbC4IUXtv0/AQKilkZNkFJ8e2vtOaKsqUi
rXiyxQUocoyUDvh/SRh/lVIdTfW5gdkNMYHlIgGydXT4AvajhP5cg5tjjQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFEUcVkeNR7p3e8V70y6gdq+aove9MB8GA1UdIwQY
MBaAFPnmWefu9tc7aG6x0pVscfO+W713MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1lWlo1LTcyMXp0b2JySFNsV3h4ODc1YnZYYy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmYvZmI4ZGI1LTExODktNDM1MS1iZGU3
LTIwNmJjY2E3ODQyMS8xL1JSeFdSNDFIdW5kN3hYdlRMcUIycjVxaTk3MC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYmYvZmI4ZGI1LTExODktNDM1MS1iZGU3LTIwNmJjY2E3ODQy
MS8xLzEtZVpaNS03MjF6dG9ickhTbFd4eDg3NWJ2WGMuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAK5T9Aw
DQYJKoZIhvcNAQELBQADggEBAB6Fp8P8Q7Xo0JM3GFl6LBANB/7m3oxz2yKszvxv
cAOdVi0TVx/SqeiHCGtPeH6hcHB41Y/t5oM+q1Xyyh8CodxBJIyNanR0NFRU583e
I0J5o5V7tAKp0+/Iuitxda0iJ7JSEl2JjUFZgVsjl6og1L/yeXROO3fnK/OYwPF4
YUkTpCjehqvkaUxE2hcLqXO4glUzI5Azx1Yo+FsxO6peWguuenUloaLbl1oPSG+r
x7922XDHoT9k5+nYvyR3l0r2Ok0Yyu0zMKVSMjkrHfHnKvLobsSvRbc+ld0yWujg
JHBDbsBAX7yncoDBtmNu4DD/fH8cSj+5ZiTyME/mTC3HIqo=
-----END CERTIFICATE-----