Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/t9NSysqYSVOb3-lSWme9hU4zhwE.roa
File:                     t9NSysqYSVOb3-lSWme9hU4zhwE.roa (raw, json)
Hash identifier:          Zg07uTwvFkymuiuSp6UEoXFGxNdx/y02GfTUe6wCzI0=
Subject key identifier:   B7:D3:52:CA:CA:98:49:53:9B:DF:E9:52:5A:67:BD:85:4E:33:87:01
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       019423D773FEB3EAB97959E054A41DB443B0
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/t9NSysqYSVOb3-lSWme9hU4zhwE.roa
Signing time:             Wed 01 Jan 2025 21:48:29 +0000
ROA not before:           Wed 01 Jan 2025 21:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212349
IP address blocks:        5.1.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:73:fe:b3:ea:b9:79:59:e0:54:a4:1d:b4:43:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Jan  1 21:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b7d352caca9849539bdfe9525a67bd854e338701
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:6b:6e:86:78:c1:51:b6:e4:b9:80:fd:45:c0:
                    dd:52:98:30:90:eb:b9:8f:49:d8:e6:e5:74:4c:54:
                    cb:60:c0:89:19:93:fb:45:45:56:59:60:64:58:d1:
                    38:07:da:1a:7b:96:d8:71:92:af:8c:20:be:e0:f5:
                    fb:02:d5:f0:e8:e2:fa:e5:b1:54:a2:80:50:e9:1c:
                    2b:71:dd:16:aa:33:ca:73:63:57:16:3c:a8:74:1a:
                    47:82:85:0c:bd:96:55:51:88:fc:54:2b:a8:27:97:
                    54:d4:4b:41:df:a3:3b:31:87:b5:e1:38:e4:81:cb:
                    a5:f9:4b:b8:19:75:aa:8c:b1:76:02:ac:ca:75:2a:
                    6e:c0:76:55:c0:ac:82:22:16:c4:89:36:e4:36:b4:
                    74:15:51:cb:2a:c6:9b:fd:98:eb:78:52:fb:5c:bf:
                    0b:40:f0:56:bd:da:11:98:98:a4:0a:0c:53:af:1d:
                    ee:99:9c:45:7f:7e:42:b8:8e:8f:74:f7:e4:6b:b3:
                    63:68:df:2c:7b:05:a4:d9:87:42:55:de:86:de:2a:
                    55:39:f1:e3:cf:ec:71:02:27:cd:23:bb:20:c9:e9:
                    9b:ac:bf:96:83:2c:08:63:ed:b9:7e:b7:8b:d0:d5:
                    59:30:b3:f3:56:ca:14:de:3d:55:77:a7:ea:43:ed:
                    50:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:D3:52:CA:CA:98:49:53:9B:DF:E9:52:5A:67:BD:85:4E:33:87:01
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/t9NSysqYSVOb3-lSWme9hU4zhwE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.1.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:ba:8f:20:ac:d1:2f:2d:37:d8:db:f0:fe:f9:5b:4c:11:fc:
         83:21:8c:a8:90:14:54:d6:14:a7:25:59:3a:24:d9:90:94:45:
         15:5f:0d:48:a4:21:a1:62:3a:49:75:f8:ea:ec:66:79:ba:01:
         3a:e2:74:12:72:3d:59:43:12:6b:cb:b8:7e:ad:88:b5:2f:5c:
         e3:14:ad:a5:52:e7:e6:65:b6:fd:b4:53:9e:32:10:21:5a:9c:
         8c:2d:70:e4:c0:15:b2:89:ad:69:75:17:e3:4c:32:b7:cc:38:
         fc:a8:22:39:96:a4:df:65:b3:12:e3:c3:99:09:db:92:33:fe:
         35:f0:04:0d:56:db:fa:3e:e2:a8:77:10:37:ee:62:b8:e3:fe:
         2d:75:11:ed:a2:e5:ee:e1:1e:06:3c:50:dd:74:05:24:c7:24:
         0c:d3:64:dd:80:a1:e2:b3:ac:17:80:cb:f8:cf:2c:43:08:16:
         ee:f9:c6:2e:23:8e:d7:75:e5:dd:61:06:2c:00:99:a9:44:b9:
         21:86:7c:06:64:6c:ea:43:a4:fa:db:8a:7b:05:03:e7:b0:a8:
         10:9e:8d:45:f6:53:db:6c:5f:78:c2:b9:81:ed:41:f2:58:eb:
         e4:29:fb:47:e8:e9:dc:da:da:86:e0:a4:3e:45:ae:fa:af:bd:
         14:ee:fa:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj13P+s+q5eVngVKQdtEOwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjUwMTAxMjE0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2QzNTJjYWNhOTg0OTUzOWJkZmU5NTI1YTY3YmQ4NTRlMzM4NzAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoWtuhnjBUbbkuYD9RcDdUpgwkOu5
j0nY5uV0TFTLYMCJGZP7RUVWWWBkWNE4B9oae5bYcZKvjCC+4PX7AtXw6OL65bFU
ooBQ6Rwrcd0WqjPKc2NXFjyodBpHgoUMvZZVUYj8VCuoJ5dU1EtB36M7MYe14Tjk
gcul+Uu4GXWqjLF2AqzKdSpuwHZVwKyCIhbEiTbkNrR0FVHLKsab/ZjreFL7XL8L
QPBWvdoRmJikCgxTrx3umZxFf35CuI6PdPfka7NjaN8sewWk2YdCVd6G3ipVOfHj
z+xxAifNI7sgyembrL+WgywIY+25freL0NVZMLPzVsoU3j1Vd6fqQ+1QswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLfTUsrKmElTm9/pUlpnvYVOM4cBMB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvdDlOU3lzcVlTVk9iMy1sU1dtZTloVTR6aHdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABQFPMA0G
CSqGSIb3DQEBCwUAA4IBAQBtuo8grNEvLTfY2/D++VtMEfyDIYyokBRU1hSnJVk6
JNmQlEUVXw1IpCGhYjpJdfjq7GZ5ugE64nQScj1ZQxJry7h+rYi1L1zjFK2lUufm
Zbb9tFOeMhAhWpyMLXDkwBWyia1pdRfjTDK3zDj8qCI5lqTfZbMS48OZCduSM/41
8AQNVtv6PuKodxA37mK44/4tdRHtouXu4R4GPFDddAUkxyQM02TdgKHis6wXgMv4
zyxDCBbu+cYuI47XdeXdYQYsAJmpRLkhhnwGZGzqQ6T624p7BQPnsKgQno1F9lPb
bF94wrmB7UHyWOvkKftH6Onc2tqG4KQ+Ra76r70U7vqG
-----END CERTIFICATE-----