Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/Pk_hHFRa0hEveMukXPUFdJqyisM.roa
File:                     Pk_hHFRa0hEveMukXPUFdJqyisM.roa (raw, json)
Hash identifier:          Y+DYeqcNeOTjuYQaMja/ZugzBBEEYNpamZRr2rQEMwc=
Subject key identifier:   3E:4F:E1:1C:54:5A:D2:11:2F:78:CB:A4:5C:F5:05:74:9A:B2:8A:C3
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       01944A64C7CE8D7378DFCC1170524567130E
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/Pk_hHFRa0hEveMukXPUFdJqyisM.roa
Signing time:             Thu 09 Jan 2025 09:28:26 +0000
ROA not before:           Thu 09 Jan 2025 09:28:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212677
IP address blocks:        79.124.54.0/24 maxlen: 24
                          79.124.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 05:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:4a:64:c7:ce:8d:73:78:df:cc:11:70:52:45:67:13:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jan  9 09:28:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3e4fe11c545ad2112f78cba45cf505749ab28ac3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:7d:cd:fa:44:fa:f5:b0:67:f2:59:c2:24:0a:
                    a0:d1:79:87:2b:0b:86:e0:b6:a1:7d:d5:fa:53:21:
                    4a:c9:73:99:7c:c9:af:a6:1b:1d:62:01:1c:c4:44:
                    00:ff:eb:ee:d2:8e:8b:db:66:28:63:21:04:91:c7:
                    82:4d:a7:36:8c:b8:37:9e:53:72:5c:a4:f6:1e:e0:
                    87:28:23:9e:5c:51:66:e9:60:1c:21:94:29:60:3e:
                    4f:c0:88:b1:8d:ff:5c:53:47:00:61:96:e6:bd:a6:
                    f0:6c:54:f0:8f:0f:92:c6:82:f0:c0:57:ed:42:14:
                    cb:48:e1:e5:47:b4:f4:3d:23:72:ff:44:38:6a:67:
                    1c:a4:ad:5f:bb:f0:6b:16:06:0c:36:ed:62:c7:55:
                    d6:12:f8:7d:fb:3b:ce:fb:ac:fd:c4:1e:88:d2:a7:
                    fe:25:3d:67:f2:2f:81:6d:c3:9f:4f:e1:5d:ef:42:
                    5f:a4:d9:f1:b6:b0:22:44:9c:c4:2f:42:d2:56:1f:
                    51:bb:0d:4d:24:af:e1:c8:d3:b1:50:57:0b:bb:50:
                    1d:80:0f:a8:23:cf:d4:40:3c:27:e4:4d:f5:da:62:
                    a5:6e:16:83:ac:ad:43:44:21:22:46:2c:fe:2e:79:
                    e6:59:30:4a:da:15:a6:05:09:19:38:b7:2a:97:28:
                    5d:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:4F:E1:1C:54:5A:D2:11:2F:78:CB:A4:5C:F5:05:74:9A:B2:8A:C3
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/Pk_hHFRa0hEveMukXPUFdJqyisM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.124.54.0/24
                  79.124.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:9b:1c:e7:0f:9a:12:9f:82:9c:49:2f:54:74:c9:f0:a6:ac:
         b9:8e:0a:d6:95:bb:ac:af:8e:0c:80:ea:3c:53:86:4a:3d:9a:
         05:88:b1:5e:ba:a8:c8:4c:d0:86:1b:b0:e6:29:5b:85:96:95:
         0f:7f:07:0e:90:7b:ed:ab:7b:03:fb:d3:ff:89:9a:3b:b0:69:
         05:17:f8:ac:15:fc:27:60:0f:c3:d1:7d:c5:9f:ea:cf:9f:a7:
         d3:b2:df:97:be:80:93:2a:a2:4d:7f:f9:86:03:69:cb:40:7f:
         8f:14:8d:9a:cd:d2:45:9d:25:bb:4c:7d:f0:77:b0:2b:6c:36:
         ad:89:0b:4c:ed:59:fe:f0:40:6e:03:b0:f2:12:08:a3:0b:39:
         a0:15:2f:0f:c0:86:44:00:1d:35:37:fb:fc:bd:15:81:47:33:
         64:ee:61:f7:65:3e:69:fd:c6:34:91:32:97:31:27:68:a5:bf:
         ad:5b:82:f8:a1:a4:31:c3:e0:73:13:65:90:7d:3f:04:b5:1c:
         91:ef:61:a6:49:ae:1d:00:8b:2a:e7:78:8e:ea:bc:89:2d:aa:
         14:1a:d2:bf:51:c9:86:ff:eb:4f:e9:01:5f:68:ae:b3:05:9c:
         0a:5c:e0:fe:c5:06:ec:bc:c2:fb:0f:e6:17:9f:56:8f:68:bb:
         bd:9b:5b:26
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZRKZMfOjXN438wRcFJFZxMOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjUwMTA5MDkyODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTRmZTExYzU0NWFkMjExMmY3OGNiYTQ1Y2Y1MDU3NDlhYjI4YWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0n3N+kT69bBn8lnCJAqg0XmHKwuG
4LahfdX6UyFKyXOZfMmvphsdYgEcxEQA/+vu0o6L22YoYyEEkceCTac2jLg3nlNy
XKT2HuCHKCOeXFFm6WAcIZQpYD5PwIixjf9cU0cAYZbmvabwbFTwjw+SxoLwwFft
QhTLSOHlR7T0PSNy/0Q4amccpK1fu/BrFgYMNu1ix1XWEvh9+zvO+6z9xB6I0qf+
JT1n8i+BbcOfT+Fd70JfpNnxtrAiRJzEL0LSVh9Ruw1NJK/hyNOxUFcLu1AdgA+o
I8/UQDwn5E312mKlbhaDrK1DRCEiRiz+LnnmWTBK2hWmBQkZOLcqlyhdzwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFD5P4RxUWtIRL3jLpFz1BXSasorDMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvUGtfaEhGUmEwaEV2ZU11a1hQVUZkSnF5aXNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAT3w2AwQA
T3w9MA0GCSqGSIb3DQEBCwUAA4IBAQCkmxznD5oSn4KcSS9UdMnwpqy5jgrWlbus
r44MgOo8U4ZKPZoFiLFeuqjITNCGG7DmKVuFlpUPfwcOkHvtq3sD+9P/iZo7sGkF
F/isFfwnYA/D0X3Fn+rPn6fTst+XvoCTKqJNf/mGA2nLQH+PFI2azdJFnSW7TH3w
d7ArbDatiQtM7Vn+8EBuA7DyEgijCzmgFS8PwIZEAB01N/v8vRWBRzNk7mH3ZT5p
/cY0kTKXMSdopb+tW4L4oaQxw+BzE2WQfT8EtRyR72GmSa4dAIsq53iO6ryJLaoU
GtK/UcmG/+tP6QFfaK6zBZwKXOD+xQbsvML7D+YXn1aPaLu9m1sm
-----END CERTIFICATE-----