Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/i6einlN1wrtn13iko2_KP0R5PI0.roa
File:                     i6einlN1wrtn13iko2_KP0R5PI0.roa (raw, json)
Hash identifier:          DMM6aueBMa313hv1lYJx12NWvv0AeeinwGSdXwR2Yj0=
Subject key identifier:   8B:A7:A2:9E:53:75:C2:BB:67:D7:78:A4:A3:6F:CA:3F:44:79:3C:8D
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       01942824201F62E638E47B6DBC68AE158610
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/i6einlN1wrtn13iko2_KP0R5PI0.roa
Signing time:             Thu 02 Jan 2025 17:50:43 +0000
ROA not before:           Thu 02 Jan 2025 17:50:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20911
IP address blocks:        79.124.9.0/24 maxlen: 24
                          80.72.88.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 02:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:20:1f:62:e6:38:e4:7b:6d:bc:68:ae:15:86:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jan  2 17:50:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8ba7a29e5375c2bb67d778a4a36fca3f44793c8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:21:91:81:9e:25:63:ca:5b:c1:8d:13:1c:00:
                    2b:0e:6c:a9:50:d2:f0:e2:0a:67:7c:82:3f:df:8f:
                    31:d2:e1:90:01:bc:fd:03:8d:be:b2:0d:1c:2b:51:
                    70:a6:14:9f:cf:4e:7e:41:b9:00:90:0e:a0:f4:06:
                    45:03:7f:bf:09:bf:e7:10:e2:32:96:53:5e:f0:32:
                    99:43:f7:80:86:da:5e:dc:db:77:cf:b5:ae:b3:60:
                    90:a8:7b:08:d8:46:c4:c6:47:25:5f:5c:d7:8e:a8:
                    d7:75:b1:92:9a:71:2c:06:46:cd:70:4c:01:59:fe:
                    db:9f:2d:39:19:13:0c:3f:ac:ee:6f:3d:34:fe:b1:
                    cb:df:51:dd:4a:59:3e:fb:e8:55:b6:21:6c:a6:c0:
                    0c:39:3a:60:9b:63:47:09:1c:c1:2a:cc:8c:4b:70:
                    e9:b4:07:bd:41:91:de:c5:04:bc:aa:3e:c9:d0:b1:
                    e2:51:f2:47:98:a0:15:a4:65:fb:30:37:af:87:bc:
                    cf:10:91:d6:06:70:e8:be:42:e6:bb:66:6d:c6:62:
                    02:a4:ef:a7:97:88:ac:45:82:6a:c8:36:af:ad:2c:
                    55:73:20:5b:e2:c0:83:c2:f5:95:e6:95:25:59:0a:
                    f0:37:bc:59:3c:10:3f:1e:b3:29:44:30:1b:c5:9f:
                    cb:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:A7:A2:9E:53:75:C2:BB:67:D7:78:A4:A3:6F:CA:3F:44:79:3C:8D
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/i6einlN1wrtn13iko2_KP0R5PI0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.124.9.0/24
                  80.72.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1a:08:9d:aa:5a:5b:58:af:09:fa:c6:cd:20:f9:d4:23:e6:f2:
         64:56:a2:d8:41:24:86:60:0a:21:c6:69:3c:87:41:0d:a9:81:
         c3:6a:7a:5e:5d:c5:2b:94:28:c1:7b:d0:5e:5c:53:6c:96:e3:
         cd:a2:02:ce:2c:84:fd:0e:e7:ed:6a:e7:93:86:bd:7d:b9:c9:
         af:28:fc:34:6e:f8:9f:6c:2f:f4:83:5d:87:5c:b7:b5:ed:c1:
         25:8c:69:fd:73:e0:7e:4f:b9:c1:2a:87:19:32:38:bf:38:36:
         39:b1:91:33:0e:24:5d:e4:82:b2:3d:41:1e:d4:97:a9:e6:b5:
         c3:1a:8f:e0:11:5b:77:18:a6:de:99:0e:15:77:f8:e5:7d:e5:
         a0:1c:ad:66:38:2f:06:8c:8c:44:bb:ed:d7:49:c7:02:4a:d8:
         4b:df:eb:74:d0:a1:f8:a5:a9:65:51:69:55:db:42:66:03:ff:
         53:fe:30:6b:a1:a6:b4:e8:66:ae:97:d1:22:18:8c:cd:11:1b:
         54:20:44:92:dd:b8:6e:21:e2:e5:c1:40:2d:67:5f:2f:5b:4f:
         5f:fa:dd:26:24:81:6d:55:6b:3e:31:d7:e8:46:bb:68:af:52:
         35:98:62:07:b9:6f:08:0c:5d:14:f9:72:52:29:69:41:ed:1a:
         8c:f2:5e:41
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQoJCAfYuY45HttvGiuFYYQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjUwMTAyMTc1MDQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmE3YTI5ZTUzNzVjMmJiNjdkNzc4YTRhMzZmY2EzZjQ0NzkzYzhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7CGRgZ4lY8pbwY0THAArDmypUNLw
4gpnfII/348x0uGQAbz9A42+sg0cK1FwphSfz05+QbkAkA6g9AZFA3+/Cb/nEOIy
llNe8DKZQ/eAhtpe3Nt3z7Wus2CQqHsI2EbExkclX1zXjqjXdbGSmnEsBkbNcEwB
Wf7bny05GRMMP6zubz00/rHL31HdSlk+++hVtiFspsAMOTpgm2NHCRzBKsyMS3Dp
tAe9QZHexQS8qj7J0LHiUfJHmKAVpGX7MDevh7zPEJHWBnDovkLmu2ZtxmICpO+n
l4isRYJqyDavrSxVcyBb4sCDwvWV5pUlWQrwN7xZPBA/HrMpRDAbxZ/LFwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIunop5TdcK7Z9d4pKNvyj9EeTyNMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvaTZlaW5sTjF3cnRuMTNpa28yX0tQMFI1UEkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAT3wJAwQC
UEhYMA0GCSqGSIb3DQEBCwUAA4IBAQAaCJ2qWltYrwn6xs0g+dQj5vJkVqLYQSSG
YAohxmk8h0ENqYHDanpeXcUrlCjBe9BeXFNsluPNogLOLIT9DuftaueThr19ucmv
KPw0bvifbC/0g12HXLe17cEljGn9c+B+T7nBKocZMji/ODY5sZEzDiRd5IKyPUEe
1Jep5rXDGo/gEVt3GKbemQ4Vd/jlfeWgHK1mOC8GjIxEu+3XSccCSthL3+t00KH4
pallUWlV20JmA/9T/jBroaa06Gaul9EiGIzNERtUIESS3bhuIeLlwUAtZ18vW09f
+t0mJIFtVWs+MdfoRrtor1I1mGIHuW8IDF0U+XJSKWlB7RqM8l5B
-----END CERTIFICATE-----