Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/tiIoys09kmXMH3pj0eYY3jB6F7o.roa
File:                     tiIoys09kmXMH3pj0eYY3jB6F7o.roa (raw, json)
Hash identifier:          /BFY3lyPkgwMGI6Yoxtr7ZIkhvJMoAS7umXiaAeUjKk=
Subject key identifier:   B6:22:28:CA:CD:3D:92:65:CC:1F:7A:63:D1:E6:18:DE:30:7A:17:BA
Certificate issuer:       /CN=bdfad23e11cf0d24a477594eba09f99acc6f1fff
Certificate serial:       0194236A2C2C6C9FC37B3097A32C9B7F951C
Authority key identifier: BD:FA:D2:3E:11:CF:0D:24:A4:77:59:4E:BA:09:F9:9A:CC:6F:1F:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vfrSPhHPDSSkd1lOugn5msxvH_8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/tiIoys09kmXMH3pj0eYY3jB6F7o.roa
Signing time:             Wed 01 Jan 2025 19:49:08 +0000
ROA not before:           Wed 01 Jan 2025 19:49:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47385
IP address blocks:        79.174.64.0/19 maxlen: 20
                          79.174.74.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/vfrSPhHPDSSkd1lOugn5msxvH_8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/vfrSPhHPDSSkd1lOugn5msxvH_8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vfrSPhHPDSSkd1lOugn5msxvH_8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 23:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:2c:2c:6c:9f:c3:7b:30:97:a3:2c:9b:7f:95:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bdfad23e11cf0d24a477594eba09f99acc6f1fff
        Validity
            Not Before: Jan  1 19:49:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b62228cacd3d9265cc1f7a63d1e618de307a17ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:3e:6b:e8:9e:ec:bf:8a:09:24:88:3f:3b:33:
                    51:63:86:3e:14:e8:e0:32:3f:b1:17:fe:01:df:29:
                    08:43:b8:1e:29:be:a0:fc:af:ac:70:11:67:94:9c:
                    28:d7:c9:62:94:c4:f2:40:d2:29:63:de:54:06:5a:
                    55:46:25:68:ef:1a:87:e2:cd:5d:06:38:8b:e6:ab:
                    32:ab:2a:b1:24:20:79:aa:62:31:44:b0:e0:ab:09:
                    f8:13:8b:92:a9:fa:d2:53:2f:e8:02:92:13:03:69:
                    da:4a:dc:22:20:39:97:c9:ae:89:2b:55:80:7e:61:
                    2b:d7:a6:14:85:31:a9:6c:1e:a4:14:4f:56:a8:18:
                    96:e5:ba:f6:b9:6d:cb:81:d4:fe:f9:54:3a:c6:dc:
                    37:54:ee:04:8b:eb:96:10:0b:80:3a:3b:96:8c:f7:
                    37:e7:16:c2:b6:b6:eb:9e:0d:d4:b1:22:8d:67:db:
                    fd:8a:fa:bb:81:6b:b7:86:cb:31:16:9c:c1:02:c5:
                    7b:23:f4:f9:62:c9:b0:6c:80:f5:c9:b4:56:ed:67:
                    98:82:e5:8e:be:1a:ca:3a:8c:17:43:ec:a4:c2:bc:
                    81:b6:58:b2:86:cf:7c:ba:0a:c7:77:c3:f5:49:9d:
                    6e:79:b3:a7:93:a9:0e:c8:a6:9c:91:13:15:ee:b6:
                    e9:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:22:28:CA:CD:3D:92:65:CC:1F:7A:63:D1:E6:18:DE:30:7A:17:BA
            X509v3 Authority Key Identifier:
                keyid:BD:FA:D2:3E:11:CF:0D:24:A4:77:59:4E:BA:09:F9:9A:CC:6F:1F:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vfrSPhHPDSSkd1lOugn5msxvH_8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/tiIoys09kmXMH3pj0eYY3jB6F7o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/vfrSPhHPDSSkd1lOugn5msxvH_8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.174.64.0/19

    Signature Algorithm: sha256WithRSAEncryption
         82:3e:74:6f:26:b2:ba:0a:e0:32:e8:ec:fc:4a:02:16:f8:1f:
         a9:f0:8d:c8:80:0f:00:dd:b4:fa:d3:8c:6f:4b:08:cb:de:ed:
         e1:10:95:ba:48:60:d5:df:eb:4a:e0:16:87:8d:b2:04:f0:df:
         43:1d:07:39:3f:7d:43:e4:a4:ae:41:14:4d:71:30:2d:37:65:
         3a:24:28:1f:41:6d:80:85:2e:15:73:d8:59:2f:da:08:df:34:
         e5:b7:69:9c:2d:ab:03:9d:39:24:77:4d:af:d9:3f:67:f1:c3:
         fb:36:14:08:53:8d:1d:d7:17:50:d2:fc:0c:14:d6:f8:f4:96:
         57:c7:c1:c6:02:17:0d:35:37:2d:61:7f:a3:14:e0:ce:bf:cb:
         6e:ba:75:be:62:ce:1a:3f:8e:b5:09:7f:28:02:0b:f8:25:eb:
         fc:0b:bd:75:df:d0:64:be:0f:73:b9:fa:4a:fd:9e:be:49:3f:
         45:05:18:31:f2:c5:e7:d1:a5:0a:cf:33:30:81:21:c1:cc:22:
         e9:18:44:ae:7a:0e:11:74:d7:ed:6d:bf:9d:15:89:60:05:fa:
         5e:c3:3e:83:d3:c8:cd:29:8d:81:27:15:31:6c:42:ac:9a:d4:
         7d:12:c7:ae:e1:8d:8a:68:02:1b:b3:4a:34:d3:84:b3:aa:c9:
         6e:82:d3:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaiwsbJ/DezCXoyybf5UcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkZmFkMjNlMTFjZjBkMjRhNDc3NTk0ZWJhMDlmOTlhY2M2
ZjFmZmYwHhcNMjUwMTAxMTk0OTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjIyMjhjYWNkM2Q5MjY1Y2MxZjdhNjNkMWU2MThkZTMwN2ExN2JhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6D5r6J7sv4oJJIg/OzNRY4Y+FOjg
Mj+xF/4B3ykIQ7geKb6g/K+scBFnlJwo18lilMTyQNIpY95UBlpVRiVo7xqH4s1d
BjiL5qsyqyqxJCB5qmIxRLDgqwn4E4uSqfrSUy/oApITA2naStwiIDmXya6JK1WA
fmEr16YUhTGpbB6kFE9WqBiW5br2uW3LgdT++VQ6xtw3VO4Ei+uWEAuAOjuWjPc3
5xbCtrbrng3UsSKNZ9v9ivq7gWu3hssxFpzBAsV7I/T5YsmwbID1ybRW7WeYguWO
vhrKOowXQ+ykwryBtliyhs98ugrHd8P1SZ1uebOnk6kOyKackRMV7rbpswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLYiKMrNPZJlzB96Y9HmGN4wehe6MB8GA1UdIwQY
MBaAFL360j4Rzw0kpHdZTroJ+ZrMbx//MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmZyU1BoSFBEU1NrZDFsT3VnbjVtc3h2SF84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9lMjUyMzktNmFiMC00OTE5LWE3NmEt
NGY0ZTcxZTMyMDg0LzEvdGlJb3lzMDlrbVhNSDNwajBlWVkzakI2RjdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9lMjUyMzktNmFiMC00OTE5LWE3NmEtNGY0ZTcxZTMyMDg0
LzEvdmZyU1BoSFBEU1NrZDFsT3VnbjVtc3h2SF84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFT65AMA0G
CSqGSIb3DQEBCwUAA4IBAQCCPnRvJrK6CuAy6Oz8SgIW+B+p8I3IgA8A3bT604xv
SwjL3u3hEJW6SGDV3+tK4BaHjbIE8N9DHQc5P31D5KSuQRRNcTAtN2U6JCgfQW2A
hS4Vc9hZL9oI3zTlt2mcLasDnTkkd02v2T9n8cP7NhQIU40d1xdQ0vwMFNb49JZX
x8HGAhcNNTctYX+jFODOv8tuunW+Ys4aP461CX8oAgv4Jev8C71139Bkvg9zufpK
/Z6+ST9FBRgx8sXn0aUKzzMwgSHBzCLpGESueg4RdNftbb+dFYlgBfpewz6D08jN
KY2BJxUxbEKsmtR9Eseu4Y2KaAIbs0o004SzqslugtM3
-----END CERTIFICATE-----