Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/e0f9e6-d655-4377-8d09-ea86509c3b30/1/YvLjQ6wMcwUDFn9h5HgkdK_fjeM.roa
File:                     YvLjQ6wMcwUDFn9h5HgkdK_fjeM.roa (raw, json)
Hash identifier:          QPVA5ZQVJgjujy5OtpeO41Tq/wBAfu0lH3m+HWngZW8=
Subject key identifier:   62:F2:E3:43:AC:0C:73:05:03:16:7F:61:E4:78:24:74:AF:DF:8D:E3
Certificate issuer:       /CN=ef0efd5de78f93bcaead15e14c006edbbd1b5955
Certificate serial:       01975924DDF4D8D0985070A70F5B20A656A3
Authority key identifier: EF:0E:FD:5D:E7:8F:93:BC:AE:AD:15:E1:4C:00:6E:DB:BD:1B:59:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7w79XeePk7yurRXhTABu270bWVU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/e0f9e6-d655-4377-8d09-ea86509c3b30/1/YvLjQ6wMcwUDFn9h5HgkdK_fjeM.roa
Signing time:             Tue 10 Jun 2025 09:21:17 +0000
ROA not before:           Tue 10 Jun 2025 09:21:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47710
IP address blocks:        79.121.72.0/24 maxlen: 24
                          2a03:bf00::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/e0f9e6-d655-4377-8d09-ea86509c3b30/1/7w79XeePk7yurRXhTABu270bWVU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/e0f9e6-d655-4377-8d09-ea86509c3b30/1/7w79XeePk7yurRXhTABu270bWVU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7w79XeePk7yurRXhTABu270bWVU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Jun 2025 16:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:59:24:dd:f4:d8:d0:98:50:70:a7:0f:5b:20:a6:56:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef0efd5de78f93bcaead15e14c006edbbd1b5955
        Validity
            Not Before: Jun 10 09:21:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=62f2e343ac0c730503167f61e4782474afdf8de3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:06:fe:ab:9a:77:e4:49:94:18:f8:08:2b:11:
                    ef:86:eb:4b:a3:06:be:e3:8f:f0:5a:3f:65:3b:1d:
                    85:9d:1c:4f:b9:b5:1c:8a:43:f7:6d:5f:06:79:96:
                    3d:4b:c6:7c:0e:dd:d9:ec:74:9d:2d:f7:f0:5c:ce:
                    c9:b1:a6:89:35:84:da:18:1d:87:f0:67:85:c1:24:
                    2d:58:36:30:66:79:13:43:66:70:fa:ab:e0:07:35:
                    47:a5:0b:8a:f8:c2:b8:54:61:21:62:a1:a7:8d:b7:
                    9f:02:a0:86:7c:1a:29:bc:90:88:08:c6:73:75:f2:
                    8c:2f:3f:be:51:d6:50:2a:f3:ff:18:f5:39:2d:8f:
                    5d:ff:6c:b6:1b:03:a1:ee:f6:2a:7f:ae:34:05:d3:
                    c9:93:f9:44:97:ad:3c:1a:44:fa:21:74:23:19:47:
                    31:f1:45:f8:85:c1:95:75:4c:bb:a7:bf:6d:7c:b7:
                    56:35:fb:c0:89:9c:af:a4:95:9e:d3:a0:bd:97:6a:
                    21:d6:60:26:41:ba:69:07:a7:4d:e7:87:a5:41:78:
                    aa:7f:9c:44:39:91:4f:13:d4:15:bb:3a:0d:cc:62:
                    70:6c:67:b1:8d:53:d2:4e:0b:91:ec:32:e6:e2:2e:
                    1d:08:40:aa:38:a1:ec:b2:4a:0a:c7:ff:ac:71:31:
                    5b:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:F2:E3:43:AC:0C:73:05:03:16:7F:61:E4:78:24:74:AF:DF:8D:E3
            X509v3 Authority Key Identifier:
                keyid:EF:0E:FD:5D:E7:8F:93:BC:AE:AD:15:E1:4C:00:6E:DB:BD:1B:59:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7w79XeePk7yurRXhTABu270bWVU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/e0f9e6-d655-4377-8d09-ea86509c3b30/1/YvLjQ6wMcwUDFn9h5HgkdK_fjeM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/e0f9e6-d655-4377-8d09-ea86509c3b30/1/7w79XeePk7yurRXhTABu270bWVU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.121.72.0/24
                IPv6:
                  2a03:bf00::/40

    Signature Algorithm: sha256WithRSAEncryption
         89:7c:cc:b5:4e:52:67:a0:44:9a:bf:34:30:4e:50:a2:eb:b0:
         c1:ec:1a:2d:23:3f:8a:46:1c:1b:3d:c0:b7:14:ca:c5:b0:52:
         23:27:fb:a7:09:05:07:65:75:d4:41:1a:0f:d1:0b:91:be:c5:
         7b:d5:2c:17:65:32:ee:8c:26:d4:9b:16:ae:67:2a:a9:5b:a5:
         c2:ee:e6:fc:59:55:33:f5:f4:a0:26:b0:54:a7:16:6d:17:32:
         c0:59:f1:b0:11:ce:4c:01:54:da:b6:c1:de:7b:76:4a:3c:8f:
         86:35:37:ec:40:3e:67:02:47:e8:67:4d:ff:04:c4:c1:09:b3:
         5d:eb:85:0b:50:ec:ac:da:99:fa:f2:5a:dc:35:c5:c7:00:84:
         d4:c7:1b:b6:f9:1a:dc:9f:05:3f:6e:f7:d2:fd:24:3a:55:56:
         ff:4b:36:20:d1:61:57:44:c4:aa:d8:3d:94:91:59:95:1d:99:
         ae:3b:9f:05:e3:4a:63:d0:b6:d5:1f:ee:b5:2d:f6:15:bf:55:
         4d:0f:b0:af:a6:51:ad:9a:09:0c:e8:36:90:9d:e9:61:7f:d0:
         40:60:e3:89:cd:8a:92:5c:09:c5:ed:3f:74:c8:ae:d4:4b:80:
         cc:c1:85:38:48:33:50:5f:d2:74:bf:fb:2e:10:96:f1:98:7d:
         1a:73:e7:e5
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZdZJN302NCYUHCnD1sgplajMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmMGVmZDVkZTc4ZjkzYmNhZWFkMTVlMTRjMDA2ZWRiYmQx
YjU5NTUwHhcNMjUwNjEwMDkyMTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmYyZTM0M2FjMGM3MzA1MDMxNjdmNjFlNDc4MjQ3NGFmZGY4ZGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuAb+q5p35EmUGPgIKxHvhutLowa+
44/wWj9lOx2FnRxPubUcikP3bV8GeZY9S8Z8Dt3Z7HSdLffwXM7JsaaJNYTaGB2H
8GeFwSQtWDYwZnkTQ2Zw+qvgBzVHpQuK+MK4VGEhYqGnjbefAqCGfBopvJCICMZz
dfKMLz++UdZQKvP/GPU5LY9d/2y2GwOh7vYqf640BdPJk/lEl608GkT6IXQjGUcx
8UX4hcGVdUy7p79tfLdWNfvAiZyvpJWe06C9l2oh1mAmQbppB6dN54elQXiqf5xE
OZFPE9QVuzoNzGJwbGexjVPSTguR7DLm4i4dCECqOKHsskoKx/+scTFbaQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFGLy40OsDHMFAxZ/YeR4JHSv343jMB8GA1UdIwQY
MBaAFO8O/V3nj5O8rq0V4UwAbtu9G1lVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3c3OVhlZVBrN3l1clJYaFRBQnUyNzBiV1ZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9lMGY5ZTYtZDY1NS00Mzc3LThkMDkt
ZWE4NjUwOWMzYjMwLzEvWXZMalE2d01jd1VERm45aDVIZ2tkS19mamVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9lMGY5ZTYtZDY1NS00Mzc3LThkMDktZWE4NjUwOWMzYjMw
LzEvN3c3OVhlZVBrN3l1clJYaFRBQnUyNzBiV1ZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAT3lIMA4E
AgACMAgDBgAqA78AADANBgkqhkiG9w0BAQsFAAOCAQEAiXzMtU5SZ6BEmr80ME5Q
ouuwwewaLSM/ikYcGz3AtxTKxbBSIyf7pwkFB2V11EEaD9ELkb7Fe9UsF2Uy7owm
1JsWrmcqqVulwu7m/FlVM/X0oCawVKcWbRcywFnxsBHOTAFU2rbB3nt2SjyPhjU3
7EA+ZwJH6GdN/wTEwQmzXeuFC1DsrNqZ+vJa3DXFxwCE1Mcbtvka3J8FP2730v0k
OlVW/0s2INFhV0TEqtg9lJFZlR2ZrjufBeNKY9C21R/utS32Fb9VTQ+wr6ZRrZoJ
DOg2kJ3pYX/QQGDjic2KklwJxe0/dMiu1EuAzMGFOEgzUF/SdL/7LhCW8Zh9GnPn
5Q==
-----END CERTIFICATE-----