Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/G8NI9alwtc4IX2Tn6T3YX4lwel8.roa
File:                     G8NI9alwtc4IX2Tn6T3YX4lwel8.roa (raw, json)
Hash identifier:          KfpeVsc+KV+pmW1T0qrLvYyV5Dti+6xricKAhtxYtj8=
Subject key identifier:   1B:C3:48:F5:A9:70:B5:CE:08:5F:64:E7:E9:3D:D8:5F:89:70:7A:5F
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       01984D0E62DBE07C59D93787C6932BC16813
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/G8NI9alwtc4IX2Tn6T3YX4lwel8.roa
Signing time:             Sun 27 Jul 2025 18:04:05 +0000
ROA not before:           Sun 27 Jul 2025 18:04:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     36530
IP address blocks:        79.172.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 20:08:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:4d:0e:62:db:e0:7c:59:d9:37:87:c6:93:2b:c1:68:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Jul 27 18:04:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1bc348f5a970b5ce085f64e7e93dd85f89707a5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:cf:36:fd:9c:69:f4:91:af:45:f1:3f:2d:5d:
                    54:6c:14:b1:84:03:8a:46:6b:c4:4d:84:60:39:4c:
                    42:be:e2:59:f6:a2:e2:88:22:8c:1f:ca:1e:e2:27:
                    4f:15:97:2d:2f:cb:c5:66:58:b4:a5:9c:a8:0a:54:
                    0a:49:2f:fa:cd:c4:bf:c5:29:3f:33:c3:06:4c:32:
                    a4:3a:c0:68:47:f1:09:b0:aa:1f:ad:c6:23:a2:84:
                    88:be:1f:1b:a2:fb:41:6c:43:c2:02:0b:91:d5:ff:
                    36:f7:42:9d:0f:ff:4c:75:a4:b1:2f:3c:97:f0:1b:
                    d6:d8:1d:d1:9f:ad:6c:e2:22:a7:9f:9e:65:95:50:
                    30:f2:32:a7:c5:51:81:01:3e:36:51:28:7c:99:36:
                    ac:4f:71:4b:fe:a3:a7:38:6d:6d:47:c8:7a:08:bb:
                    a7:62:51:82:b4:96:1b:a7:fc:ce:19:1a:9b:08:8c:
                    94:e3:93:95:6f:69:ae:99:16:18:d9:9f:ab:34:78:
                    d0:6a:45:83:79:99:14:62:ae:00:25:2b:5d:47:c7:
                    69:16:5f:4f:c9:83:9f:8a:77:a3:d4:0b:9a:aa:ca:
                    de:59:e4:2e:97:3d:e4:35:cd:8e:7a:b3:c6:55:71:
                    24:26:94:32:df:43:0b:4a:03:ad:94:e9:b7:c0:23:
                    51:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:C3:48:F5:A9:70:B5:CE:08:5F:64:E7:E9:3D:D8:5F:89:70:7A:5F
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/G8NI9alwtc4IX2Tn6T3YX4lwel8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.172.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:85:12:e1:f2:46:fd:67:7e:6d:12:da:59:05:83:75:b0:60:
         5e:3c:ea:e9:14:15:78:2d:05:36:ee:f8:53:65:a2:ee:c8:c4:
         b1:e4:68:20:af:10:57:ce:e2:64:7c:84:08:7d:64:39:82:bc:
         3b:79:3e:0b:02:5a:38:9d:7d:d7:52:5e:09:2a:4d:d6:30:b1:
         27:5e:01:b6:4f:33:12:bc:02:ef:bf:1a:0d:aa:43:91:22:85:
         f4:67:b1:8d:b1:f5:7e:8d:a9:5f:98:07:c0:8f:70:f3:95:63:
         0c:28:cc:b4:7b:ab:b2:0a:65:13:e7:5c:ce:5c:b1:dd:47:db:
         7b:d8:f5:ba:23:e3:d4:f3:e4:75:d9:bc:52:0c:08:2f:6e:61:
         8d:1b:7c:20:eb:67:6e:40:b3:83:ca:ba:01:0c:61:69:e3:cd:
         4f:8c:1e:a5:b8:06:2a:50:b5:80:9b:c8:5c:8f:06:eb:f6:5a:
         10:12:4a:29:4c:f4:1f:42:74:9d:3d:da:7a:f2:66:35:c6:b5:
         20:5c:a3:17:58:7a:13:4c:22:7a:50:03:16:f6:07:49:72:73:
         89:77:34:74:b3:eb:97:8a:d7:2f:7d:84:fb:e8:97:51:96:d4:
         bf:58:d3:7e:b5:01:7c:14:3c:e6:92:81:f4:39:cd:66:dd:a7:
         72:15:5e:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhNDmLb4HxZ2TeHxpMrwWgTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjUwNzI3MTgwNDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmMzNDhmNWE5NzBiNWNlMDg1ZjY0ZTdlOTNkZDg1Zjg5NzA3YTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnc82/Zxp9JGvRfE/LV1UbBSxhAOK
RmvETYRgOUxCvuJZ9qLiiCKMH8oe4idPFZctL8vFZli0pZyoClQKSS/6zcS/xSk/
M8MGTDKkOsBoR/EJsKofrcYjooSIvh8bovtBbEPCAguR1f8290KdD/9MdaSxLzyX
8BvW2B3Rn61s4iKnn55llVAw8jKnxVGBAT42USh8mTasT3FL/qOnOG1tR8h6CLun
YlGCtJYbp/zOGRqbCIyU45OVb2mumRYY2Z+rNHjQakWDeZkUYq4AJStdR8dpFl9P
yYOfinej1AuaqsreWeQulz3kNc2OerPGVXEkJpQy30MLSgOtlOm3wCNRiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBvDSPWpcLXOCF9k5+k92F+JcHpfMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvRzhOSTlhbHd0YzRJWDJUbjZUM1lYNGx3ZWw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT6zyMA0G
CSqGSIb3DQEBCwUAA4IBAQBMhRLh8kb9Z35tEtpZBYN1sGBePOrpFBV4LQU27vhT
ZaLuyMSx5GggrxBXzuJkfIQIfWQ5grw7eT4LAlo4nX3XUl4JKk3WMLEnXgG2TzMS
vALvvxoNqkORIoX0Z7GNsfV+jalfmAfAj3DzlWMMKMy0e6uyCmUT51zOXLHdR9t7
2PW6I+PU8+R12bxSDAgvbmGNG3wg62duQLODyroBDGFp481PjB6luAYqULWAm8hc
jwbr9loQEkopTPQfQnSdPdp68mY1xrUgXKMXWHoTTCJ6UAMW9gdJcnOJdzR0s+uX
itcvfYT76JdRltS/WNN+tQF8FDzmkoH0Oc1m3adyFV5q
-----END CERTIFICATE-----