Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/NfpvGgDvGrLg1YLeLWlmsRfgvBY.roa
File:                     NfpvGgDvGrLg1YLeLWlmsRfgvBY.roa (raw, json)
Hash identifier:          8duNejoY8O+0hbbvTO0e8aVZToTqbERlJKg7TL0jrFU=
Subject key identifier:   35:FA:6F:1A:00:EF:1A:B2:E0:D5:82:DE:2D:69:66:B1:17:E0:BC:16
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       019753D465FD08F8130A4A9953CC8DDB8C57
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/NfpvGgDvGrLg1YLeLWlmsRfgvBY.roa
Signing time:             Mon 09 Jun 2025 08:35:18 +0000
ROA not before:           Mon 09 Jun 2025 08:35:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9304
IP address blocks:        79.172.254.0/24 maxlen: 24
                          87.229.80.0/23 maxlen: 24
                          87.229.124.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 04:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:53:d4:65:fd:08:f8:13:0a:4a:99:53:cc:8d:db:8c:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Jun  9 08:35:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=35fa6f1a00ef1ab2e0d582de2d6966b117e0bc16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:8b:d0:59:d5:ad:11:8e:8e:40:3e:ba:68:a6:
                    26:55:45:1e:83:2e:a0:59:d1:0f:ee:d9:0e:77:66:
                    b5:19:7b:63:66:b8:9b:55:54:79:99:a4:c9:37:c4:
                    bd:ac:0d:8f:3b:53:c9:d9:21:ff:12:38:c1:9d:66:
                    b1:c3:53:4f:b0:40:d6:11:49:b4:1b:f8:c3:a8:75:
                    9b:bb:97:35:76:4d:26:f4:79:6f:2e:09:67:e6:05:
                    e7:51:22:25:01:00:c5:e1:14:71:c2:67:4b:b7:a7:
                    b5:41:aa:5b:95:57:40:d6:a4:73:be:d0:83:de:36:
                    65:c4:a6:eb:e0:22:bb:1e:25:ab:4d:f2:70:b1:b6:
                    f5:00:08:29:45:f3:4f:14:51:6a:44:ea:01:f2:ed:
                    3c:88:67:7d:d4:2d:a1:3c:c1:c7:5a:5e:af:7a:a3:
                    81:2d:99:72:4f:64:43:4c:29:85:fa:f9:4f:66:f2:
                    7d:d7:4a:1e:91:0e:75:4f:84:81:7f:c2:c0:58:b6:
                    a8:b3:a2:c1:28:78:c5:67:11:52:48:e9:db:06:5c:
                    fc:3a:fc:09:46:ba:5d:ef:d4:da:3d:3e:44:6e:f2:
                    a4:40:49:86:e6:88:9b:8d:6f:27:37:69:09:90:05:
                    60:5b:37:0a:7e:ed:bf:98:88:92:e8:25:74:5c:5e:
                    94:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:FA:6F:1A:00:EF:1A:B2:E0:D5:82:DE:2D:69:66:B1:17:E0:BC:16
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/NfpvGgDvGrLg1YLeLWlmsRfgvBY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.172.254.0/24
                  87.229.80.0/23
                  87.229.124.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7e:43:0e:f7:92:c6:cf:6a:cc:fb:70:f5:6a:66:75:e5:b2:6e:
         de:a6:a1:cf:b1:3e:97:65:68:b5:a7:29:8d:1c:eb:ac:9f:e9:
         fd:d8:2b:6d:ef:f6:52:22:84:58:c3:ae:3c:09:33:df:2f:17:
         cc:4a:95:6c:f2:94:1a:1a:a1:12:ad:0e:6c:50:24:b1:28:fc:
         a8:1b:ba:da:ff:80:73:b3:72:0b:4a:82:37:1f:ba:85:45:5f:
         c7:9f:96:13:56:29:95:13:4f:87:a2:27:f1:4e:b7:2e:cc:6d:
         10:62:1d:e0:f8:98:df:50:86:38:ac:b5:f4:57:7a:8b:a0:ee:
         13:69:55:4f:b5:d3:80:60:0c:a1:c7:e9:cd:ca:e5:bf:19:0d:
         b9:58:4f:0e:dc:ca:1b:33:94:6b:31:54:52:ed:3a:98:d8:fd:
         70:f5:a2:bd:d1:6c:62:4b:1f:fc:83:48:47:98:fd:fb:bb:2e:
         e5:d1:5e:2c:7e:04:5f:3c:d8:3f:94:d3:f4:fe:76:af:3e:90:
         e2:1a:f9:bc:57:b4:78:c0:04:f7:54:97:c1:3f:0f:af:62:7a:
         2a:e8:7d:02:2c:2a:c7:9f:26:b4:1f:c8:00:df:74:e4:d5:c9:
         8f:82:d2:8b:46:bd:69:64:f7:a2:a1:df:ab:0c:30:e7:87:ac:
         25:7d:e6:71
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZdT1GX9CPgTCkqZU8yN24xXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjUwNjA5MDgzNTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWZhNmYxYTAwZWYxYWIyZTBkNTgyZGUyZDY5NjZiMTE3ZTBiYzE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5IvQWdWtEY6OQD66aKYmVUUegy6g
WdEP7tkOd2a1GXtjZribVVR5maTJN8S9rA2PO1PJ2SH/EjjBnWaxw1NPsEDWEUm0
G/jDqHWbu5c1dk0m9HlvLgln5gXnUSIlAQDF4RRxwmdLt6e1QapblVdA1qRzvtCD
3jZlxKbr4CK7HiWrTfJwsbb1AAgpRfNPFFFqROoB8u08iGd91C2hPMHHWl6veqOB
LZlyT2RDTCmF+vlPZvJ910oekQ51T4SBf8LAWLaos6LBKHjFZxFSSOnbBlz8OvwJ
Rrpd79TaPT5EbvKkQEmG5oibjW8nN2kJkAVgWzcKfu2/mIiS6CV0XF6U3wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDX6bxoA7xqy4NWC3i1pZrEX4LwWMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvTmZwdkdnRHZHckxnMVlMZUxXbG1zUmZndkJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAT6z+AwQB
V+VQAwQBV+V8MA0GCSqGSIb3DQEBCwUAA4IBAQB+Qw73ksbPasz7cPVqZnXlsm7e
pqHPsT6XZWi1pymNHOusn+n92Ctt7/ZSIoRYw648CTPfLxfMSpVs8pQaGqESrQ5s
UCSxKPyoG7ra/4Bzs3ILSoI3H7qFRV/Hn5YTVimVE0+HoifxTrcuzG0QYh3g+Jjf
UIY4rLX0V3qLoO4TaVVPtdOAYAyhx+nNyuW/GQ25WE8O3MobM5RrMVRS7TqY2P1w
9aK90WxiSx/8g0hHmP37uy7l0V4sfgRfPNg/lNP0/navPpDiGvm8V7R4wAT3VJfB
Pw+vYnoq6H0CLCrHnya0H8gA33Tk1cmPgtKLRr1pZPeiod+rDDDnh6wlfeZx
-----END CERTIFICATE-----