Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/U2VvzstSxZqQoxFJYQlJoyrJHYM.roa
File:                     U2VvzstSxZqQoxFJYQlJoyrJHYM.roa (raw, json)
Hash identifier:          RfSt9rFyx9bESJPOfFp9NmCRZIrOG6Aoztpd2K+FL7g=
Subject key identifier:   53:65:6F:CE:CB:52:C5:9A:90:A3:11:49:61:09:49:A3:2A:C9:1D:83
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       01985FA3D63693DF90DC5E46B9A8D1835491
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/U2VvzstSxZqQoxFJYQlJoyrJHYM.roa
Signing time:             Thu 31 Jul 2025 08:40:29 +0000
ROA not before:           Thu 31 Jul 2025 08:40:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        79.172.219.0/24 maxlen: 24
                          87.229.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 05:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:5f:a3:d6:36:93:df:90:dc:5e:46:b9:a8:d1:83:54:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Jul 31 08:40:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=53656fcecb52c59a90a31149610949a32ac91d83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:dc:8a:06:fb:3b:09:8b:a8:21:1b:cb:e0:f9:
                    e3:7b:45:68:82:52:56:45:3f:a8:41:c8:6a:ad:15:
                    63:a9:f2:0a:ff:21:1d:97:98:36:ee:66:16:91:3d:
                    83:6a:a5:91:d4:05:78:12:4f:52:8c:2f:cd:9f:4b:
                    fa:b1:c9:cc:ef:4c:5e:73:c6:1f:2e:c3:f0:cc:1b:
                    d9:f8:19:7b:58:60:67:23:f0:12:1e:f4:86:62:72:
                    3f:b6:75:61:e5:8e:f9:5f:ee:cb:bf:a1:a3:2b:a2:
                    e3:3a:00:4d:6c:76:ca:7c:ea:57:34:38:b2:3a:85:
                    eb:e1:07:a7:f9:ed:54:06:03:68:a1:ac:c1:82:df:
                    66:07:44:0e:14:0b:a0:12:e8:45:40:17:f7:20:d2:
                    5c:d3:d2:2a:40:84:62:94:c7:9c:97:d9:94:da:86:
                    14:f0:25:97:94:d4:ec:8d:ad:8b:f8:21:3d:64:e8:
                    b2:8c:ed:0d:f0:1d:09:93:08:cd:c0:65:8f:9e:24:
                    a8:ac:12:a7:71:53:8b:46:43:b9:bd:75:b4:68:2c:
                    cc:4e:85:cf:e2:96:d0:92:5e:96:37:74:2d:9c:aa:
                    8f:74:a4:22:44:25:17:76:14:d9:4d:0f:05:5e:e5:
                    6e:96:f9:d1:a7:55:ca:f2:b2:08:79:b8:b7:77:53:
                    51:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:65:6F:CE:CB:52:C5:9A:90:A3:11:49:61:09:49:A3:2A:C9:1D:83
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/U2VvzstSxZqQoxFJYQlJoyrJHYM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.172.219.0/24
                  87.229.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:fe:97:a2:17:db:50:2b:77:46:62:52:bb:ef:fa:da:1b:d3:
         09:e7:39:9a:f6:2b:a3:ab:f2:46:60:f1:d0:a7:09:75:32:97:
         c9:48:4c:1b:28:4a:f9:ff:e2:44:9c:70:98:6c:34:7e:40:eb:
         f8:3d:3d:ce:a3:f4:82:27:3d:45:a7:55:1e:a0:e7:a5:4e:47:
         95:3e:1a:a9:a8:60:17:98:7a:d9:9d:9f:7d:a5:cf:21:44:e3:
         dc:49:89:ca:0a:8c:7b:74:d9:91:77:1f:c6:4e:57:93:ce:6b:
         98:21:1e:48:a5:8b:62:ea:50:97:58:67:76:f7:0a:60:7c:b4:
         8b:af:7a:e3:d5:91:99:ec:17:3b:37:a6:d7:19:5c:bb:e6:b2:
         80:1e:2a:4b:73:34:cc:07:c5:cd:d8:f3:75:af:6b:a8:6b:14:
         dc:34:a9:32:ad:e5:dd:cc:4b:4a:58:fe:5d:f2:3c:3e:36:5e:
         84:4a:66:da:94:75:0b:32:db:0f:47:a4:fa:9d:6d:7f:78:60:
         53:02:74:c3:81:4d:59:d0:3a:56:d5:5c:0f:b1:94:01:1e:5a:
         e7:d1:4e:8c:70:3a:d2:49:a1:7a:78:3c:78:20:7a:d7:01:32:
         1e:e6:90:bc:6b:e7:57:61:00:a0:0e:fc:bf:9d:c5:22:40:d7:
         cc:f7:14:d5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZhfo9Y2k9+Q3F5GuajRg1SRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjUwNzMxMDg0MDI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzY1NmZjZWNiNTJjNTlhOTBhMzExNDk2MTA5NDlhMzJhYzkxZDgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA09yKBvs7CYuoIRvL4Pnje0VoglJW
RT+oQchqrRVjqfIK/yEdl5g27mYWkT2DaqWR1AV4Ek9SjC/Nn0v6scnM70xec8Yf
LsPwzBvZ+Bl7WGBnI/ASHvSGYnI/tnVh5Y75X+7Lv6GjK6LjOgBNbHbKfOpXNDiy
OoXr4Qen+e1UBgNooazBgt9mB0QOFAugEuhFQBf3INJc09IqQIRilMecl9mU2oYU
8CWXlNTsja2L+CE9ZOiyjO0N8B0JkwjNwGWPniSorBKncVOLRkO5vXW0aCzMToXP
4pbQkl6WN3QtnKqPdKQiRCUXdhTZTQ8FXuVulvnRp1XK8rIIebi3d1NRowIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFNlb87LUsWakKMRSWEJSaMqyR2DMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvVTJWdnpzdFN4WnFRb3hGSllRbEpveXJKSFlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAT6zbAwQA
V+UiMA0GCSqGSIb3DQEBCwUAA4IBAQB//peiF9tQK3dGYlK77/raG9MJ5zma9iuj
q/JGYPHQpwl1MpfJSEwbKEr5/+JEnHCYbDR+QOv4PT3Oo/SCJz1Fp1UeoOelTkeV
PhqpqGAXmHrZnZ99pc8hROPcSYnKCox7dNmRdx/GTleTzmuYIR5IpYti6lCXWGd2
9wpgfLSLr3rj1ZGZ7Bc7N6bXGVy75rKAHipLczTMB8XN2PN1r2uoaxTcNKkyreXd
zEtKWP5d8jw+Nl6ESmbalHULMtsPR6T6nW1/eGBTAnTDgU1Z0DpW1VwPsZQBHlrn
0U6McDrSSaF6eDx4IHrXATIe5pC8a+dXYQCgDvy/ncUiQNfM9xTV
-----END CERTIFICATE-----