Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/kqZoyCwNxwetMn1SH_1NKJfn8wA.roa
File:                     kqZoyCwNxwetMn1SH_1NKJfn8wA.roa (raw, json)
Hash identifier:          kmuldxa5mqEg0X268iOchwnxXRxS+/wwPlgzNHSZw8s=
Subject key identifier:   92:A6:68:C8:2C:0D:C7:07:AD:32:7D:52:1F:FD:4D:28:97:E7:F3:00
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       0198565DE0808B58F3523CADB8C9BD76796A
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/kqZoyCwNxwetMn1SH_1NKJfn8wA.roa
Signing time:             Tue 29 Jul 2025 13:27:29 +0000
ROA not before:           Tue 29 Jul 2025 13:27:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43641
IP address blocks:        79.172.218.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Aug 2025 20:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:56:5d:e0:80:8b:58:f3:52:3c:ad:b8:c9:bd:76:79:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Jul 29 13:27:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=92a668c82c0dc707ad327d521ffd4d2897e7f300
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:61:36:d9:34:87:63:ff:07:07:45:f4:d3:f3:
                    66:49:aa:f7:d5:16:1a:c8:fe:4b:47:c9:b7:3b:28:
                    49:01:c7:2d:a8:89:07:b0:dd:5c:3a:af:a5:c7:43:
                    31:a8:dd:43:31:43:f5:d2:09:9b:6b:ab:62:82:67:
                    5c:b0:85:59:4b:16:af:15:f0:ec:f7:fb:cf:65:a3:
                    a2:bc:4c:a4:20:ce:0f:43:d4:76:8f:ca:09:07:08:
                    9c:42:10:74:b9:3c:0f:3e:8e:11:8a:1e:35:13:f9:
                    cf:07:ef:40:fa:97:0e:c9:b5:dc:e9:2e:a3:f1:76:
                    90:55:70:ef:6f:4a:ee:c8:a9:42:3c:c1:02:26:72:
                    90:67:e8:1d:6f:c2:e6:ed:d5:4d:52:e4:f1:a9:91:
                    51:ca:f0:cd:58:14:2e:98:7e:36:e3:b1:0e:15:2f:
                    0a:0b:be:63:b8:7e:1c:95:c5:a2:2f:f5:15:d6:a5:
                    4c:30:9e:5c:bd:3c:1b:83:3c:72:18:d8:22:59:18:
                    71:78:dc:a5:3a:ce:cb:7a:74:b0:33:99:8a:f0:95:
                    b0:5a:76:ce:d1:a6:aa:36:fc:9a:1d:55:39:7b:88:
                    80:fb:9d:27:5b:7c:67:a2:41:99:3f:ea:6b:33:c2:
                    7e:c8:57:94:96:5b:20:20:d6:1c:87:d7:1a:62:dd:
                    d6:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:A6:68:C8:2C:0D:C7:07:AD:32:7D:52:1F:FD:4D:28:97:E7:F3:00
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/kqZoyCwNxwetMn1SH_1NKJfn8wA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.172.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:ff:ee:f4:fd:a8:a9:09:23:62:58:0e:2a:51:8c:93:00:17:
         fd:bf:df:e9:57:f1:58:6f:9e:fb:6c:60:e5:b9:10:ed:ba:14:
         ea:09:d7:fb:7a:47:de:86:2a:cf:c0:1e:8a:c8:1c:38:70:ae:
         2e:77:1e:60:fa:19:e7:47:4a:ea:65:0c:e5:af:17:8d:a2:29:
         fd:9a:1d:33:64:ad:7f:27:ec:2b:7f:96:ae:dd:38:1e:79:48:
         09:c7:e5:a0:b5:68:64:38:08:ff:73:f7:ce:d2:98:99:9d:c0:
         82:0b:ad:c3:92:4b:74:a9:f1:74:f4:81:d8:70:f9:8f:bf:bd:
         9e:57:e1:46:5a:5f:90:33:46:e2:44:f3:27:be:db:a9:77:70:
         d5:b9:91:01:31:68:d0:f5:df:67:3c:5d:0b:90:6a:73:6e:55:
         2e:c1:73:1a:b5:c8:cf:fd:fa:ea:c3:62:5b:f3:15:2a:c6:f2:
         47:84:26:44:a7:6f:dd:53:d7:ba:6b:83:5d:a0:9d:42:74:2c:
         8b:92:8d:5f:e9:ef:a6:42:18:3e:8b:97:0c:1a:13:29:4d:d5:
         f4:b1:1d:9b:55:3c:d2:f1:6b:93:bb:03:c1:26:5f:2c:7d:f1:
         11:1e:f1:b3:84:44:b0:37:c6:36:44:f2:e1:c7:6e:02:2d:63:
         76:3a:58:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhWXeCAi1jzUjytuMm9dnlqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjUwNzI5MTMyNzI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmE2NjhjODJjMGRjNzA3YWQzMjdkNTIxZmZkNGQyODk3ZTdmMzAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnmE22TSHY/8HB0X00/NmSar31RYa
yP5LR8m3OyhJAcctqIkHsN1cOq+lx0MxqN1DMUP10gmba6tigmdcsIVZSxavFfDs
9/vPZaOivEykIM4PQ9R2j8oJBwicQhB0uTwPPo4Rih41E/nPB+9A+pcOybXc6S6j
8XaQVXDvb0ruyKlCPMECJnKQZ+gdb8Lm7dVNUuTxqZFRyvDNWBQumH4247EOFS8K
C75juH4clcWiL/UV1qVMMJ5cvTwbgzxyGNgiWRhxeNylOs7LenSwM5mK8JWwWnbO
0aaqNvyaHVU5e4iA+50nW3xnokGZP+prM8J+yFeUllsgINYch9caYt3W8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJKmaMgsDccHrTJ9Uh/9TSiX5/MAMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEva3Fab3lDd054d2V0TW4xU0hfMU5LSmZuOHdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT6zaMA0G
CSqGSIb3DQEBCwUAA4IBAQBV/+70/aipCSNiWA4qUYyTABf9v9/pV/FYb577bGDl
uRDtuhTqCdf7ekfehirPwB6KyBw4cK4udx5g+hnnR0rqZQzlrxeNoin9mh0zZK1/
J+wrf5au3TgeeUgJx+WgtWhkOAj/c/fO0piZncCCC63Dkkt0qfF09IHYcPmPv72e
V+FGWl+QM0biRPMnvtupd3DVuZEBMWjQ9d9nPF0LkGpzblUuwXMatcjP/frqw2Jb
8xUqxvJHhCZEp2/dU9e6a4NdoJ1CdCyLko1f6e+mQhg+i5cMGhMpTdX0sR2bVTzS
8WuTuwPBJl8sffERHvGzhESwN8Y2RPLhx24CLWN2OliB
-----END CERTIFICATE-----