Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/22f1d5-f269-4f4f-bf8a-1fbc641b50b1/1/9GpBlLtfTSGwtwmapQ1fHjDSL74.roa
File:                     9GpBlLtfTSGwtwmapQ1fHjDSL74.roa (raw, json)
Hash identifier:          cQGV65QLMLrxeunkDqMGv2/A1B8DKG8uRXwHYjzRdog=
Subject key identifier:   F4:6A:41:94:BB:5F:4D:21:B0:B7:09:9A:A5:0D:5F:1E:30:D2:2F:BE
Certificate issuer:       /CN=70e5b30272e43053208978dbe44bfee10a5d007e
Certificate serial:       019666CECB0514F7FBACDCA16D8E75CD6D90
Authority key identifier: 70:E5:B3:02:72:E4:30:53:20:89:78:DB:E4:4B:FE:E1:0A:5D:00:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cOWzAnLkMFMgiXjb5Ev-4QpdAH4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/22f1d5-f269-4f4f-bf8a-1fbc641b50b1/1/9GpBlLtfTSGwtwmapQ1fHjDSL74.roa
Signing time:             Thu 24 Apr 2025 07:59:10 +0000
ROA not before:           Thu 24 Apr 2025 07:59:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51395
IP address blocks:        79.132.141.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/22f1d5-f269-4f4f-bf8a-1fbc641b50b1/1/cOWzAnLkMFMgiXjb5Ev-4QpdAH4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/22f1d5-f269-4f4f-bf8a-1fbc641b50b1/1/cOWzAnLkMFMgiXjb5Ev-4QpdAH4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cOWzAnLkMFMgiXjb5Ev-4QpdAH4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 05:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:66:ce:cb:05:14:f7:fb:ac:dc:a1:6d:8e:75:cd:6d:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70e5b30272e43053208978dbe44bfee10a5d007e
        Validity
            Not Before: Apr 24 07:59:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f46a4194bb5f4d21b0b7099aa50d5f1e30d22fbe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:d2:b4:f7:45:8b:5e:ae:25:14:92:e4:1a:d9:
                    d2:8f:50:81:e7:cb:7a:cb:30:4c:14:6f:6e:d6:6b:
                    38:e2:04:ac:57:8d:27:c4:e2:4f:50:2a:36:04:2d:
                    63:70:a9:a8:1d:14:f5:5f:04:e8:08:2c:b4:ac:86:
                    04:fb:7d:e8:94:67:98:35:75:e9:ba:84:28:f5:e4:
                    cd:ed:f4:e5:03:39:70:f2:b7:ad:df:26:f4:75:2b:
                    fe:ed:64:b4:b5:98:7a:96:81:f2:4b:96:ac:d8:3b:
                    06:ec:93:81:6c:fc:a6:4f:a9:16:b8:69:41:9a:f7:
                    be:89:3d:1b:1b:2c:77:f3:27:cc:b6:7b:bc:23:f3:
                    49:d9:10:d7:55:a0:93:79:45:03:a4:7b:e3:74:da:
                    81:54:e2:fa:02:2d:6b:51:af:1f:ed:48:44:45:32:
                    f0:0b:05:f7:46:06:e2:51:5b:3e:97:e1:b0:d3:3d:
                    b5:33:8a:bf:cd:d9:a0:41:11:18:a9:7e:20:ff:7e:
                    1a:6d:22:07:d8:72:4e:5f:cc:20:27:ae:27:88:7e:
                    e1:f4:b0:dd:ff:36:d7:3d:3b:85:1a:5a:74:01:81:
                    cd:35:04:ae:5d:d2:e5:ce:b7:e4:8e:48:10:70:9c:
                    39:0c:21:83:49:8c:fd:78:ff:6f:24:09:60:fa:cb:
                    d5:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:6A:41:94:BB:5F:4D:21:B0:B7:09:9A:A5:0D:5F:1E:30:D2:2F:BE
            X509v3 Authority Key Identifier:
                keyid:70:E5:B3:02:72:E4:30:53:20:89:78:DB:E4:4B:FE:E1:0A:5D:00:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cOWzAnLkMFMgiXjb5Ev-4QpdAH4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/22f1d5-f269-4f4f-bf8a-1fbc641b50b1/1/9GpBlLtfTSGwtwmapQ1fHjDSL74.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/22f1d5-f269-4f4f-bf8a-1fbc641b50b1/1/cOWzAnLkMFMgiXjb5Ev-4QpdAH4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.132.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:75:9c:43:71:19:f4:85:ad:e5:82:e0:69:c7:54:59:05:cb:
         be:7a:c0:43:cb:7d:c1:17:7f:67:3f:59:44:c9:a4:75:01:02:
         f6:85:89:44:44:b6:eb:d0:74:92:47:82:c3:5c:c2:b8:eb:fa:
         7e:01:92:81:93:a2:d7:a1:4a:3e:f7:c5:fa:0c:d9:86:68:8f:
         7b:f5:0c:25:b7:48:bd:3c:24:37:9a:e1:27:d1:c2:80:80:ac:
         7e:d9:49:1b:d6:fe:1f:f5:46:ff:95:5a:3c:d2:fb:8c:81:58:
         d5:9f:22:63:50:df:98:58:6c:40:ca:4f:12:cc:70:17:a1:31:
         6b:2e:18:7f:4d:7a:fb:b8:0a:a2:4e:10:f1:ed:57:35:fb:92:
         1c:fe:21:e5:db:a6:ee:4a:7e:b9:72:b8:73:bb:cf:03:6c:81:
         51:fc:55:88:1d:1f:fb:aa:14:1a:a6:81:31:95:5e:38:1b:3b:
         b7:95:b6:a7:75:0b:b1:14:af:b3:eb:0c:80:8c:c9:82:46:49:
         a6:cd:f3:d0:fb:a5:4b:46:83:42:9b:8c:55:fe:5c:00:08:8b:
         85:1c:e8:17:c9:36:4a:cc:e0:0e:e6:10:4a:39:d7:75:2e:ba:
         65:e5:24:e5:39:2e:93:f1:8d:ab:42:54:a2:4e:10:a5:f1:1f:
         5c:92:f8:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZmzssFFPf7rNyhbY51zW2QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZTViMzAyNzJlNDMwNTMyMDg5NzhkYmU0NGJmZWUxMGE1
ZDAwN2UwHhcNMjUwNDI0MDc1OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDZhNDE5NGJiNWY0ZDIxYjBiNzA5OWFhNTBkNWYxZTMwZDIyZmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA29K090WLXq4lFJLkGtnSj1CB58t6
yzBMFG9u1ms44gSsV40nxOJPUCo2BC1jcKmoHRT1XwToCCy0rIYE+33olGeYNXXp
uoQo9eTN7fTlAzlw8ret3yb0dSv+7WS0tZh6loHyS5as2DsG7JOBbPymT6kWuGlB
mve+iT0bGyx38yfMtnu8I/NJ2RDXVaCTeUUDpHvjdNqBVOL6Ai1rUa8f7UhERTLw
CwX3RgbiUVs+l+Gw0z21M4q/zdmgQREYqX4g/34abSIH2HJOX8wgJ64niH7h9LDd
/zbXPTuFGlp0AYHNNQSuXdLlzrfkjkgQcJw5DCGDSYz9eP9vJAlg+svVBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPRqQZS7X00hsLcJmqUNXx4w0i++MB8GA1UdIwQY
MBaAFHDlswJy5DBTIIl42+RL/uEKXQB+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY09XekFuTGtNRk1naVhqYjVFdi00UXBkQUg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS8yMmYxZDUtZjI2OS00ZjRmLWJmOGEt
MWZiYzY0MWI1MGIxLzEvOUdwQmxMdGZUU0d3dHdtYXBRMWZIakRTTDc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS8yMmYxZDUtZjI2OS00ZjRmLWJmOGEtMWZiYzY0MWI1MGIx
LzEvY09XekFuTGtNRk1naVhqYjVFdi00UXBkQUg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT4SNMA0G
CSqGSIb3DQEBCwUAA4IBAQCHdZxDcRn0ha3lguBpx1RZBcu+esBDy33BF39nP1lE
yaR1AQL2hYlERLbr0HSSR4LDXMK46/p+AZKBk6LXoUo+98X6DNmGaI979Qwlt0i9
PCQ3muEn0cKAgKx+2Ukb1v4f9Ub/lVo80vuMgVjVnyJjUN+YWGxAyk8SzHAXoTFr
Lhh/TXr7uAqiThDx7Vc1+5Ic/iHl26buSn65crhzu88DbIFR/FWIHR/7qhQapoEx
lV44Gzu3lbandQuxFK+z6wyAjMmCRkmmzfPQ+6VLRoNCm4xV/lwACIuFHOgXyTZK
zOAO5hBKOdd1Lrpl5STlOS6T8Y2rQlSiThCl8R9ckvg8
-----END CERTIFICATE-----