Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/QtyipolyRHDQonGhzvzcFauJK6o.roa
File:                     QtyipolyRHDQonGhzvzcFauJK6o.roa (raw, json)
Hash identifier:          MWtWD9kPlRPp+iLoKU1KgmJEv8YPt2uSD2f5YCLGQZs=
Subject key identifier:   42:DC:A2:A6:89:72:44:70:D0:A2:71:A1:CE:FC:DC:15:AB:89:2B:AA
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       01967677E2ECFDA639A9B0A99907B0341FF1
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/QtyipolyRHDQonGhzvzcFauJK6o.roa
Signing time:             Sun 27 Apr 2025 08:58:10 +0000
ROA not before:           Sun 27 Apr 2025 08:58:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216221
IP address blocks:        79.172.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:76:77:e2:ec:fd:a6:39:a9:b0:a9:99:07:b0:34:1f:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Apr 27 08:58:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=42dca2a689724470d0a271a1cefcdc15ab892baa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:ff:cd:ac:ea:40:4b:78:00:41:ee:07:59:3b:
                    d3:c5:36:fb:3c:d6:be:9f:91:b6:56:eb:5b:0d:a8:
                    9e:3d:75:01:85:01:4d:18:f7:67:e2:d1:85:d8:89:
                    b8:31:f4:b4:0c:00:8c:84:8a:fa:ab:a1:2a:db:98:
                    16:92:4c:8b:ec:ba:16:f5:ab:7d:93:1b:b2:93:87:
                    4a:ec:fc:44:f6:61:e3:2a:98:c4:02:12:01:09:0f:
                    33:22:6a:7e:e8:c4:3f:98:47:f0:4d:cb:4d:8f:10:
                    eb:a4:2b:79:7c:51:9d:6c:0a:9b:89:cd:45:3d:1c:
                    4d:44:c2:83:02:74:23:bb:b5:0c:b8:1a:38:3f:ca:
                    50:c3:86:a0:f4:32:71:0d:30:4d:97:5e:04:76:b7:
                    69:d7:ca:53:e4:d5:d7:f6:c5:ed:e2:84:e3:6f:d3:
                    30:67:d6:a1:76:cb:70:b4:6d:2e:66:1d:b9:f4:66:
                    7f:b4:1e:ab:c2:ef:fe:b8:d0:33:58:e1:85:a2:4b:
                    05:1f:1d:cb:92:f3:2f:d9:a4:40:43:46:b7:44:f8:
                    11:c5:f2:0e:b0:7b:e9:c6:9a:46:72:5f:d6:b3:03:
                    41:b0:54:ac:e7:cb:af:bd:cd:4b:be:d6:59:90:e4:
                    f3:99:c8:ea:32:08:a7:05:3d:ba:e0:27:d3:3e:a8:
                    9f:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:DC:A2:A6:89:72:44:70:D0:A2:71:A1:CE:FC:DC:15:AB:89:2B:AA
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/QtyipolyRHDQonGhzvzcFauJK6o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.172.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:15:2c:f2:cf:15:51:f6:23:f8:d7:74:e9:0c:a3:53:4e:a0:
         d7:b8:77:06:da:9a:cb:2e:92:1f:63:f7:d8:10:90:7f:6e:98:
         d5:34:9e:6d:83:14:db:a3:00:d8:f0:d8:8d:1d:45:52:a1:5a:
         8d:b1:d9:43:98:a5:30:25:df:19:bf:19:82:b0:45:0b:e9:de:
         3a:d7:9a:45:ea:d0:01:41:0d:fa:9e:d1:2b:33:3c:63:e1:c5:
         c4:30:63:90:40:c9:78:79:f3:24:6d:9d:4f:32:87:ea:53:46:
         4b:7d:87:e7:7f:10:7e:c9:64:31:33:1c:5d:ff:f6:fe:a7:eb:
         3d:a1:72:12:37:a5:b7:9f:fc:2e:c7:2f:e1:b1:64:7b:03:0f:
         40:8f:50:a4:1a:0b:37:ca:72:17:33:da:4f:3d:4c:35:eb:1e:
         ea:02:e9:3d:af:7d:31:78:0f:41:9a:eb:e8:77:6a:3e:70:be:
         e6:20:45:94:af:d6:5b:b5:a6:36:7c:9c:a2:15:8c:eb:e2:bf:
         cc:32:c0:9b:b2:8d:d0:63:f6:fd:18:f1:68:fb:b4:3e:b0:f8:
         c4:60:ab:09:94:f0:4f:95:72:34:af:0a:4c:b7:22:99:e1:28:
         5a:8d:7e:34:63:41:61:f0:78:b8:a4:2a:9f:bf:e0:b8:b8:75:
         f7:9e:3d:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZ2d+Ls/aY5qbCpmQewNB/xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjUwNDI3MDg1ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmRjYTJhNjg5NzI0NDcwZDBhMjcxYTFjZWZjZGMxNWFiODkyYmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqf/NrOpAS3gAQe4HWTvTxTb7PNa+
n5G2VutbDaiePXUBhQFNGPdn4tGF2Im4MfS0DACMhIr6q6Eq25gWkkyL7LoW9at9
kxuyk4dK7PxE9mHjKpjEAhIBCQ8zImp+6MQ/mEfwTctNjxDrpCt5fFGdbAqbic1F
PRxNRMKDAnQju7UMuBo4P8pQw4ag9DJxDTBNl14Edrdp18pT5NXX9sXt4oTjb9Mw
Z9ahdstwtG0uZh259GZ/tB6rwu/+uNAzWOGFoksFHx3LkvMv2aRAQ0a3RPgRxfIO
sHvpxppGcl/WswNBsFSs58uvvc1LvtZZkOTzmcjqMginBT264CfTPqiflQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFELcoqaJckRw0KJxoc783BWriSuqMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvUXR5aXBvbHlSSERRb25HaHp2emNGYXVKSzZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT6zPMA0G
CSqGSIb3DQEBCwUAA4IBAQCDFSzyzxVR9iP413TpDKNTTqDXuHcG2prLLpIfY/fY
EJB/bpjVNJ5tgxTbowDY8NiNHUVSoVqNsdlDmKUwJd8ZvxmCsEUL6d4615pF6tAB
QQ36ntErMzxj4cXEMGOQQMl4efMkbZ1PMofqU0ZLfYfnfxB+yWQxMxxd//b+p+s9
oXISN6W3n/wuxy/hsWR7Aw9Aj1CkGgs3ynIXM9pPPUw16x7qAuk9r30xeA9Bmuvo
d2o+cL7mIEWUr9ZbtaY2fJyiFYzr4r/MMsCbso3QY/b9GPFo+7Q+sPjEYKsJlPBP
lXI0rwpMtyKZ4ShajX40Y0Fh8Hi4pCqfv+C4uHX3nj0D
-----END CERTIFICATE-----