Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/cc37cf-b056-41d9-b57b-1dd5dab36f9f/1/pLFppFwWIfA_W9uCMBC8y8BR8ts.roa
File:                     pLFppFwWIfA_W9uCMBC8y8BR8ts.roa (raw, json)
Hash identifier:          dbla97+OI8Jm8+2WXqrvaQmGEN37T1/jOIGIxTsBgg0=
Subject key identifier:   A4:B1:69:A4:5C:16:21:F0:3F:5B:DB:82:30:10:BC:CB:C0:51:F2:DB
Certificate issuer:       /CN=2983841bc09f1fd4fe3de991016c0b7126fba52e
Certificate serial:       0196B4C9DD33C31AA8B8D86D53150131A63A
Authority key identifier: 29:83:84:1B:C0:9F:1F:D4:FE:3D:E9:91:01:6C:0B:71:26:FB:A5:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KYOEG8CfH9T-PemRAWwLcSb7pS4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/cc37cf-b056-41d9-b57b-1dd5dab36f9f/1/pLFppFwWIfA_W9uCMBC8y8BR8ts.roa
Signing time:             Fri 09 May 2025 11:24:10 +0000
ROA not before:           Fri 09 May 2025 11:24:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     401477
IP address blocks:        79.110.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/cc37cf-b056-41d9-b57b-1dd5dab36f9f/1/KYOEG8CfH9T-PemRAWwLcSb7pS4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/cc37cf-b056-41d9-b57b-1dd5dab36f9f/1/KYOEG8CfH9T-PemRAWwLcSb7pS4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KYOEG8CfH9T-PemRAWwLcSb7pS4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:b4:c9:dd:33:c3:1a:a8:b8:d8:6d:53:15:01:31:a6:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2983841bc09f1fd4fe3de991016c0b7126fba52e
        Validity
            Not Before: May  9 11:24:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a4b169a45c1621f03f5bdb823010bccbc051f2db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:88:59:7b:84:49:21:bb:37:95:e4:ba:68:4f:
                    97:44:4c:03:61:4f:15:00:a1:22:ae:f5:f2:ab:2f:
                    52:e9:7a:72:c3:e4:11:29:3a:c5:e7:d1:9a:15:11:
                    5e:a3:a6:bc:72:5d:99:0f:23:44:27:87:b8:2d:7b:
                    28:41:da:39:9e:f3:20:24:3e:f9:f4:f0:58:71:84:
                    b4:86:7a:34:a8:59:3b:f4:8e:c9:d2:b8:47:c8:72:
                    16:ea:aa:de:aa:6b:20:85:1c:4c:2d:72:1d:39:42:
                    2c:cd:04:67:db:ec:86:ea:a6:89:0a:1d:09:f5:37:
                    22:58:08:0e:71:8a:54:b0:d3:9c:73:70:8f:81:68:
                    84:76:dc:15:2b:29:00:59:a3:6c:b0:ff:1b:e5:1f:
                    fe:9c:f2:6b:fe:79:fe:49:3a:5f:98:64:ed:92:2a:
                    50:04:64:db:19:e1:02:d9:6d:89:f5:35:6e:8a:07:
                    9d:ef:f4:1d:38:30:8b:ba:a6:43:4d:6f:82:8f:df:
                    91:15:5b:dc:a2:35:7d:51:7f:e9:d2:0b:00:06:2c:
                    1b:c9:57:ed:82:d3:fb:f0:b0:fe:b6:36:e1:09:b3:
                    d7:a5:b3:c3:b0:a0:dd:9e:13:ed:20:ec:e4:d4:c1:
                    e7:d9:c6:ff:2a:a3:71:9c:97:e5:d2:1d:ed:ba:49:
                    4e:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:B1:69:A4:5C:16:21:F0:3F:5B:DB:82:30:10:BC:CB:C0:51:F2:DB
            X509v3 Authority Key Identifier:
                keyid:29:83:84:1B:C0:9F:1F:D4:FE:3D:E9:91:01:6C:0B:71:26:FB:A5:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KYOEG8CfH9T-PemRAWwLcSb7pS4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/cc37cf-b056-41d9-b57b-1dd5dab36f9f/1/pLFppFwWIfA_W9uCMBC8y8BR8ts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/cc37cf-b056-41d9-b57b-1dd5dab36f9f/1/KYOEG8CfH9T-PemRAWwLcSb7pS4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.110.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:df:08:31:03:ac:57:19:e6:54:ec:5e:69:d1:a7:75:bc:bf:
         1a:27:b9:6d:f0:93:d0:a0:95:be:ea:9a:f2:55:e3:51:ab:52:
         eb:ae:84:12:75:69:e6:9f:14:21:f4:72:47:f2:03:08:d8:66:
         8f:b6:f5:45:27:9e:2f:a8:4c:2d:a5:76:21:80:d5:e1:9f:8d:
         5b:b9:3f:cc:84:84:ff:8f:e9:8d:2b:02:e7:40:46:d0:61:7e:
         49:bb:a8:64:18:f6:0e:a8:65:da:73:48:71:60:3d:22:19:a5:
         c2:db:68:93:53:ad:6b:bb:8f:c0:de:8b:5a:f5:d1:c0:1b:a1:
         76:f8:7e:3d:c7:d4:2c:28:9f:d2:f8:e6:a8:6b:91:06:4d:55:
         af:50:1a:80:7b:42:9b:a0:d4:c1:c4:1d:6d:6c:ee:5f:01:5a:
         da:eb:b2:88:3e:29:95:aa:8c:18:85:63:81:09:ea:0c:dd:18:
         7d:9c:d8:a3:1c:50:e6:61:19:a3:89:0c:35:45:1b:1b:96:14:
         12:01:d0:af:e7:96:d2:56:0b:b7:35:60:0d:d1:fb:8f:b0:82:
         dc:16:7d:0a:2b:8d:88:8d:17:bf:96:67:f4:dd:bc:79:1e:f8:
         b5:5f:dc:01:c6:ef:37:a5:15:7f:83:03:f8:47:1b:b8:03:2e:
         a4:dd:4e:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZa0yd0zwxqouNhtUxUBMaY6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ODM4NDFiYzA5ZjFmZDRmZTNkZTk5MTAxNmMwYjcxMjZm
YmE1MmUwHhcNMjUwNTA5MTEyNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGIxNjlhNDVjMTYyMWYwM2Y1YmRiODIzMDEwYmNjYmMwNTFmMmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtYhZe4RJIbs3leS6aE+XREwDYU8V
AKEirvXyqy9S6Xpyw+QRKTrF59GaFRFeo6a8cl2ZDyNEJ4e4LXsoQdo5nvMgJD75
9PBYcYS0hno0qFk79I7J0rhHyHIW6qreqmsghRxMLXIdOUIszQRn2+yG6qaJCh0J
9TciWAgOcYpUsNOcc3CPgWiEdtwVKykAWaNssP8b5R/+nPJr/nn+STpfmGTtkipQ
BGTbGeEC2W2J9TVuiged7/QdODCLuqZDTW+Cj9+RFVvcojV9UX/p0gsABiwbyVft
gtP78LD+tjbhCbPXpbPDsKDdnhPtIOzk1MHn2cb/KqNxnJfl0h3tuklOpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKSxaaRcFiHwP1vbgjAQvMvAUfLbMB8GA1UdIwQY
MBaAFCmDhBvAnx/U/j3pkQFsC3Em+6UuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1lPRUc4Q2ZIOVQtUGVtUkFXd0xjU2I3cFM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9jYzM3Y2YtYjA1Ni00MWQ5LWI1N2It
MWRkNWRhYjM2ZjlmLzEvcExGcHBGd1dJZkFfVzl1Q01CQzh5OEJSOHRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9jYzM3Y2YtYjA1Ni00MWQ5LWI1N2ItMWRkNWRhYjM2Zjlm
LzEvS1lPRUc4Q2ZIOVQtUGVtUkFXd0xjU2I3cFM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT26nMA0G
CSqGSIb3DQEBCwUAA4IBAQA63wgxA6xXGeZU7F5p0ad1vL8aJ7lt8JPQoJW+6pry
VeNRq1LrroQSdWnmnxQh9HJH8gMI2GaPtvVFJ54vqEwtpXYhgNXhn41buT/MhIT/
j+mNKwLnQEbQYX5Ju6hkGPYOqGXac0hxYD0iGaXC22iTU61ru4/A3ota9dHAG6F2
+H49x9QsKJ/S+Oaoa5EGTVWvUBqAe0KboNTBxB1tbO5fAVra67KIPimVqowYhWOB
CeoM3Rh9nNijHFDmYRmjiQw1RRsblhQSAdCv55bSVgu3NWAN0fuPsILcFn0KK42I
jRe/lmf03bx5Hvi1X9wBxu83pRV/gwP4Rxu4Ay6k3U6t
-----END CERTIFICATE-----