Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/eb340f-8053-4f5f-a3a5-229b6409f2a0/1/QGrvcoxIsYHGrK6BrR6dYV6XkJM.roa
File:                     QGrvcoxIsYHGrK6BrR6dYV6XkJM.roa (raw, json)
Hash identifier:          sWNP0/965vZch5nrsrQ4iKgd5GS8sH4fFHr8G2MSO3w=
Subject key identifier:   40:6A:EF:72:8C:48:B1:81:C6:AC:AE:81:AD:1E:9D:61:5E:97:90:93
Certificate issuer:       /CN=bf20e64b18831bc98527cbe0e1067c1a95d1687d
Certificate serial:       019420D5CD1C2A5E4D77ADA7BA76DEACF560
Authority key identifier: BF:20:E6:4B:18:83:1B:C9:85:27:CB:E0:E1:06:7C:1A:95:D1:68:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vyDmSxiDG8mFJ8vg4QZ8GpXRaH0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/eb340f-8053-4f5f-a3a5-229b6409f2a0/1/QGrvcoxIsYHGrK6BrR6dYV6XkJM.roa
Signing time:             Wed 01 Jan 2025 07:47:49 +0000
ROA not before:           Wed 01 Jan 2025 07:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200409
IP address blocks:        77.83.112.0/22 maxlen: 24
                          194.32.172.0/22 maxlen: 24
                          2a0c:ea40::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/eb340f-8053-4f5f-a3a5-229b6409f2a0/1/vyDmSxiDG8mFJ8vg4QZ8GpXRaH0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/eb340f-8053-4f5f-a3a5-229b6409f2a0/1/vyDmSxiDG8mFJ8vg4QZ8GpXRaH0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vyDmSxiDG8mFJ8vg4QZ8GpXRaH0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 07:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:cd:1c:2a:5e:4d:77:ad:a7:ba:76:de:ac:f5:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf20e64b18831bc98527cbe0e1067c1a95d1687d
        Validity
            Not Before: Jan  1 07:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=406aef728c48b181c6acae81ad1e9d615e979093
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:d5:13:66:7b:a3:1b:2e:0a:51:bb:25:7c:bf:
                    6f:5a:e5:f4:4d:64:a6:93:b8:bc:79:cd:f0:41:ad:
                    5e:49:21:4e:5b:86:2e:ca:e7:c3:fa:11:f5:10:63:
                    0e:55:c3:6f:c3:46:2b:23:29:c0:62:72:62:fd:ae:
                    cf:5d:bf:9e:ac:09:66:5d:91:bd:e5:c6:d2:3b:9b:
                    4a:fe:07:36:f9:98:47:bf:40:3b:78:a7:a2:2b:60:
                    31:cc:76:79:70:d3:98:39:f1:24:45:83:c8:26:41:
                    77:ba:1f:f9:c8:66:82:6f:e7:e9:63:b0:d8:c5:75:
                    a1:5b:32:ef:0b:86:68:be:d2:90:62:7b:e5:ff:73:
                    97:38:1d:7b:10:bb:bc:7f:6d:87:6c:a6:f8:2b:d2:
                    06:be:56:a2:35:6c:05:91:b6:59:ee:fc:62:d4:ad:
                    e0:ec:42:7f:f3:3b:cd:03:a0:22:15:c6:6e:b9:2e:
                    61:e3:16:52:da:de:b4:83:66:21:0e:11:a8:d5:c3:
                    2e:f9:3b:0c:55:2e:fd:59:be:56:cb:2c:bf:52:d9:
                    52:e2:b2:fc:4f:2f:e4:3c:b8:2a:29:32:fb:0f:f6:
                    ec:e3:50:5f:51:d0:d7:b7:1a:c7:e2:bc:18:2a:8b:
                    57:94:c1:e1:f0:99:94:af:f9:d2:51:69:91:da:5b:
                    8c:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:6A:EF:72:8C:48:B1:81:C6:AC:AE:81:AD:1E:9D:61:5E:97:90:93
            X509v3 Authority Key Identifier:
                keyid:BF:20:E6:4B:18:83:1B:C9:85:27:CB:E0:E1:06:7C:1A:95:D1:68:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vyDmSxiDG8mFJ8vg4QZ8GpXRaH0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/eb340f-8053-4f5f-a3a5-229b6409f2a0/1/QGrvcoxIsYHGrK6BrR6dYV6XkJM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/eb340f-8053-4f5f-a3a5-229b6409f2a0/1/vyDmSxiDG8mFJ8vg4QZ8GpXRaH0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.112.0/22
                  194.32.172.0/22
                IPv6:
                  2a0c:ea40::/29

    Signature Algorithm: sha256WithRSAEncryption
         4a:56:83:bf:fc:50:fe:ce:6f:5c:d5:7c:c6:29:f9:b6:d4:5f:
         cb:8a:3b:67:5d:d8:8e:e5:91:7d:2c:f2:72:36:2d:c7:ba:64:
         76:0e:91:b3:bb:e7:a3:51:e7:6f:3e:b5:1b:3e:fb:43:29:c2:
         a1:64:27:fc:bd:bd:d4:c2:a3:33:ad:65:67:a6:25:3a:a8:1c:
         05:77:9f:72:49:69:71:1e:ef:38:04:cf:78:0e:67:0d:09:65:
         ec:0a:c8:92:55:d9:a2:6c:bf:3e:38:2d:46:95:f6:78:3b:b5:
         a7:fc:9c:b0:2e:ed:c1:c2:8b:b9:32:dd:ba:0c:4c:87:04:db:
         b4:18:a0:66:f2:4f:33:87:dd:15:30:3f:26:56:7e:f5:b0:86:
         ed:bf:9c:32:4c:7a:1b:0e:5e:6a:2b:f8:97:7b:36:45:12:90:
         66:33:92:af:2e:0d:81:51:d4:94:01:40:38:47:27:b1:c1:0d:
         62:a0:2b:33:de:c5:15:c2:da:7d:80:13:bf:42:c7:d6:3e:95:
         44:cc:4e:01:69:5f:7e:c1:15:de:1d:43:1e:9d:b4:04:d8:ac:
         57:56:c8:d2:36:7c:7f:54:6f:f0:72:49:b1:6a:d3:ce:e3:b0:
         29:61:a4:3a:b7:97:90:f5:22:47:8b:94:1d:4b:10:85:fd:ff:
         d4:9f:26:e0
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQg1c0cKl5Nd62nunberPVgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmMjBlNjRiMTg4MzFiYzk4NTI3Y2JlMGUxMDY3YzFhOTVk
MTY4N2QwHhcNMjUwMTAxMDc0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDZhZWY3MjhjNDhiMTgxYzZhY2FlODFhZDFlOWQ2MTVlOTc5MDkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvdUTZnujGy4KUbslfL9vWuX0TWSm
k7i8ec3wQa1eSSFOW4YuyufD+hH1EGMOVcNvw0YrIynAYnJi/a7PXb+erAlmXZG9
5cbSO5tK/gc2+ZhHv0A7eKeiK2AxzHZ5cNOYOfEkRYPIJkF3uh/5yGaCb+fpY7DY
xXWhWzLvC4ZovtKQYnvl/3OXOB17ELu8f22HbKb4K9IGvlaiNWwFkbZZ7vxi1K3g
7EJ/8zvNA6AiFcZuuS5h4xZS2t60g2YhDhGo1cMu+TsMVS79Wb5Wyyy/UtlS4rL8
Ty/kPLgqKTL7D/bs41BfUdDXtxrH4rwYKotXlMHh8JmUr/nSUWmR2luMowIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFEBq73KMSLGBxqyuga0enWFel5CTMB8GA1UdIwQY
MBaAFL8g5ksYgxvJhSfL4OEGfBqV0Wh9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnlEbVN4aURHOG1GSjh2ZzRRWjhHcFhSYUgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9lYjM0MGYtODA1My00ZjVmLWEzYTUt
MjI5YjY0MDlmMmEwLzEvUUdydmNveElzWUhHcks2QnJSNmRZVjZYa0pNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9lYjM0MGYtODA1My00ZjVmLWEzYTUtMjI5YjY0MDlmMmEw
LzEvdnlEbVN4aURHOG1GSjh2ZzRRWjhHcFhSYUgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCTVNwAwQC
wiCsMA0EAgACMAcDBQMqDOpAMA0GCSqGSIb3DQEBCwUAA4IBAQBKVoO//FD+zm9c
1XzGKfm21F/LijtnXdiO5ZF9LPJyNi3HumR2DpGzu+ejUedvPrUbPvtDKcKhZCf8
vb3UwqMzrWVnpiU6qBwFd59ySWlxHu84BM94DmcNCWXsCsiSVdmibL8+OC1GlfZ4
O7Wn/JywLu3Bwou5Mt26DEyHBNu0GKBm8k8zh90VMD8mVn71sIbtv5wyTHobDl5q
K/iXezZFEpBmM5KvLg2BUdSUAUA4RyexwQ1ioCsz3sUVwtp9gBO/QsfWPpVEzE4B
aV9+wRXeHUMenbQE2KxXVsjSNnx/VG/wckmxatPO47ApYaQ6t5eQ9SJHi5QdSxCF
/f/Unybg
-----END CERTIFICATE-----