Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/be863f-b33b-4334-bbd2-4094106786a9/1/QEzw4CiK6CiHgldhyTg0boyDFI4.roa
File:                     QEzw4CiK6CiHgldhyTg0boyDFI4.roa (raw, json)
Hash identifier:          ffDuLw/6EUMQBC9wlTrHOAlboOryP+rRmytNZtNkFZU=
Subject key identifier:   40:4C:F0:E0:28:8A:E8:28:87:82:57:61:C9:38:34:6E:8C:83:14:8E
Certificate issuer:       /CN=58cbfe0834f8e66512f55bd78cc075b7ed56f409
Certificate serial:       019710170AF65E2622B72A9DF8184DD2AA47
Authority key identifier: 58:CB:FE:08:34:F8:E6:65:12:F5:5B:D7:8C:C0:75:B7:ED:56:F4:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WMv-CDT45mUS9VvXjMB1t-1W9Ak.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/be863f-b33b-4334-bbd2-4094106786a9/1/QEzw4CiK6CiHgldhyTg0boyDFI4.roa
Signing time:             Tue 27 May 2025 04:53:55 +0000
ROA not before:           Tue 27 May 2025 04:53:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     4913
IP address blocks:        79.140.194.0/24 maxlen: 24
                          79.140.200.0/21 maxlen: 21
                          79.140.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/be863f-b33b-4334-bbd2-4094106786a9/1/WMv-CDT45mUS9VvXjMB1t-1W9Ak.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/be863f-b33b-4334-bbd2-4094106786a9/1/WMv-CDT45mUS9VvXjMB1t-1W9Ak.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WMv-CDT45mUS9VvXjMB1t-1W9Ak.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:10:17:0a:f6:5e:26:22:b7:2a:9d:f8:18:4d:d2:aa:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58cbfe0834f8e66512f55bd78cc075b7ed56f409
        Validity
            Not Before: May 27 04:53:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=404cf0e0288ae82887825761c938346e8c83148e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:84:75:2a:44:ff:1a:37:03:be:25:27:3f:48:
                    40:00:fa:21:3c:77:a9:5a:33:ec:64:9c:92:31:00:
                    ac:c0:a8:f1:8a:83:95:83:7a:ec:64:10:fb:cf:6a:
                    66:f1:23:ac:a4:e4:56:e8:52:6b:1d:b7:39:9c:44:
                    e1:f4:9d:1f:1b:39:ef:ca:98:fc:4e:ad:e4:83:c5:
                    cd:37:c6:01:ba:ce:d6:00:b6:0e:33:c4:2c:c0:f7:
                    b5:61:0b:ac:54:29:e6:ee:63:46:39:40:e9:98:8b:
                    52:d3:ae:d6:5e:78:7b:59:a4:64:ec:fc:57:06:3f:
                    ae:f8:e0:ea:94:11:91:4e:9d:a6:4d:93:7c:12:76:
                    db:ef:c8:3d:59:22:72:71:de:e3:3a:53:65:bf:9d:
                    01:1f:2c:72:58:9f:aa:88:ac:b9:e1:06:15:92:25:
                    2e:6f:66:0e:3b:7d:86:6c:a4:c1:be:a2:ed:7d:3a:
                    c3:67:d2:be:b7:d5:1b:49:12:14:89:fe:95:ef:37:
                    19:3a:30:5b:54:f6:3d:53:c4:71:07:42:44:a4:4a:
                    94:fd:0d:d6:e5:f2:78:6b:6c:68:f4:95:b8:77:2d:
                    91:58:07:fa:bb:93:c0:5d:49:34:dc:5e:c7:2d:9c:
                    d7:3e:06:a7:34:f6:56:29:3d:b2:90:12:92:a4:2a:
                    5b:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:4C:F0:E0:28:8A:E8:28:87:82:57:61:C9:38:34:6E:8C:83:14:8E
            X509v3 Authority Key Identifier:
                keyid:58:CB:FE:08:34:F8:E6:65:12:F5:5B:D7:8C:C0:75:B7:ED:56:F4:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WMv-CDT45mUS9VvXjMB1t-1W9Ak.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/be863f-b33b-4334-bbd2-4094106786a9/1/QEzw4CiK6CiHgldhyTg0boyDFI4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/be863f-b33b-4334-bbd2-4094106786a9/1/WMv-CDT45mUS9VvXjMB1t-1W9Ak.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.140.194.0/24
                  79.140.200.0/21

    Signature Algorithm: sha256WithRSAEncryption
         99:10:68:53:d1:8d:2f:e7:ce:35:a8:43:0e:4a:e6:7b:1a:0b:
         94:00:c9:8b:c3:b5:26:b1:b6:9e:4f:aa:7f:9b:b9:29:39:2c:
         15:e7:11:c0:c5:4a:b5:d7:a3:01:35:ec:a9:27:bf:84:ba:11:
         ef:d9:82:7a:cb:a4:bd:1c:2e:64:80:ef:16:16:56:49:40:53:
         b3:b4:2f:bc:bc:44:d9:9b:da:81:c2:f7:d3:b6:0c:4b:64:e2:
         66:df:21:e1:70:cd:d2:ff:e7:0d:2a:72:4c:71:df:20:f7:ef:
         1a:dd:a6:8f:89:4c:e4:c4:44:77:62:bc:fb:a4:0d:e3:90:1b:
         f1:e3:4c:1a:45:ee:9b:24:a1:10:3b:2c:c3:19:8f:f8:ce:eb:
         18:75:52:d3:ca:dd:9f:28:8f:8c:aa:d1:70:57:81:23:ab:3f:
         3a:45:f5:06:5d:cb:c3:1b:87:86:df:66:63:d2:5d:92:73:09:
         07:c1:6d:12:1a:39:75:ca:b2:fe:86:c0:47:c2:8b:e0:3f:9c:
         77:a5:a7:28:e1:2a:a9:d9:a0:2b:74:76:bb:5e:58:87:dd:74:
         c4:a5:c1:e1:91:ad:32:c9:88:b1:01:a5:85:0c:9e:2a:02:33:
         32:7b:5c:b1:a9:95:3f:96:ca:9f:50:a1:51:57:cd:16:a3:2e:
         7e:2e:52:fb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZcQFwr2XiYityqd+BhN0qpHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4Y2JmZTA4MzRmOGU2NjUxMmY1NWJkNzhjYzA3NWI3ZWQ1
NmY0MDkwHhcNMjUwNTI3MDQ1MzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDRjZjBlMDI4OGFlODI4ODc4MjU3NjFjOTM4MzQ2ZThjODMxNDhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuoR1KkT/GjcDviUnP0hAAPohPHep
WjPsZJySMQCswKjxioOVg3rsZBD7z2pm8SOspORW6FJrHbc5nETh9J0fGznvypj8
Tq3kg8XNN8YBus7WALYOM8QswPe1YQusVCnm7mNGOUDpmItS067WXnh7WaRk7PxX
Bj+u+ODqlBGRTp2mTZN8Enbb78g9WSJycd7jOlNlv50BHyxyWJ+qiKy54QYVkiUu
b2YOO32GbKTBvqLtfTrDZ9K+t9UbSRIUif6V7zcZOjBbVPY9U8RxB0JEpEqU/Q3W
5fJ4a2xo9JW4dy2RWAf6u5PAXUk03F7HLZzXPganNPZWKT2ykBKSpCpbEwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEBM8OAoiugoh4JXYck4NG6MgxSOMB8GA1UdIwQY
MBaAFFjL/gg0+OZlEvVb14zAdbftVvQJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV012LUNEVDQ1bVVTOVZ2WGpNQjF0LTFXOUFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My9iZTg2M2YtYjMzYi00MzM0LWJiZDIt
NDA5NDEwNjc4NmE5LzEvUUV6dzRDaUs2Q2lIZ2xkaHlUZzBib3lERkk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My9iZTg2M2YtYjMzYi00MzM0LWJiZDItNDA5NDEwNjc4NmE5
LzEvV012LUNEVDQ1bVVTOVZ2WGpNQjF0LTFXOUFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAT4zCAwQD
T4zIMA0GCSqGSIb3DQEBCwUAA4IBAQCZEGhT0Y0v5841qEMOSuZ7GguUAMmLw7Um
sbaeT6p/m7kpOSwV5xHAxUq116MBNeypJ7+EuhHv2YJ6y6S9HC5kgO8WFlZJQFOz
tC+8vETZm9qBwvfTtgxLZOJm3yHhcM3S/+cNKnJMcd8g9+8a3aaPiUzkxER3Yrz7
pA3jkBvx40waRe6bJKEQOyzDGY/4zusYdVLTyt2fKI+MqtFwV4Ejqz86RfUGXcvD
G4eG32Zj0l2ScwkHwW0SGjl1yrL+hsBHwovgP5x3paco4Sqp2aArdHa7XliH3XTE
pcHhka0yyYixAaWFDJ4qAjMye1yxqZU/lsqfUKFRV80Woy5+LlL7
-----END CERTIFICATE-----