Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/aad626-dace-44d8-818d-387afa0a534f/1/6qAIt9V6Tuc9FVGp-Mx0RnmXJnc.roa
File:                     6qAIt9V6Tuc9FVGp-Mx0RnmXJnc.roa (raw, json)
Hash identifier:          CiYXMrIwOkUf5P8W6OuLsiwB9SuH3vnA0mKQsfSXJRs=
Subject key identifier:   EA:A0:08:B7:D5:7A:4E:E7:3D:15:51:A9:F8:CC:74:46:79:97:26:77
Certificate issuer:       /CN=640b1f8772c6ef484e2cd2d66263f2ef98fa3968
Certificate serial:       019426D91233D33D69C25BCD212E1C63AF4C
Authority key identifier: 64:0B:1F:87:72:C6:EF:48:4E:2C:D2:D6:62:63:F2:EF:98:FA:39:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZAsfh3LG70hOLNLWYmPy75j6OWg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/aad626-dace-44d8-818d-387afa0a534f/1/6qAIt9V6Tuc9FVGp-Mx0RnmXJnc.roa
Signing time:             Thu 02 Jan 2025 11:49:07 +0000
ROA not before:           Thu 02 Jan 2025 11:49:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197876
IP address blocks:        77.73.80.0/21 maxlen: 24
                          2a03:ab80::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/aad626-dace-44d8-818d-387afa0a534f/1/ZAsfh3LG70hOLNLWYmPy75j6OWg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/aad626-dace-44d8-818d-387afa0a534f/1/ZAsfh3LG70hOLNLWYmPy75j6OWg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZAsfh3LG70hOLNLWYmPy75j6OWg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:12:33:d3:3d:69:c2:5b:cd:21:2e:1c:63:af:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=640b1f8772c6ef484e2cd2d66263f2ef98fa3968
        Validity
            Not Before: Jan  2 11:49:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eaa008b7d57a4ee73d1551a9f8cc744679972677
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:e5:f6:cb:27:c7:6a:42:54:8a:5e:c7:2f:71:
                    af:1e:25:38:de:4e:83:87:f5:89:1c:3d:9b:ec:a8:
                    0c:02:2d:d2:95:03:1d:38:31:ca:10:23:60:38:8c:
                    7c:56:c0:40:78:03:01:ed:bd:f9:ec:33:d7:23:88:
                    d0:7a:19:4e:a2:e8:61:f8:ef:f4:6a:9e:62:f3:ff:
                    de:64:09:66:9b:64:be:5e:5d:bd:18:86:d7:e9:43:
                    c0:93:e9:17:26:78:7b:45:99:cc:e1:47:9e:a0:80:
                    59:b7:b2:b7:e8:aa:81:96:a2:81:a3:ad:b7:a1:45:
                    f8:59:e6:70:fc:57:9f:dc:8b:ae:47:30:18:ba:ec:
                    59:29:1e:87:2f:8a:ad:b1:50:73:de:f4:ea:6b:2e:
                    78:3a:be:57:4b:f7:84:de:f1:01:ef:43:9b:d5:09:
                    66:14:6a:bd:4a:ef:22:d8:82:d0:8d:e4:75:49:a8:
                    fa:c4:88:5b:d4:d6:41:24:ea:42:4c:ca:e0:6d:a4:
                    1e:d1:a2:85:dc:c0:55:73:a2:81:34:97:06:07:75:
                    b1:55:4f:93:34:95:e5:b9:89:72:c2:81:11:00:b6:
                    ae:26:e9:df:8a:76:54:5b:3d:ad:9f:18:09:c1:a5:
                    ba:50:04:07:1f:85:d4:4d:9c:31:a4:ac:3b:8a:5b:
                    8b:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:A0:08:B7:D5:7A:4E:E7:3D:15:51:A9:F8:CC:74:46:79:97:26:77
            X509v3 Authority Key Identifier:
                keyid:64:0B:1F:87:72:C6:EF:48:4E:2C:D2:D6:62:63:F2:EF:98:FA:39:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZAsfh3LG70hOLNLWYmPy75j6OWg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/aad626-dace-44d8-818d-387afa0a534f/1/6qAIt9V6Tuc9FVGp-Mx0RnmXJnc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/aad626-dace-44d8-818d-387afa0a534f/1/ZAsfh3LG70hOLNLWYmPy75j6OWg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.73.80.0/21
                IPv6:
                  2a03:ab80::/32

    Signature Algorithm: sha256WithRSAEncryption
         6b:f1:1b:79:f6:98:f6:68:fc:76:88:18:6f:f7:33:a7:be:17:
         29:ce:a5:51:05:0c:87:88:10:b5:82:ec:25:17:ed:e1:00:29:
         a5:9d:1c:8a:5c:2a:af:5d:44:28:ca:cd:64:e7:c8:2e:c5:36:
         a2:b2:49:5f:d7:f1:73:6c:7b:64:68:78:b3:7d:08:4e:3b:75:
         30:ea:89:97:a8:be:ef:12:1e:3b:88:f3:cf:07:e9:93:f1:57:
         91:3d:ae:28:98:7d:07:b2:23:b6:36:77:2a:2e:8a:b6:bc:c3:
         9e:49:ff:4b:08:5f:aa:c6:54:12:cb:48:d3:2f:aa:bd:06:42:
         6f:f1:6e:19:1d:6b:45:5c:26:d9:f9:3a:08:af:4e:eb:45:d1:
         46:67:34:e9:61:b0:4b:b4:1f:14:d2:22:24:df:81:5d:6d:17:
         7a:2b:ae:8a:b9:a9:82:01:66:82:09:a4:f3:be:da:6c:7d:ee:
         1e:3d:f8:88:b5:b8:a2:3f:5c:3a:0b:7b:10:60:00:45:fc:b8:
         e8:0e:a5:c7:d3:af:f9:b1:e8:e0:e5:33:b9:a3:8a:1b:bd:11:
         21:87:6e:56:8a:b1:2b:92:d4:37:9e:1c:d2:4e:d5:68:bc:b0:
         f4:70:6e:cf:ca:0a:e7:52:5d:e7:31:43:3b:d4:95:91:c8:8a:
         6e:e5:be:61
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQm2RIz0z1pwlvNIS4cY69MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0MGIxZjg3NzJjNmVmNDg0ZTJjZDJkNjYyNjNmMmVmOThm
YTM5NjgwHhcNMjUwMTAyMTE0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWEwMDhiN2Q1N2E0ZWU3M2QxNTUxYTlmOGNjNzQ0Njc5OTcyNjc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjOX2yyfHakJUil7HL3GvHiU43k6D
h/WJHD2b7KgMAi3SlQMdODHKECNgOIx8VsBAeAMB7b357DPXI4jQehlOouhh+O/0
ap5i8//eZAlmm2S+Xl29GIbX6UPAk+kXJnh7RZnM4UeeoIBZt7K36KqBlqKBo623
oUX4WeZw/Fef3IuuRzAYuuxZKR6HL4qtsVBz3vTqay54Or5XS/eE3vEB70Ob1Qlm
FGq9Su8i2ILQjeR1Saj6xIhb1NZBJOpCTMrgbaQe0aKF3MBVc6KBNJcGB3WxVU+T
NJXluYlywoERALauJunfinZUWz2tnxgJwaW6UAQHH4XUTZwxpKw7iluLyQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOqgCLfVek7nPRVRqfjMdEZ5lyZ3MB8GA1UdIwQY
MBaAFGQLH4dyxu9ITizS1mJj8u+Y+jloMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkFzZmgzTEc3MGhPTE5MV1ltUHk3NWo2T1dnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9hYWQ2MjYtZGFjZS00NGQ4LTgxOGQt
Mzg3YWZhMGE1MzRmLzEvNnFBSXQ5VjZUdWM5RlZHcC1NeDBSbm1YSm5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9hYWQ2MjYtZGFjZS00NGQ4LTgxOGQtMzg3YWZhMGE1MzRm
LzEvWkFzZmgzTEc3MGhPTE5MV1ltUHk3NWo2T1dnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDTUlQMA0E
AgACMAcDBQAqA6uAMA0GCSqGSIb3DQEBCwUAA4IBAQBr8Rt59pj2aPx2iBhv9zOn
vhcpzqVRBQyHiBC1guwlF+3hACmlnRyKXCqvXUQoys1k58guxTaisklf1/FzbHtk
aHizfQhOO3Uw6omXqL7vEh47iPPPB+mT8VeRPa4omH0HsiO2NncqLoq2vMOeSf9L
CF+qxlQSy0jTL6q9BkJv8W4ZHWtFXCbZ+ToIr07rRdFGZzTpYbBLtB8U0iIk34Fd
bRd6K66KuamCAWaCCaTzvtpsfe4ePfiItbiiP1w6C3sQYABF/LjoDqXH06/5sejg
5TO5o4obvREhh25WirErktQ3nhzSTtVovLD0cG7PygrnUl3nMUM71JWRyIpu5b5h
-----END CERTIFICATE-----