Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/77774a-fc07-4002-94f9-12dc94ddedcd/1/QPgFHQDlm_0exUYvdkepCU73o64.roa
File:                     QPgFHQDlm_0exUYvdkepCU73o64.roa (raw, json)
Hash identifier:          GOemFo+2yNdKq5tLB7uX1AqqukrqHbLBiUTqn2bm5uU=
Subject key identifier:   40:F8:05:1D:00:E5:9B:FD:1E:C5:46:2F:76:47:A9:09:4E:F7:A3:AE
Certificate issuer:       /CN=bae7fa77f724bb467325ad59d7dbfc63399c6e79
Certificate serial:       01942444E8AE65BCADC24433D9C3AB3E0A7A
Authority key identifier: BA:E7:FA:77:F7:24:BB:46:73:25:AD:59:D7:DB:FC:63:39:9C:6E:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uuf6d_cku0ZzJa1Z19v8Yzmcbnk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/77774a-fc07-4002-94f9-12dc94ddedcd/1/QPgFHQDlm_0exUYvdkepCU73o64.roa
Signing time:             Wed 01 Jan 2025 23:48:03 +0000
ROA not before:           Wed 01 Jan 2025 23:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206477
IP address blocks:        2001:678:ccc::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/77774a-fc07-4002-94f9-12dc94ddedcd/1/uuf6d_cku0ZzJa1Z19v8Yzmcbnk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/77774a-fc07-4002-94f9-12dc94ddedcd/1/uuf6d_cku0ZzJa1Z19v8Yzmcbnk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uuf6d_cku0ZzJa1Z19v8Yzmcbnk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:e8:ae:65:bc:ad:c2:44:33:d9:c3:ab:3e:0a:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bae7fa77f724bb467325ad59d7dbfc63399c6e79
        Validity
            Not Before: Jan  1 23:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=40f8051d00e59bfd1ec5462f7647a9094ef7a3ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:f6:f2:88:eb:73:9b:ae:4d:11:23:6b:d6:4c:
                    ef:85:6d:43:3b:b5:64:67:d9:9d:07:ee:1b:b0:9b:
                    13:86:60:0f:d7:e8:a9:15:49:83:62:be:47:16:ed:
                    e6:da:73:7a:be:ea:a9:8b:b2:94:61:bc:3a:7b:3f:
                    f3:58:d4:54:0c:3b:16:96:2f:d4:1a:1e:6e:4f:29:
                    61:09:18:1f:3f:7d:f0:32:8b:86:5b:3e:9e:92:d4:
                    ef:dd:57:f4:7a:16:4a:23:e0:6b:57:4f:ab:74:65:
                    99:d1:76:d7:ae:cc:ea:2e:84:6f:02:c0:65:39:00:
                    f4:55:f2:51:93:34:d9:db:2d:7a:76:18:59:ec:b4:
                    c8:fb:08:af:c4:21:32:3d:6d:2f:ef:09:b1:1e:c6:
                    fd:28:1d:06:29:1e:aa:77:76:91:c7:a0:39:0c:ec:
                    28:5f:01:78:49:c1:24:3c:d3:63:84:53:6f:d5:b9:
                    a5:96:01:5f:19:63:0e:b9:f7:54:c9:70:bc:ca:ab:
                    05:00:a2:ca:0b:40:72:26:cb:71:a3:9d:5e:f3:a1:
                    6e:96:26:1d:5e:80:bd:aa:c8:e2:62:09:b3:54:c3:
                    27:33:34:2e:f9:92:c0:bb:f4:4f:0a:c4:f5:8e:29:
                    f5:bb:68:22:00:be:18:4a:b4:81:d2:c6:d4:39:b3:
                    28:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:F8:05:1D:00:E5:9B:FD:1E:C5:46:2F:76:47:A9:09:4E:F7:A3:AE
            X509v3 Authority Key Identifier:
                keyid:BA:E7:FA:77:F7:24:BB:46:73:25:AD:59:D7:DB:FC:63:39:9C:6E:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uuf6d_cku0ZzJa1Z19v8Yzmcbnk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/77774a-fc07-4002-94f9-12dc94ddedcd/1/QPgFHQDlm_0exUYvdkepCU73o64.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/77774a-fc07-4002-94f9-12dc94ddedcd/1/uuf6d_cku0ZzJa1Z19v8Yzmcbnk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:ccc::/48

    Signature Algorithm: sha256WithRSAEncryption
         4d:d7:1c:08:10:7d:c8:2f:8f:10:62:3b:bc:e5:94:e5:c3:33:
         34:a0:01:fa:20:28:9b:aa:90:ad:24:1a:73:3c:ce:4b:ed:a3:
         9b:0b:74:ec:82:e9:b0:c6:04:b3:da:99:42:66:12:b1:fc:55:
         8d:10:2e:6a:86:7b:bc:ea:c0:d9:78:09:f8:71:c6:f1:ff:1e:
         a1:4c:bf:e1:ab:5a:d4:57:ed:36:c8:8e:0f:c3:74:d8:fb:34:
         4f:2b:55:b1:d9:98:e9:18:d0:49:ea:df:4d:7e:d2:42:28:7c:
         81:22:d1:a4:35:07:a5:f5:36:e4:dd:ef:46:2b:cd:c3:b3:56:
         f6:08:49:04:c7:2b:65:c6:ce:7a:80:ac:2b:98:20:22:da:d8:
         6a:ae:10:9f:d8:f6:8f:33:f2:9c:d9:71:37:12:21:85:2c:e8:
         e5:6e:ff:3c:fd:88:40:e6:53:fd:2f:a4:c3:4c:0b:0b:cd:64:
         69:47:9c:39:18:b6:6d:83:2f:e5:57:b6:a9:0c:84:0c:b1:c6:
         0e:bd:85:50:a1:9e:0e:12:21:61:92:d5:af:bf:44:59:56:ef:
         31:a5:ee:74:c3:f1:85:44:bd:71:8c:b6:55:ac:23:c7:82:ee:
         4b:b1:f1:07:cb:c6:3b:85:d7:78:f5:92:ea:c3:fa:49:93:fc:
         a9:80:6d:f0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQkROiuZbytwkQz2cOrPgp6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhZTdmYTc3ZjcyNGJiNDY3MzI1YWQ1OWQ3ZGJmYzYzMzk5
YzZlNzkwHhcNMjUwMTAxMjM0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGY4MDUxZDAwZTU5YmZkMWVjNTQ2MmY3NjQ3YTkwOTRlZjdhM2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxfbyiOtzm65NESNr1kzvhW1DO7Vk
Z9mdB+4bsJsThmAP1+ipFUmDYr5HFu3m2nN6vuqpi7KUYbw6ez/zWNRUDDsWli/U
Gh5uTylhCRgfP33wMouGWz6ektTv3Vf0ehZKI+BrV0+rdGWZ0XbXrszqLoRvAsBl
OQD0VfJRkzTZ2y16dhhZ7LTI+wivxCEyPW0v7wmxHsb9KB0GKR6qd3aRx6A5DOwo
XwF4ScEkPNNjhFNv1bmllgFfGWMOufdUyXC8yqsFAKLKC0ByJstxo51e86FuliYd
XoC9qsjiYgmzVMMnMzQu+ZLAu/RPCsT1jin1u2giAL4YSrSB0sbUObMomwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFED4BR0A5Zv9HsVGL3ZHqQlO96OuMB8GA1UdIwQY
MBaAFLrn+nf3JLtGcyWtWdfb/GM5nG55MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXVmNmRfY2t1MFp6SmExWjE5djhZem1jYm5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi83Nzc3NGEtZmMwNy00MDAyLTk0Zjkt
MTJkYzk0ZGRlZGNkLzEvUVBnRkhRRGxtXzBleFVZdmRrZXBDVTczbzY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi83Nzc3NGEtZmMwNy00MDAyLTk0ZjktMTJkYzk0ZGRlZGNk
LzEvdXVmNmRfY2t1MFp6SmExWjE5djhZem1jYm5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAzM
MA0GCSqGSIb3DQEBCwUAA4IBAQBN1xwIEH3IL48QYju85ZTlwzM0oAH6ICibqpCt
JBpzPM5L7aObC3TsgumwxgSz2plCZhKx/FWNEC5qhnu86sDZeAn4ccbx/x6hTL/h
q1rUV+02yI4Pw3TY+zRPK1Wx2ZjpGNBJ6t9NftJCKHyBItGkNQel9Tbk3e9GK83D
s1b2CEkExytlxs56gKwrmCAi2thqrhCf2PaPM/Kc2XE3EiGFLOjlbv88/YhA5lP9
L6TDTAsLzWRpR5w5GLZtgy/lV7apDIQMscYOvYVQoZ4OEiFhktWvv0RZVu8xpe50
w/GFRL1xjLZVrCPHgu5LsfEHy8Y7hdd49ZLqw/pJk/ypgG3w
-----END CERTIFICATE-----