Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/7e0b13-ec91-483d-b96a-659b4ccd7f4a/1/CfUrafygYGSePjcIej3rxMGbJDI.roa
File:                     CfUrafygYGSePjcIej3rxMGbJDI.roa (raw, json)
Hash identifier:          X6AZHbughYjpJFwaVsupdcP3UOvik8OA/b5qiG++R3Q=
Subject key identifier:   09:F5:2B:69:FC:A0:60:64:9E:3E:37:08:7A:3D:EB:C4:C1:9B:24:32
Certificate issuer:       /CN=9af188a04bb45d4ee74c44dc76d71fffbdc04f60
Certificate serial:       01942521FD6495BF8690E2CAC091BB720070
Authority key identifier: 9A:F1:88:A0:4B:B4:5D:4E:E7:4C:44:DC:76:D7:1F:FF:BD:C0:4F:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mvGIoEu0XU7nTETcdtcf_73AT2A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/7e0b13-ec91-483d-b96a-659b4ccd7f4a/1/CfUrafygYGSePjcIej3rxMGbJDI.roa
Signing time:             Thu 02 Jan 2025 03:49:32 +0000
ROA not before:           Thu 02 Jan 2025 03:49:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        77.83.236.0/22 maxlen: 22
                          2a09:9280::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/7e0b13-ec91-483d-b96a-659b4ccd7f4a/1/mvGIoEu0XU7nTETcdtcf_73AT2A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/7e0b13-ec91-483d-b96a-659b4ccd7f4a/1/mvGIoEu0XU7nTETcdtcf_73AT2A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mvGIoEu0XU7nTETcdtcf_73AT2A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:fd:64:95:bf:86:90:e2:ca:c0:91:bb:72:00:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9af188a04bb45d4ee74c44dc76d71fffbdc04f60
        Validity
            Not Before: Jan  2 03:49:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=09f52b69fca060649e3e37087a3debc4c19b2432
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:8a:b2:5d:a0:1e:f7:6c:64:90:6e:df:ba:9c:
                    2c:93:92:f7:8c:66:f2:8d:a2:5a:ab:63:41:19:79:
                    89:d0:f0:2d:f6:65:af:a7:e6:8d:bb:d9:a2:a5:ae:
                    9f:32:ac:77:4c:8a:1d:96:19:31:97:39:55:e2:9b:
                    ae:47:01:2d:f8:83:58:b5:a9:6f:5e:d7:a1:2d:b7:
                    27:15:70:9e:fa:69:0d:b2:db:80:32:4f:29:6a:5e:
                    c1:1c:e1:93:02:e0:d0:80:59:10:9d:cc:fb:29:cd:
                    b0:e6:41:60:02:29:c7:6a:7a:47:b2:ee:0e:09:f0:
                    29:22:f0:ec:7a:d6:f9:ac:5f:f7:65:29:85:9d:5e:
                    48:a9:6c:a9:0c:eb:3c:c2:ef:ee:db:a8:4f:a7:59:
                    36:0b:dc:e2:ac:0d:1e:19:aa:c6:fd:ec:96:2a:e8:
                    d3:b0:97:05:84:49:35:79:48:86:7b:1f:86:15:34:
                    35:ef:a1:c7:bd:a8:bb:45:e8:02:f7:d2:f0:e4:8f:
                    01:ef:60:1a:97:71:a1:0d:87:2f:06:93:62:41:a9:
                    44:b8:e0:03:d2:07:cf:9b:99:6e:63:99:74:f6:dc:
                    cc:f1:bf:0a:b0:79:39:07:e6:7b:f2:b3:af:be:7e:
                    6e:2c:fa:c5:78:36:75:42:47:35:dc:83:06:a3:86:
                    bc:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:F5:2B:69:FC:A0:60:64:9E:3E:37:08:7A:3D:EB:C4:C1:9B:24:32
            X509v3 Authority Key Identifier:
                keyid:9A:F1:88:A0:4B:B4:5D:4E:E7:4C:44:DC:76:D7:1F:FF:BD:C0:4F:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mvGIoEu0XU7nTETcdtcf_73AT2A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/7e0b13-ec91-483d-b96a-659b4ccd7f4a/1/CfUrafygYGSePjcIej3rxMGbJDI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/7e0b13-ec91-483d-b96a-659b4ccd7f4a/1/mvGIoEu0XU7nTETcdtcf_73AT2A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.236.0/22
                IPv6:
                  2a09:9280::/29

    Signature Algorithm: sha256WithRSAEncryption
         06:8f:73:8a:f2:6d:52:f9:b4:21:b8:fc:4b:09:2c:5d:1f:23:
         44:f6:c9:47:ec:5d:db:67:df:83:d7:e7:3a:27:ad:ee:69:4c:
         02:33:bd:4c:77:c4:fa:a7:a5:d6:a4:b2:44:f1:ec:53:64:f1:
         0a:0b:13:5e:d9:f7:76:39:1b:de:33:5a:5a:7e:1e:7d:b6:54:
         80:14:72:6f:c5:b6:a8:0a:07:75:3c:4a:c8:62:2c:f2:86:99:
         41:8a:82:09:21:0a:49:60:44:fa:91:cb:0a:8e:60:d8:0a:c0:
         5e:00:ea:1b:8f:d4:4f:b1:2e:b7:91:29:f9:72:a8:c5:1f:45:
         ef:b1:9b:98:31:e9:3a:17:2d:d2:fb:b9:39:2e:ab:b7:aa:01:
         e6:a0:29:d9:67:61:5a:01:c2:d2:d4:89:e3:46:40:f9:e2:13:
         08:0b:fc:c8:df:ee:74:11:e4:ee:07:32:0d:46:6d:93:c4:87:
         8a:e4:d0:77:84:ec:15:b8:7a:db:9f:2e:97:ee:02:75:c4:4c:
         43:5b:96:47:79:e7:17:45:52:5c:b7:0e:e5:9e:24:c3:2c:80:
         9a:0f:41:20:d7:5d:d8:10:89:35:e5:de:4e:f1:e1:33:70:71:
         ad:a7:9d:fe:96:67:9d:5f:6b:86:b0:f9:cd:c3:89:89:48:87:
         a5:70:ba:9a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQlIf1klb+GkOLKwJG7cgBwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZjE4OGEwNGJiNDVkNGVlNzRjNDRkYzc2ZDcxZmZmYmRj
MDRmNjAwHhcNMjUwMTAyMDM0OTMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWY1MmI2OWZjYTA2MDY0OWUzZTM3MDg3YTNkZWJjNGMxOWIyNDMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArIqyXaAe92xkkG7fupwsk5L3jGby
jaJaq2NBGXmJ0PAt9mWvp+aNu9mipa6fMqx3TIodlhkxlzlV4puuRwEt+INYtalv
XtehLbcnFXCe+mkNstuAMk8pal7BHOGTAuDQgFkQncz7Kc2w5kFgAinHanpHsu4O
CfApIvDsetb5rF/3ZSmFnV5IqWypDOs8wu/u26hPp1k2C9zirA0eGarG/eyWKujT
sJcFhEk1eUiGex+GFTQ176HHvai7RegC99Lw5I8B72Aal3GhDYcvBpNiQalEuOAD
0gfPm5luY5l09tzM8b8KsHk5B+Z78rOvvn5uLPrFeDZ1Qkc13IMGo4a8RwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAn1K2n8oGBknj43CHo968TBmyQyMB8GA1UdIwQY
MBaAFJrxiKBLtF1O50xE3HbXH/+9wE9gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXZHSW9FdTBYVTduVEVUY2R0Y2ZfNzNBVDJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy83ZTBiMTMtZWM5MS00ODNkLWI5NmEt
NjU5YjRjY2Q3ZjRhLzEvQ2ZVcmFmeWdZR1NlUGpjSWVqM3J4TUdiSkRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy83ZTBiMTMtZWM5MS00ODNkLWI5NmEtNjU5YjRjY2Q3ZjRh
LzEvbXZHSW9FdTBYVTduVEVUY2R0Y2ZfNzNBVDJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCTVPsMA0E
AgACMAcDBQMqCZKAMA0GCSqGSIb3DQEBCwUAA4IBAQAGj3OK8m1S+bQhuPxLCSxd
HyNE9slH7F3bZ9+D1+c6J63uaUwCM71Md8T6p6XWpLJE8exTZPEKCxNe2fd2ORve
M1pafh59tlSAFHJvxbaoCgd1PErIYizyhplBioIJIQpJYET6kcsKjmDYCsBeAOob
j9RPsS63kSn5cqjFH0XvsZuYMek6Fy3S+7k5Lqu3qgHmoCnZZ2FaAcLS1InjRkD5
4hMIC/zI3+50EeTuBzINRm2TxIeK5NB3hOwVuHrbny6X7gJ1xExDW5ZHeecXRVJc
tw7lniTDLICaD0Eg113YEIk15d5O8eEzcHGtp53+lmedX2uGsPnNw4mJSIelcLqa
-----END CERTIFICATE-----