Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/JwvlPYx-jHmmU5EBKt7lo1ZAVsE.roa
File:                     JwvlPYx-jHmmU5EBKt7lo1ZAVsE.roa (raw, json)
Hash identifier:          d2wbHeSxfQUPnAKBRQ2VCY/zGKVhhgrxURRpvQGwrvM=
Subject key identifier:   27:0B:E5:3D:8C:7E:8C:79:A6:53:91:01:2A:DE:E5:A3:56:40:56:C1
Certificate issuer:       /CN=cfcd73f82c260da87386dcf7be26d5c5445526fa
Certificate serial:       01931A2D11492D9B6282FC001114AF6615EF
Authority key identifier: CF:CD:73:F8:2C:26:0D:A8:73:86:DC:F7:BE:26:D5:C5:44:55:26:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z81z-CwmDahzhtz3vibVxURVJvo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/JwvlPYx-jHmmU5EBKt7lo1ZAVsE.roa
Signing time:             Mon 11 Nov 2024 07:43:01 +0000
ROA not before:           Mon 11 Nov 2024 07:43:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215455
IP address blocks:        2a09:d2c1:5::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/z81z-CwmDahzhtz3vibVxURVJvo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/z81z-CwmDahzhtz3vibVxURVJvo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z81z-CwmDahzhtz3vibVxURVJvo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:1a:2d:11:49:2d:9b:62:82:fc:00:11:14:af:66:15:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcd73f82c260da87386dcf7be26d5c5445526fa
        Validity
            Not Before: Nov 11 07:43:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=270be53d8c7e8c79a65391012adee5a3564056c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:24:f0:a4:92:89:91:fd:57:98:59:a4:d7:97:
                    0e:f5:3b:f1:17:50:33:53:e8:ef:a1:92:60:30:00:
                    1d:a9:e3:ad:eb:4c:3b:e8:d7:21:b4:77:17:1a:80:
                    fe:ed:b8:83:67:ae:00:1e:b1:bb:f4:7e:29:8a:e7:
                    11:8b:f9:01:e7:bb:ff:65:f7:6d:e3:fb:86:c3:40:
                    f7:ca:c9:34:c5:fb:12:b7:ae:fe:1b:3c:7b:11:28:
                    f2:67:4e:2e:eb:86:78:9e:fa:fe:1a:e5:82:80:97:
                    91:3e:3c:49:2a:90:4d:55:ed:78:db:40:28:be:04:
                    4b:20:a4:95:03:54:c4:49:aa:45:1e:31:94:fe:01:
                    ac:2d:29:35:6e:6a:4e:de:9a:ba:3c:ef:fc:de:20:
                    87:36:73:68:af:98:79:54:c6:01:7a:0f:a2:0c:87:
                    0e:a4:a2:56:20:33:2b:d5:f6:a5:43:d0:65:3c:82:
                    53:49:f8:98:a1:4b:e6:f0:00:2e:45:19:c1:77:37:
                    14:30:f4:d6:cc:c7:ad:2b:c3:63:5a:cb:cb:d7:49:
                    a1:82:a2:32:22:5f:38:0b:bb:a1:9b:4d:ef:e5:91:
                    d9:2e:c6:f7:55:b7:eb:15:72:a2:07:99:8e:c9:fa:
                    02:fe:e3:fd:c9:ce:5f:1a:24:db:61:55:46:8b:cd:
                    53:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:0B:E5:3D:8C:7E:8C:79:A6:53:91:01:2A:DE:E5:A3:56:40:56:C1
            X509v3 Authority Key Identifier:
                keyid:CF:CD:73:F8:2C:26:0D:A8:73:86:DC:F7:BE:26:D5:C5:44:55:26:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z81z-CwmDahzhtz3vibVxURVJvo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/JwvlPYx-jHmmU5EBKt7lo1ZAVsE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/z81z-CwmDahzhtz3vibVxURVJvo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:d2c1:5::/48

    Signature Algorithm: sha256WithRSAEncryption
         12:4c:d8:b7:69:88:71:e4:b9:c5:06:8e:eb:da:7d:d0:d2:0c:
         6e:54:0e:26:c7:fa:0d:7f:a3:97:d1:c8:11:73:f9:a4:43:b9:
         b5:42:11:72:d0:4f:fe:6d:fa:a0:11:d1:89:bd:4f:d6:f1:e5:
         89:cd:46:01:5a:45:ca:ab:6f:5b:42:31:64:00:31:63:c9:57:
         82:97:b0:28:87:8e:21:7c:14:47:c9:22:62:1b:de:39:81:80:
         dc:bc:71:43:b8:66:33:6b:f8:69:13:61:a1:e7:e7:31:76:a6:
         17:e8:28:d0:45:04:39:a3:cd:bc:70:18:e1:9b:51:26:fe:5f:
         2d:6f:78:06:31:d0:94:e0:04:b8:62:e1:9b:b8:6f:6c:82:bc:
         29:be:98:9e:7b:d6:f3:26:07:c3:c0:c7:5b:a5:56:b1:28:c1:
         d8:be:ba:db:ff:1a:3d:b6:86:a1:c3:29:17:60:f0:a3:0e:22:
         12:ea:4f:2a:da:f6:56:1b:9f:35:79:44:04:7c:88:40:85:cf:
         27:fb:69:95:9b:ae:23:ef:15:e8:d4:ec:ea:2e:05:85:ac:da:
         95:b8:bd:4a:cd:75:b0:cb:53:d2:06:29:c8:84:2c:06:b0:f4:
         41:72:24:9d:6c:a3:a9:b8:a0:8a:51:b1:9b:e2:d6:43:dc:28:
         53:bd:0d:50
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZMaLRFJLZtigvwAERSvZhXvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2Q3M2Y4MmMyNjBkYTg3Mzg2ZGNmN2JlMjZkNWM1NDQ1
NTI2ZmEwHhcNMjQxMTExMDc0MzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzBiZTUzZDhjN2U4Yzc5YTY1MzkxMDEyYWRlZTVhMzU2NDA1NmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuyTwpJKJkf1XmFmk15cO9TvxF1Az
U+jvoZJgMAAdqeOt60w76NchtHcXGoD+7biDZ64AHrG79H4piucRi/kB57v/Zfdt
4/uGw0D3ysk0xfsSt67+Gzx7ESjyZ04u64Z4nvr+GuWCgJeRPjxJKpBNVe1420Ao
vgRLIKSVA1TESapFHjGU/gGsLSk1bmpO3pq6PO/83iCHNnNor5h5VMYBeg+iDIcO
pKJWIDMr1falQ9BlPIJTSfiYoUvm8AAuRRnBdzcUMPTWzMetK8NjWsvL10mhgqIy
Il84C7uhm03v5ZHZLsb3VbfrFXKiB5mOyfoC/uP9yc5fGiTbYVVGi81T+wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCcL5T2Mfox5plORASre5aNWQFbBMB8GA1UdIwQY
MBaAFM/Nc/gsJg2oc4bc974m1cVEVSb6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejgxei1Dd21EYWh6aHR6M3ZpYlZ4VVJWSnZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy80MGFkZTAtOThkYS00YWE1LWI4MTct
NmVkYzFiMjI1NjI1LzEvSnd2bFBZeC1qSG1tVTVFQkt0N2xvMVpBVnNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy80MGFkZTAtOThkYS00YWE1LWI4MTctNmVkYzFiMjI1NjI1
LzEvejgxei1Dd21EYWh6aHR6M3ZpYlZ4VVJWSnZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgnSwQAF
MA0GCSqGSIb3DQEBCwUAA4IBAQASTNi3aYhx5LnFBo7r2n3Q0gxuVA4mx/oNf6OX
0cgRc/mkQ7m1QhFy0E/+bfqgEdGJvU/W8eWJzUYBWkXKq29bQjFkADFjyVeCl7Ao
h44hfBRHySJiG945gYDcvHFDuGYza/hpE2Gh5+cxdqYX6CjQRQQ5o828cBjhm1Em
/l8tb3gGMdCU4AS4YuGbuG9sgrwpvpiee9bzJgfDwMdbpVaxKMHYvrrb/xo9toah
wykXYPCjDiIS6k8q2vZWG581eUQEfIhAhc8n+2mVm64j7xXo1OzqLgWFrNqVuL1K
zXWwy1PSBinIhCwGsPRBciSdbKOpuKCKUbGb4tZD3ChTvQ1Q
-----END CERTIFICATE-----