Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/D8TNv_kJR03ah10OG4SqZsjwXm8.roa
File:                     D8TNv_kJR03ah10OG4SqZsjwXm8.roa (raw, json)
Hash identifier:          jW2zRPSgP2DL4otKnCRoRYgd0w3r7ZcxIjnDJHpO50k=
Subject key identifier:   0F:C4:CD:BF:F9:09:47:4D:DA:87:5D:0E:1B:84:AA:66:C8:F0:5E:6F
Certificate issuer:       /CN=2f5cab8a09a9fde23c9635f8e164aef09e17948c
Certificate serial:       0191E5596D643BCE151C729140DA6FD08335
Authority key identifier: 2F:5C:AB:8A:09:A9:FD:E2:3C:96:35:F8:E1:64:AE:F0:9E:17:94:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L1yrigmp_eI8ljX44WSu8J4XlIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/D8TNv_kJR03ah10OG4SqZsjwXm8.roa
Signing time:             Thu 12 Sep 2024 08:28:48 +0000
ROA not before:           Thu 12 Sep 2024 08:28:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206873
IP address blocks:        2a0d:3043:e9f0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/L1yrigmp_eI8ljX44WSu8J4XlIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/L1yrigmp_eI8ljX44WSu8J4XlIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L1yrigmp_eI8ljX44WSu8J4XlIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:e5:59:6d:64:3b:ce:15:1c:72:91:40:da:6f:d0:83:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f5cab8a09a9fde23c9635f8e164aef09e17948c
        Validity
            Not Before: Sep 12 08:28:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0fc4cdbff909474dda875d0e1b84aa66c8f05e6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:22:fd:89:6a:bd:09:37:aa:30:34:d2:c7:22:
                    96:71:c3:a5:c6:c9:3f:6f:91:75:8d:8c:4e:4c:93:
                    64:11:68:40:8c:d6:42:5d:41:11:0b:a1:2a:77:72:
                    94:6a:6d:8d:e2:04:0b:1a:21:42:47:f6:05:23:d4:
                    23:1f:66:56:66:35:b1:55:17:36:84:a3:12:77:78:
                    c9:01:bf:c7:4d:69:6b:24:ed:08:b4:81:d3:60:80:
                    4a:a5:47:a5:4e:ae:15:2b:5e:a6:34:d5:22:3e:4d:
                    eb:98:f9:9f:30:2b:0c:4e:56:0a:db:24:0a:09:5a:
                    cd:ed:97:f9:94:21:d7:24:75:d2:d2:a2:0e:41:10:
                    89:47:2e:49:33:ae:63:71:c1:23:7d:2d:a9:18:90:
                    ef:ed:b1:65:f6:2f:68:ff:57:9e:2b:a6:ea:bd:88:
                    4b:67:4b:90:55:69:22:f3:87:09:80:20:0e:91:62:
                    c8:59:ea:3b:29:3e:8c:a4:69:28:19:07:cb:2e:63:
                    b1:c2:e9:f3:ff:bc:56:46:04:ce:a0:ac:9f:59:40:
                    99:90:f4:37:ec:60:1c:1e:bf:be:d9:88:12:ce:ce:
                    e1:82:9e:e4:85:a6:5c:70:cd:0d:f8:c6:fc:0a:e3:
                    32:56:4f:35:45:8c:b6:2f:bf:99:b9:de:a2:ca:bc:
                    02:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:C4:CD:BF:F9:09:47:4D:DA:87:5D:0E:1B:84:AA:66:C8:F0:5E:6F
            X509v3 Authority Key Identifier:
                keyid:2F:5C:AB:8A:09:A9:FD:E2:3C:96:35:F8:E1:64:AE:F0:9E:17:94:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L1yrigmp_eI8ljX44WSu8J4XlIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/D8TNv_kJR03ah10OG4SqZsjwXm8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/c2e16e-ab68-4429-96ee-002f26e3b898/1/L1yrigmp_eI8ljX44WSu8J4XlIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:3043:e9f0::/48

    Signature Algorithm: sha256WithRSAEncryption
         09:76:ce:b0:10:2b:ba:0c:8d:44:21:6c:f7:db:a5:65:b1:8d:
         d1:f6:6e:71:55:06:f4:1b:b8:46:55:ef:ab:43:6b:c1:b1:21:
         16:4f:5a:2d:5b:f9:52:a0:2d:8a:83:d4:0a:9e:f5:78:00:72:
         8a:a0:4e:e9:80:67:fd:f2:00:15:5e:d2:53:46:fa:90:d2:32:
         b4:6f:cf:67:8e:11:f9:41:a8:7c:92:91:51:b8:29:ad:1f:0d:
         e1:e3:93:5a:da:9b:81:38:cb:91:ec:3c:cb:66:67:fc:27:93:
         2d:ef:e8:1b:2f:a3:be:c5:06:c3:99:03:2b:98:d0:1f:d2:ba:
         32:07:f1:08:4f:41:b0:bb:40:e8:46:cf:18:bc:6d:c1:5d:a4:
         e9:f2:de:86:5d:e7:f2:bf:76:80:25:88:46:25:1b:97:ce:4e:
         67:aa:c3:69:ef:94:c6:67:ac:2a:a9:95:70:73:4e:ef:ad:01:
         90:b1:7f:57:28:ee:3f:ac:ef:5b:1f:76:f0:7b:46:c3:51:a5:
         d7:04:70:64:b9:3d:09:ee:db:bb:dc:16:21:7a:11:ec:39:13:
         b6:0b:dd:4c:72:3d:f4:d6:77:6a:b1:c3:ea:71:e2:f2:06:62:
         37:5e:b2:f3:dd:26:de:41:2c:f8:22:80:7f:ee:1d:22:50:84:
         1d:af:7f:78
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZHlWW1kO84VHHKRQNpv0IM1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmNWNhYjhhMDlhOWZkZTIzYzk2MzVmOGUxNjRhZWYwOWUx
Nzk0OGMwHhcNMjQwOTEyMDgyODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmM0Y2RiZmY5MDk0NzRkZGE4NzVkMGUxYjg0YWE2NmM4ZjA1ZTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5iL9iWq9CTeqMDTSxyKWccOlxsk/
b5F1jYxOTJNkEWhAjNZCXUERC6Eqd3KUam2N4gQLGiFCR/YFI9QjH2ZWZjWxVRc2
hKMSd3jJAb/HTWlrJO0ItIHTYIBKpUelTq4VK16mNNUiPk3rmPmfMCsMTlYK2yQK
CVrN7Zf5lCHXJHXS0qIOQRCJRy5JM65jccEjfS2pGJDv7bFl9i9o/1eeK6bqvYhL
Z0uQVWki84cJgCAOkWLIWeo7KT6MpGkoGQfLLmOxwunz/7xWRgTOoKyfWUCZkPQ3
7GAcHr++2YgSzs7hgp7khaZccM0N+Mb8CuMyVk81RYy2L7+Zud6iyrwCmwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFA/Ezb/5CUdN2oddDhuEqmbI8F5vMB8GA1UdIwQY
MBaAFC9cq4oJqf3iPJY1+OFkrvCeF5SMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDF5cmlnbXBfZUk4bGpYNDRXU3U4SjRYbEl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9jMmUxNmUtYWI2OC00NDI5LTk2ZWUt
MDAyZjI2ZTNiODk4LzEvRDhUTnZfa0pSMDNhaDEwT0c0U3Fac2p3WG04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9jMmUxNmUtYWI2OC00NDI5LTk2ZWUtMDAyZjI2ZTNiODk4
LzEvTDF5cmlnbXBfZUk4bGpYNDRXU3U4SjRYbEl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg0wQ+nw
MA0GCSqGSIb3DQEBCwUAA4IBAQAJds6wECu6DI1EIWz326VlsY3R9m5xVQb0G7hG
Ve+rQ2vBsSEWT1otW/lSoC2Kg9QKnvV4AHKKoE7pgGf98gAVXtJTRvqQ0jK0b89n
jhH5Qah8kpFRuCmtHw3h45Na2puBOMuR7DzLZmf8J5Mt7+gbL6O+xQbDmQMrmNAf
0royB/EIT0Gwu0DoRs8YvG3BXaTp8t6GXefyv3aAJYhGJRuXzk5nqsNp75TGZ6wq
qZVwc07vrQGQsX9XKO4/rO9bH3bwe0bDUaXXBHBkuT0J7tu73BYhehHsORO2C91M
cj301ndqscPqceLyBmI3XrLz3SbeQSz4IoB/7h0iUIQdr394
-----END CERTIFICATE-----