Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/z7u0-_I3ldemkcb2ZLJhU-JItkQ.roa
File:                     z7u0-_I3ldemkcb2ZLJhU-JItkQ.roa (raw, json)
Hash identifier:          yav2NQEJKEmir43ydoT5Z/erpSGTcP9R0i+zjRpK3NE=
Subject key identifier:   CF:BB:B4:FB:F2:37:95:D7:A6:91:C6:F6:64:B2:61:53:E2:48:B6:44
Certificate issuer:       /CN=f62eeb879085c94194297dd9e4cd249cd2516515
Certificate serial:       0190545164BCC3BDAEAD010648B96CA3D328
Authority key identifier: F6:2E:EB:87:90:85:C9:41:94:29:7D:D9:E4:CD:24:9C:D2:51:65:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9i7rh5CFyUGUKX3Z5M0knNJRZRU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/z7u0-_I3ldemkcb2ZLJhU-JItkQ.roa
Signing time:             Wed 26 Jun 2024 11:32:18 +0000
ROA not before:           Wed 26 Jun 2024 11:32:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214996
IP address blocks:        2a0a:4cc0:2000::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/9i7rh5CFyUGUKX3Z5M0knNJRZRU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/9i7rh5CFyUGUKX3Z5M0knNJRZRU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9i7rh5CFyUGUKX3Z5M0knNJRZRU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:54:51:64:bc:c3:bd:ae:ad:01:06:48:b9:6c:a3:d3:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f62eeb879085c94194297dd9e4cd249cd2516515
        Validity
            Not Before: Jun 26 11:32:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cfbbb4fbf23795d7a691c6f664b26153e248b644
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:70:48:72:1d:1d:28:ab:76:07:69:cf:ce:b1:
                    84:4e:51:c5:69:df:b3:d9:5c:3c:54:f0:45:4a:7a:
                    58:9a:c2:f0:f5:8e:b3:4a:1e:4b:a4:9b:bb:6e:41:
                    90:6e:da:be:d2:ac:d5:3c:23:08:0e:3a:b5:de:10:
                    34:41:15:42:15:68:75:86:dd:9f:0a:85:ad:44:77:
                    13:42:6e:bb:65:5e:54:78:90:c8:a1:9a:48:70:0e:
                    b8:bb:0a:85:22:83:4c:0b:fa:8c:77:4a:8c:1e:8b:
                    fd:cf:cd:da:2f:10:5d:52:4a:2a:b3:03:58:38:93:
                    8a:a5:cd:a1:d9:c9:f5:ac:11:82:04:d1:25:3e:14:
                    89:fe:36:6b:72:e4:80:74:c8:8a:f6:8f:bd:83:56:
                    e1:aa:64:ce:99:e0:bd:53:25:87:da:c0:2b:34:49:
                    0a:fd:e0:ba:af:ae:24:ab:a0:67:d4:99:b3:db:99:
                    94:a9:ab:c1:c0:ff:3e:7a:7c:35:6e:95:2b:ce:1e:
                    b0:c9:fa:d5:95:59:66:80:64:b2:f0:81:2b:56:ad:
                    b6:3a:75:56:9e:f4:b0:5f:3a:19:b4:b7:64:eb:09:
                    b4:cc:3c:cc:5f:f5:78:91:47:0f:5d:a0:24:7e:e3:
                    c1:6f:9d:32:b0:f4:a6:15:61:7e:d9:23:15:5b:ab:
                    1a:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:BB:B4:FB:F2:37:95:D7:A6:91:C6:F6:64:B2:61:53:E2:48:B6:44
            X509v3 Authority Key Identifier:
                keyid:F6:2E:EB:87:90:85:C9:41:94:29:7D:D9:E4:CD:24:9C:D2:51:65:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9i7rh5CFyUGUKX3Z5M0knNJRZRU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/z7u0-_I3ldemkcb2ZLJhU-JItkQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/91da8b-0502-48df-8532-5fbf9a29b6e1/1/9i7rh5CFyUGUKX3Z5M0knNJRZRU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:4cc0:2000::/48

    Signature Algorithm: sha256WithRSAEncryption
         47:16:c1:23:20:ca:82:6d:2a:3f:ca:1d:1e:2d:7e:8d:cd:43:
         fe:26:64:c5:9c:28:22:9f:16:f0:a0:ef:22:69:c5:fc:5d:50:
         2d:57:bd:15:23:b8:e0:73:c8:c7:20:b0:14:ae:61:63:a7:01:
         3b:83:4e:74:82:7f:39:d1:1a:aa:ff:81:a1:e3:19:7c:be:98:
         ab:fd:d5:56:82:b7:13:ce:e0:b4:f8:db:dd:d1:4c:b4:20:d3:
         37:07:b4:d1:b5:ac:7a:8b:a7:1b:75:71:07:4b:3b:1b:d3:15:
         43:de:47:61:ed:fb:30:85:db:ef:8f:2e:31:ab:e8:c5:85:24:
         12:d6:bf:7a:06:f1:b2:89:6c:60:2f:fa:15:1f:4e:a6:c2:1d:
         96:2a:a6:f7:45:51:0d:d5:c4:b7:c5:1a:04:28:c3:cb:ef:66:
         33:c3:a3:c3:b6:49:1f:47:a1:16:31:4e:2e:04:22:ec:56:13:
         4a:9a:ea:c7:63:0f:bb:3f:26:96:8e:39:ff:d0:a9:a0:00:09:
         b1:fd:06:0d:31:15:4b:49:8a:de:d6:94:32:b4:48:77:47:ed:
         07:93:1d:ab:22:16:32:c4:4f:86:1d:3b:f7:d6:e1:eb:3b:8b:
         31:e9:78:98:96:e1:50:f0:8a:34:bd:53:c4:dc:db:68:1a:df:
         18:d0:f2:3d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZBUUWS8w72urQEGSLlso9MoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2MmVlYjg3OTA4NWM5NDE5NDI5N2RkOWU0Y2QyNDljZDI1
MTY1MTUwHhcNMjQwNjI2MTEzMjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmJiYjRmYmYyMzc5NWQ3YTY5MWM2ZjY2NGIyNjE1M2UyNDhiNjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqnBIch0dKKt2B2nPzrGETlHFad+z
2Vw8VPBFSnpYmsLw9Y6zSh5LpJu7bkGQbtq+0qzVPCMIDjq13hA0QRVCFWh1ht2f
CoWtRHcTQm67ZV5UeJDIoZpIcA64uwqFIoNMC/qMd0qMHov9z83aLxBdUkoqswNY
OJOKpc2h2cn1rBGCBNElPhSJ/jZrcuSAdMiK9o+9g1bhqmTOmeC9UyWH2sArNEkK
/eC6r64kq6Bn1Jmz25mUqavBwP8+enw1bpUrzh6wyfrVlVlmgGSy8IErVq22OnVW
nvSwXzoZtLdk6wm0zDzMX/V4kUcPXaAkfuPBb50ysPSmFWF+2SMVW6sa2wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFM+7tPvyN5XXppHG9mSyYVPiSLZEMB8GA1UdIwQY
MBaAFPYu64eQhclBlCl92eTNJJzSUWUVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWk3cmg1Q0Z5VUdVS1gzWjVNMGtuTkpSWlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS85MWRhOGItMDUwMi00OGRmLTg1MzIt
NWZiZjlhMjliNmUxLzEvejd1MC1fSTNsZGVta2NiMlpMSmhVLUpJdGtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS85MWRhOGItMDUwMi00OGRmLTg1MzItNWZiZjlhMjliNmUx
LzEvOWk3cmg1Q0Z5VUdVS1gzWjVNMGtuTkpSWlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgpMwCAA
MA0GCSqGSIb3DQEBCwUAA4IBAQBHFsEjIMqCbSo/yh0eLX6NzUP+JmTFnCginxbw
oO8iacX8XVAtV70VI7jgc8jHILAUrmFjpwE7g050gn850Rqq/4Gh4xl8vpir/dVW
grcTzuC0+Nvd0Uy0INM3B7TRtax6i6cbdXEHSzsb0xVD3kdh7fswhdvvjy4xq+jF
hSQS1r96BvGyiWxgL/oVH06mwh2WKqb3RVEN1cS3xRoEKMPL72Yzw6PDtkkfR6EW
MU4uBCLsVhNKmurHYw+7PyaWjjn/0KmgAAmx/QYNMRVLSYre1pQytEh3R+0Hkx2r
IhYyxE+GHTv31uHrO4sx6XiYluFQ8Io0vVPE3NtoGt8Y0PI9
-----END CERTIFICATE-----