Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/1-nqAxegdrMdqbS68zmb9dWWkP4E.roa
File:                     1-nqAxegdrMdqbS68zmb9dWWkP4E.roa (raw, json)
Hash identifier:          gTPSMCLSgGySrBvRFhtEPFWhZ1lH2E8Hd/iXlwjui1I=
Subject key identifier:   FA:7A:80:C5:E8:1D:AC:C7:6A:6D:2E:BC:CE:66:FD:75:65:A4:3F:81
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       019082190E7E35B688370DDCFEB9BC421E8D
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/1-nqAxegdrMdqbS68zmb9dWWkP4E.roa
Signing time:             Fri 05 Jul 2024 08:53:18 +0000
ROA not before:           Fri 05 Jul 2024 08:53:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214579
IP address blocks:        2a0f:7802:d000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:82:19:0e:7e:35:b6:88:37:0d:dc:fe:b9:bc:42:1e:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jul  5 08:53:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fa7a80c5e81dacc76a6d2ebcce66fd7565a43f81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:a6:e3:f5:46:dd:65:7e:e6:b7:82:8a:c2:32:
                    9f:da:f6:38:af:61:5a:46:9d:fc:af:7b:c3:aa:4d:
                    1a:30:5b:fb:e1:78:05:ea:6b:17:c9:d0:dc:22:1b:
                    a9:5a:6b:e5:f0:d1:0f:3a:7e:ba:b3:a7:30:8b:d6:
                    0a:ce:a2:e9:3f:c0:d5:21:82:e4:d9:55:9c:fe:49:
                    41:f9:95:c8:ea:5f:20:26:ad:4c:8d:df:1f:04:12:
                    8f:e9:aa:ab:de:e1:b2:72:a2:9d:50:cb:3f:da:ad:
                    62:7b:40:08:35:b2:4b:6c:32:98:14:3c:51:b9:86:
                    ce:8f:2c:d2:d1:95:fe:fe:0b:df:e3:3f:d7:a7:e2:
                    2e:2a:1a:3e:be:a7:28:e5:51:bd:cc:89:50:82:57:
                    51:37:cc:bd:67:6d:55:0b:c9:cc:46:b6:c1:bf:34:
                    26:e5:80:e0:36:d2:b2:c7:95:0c:89:ad:54:f8:d7:
                    3d:6f:96:fa:f4:27:6c:8f:97:5e:5e:f5:28:f3:d7:
                    e9:b9:60:67:51:5d:3e:0e:3f:8d:b9:f1:1a:9c:4f:
                    9c:96:2a:18:b4:48:a9:ac:9c:37:aa:2e:76:3f:d0:
                    35:84:eb:41:94:b9:f0:f0:fe:63:69:1d:6c:bb:7f:
                    b6:26:d7:44:7d:55:61:00:55:94:54:a5:ae:71:63:
                    5d:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:7A:80:C5:E8:1D:AC:C7:6A:6D:2E:BC:CE:66:FD:75:65:A4:3F:81
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/1-nqAxegdrMdqbS68zmb9dWWkP4E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7802:d000::/40

    Signature Algorithm: sha256WithRSAEncryption
         74:a1:41:b0:04:50:cf:ac:13:a8:99:4a:82:97:08:a7:58:83:
         5c:a6:92:ba:1f:72:7f:60:1e:0a:9f:9b:54:3c:70:a3:38:c4:
         87:8f:cc:ed:4d:59:ed:62:92:d5:c2:ac:d4:59:94:5e:b0:38:
         18:17:f3:03:7e:cf:e2:cf:cb:7d:f2:93:f6:28:d8:0b:bf:26:
         2b:05:5f:75:f6:6a:ec:14:3e:30:5b:87:a0:1b:78:35:b7:70:
         d1:28:1d:4b:7c:11:0f:b4:fa:be:b1:f0:c3:db:9a:c2:bb:bf:
         40:a7:33:72:3f:2f:59:2d:54:b5:9c:64:fe:a0:0d:9b:0a:9e:
         60:12:83:cd:c1:e9:6d:86:11:f3:c5:26:d3:a5:79:fa:7f:63:
         a5:c5:eb:5f:ff:ce:91:4a:33:93:aa:81:2d:63:b6:4d:8d:76:
         cc:30:c6:28:65:58:53:ba:aa:c7:ef:1b:f6:56:ab:62:e7:1d:
         2b:96:62:68:84:78:e8:04:26:62:30:cd:c2:1c:82:d5:14:24:
         86:81:3d:7b:39:dc:16:88:4b:9d:34:b2:70:36:0a:6f:2f:db:
         29:50:39:39:97:1a:a1:58:1a:69:c4:0a:23:05:24:bf:56:2a:
         22:24:e0:28:a9:76:1c:b5:65:ea:1f:9c:c5:f3:0d:9b:80:82:
         fa:a3:75:20
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZCCGQ5+NbaINw3c/rm8Qh6NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjQwNzA1MDg1MzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTdhODBjNWU4MWRhY2M3NmE2ZDJlYmNjZTY2ZmQ3NTY1YTQzZjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA36bj9UbdZX7mt4KKwjKf2vY4r2Fa
Rp38r3vDqk0aMFv74XgF6msXydDcIhupWmvl8NEPOn66s6cwi9YKzqLpP8DVIYLk
2VWc/klB+ZXI6l8gJq1Mjd8fBBKP6aqr3uGycqKdUMs/2q1ie0AINbJLbDKYFDxR
uYbOjyzS0ZX+/gvf4z/Xp+IuKho+vqco5VG9zIlQgldRN8y9Z21VC8nMRrbBvzQm
5YDgNtKyx5UMia1U+Nc9b5b69Cdsj5deXvUo89fpuWBnUV0+Dj+NufEanE+clioY
tEiprJw3qi52P9A1hOtBlLnw8P5jaR1su3+2JtdEfVVhAFWUVKWucWNdBQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPp6gMXoHazHam0uvM5m/XVlpD+BMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvMS1ucUF4ZWdkck1kcWJTNjh6bWI5ZFdXa1A0RS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZDUvYzQ2NDdhLTYwNDItNGZlOC1hMjc2LWY1YjZhNzE4ZjRi
NS8xL3o4NnRPUVlsN2JvVUNCQ045WHpxUnhZTmNPVS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoPeALQ
MA0GCSqGSIb3DQEBCwUAA4IBAQB0oUGwBFDPrBOomUqClwinWINcppK6H3J/YB4K
n5tUPHCjOMSHj8ztTVntYpLVwqzUWZResDgYF/MDfs/iz8t98pP2KNgLvyYrBV91
9mrsFD4wW4egG3g1t3DRKB1LfBEPtPq+sfDD25rCu79ApzNyPy9ZLVS1nGT+oA2b
Cp5gEoPNwelthhHzxSbTpXn6f2Olxetf/86RSjOTqoEtY7ZNjXbMMMYoZVhTuqrH
7xv2Vqti5x0rlmJohHjoBCZiMM3CHILVFCSGgT17OdwWiEudNLJwNgpvL9spUDk5
lxqhWBppxAojBSS/VioiJOAoqXYctWXqH5zF8w2bgIL6o3Ug
-----END CERTIFICATE-----