Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/1Movp0VeGhtuN5XXKtUBchptVN0.roa
File:                     1Movp0VeGhtuN5XXKtUBchptVN0.roa (raw, json)
Hash identifier:          renImUIcIzt+eLPFYXi91sv2cucC8h+TdGY1AkcEkrI=
Subject key identifier:   D4:CA:2F:A7:45:5E:1A:1B:6E:37:95:D7:2A:D5:01:72:1A:6D:54:DD
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       01910C47E812C4C55B36C36FDA5CB713DA47
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/1Movp0VeGhtuN5XXKtUBchptVN0.roa
Signing time:             Thu 01 Aug 2024 04:52:04 +0000
ROA not before:           Thu 01 Aug 2024 04:52:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198266
IP address blocks:        2a0f:7803:f890::/44 maxlen: 48
                          2a0f:7803:ffd0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 08:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:0c:47:e8:12:c4:c5:5b:36:c3:6f:da:5c:b7:13:da:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Aug  1 04:52:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d4ca2fa7455e1a1b6e3795d72ad501721a6d54dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:8a:1b:20:19:d9:c4:c8:ed:0b:8b:6e:82:9a:
                    e7:6e:03:2b:ca:e1:75:0a:e4:47:7e:d1:a3:98:2f:
                    ec:ad:df:25:4a:29:13:ec:f3:65:b7:19:97:ee:8c:
                    a2:3d:77:56:86:d3:3c:5d:e2:9d:94:ac:93:31:b8:
                    f3:ab:83:21:7a:83:32:4d:18:e7:12:f7:1b:e8:6a:
                    e5:88:db:16:0c:96:40:c0:a3:35:97:21:44:a1:13:
                    61:e9:ad:45:e1:00:c9:11:32:ee:d8:da:b2:60:03:
                    8e:93:d8:40:34:d6:a0:7f:62:34:0b:6f:bd:71:48:
                    7c:97:6d:94:5e:76:6e:b1:b2:86:35:89:7c:46:02:
                    31:ca:40:53:2e:6c:4e:c9:e0:e9:69:71:a1:e5:50:
                    4d:94:58:cb:96:cc:dc:c2:00:5f:7c:df:95:c2:33:
                    2a:79:84:df:39:0e:9f:19:ff:50:dd:8a:9e:f1:29:
                    45:70:27:73:e9:93:ef:84:26:bd:4c:39:96:4a:fe:
                    6f:41:45:6f:a4:11:df:cd:e4:8f:2c:03:08:32:50:
                    0b:ee:a8:09:21:99:45:e5:2f:02:e0:54:0b:6d:86:
                    57:04:cc:6a:86:56:8b:0f:53:19:b9:7c:ca:d5:a4:
                    17:8f:80:6e:32:0a:28:bd:91:b9:d5:51:62:9c:27:
                    ef:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:CA:2F:A7:45:5E:1A:1B:6E:37:95:D7:2A:D5:01:72:1A:6D:54:DD
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/1Movp0VeGhtuN5XXKtUBchptVN0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7803:f890::/44
                  2a0f:7803:ffd0::/44

    Signature Algorithm: sha256WithRSAEncryption
         a4:b1:b0:c8:2c:d1:8b:04:fa:9f:af:be:a2:eb:ab:64:2b:17:
         47:c2:f5:b2:f0:5f:87:11:66:be:62:54:7f:2a:04:25:6c:75:
         d2:b6:cb:83:bf:1e:76:85:e2:9a:46:8a:d6:a1:8c:e9:87:3b:
         d6:5a:b2:06:7b:96:3f:5c:6f:d9:e2:c9:94:fb:96:4d:ee:b1:
         94:ff:c2:7f:c4:f0:8c:c2:5e:bd:5a:af:0a:28:3c:29:f3:9e:
         ab:cb:0d:b5:0b:a6:38:17:32:4e:20:d4:88:a0:e1:45:52:ea:
         b6:2a:5c:b2:30:8a:fc:19:1d:94:b3:11:e2:9b:f2:a0:7a:6b:
         1a:d1:39:22:ec:26:33:06:8c:0c:49:7c:0b:9c:31:29:9b:b4:
         2a:74:e5:0d:7d:a6:9a:c4:cb:ac:2a:80:07:b1:76:01:a4:ab:
         43:f8:b6:f5:f8:ec:e3:08:a2:11:22:dd:69:92:42:b3:4d:5b:
         86:0f:a1:26:a9:b8:cb:40:71:29:df:e2:70:ae:14:5f:b5:df:
         ea:d8:89:c0:d0:ee:e7:6a:37:08:4f:23:bd:90:91:61:ee:8f:
         ab:2b:da:6f:67:ba:a2:dc:ef:dd:b5:da:5b:ec:46:f5:bf:f8:
         1b:91:95:b4:ba:33:17:b5:61:59:a4:78:0c:d9:07:f1:58:9d:
         43:78:46:76
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZEMR+gSxMVbNsNv2ly3E9pHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjQwODAxMDQ1MjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGNhMmZhNzQ1NWUxYTFiNmUzNzk1ZDcyYWQ1MDE3MjFhNmQ1NGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArYobIBnZxMjtC4tugprnbgMryuF1
CuRHftGjmC/srd8lSikT7PNltxmX7oyiPXdWhtM8XeKdlKyTMbjzq4MheoMyTRjn
Evcb6GrliNsWDJZAwKM1lyFEoRNh6a1F4QDJETLu2NqyYAOOk9hANNagf2I0C2+9
cUh8l22UXnZusbKGNYl8RgIxykBTLmxOyeDpaXGh5VBNlFjLlszcwgBffN+VwjMq
eYTfOQ6fGf9Q3Yqe8SlFcCdz6ZPvhCa9TDmWSv5vQUVvpBHfzeSPLAMIMlAL7qgJ
IZlF5S8C4FQLbYZXBMxqhlaLD1MZuXzK1aQXj4BuMgoovZG51VFinCfvwQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNTKL6dFXhobbjeV1yrVAXIabVTdMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvMU1vdnAwVmVHaHR1TjVYWEt0VUJjaHB0Vk4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKg94A/iQ
AwcEKg94A//QMA0GCSqGSIb3DQEBCwUAA4IBAQCksbDILNGLBPqfr76i66tkKxdH
wvWy8F+HEWa+YlR/KgQlbHXStsuDvx52heKaRorWoYzphzvWWrIGe5Y/XG/Z4smU
+5ZN7rGU/8J/xPCMwl69Wq8KKDwp856ryw21C6Y4FzJOINSIoOFFUuq2KlyyMIr8
GR2UsxHim/Kgemsa0Tki7CYzBowMSXwLnDEpm7QqdOUNfaaaxMusKoAHsXYBpKtD
+Lb1+OzjCKIRIt1pkkKzTVuGD6EmqbjLQHEp3+JwrhRftd/q2InA0O7najcITyO9
kJFh7o+rK9pvZ7qi3O/dtdpb7Eb1v/gbkZW0ujMXtWFZpHgM2QfxWJ1DeEZ2
-----END CERTIFICATE-----