Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/337VcgnK0NQHbdDdCyOVwIBrYss.roa
File:                     337VcgnK0NQHbdDdCyOVwIBrYss.roa (raw, json)
Hash identifier:          kCl8fC0YITxAMBEyUobjioALCGJewx23T4Vnxj1xkUQ=
Subject key identifier:   DF:7E:D5:72:09:CA:D0:D4:07:6D:D0:DD:0B:23:95:C0:80:6B:62:CB
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       018CC424642AB070FDE5A7C14646E29B87D4
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/337VcgnK0NQHbdDdCyOVwIBrYss.roa
Signing time:             Mon 01 Jan 2024 08:29:28 +0000
ROA not before:           Mon 01 Jan 2024 08:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199613
IP address blocks:        2a0f:7803:ff70::/44 maxlen: 48
                          2a0f:7802:1000::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:64:2a:b0:70:fd:e5:a7:c1:46:46:e2:9b:87:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jan  1 08:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=df7ed57209cad0d4076dd0dd0b2395c0806b62cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:35:42:02:3f:98:82:7c:83:71:e6:28:10:c6:
                    8f:1e:03:5b:88:74:22:54:44:d6:09:2e:9c:ff:24:
                    79:a2:cf:83:1c:36:0e:c3:41:83:5a:0d:34:54:6e:
                    b9:cc:88:c8:71:44:e1:27:9e:fd:34:a6:cd:9f:21:
                    bd:00:56:b5:0a:19:f4:c9:62:20:bc:ad:4c:96:f5:
                    cb:6d:84:88:a0:15:1c:62:96:1c:2d:64:55:35:8c:
                    92:7c:f8:12:c8:b8:2c:d7:1e:1b:78:4b:56:e7:66:
                    2e:bd:2c:82:83:c5:41:86:ed:fd:df:1d:ac:52:b2:
                    d2:8f:cf:23:b0:47:97:06:a3:12:6a:ff:67:43:03:
                    a2:a4:c2:39:aa:c8:94:4a:ae:5a:83:43:95:2f:96:
                    c8:0f:ae:75:5f:f2:67:9a:11:b8:b4:20:8a:7b:82:
                    ef:44:1c:ae:01:fa:2d:f5:4e:bb:6d:47:dd:40:f9:
                    bf:fc:03:ca:84:10:b4:34:6d:6a:77:cc:af:ad:4c:
                    f4:75:88:d0:e6:81:92:09:a1:e3:0e:f1:d7:a7:5f:
                    73:9b:9d:10:53:04:f2:e3:98:a5:cc:a9:8b:63:99:
                    6d:74:9f:00:52:68:e5:b1:f0:ba:d4:38:f7:9e:a2:
                    a2:9f:ed:61:fc:aa:d0:26:df:73:67:8f:6c:dc:12:
                    a7:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:7E:D5:72:09:CA:D0:D4:07:6D:D0:DD:0B:23:95:C0:80:6B:62:CB
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/337VcgnK0NQHbdDdCyOVwIBrYss.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7802:1000::/36
                  2a0f:7803:ff70::/44

    Signature Algorithm: sha256WithRSAEncryption
         84:6c:e2:29:b5:65:a3:ec:04:93:98:19:52:f6:db:40:80:7e:
         65:4a:06:39:7f:55:01:5c:25:5e:88:cd:67:e3:2c:f0:c7:d7:
         dd:ca:2e:63:4f:c1:76:c6:98:f0:89:08:32:1b:43:2c:b8:e5:
         c9:fb:56:d9:2d:57:2d:c4:bb:bd:83:fb:21:06:79:88:bc:46:
         b8:d0:74:57:d9:e7:ef:40:8b:42:54:f3:67:08:7e:22:46:9e:
         7c:95:1f:47:36:f1:63:9e:9a:70:47:d9:e8:51:1e:28:17:bd:
         ec:ed:75:fc:9d:8d:2d:09:d6:68:04:ec:88:7c:e6:77:e3:28:
         a2:de:52:ba:91:68:51:83:a0:07:c1:71:13:e8:63:59:24:24:
         f2:f1:d7:b3:d8:be:f5:99:bf:49:f7:3d:48:da:52:58:6c:63:
         8d:b2:f3:3e:b0:bb:21:b1:99:3d:91:e8:70:2d:a3:0b:eb:86:
         28:27:ed:b1:15:c7:66:cd:01:83:b3:aa:d6:a5:3f:66:b5:44:
         d1:56:8d:a6:11:b4:f3:57:03:e7:ee:ed:83:13:3f:2e:7f:76:
         da:19:3a:96:fe:65:d5:28:24:59:6d:85:d7:40:ca:2d:9d:06:
         23:ed:0e:41:46:9d:8f:8f:39:b0:b8:eb:e3:f8:d7:d8:6c:98:
         03:8f:ca:61
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAYzEJGQqsHD95afBRkbim4fUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjQwMTAxMDgyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjdlZDU3MjA5Y2FkMGQ0MDc2ZGQwZGQwYjIzOTVjMDgwNmI2MmNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgzVCAj+YgnyDceYoEMaPHgNbiHQi
VETWCS6c/yR5os+DHDYOw0GDWg00VG65zIjIcUThJ579NKbNnyG9AFa1Chn0yWIg
vK1MlvXLbYSIoBUcYpYcLWRVNYySfPgSyLgs1x4beEtW52YuvSyCg8VBhu393x2s
UrLSj88jsEeXBqMSav9nQwOipMI5qsiUSq5ag0OVL5bID651X/JnmhG4tCCKe4Lv
RByuAfot9U67bUfdQPm//APKhBC0NG1qd8yvrUz0dYjQ5oGSCaHjDvHXp19zm50Q
UwTy45ilzKmLY5ltdJ8AUmjlsfC61Dj3nqKin+1h/KrQJt9zZ49s3BKnqQIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFN9+1XIJytDUB23Q3QsjlcCAa2LLMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvMzM3VmNnbkswTlFIYmREZEN5T1Z3SUJyWXNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwYEKg94AhAD
BwQqD3gD/3AwDQYJKoZIhvcNAQELBQADggEBAIRs4im1ZaPsBJOYGVL220CAfmVK
Bjl/VQFcJV6IzWfjLPDH193KLmNPwXbGmPCJCDIbQyy45cn7VtktVy3Eu72D+yEG
eYi8RrjQdFfZ5+9Ai0JU82cIfiJGnnyVH0c28WOemnBH2ehRHigXveztdfydjS0J
1mgE7Ih85nfjKKLeUrqRaFGDoAfBcRPoY1kkJPLx17PYvvWZv0n3PUjaUlhsY42y
8z6wuyGxmT2R6HAtowvrhign7bEVx2bNAYOzqtalP2a1RNFWjaYRtPNXA+fu7YMT
Py5/dtoZOpb+ZdUoJFlthddAyi2dBiPtDkFGnY+PObC46+P419hsmAOPymE=
-----END CERTIFICATE-----