Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/3CP5wZ5vg88P3PV1A5qdobUuJ2g.roa
File:                     3CP5wZ5vg88P3PV1A5qdobUuJ2g.roa (raw, json)
Hash identifier:          wivp9gK67ST4AFrNMVa51lkAJchyjW4EVPOvn0sMCCM=
Subject key identifier:   DC:23:F9:C1:9E:6F:83:CF:0F:DC:F5:75:03:9A:9D:A1:B5:2E:27:68
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       01918733C5708AFAB48B1EA194A11324B2BC
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/3CP5wZ5vg88P3PV1A5qdobUuJ2g.roa
Signing time:             Sun 25 Aug 2024 01:43:22 +0000
ROA not before:           Sun 25 Aug 2024 01:43:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201386
IP address blocks:        2a0f:7803:f850::/44 maxlen: 48
                          2a0f:7803:f8a0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:87:33:c5:70:8a:fa:b4:8b:1e:a1:94:a1:13:24:b2:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Aug 25 01:43:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dc23f9c19e6f83cf0fdcf575039a9da1b52e2768
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:e5:98:f7:4d:89:c1:4b:5a:c4:7d:fb:8c:ce:
                    16:cf:b6:f6:37:98:1e:f2:ae:68:2e:4e:0f:79:2e:
                    1f:3f:dc:36:00:bd:72:dc:24:ae:09:fb:2e:36:42:
                    48:6b:5a:d5:da:d0:04:9e:81:ce:14:5e:a4:ac:da:
                    9b:17:9f:f1:26:af:e4:e4:6b:48:8b:6b:4f:9e:40:
                    04:e0:4c:c0:17:11:f3:a7:e3:ab:f3:c8:29:22:21:
                    f0:91:1a:20:6c:2f:c8:53:f9:16:79:1d:38:36:e5:
                    ee:ab:74:a3:02:b7:3b:0b:00:15:5f:7a:a8:3c:8b:
                    e0:3b:64:ea:c3:86:09:85:ab:d6:c3:6e:18:49:3a:
                    b6:cd:f0:f4:dd:f0:3b:63:6c:bc:04:f0:3e:d1:e0:
                    b9:32:d6:7f:77:87:62:bb:e0:66:6e:f8:f4:91:ff:
                    f3:79:c7:b8:b2:1a:00:92:6c:74:cc:fc:5a:0f:46:
                    07:39:43:86:84:a9:41:0b:15:b4:69:98:1d:98:dd:
                    5e:7a:58:4d:60:a1:6e:0b:b4:c6:4c:3d:ce:18:e4:
                    40:d3:1e:59:fb:e9:55:c4:cc:5e:4e:85:0a:ff:47:
                    3c:00:25:77:97:2f:dc:d9:90:5c:cc:8b:ff:3e:7f:
                    a6:8f:0f:48:17:8f:4f:67:45:f4:ca:4a:34:7c:60:
                    d0:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:23:F9:C1:9E:6F:83:CF:0F:DC:F5:75:03:9A:9D:A1:B5:2E:27:68
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/3CP5wZ5vg88P3PV1A5qdobUuJ2g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7803:f850::/44
                  2a0f:7803:f8a0::/44

    Signature Algorithm: sha256WithRSAEncryption
         07:25:bc:1e:e3:af:e4:12:5d:3f:78:ec:bb:8f:e0:58:48:5f:
         9d:10:69:dd:9d:9f:42:84:30:0f:92:39:15:44:16:d2:99:c6:
         cf:95:1b:b1:07:97:48:f6:5b:9c:67:46:d8:10:b0:a9:06:7f:
         a1:c2:2d:84:35:90:b3:08:67:d0:9e:ab:1b:7a:82:ad:2d:21:
         c9:15:0e:67:5c:bc:dd:29:1f:de:5e:f8:f2:a8:aa:d4:2f:a7:
         1d:d5:ce:ef:2b:7b:d4:4d:cd:56:0b:74:70:71:21:48:4e:e0:
         98:90:3c:88:8a:68:80:0d:89:37:67:ae:79:c0:f3:b9:2e:5a:
         58:60:b1:1b:4b:96:0f:c7:b8:56:ad:94:79:f2:8c:e6:90:b3:
         af:9c:d0:6a:29:f2:14:1f:a9:14:fd:89:16:cc:ff:3e:2b:ee:
         7b:83:cc:dd:43:0d:e8:83:33:e1:0e:32:77:e1:3c:6c:24:68:
         1e:61:d2:79:bb:a9:fb:43:52:55:63:01:90:50:2f:63:d0:bc:
         e9:8e:51:db:fe:6f:94:e6:27:21:2e:5e:07:55:4c:ff:06:7c:
         bc:27:c3:22:d6:9f:10:cd:6a:eb:fd:3d:ff:f1:4e:cc:80:fa:
         b0:c3:d6:50:a0:98:0f:db:f6:73:31:56:b1:e8:fd:18:b9:a9:
         c6:b0:46:8d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZGHM8Vwivq0ix6hlKETJLK8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjQwODI1MDE0MzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzIzZjljMTllNmY4M2NmMGZkY2Y1NzUwMzlhOWRhMWI1MmUyNzY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3OWY902JwUtaxH37jM4Wz7b2N5ge
8q5oLk4PeS4fP9w2AL1y3CSuCfsuNkJIa1rV2tAEnoHOFF6krNqbF5/xJq/k5GtI
i2tPnkAE4EzAFxHzp+Or88gpIiHwkRogbC/IU/kWeR04NuXuq3SjArc7CwAVX3qo
PIvgO2Tqw4YJhavWw24YSTq2zfD03fA7Y2y8BPA+0eC5MtZ/d4diu+Bmbvj0kf/z
ece4shoAkmx0zPxaD0YHOUOGhKlBCxW0aZgdmN1eelhNYKFuC7TGTD3OGORA0x5Z
++lVxMxeToUK/0c8ACV3ly/c2ZBczIv/Pn+mjw9IF49PZ0X0yko0fGDQ3wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNwj+cGeb4PPD9z1dQOanaG1LidoMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvM0NQNXdaNXZnODhQM1BWMUE1cWRvYlV1SjJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKg94A/hQ
AwcEKg94A/igMA0GCSqGSIb3DQEBCwUAA4IBAQAHJbwe46/kEl0/eOy7j+BYSF+d
EGndnZ9ChDAPkjkVRBbSmcbPlRuxB5dI9lucZ0bYELCpBn+hwi2ENZCzCGfQnqsb
eoKtLSHJFQ5nXLzdKR/eXvjyqKrUL6cd1c7vK3vUTc1WC3RwcSFITuCYkDyIimiA
DYk3Z655wPO5LlpYYLEbS5YPx7hWrZR58ozmkLOvnNBqKfIUH6kU/YkWzP8+K+57
g8zdQw3ogzPhDjJ34TxsJGgeYdJ5u6n7Q1JVYwGQUC9j0LzpjlHb/m+U5ichLl4H
VUz/Bny8J8Mi1p8QzWrr/T3/8U7MgPqww9ZQoJgP2/ZzMVax6P0YuanGsEaN
-----END CERTIFICATE-----