Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/5R2A4CP3vYXB9zu6woBwaylSxKk.roa
File:                     5R2A4CP3vYXB9zu6woBwaylSxKk.roa (raw, json)
Hash identifier:          H17F2LZuWWXfibPtwu7SoP0O6jN3NW2qhFM2mxJ0/yI=
Subject key identifier:   E5:1D:80:E0:23:F7:BD:85:C1:F7:3B:BA:C2:80:70:6B:29:52:C4:A9
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       01942369F3F56CBAF25BC3655EAD98D5235B
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/5R2A4CP3vYXB9zu6woBwaylSxKk.roa
Signing time:             Wed 01 Jan 2025 19:48:53 +0000
ROA not before:           Wed 01 Jan 2025 19:48:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214714
IP address blocks:        2a0f:7803:fa50::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:f3:f5:6c:ba:f2:5b:c3:65:5e:ad:98:d5:23:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jan  1 19:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e51d80e023f7bd85c1f73bbac280706b2952c4a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:dd:5d:08:ef:c7:ab:31:a2:c9:aa:b9:04:e2:
                    07:c8:32:25:78:5e:87:a1:66:5d:a7:77:26:91:4f:
                    54:5a:b7:3f:52:7d:aa:c0:e7:46:db:d2:e9:f9:bf:
                    86:54:df:f5:74:25:ce:c6:fe:ee:cc:8d:66:32:aa:
                    92:32:bb:a2:15:f6:9b:d3:e6:a3:7a:db:2b:17:b8:
                    d6:82:12:a1:32:f6:73:7f:3c:23:d4:8a:5e:cc:98:
                    7e:34:ed:93:8b:e4:38:a9:dc:92:1a:f0:f8:49:06:
                    7f:eb:e9:81:e7:44:3c:78:2d:02:28:e9:97:1c:ca:
                    06:9a:7e:64:df:88:72:4c:61:ff:39:5b:5b:d1:b1:
                    3c:e4:5e:cf:84:f6:a7:8d:57:a0:ee:c4:1d:b9:e4:
                    f0:a3:4d:4c:aa:60:6f:ac:43:b1:44:01:d6:84:4f:
                    d2:29:da:a2:c0:b8:07:92:4d:e8:23:94:b6:6b:9f:
                    ce:e0:61:f2:55:5b:bf:55:1b:59:7b:e9:cf:8c:74:
                    69:4e:38:ef:13:f4:b1:99:22:ba:a2:1d:45:7d:68:
                    18:2a:78:b2:23:27:ab:bd:61:8e:94:e7:f2:81:cf:
                    8e:c8:72:ff:2b:b2:60:f6:6b:4d:35:c5:30:e8:7b:
                    59:d0:66:02:af:76:1f:65:45:c2:37:72:36:c0:f4:
                    70:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:1D:80:E0:23:F7:BD:85:C1:F7:3B:BA:C2:80:70:6B:29:52:C4:A9
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/5R2A4CP3vYXB9zu6woBwaylSxKk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7803:fa50::/44

    Signature Algorithm: sha256WithRSAEncryption
         4c:f0:e3:af:9d:39:89:4e:07:ea:25:39:10:a2:fe:79:d4:28:
         e5:cf:e7:5e:18:bf:19:43:09:16:be:d8:b0:47:ac:37:61:6a:
         ba:d6:32:91:71:7d:af:c1:10:af:fa:d4:2d:21:98:7a:e5:89:
         0a:f0:03:47:fc:b5:00:77:44:14:86:a0:3d:b6:d0:56:25:4c:
         1f:73:b0:e0:87:82:e3:f1:71:fc:7d:d2:2f:50:a1:83:9e:48:
         1e:0b:5f:44:2f:61:16:33:3b:86:e4:97:85:4d:b5:18:c7:c8:
         1f:34:b4:00:7e:da:e8:09:5e:19:4c:34:20:a8:74:98:3a:9d:
         34:35:38:a2:72:99:f0:33:c3:1f:6e:14:f0:86:f7:c5:98:79:
         52:14:a3:fe:1d:2f:17:8f:38:3b:10:15:58:eb:66:8b:7d:23:
         f1:9b:6c:bb:ed:e5:c1:20:5c:d4:ed:ef:0e:0f:f1:0f:e6:d6:
         00:29:56:5b:89:4e:6c:74:fa:b2:f6:be:d8:ba:6c:ad:aa:80:
         ea:c9:60:50:da:b2:81:ca:3e:8a:55:06:3c:0d:f6:ba:be:68:
         7d:23:82:c9:fb:5a:fc:51:e1:e2:e5:40:b3:02:09:a3:48:3f:
         16:b7:85:d0:3c:a7:7b:6e:74:9f:b6:36:60:27:59:a7:c6:d9:
         0f:5c:6c:1b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQjafP1bLryW8NlXq2Y1SNbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjUwMTAxMTk0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTFkODBlMDIzZjdiZDg1YzFmNzNiYmFjMjgwNzA2YjI5NTJjNGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4d1dCO/HqzGiyaq5BOIHyDIleF6H
oWZdp3cmkU9UWrc/Un2qwOdG29Lp+b+GVN/1dCXOxv7uzI1mMqqSMruiFfab0+aj
etsrF7jWghKhMvZzfzwj1IpezJh+NO2Ti+Q4qdySGvD4SQZ/6+mB50Q8eC0CKOmX
HMoGmn5k34hyTGH/OVtb0bE85F7PhPanjVeg7sQdueTwo01MqmBvrEOxRAHWhE/S
KdqiwLgHkk3oI5S2a5/O4GHyVVu/VRtZe+nPjHRpTjjvE/SxmSK6oh1FfWgYKniy
IyervWGOlOfygc+OyHL/K7Jg9mtNNcUw6HtZ0GYCr3YfZUXCN3I2wPRwJwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOUdgOAj972Fwfc7usKAcGspUsSpMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvNVIyQTRDUDN2WVhCOXp1NndvQndheWxTeEtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg94A/pQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBM8OOvnTmJTgfqJTkQov551Cjlz+deGL8ZQwkW
vtiwR6w3YWq61jKRcX2vwRCv+tQtIZh65YkK8ANH/LUAd0QUhqA9ttBWJUwfc7Dg
h4Lj8XH8fdIvUKGDnkgeC19EL2EWMzuG5JeFTbUYx8gfNLQAftroCV4ZTDQgqHSY
Op00NTiicpnwM8MfbhTwhvfFmHlSFKP+HS8Xjzg7EBVY62aLfSPxm2y77eXBIFzU
7e8OD/EP5tYAKVZbiU5sdPqy9r7YumytqoDqyWBQ2rKByj6KVQY8Dfa6vmh9I4LJ
+1r8UeHi5UCzAgmjSD8Wt4XQPKd7bnSftjZgJ1mnxtkPXGwb
-----END CERTIFICATE-----