Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/A6MPHW-ry3IMd8vrIoLbU-EA5CU.roa
File:                     A6MPHW-ry3IMd8vrIoLbU-EA5CU.roa (raw, json)
Hash identifier:          jjmjrEztQ8EexAKYkMRDSFsqiMlwhssDjvTnC0ha+gE=
Subject key identifier:   03:A3:0F:1D:6F:AB:CB:72:0C:77:CB:EB:22:82:DB:53:E1:00:E4:25
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       018CC424658A3AFC77FB8A388DFA8363CF1E
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/A6MPHW-ry3IMd8vrIoLbU-EA5CU.roa
Signing time:             Mon 01 Jan 2024 08:29:28 +0000
ROA not before:           Mon 01 Jan 2024 08:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201335
IP address blocks:        2a0f:7803:ffa0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:65:8a:3a:fc:77:fb:8a:38:8d:fa:83:63:cf:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jan  1 08:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=03a30f1d6fabcb720c77cbeb2282db53e100e425
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:39:d9:ed:3d:af:cd:fc:c7:98:44:55:2d:fc:
                    94:66:37:2a:4b:2b:75:17:e5:08:23:38:f5:c3:8b:
                    ec:da:c1:c5:9f:9d:88:66:f4:49:04:5b:93:4d:68:
                    21:dd:d2:3c:18:a3:2a:b7:94:47:87:48:bb:a6:92:
                    f9:c6:20:6d:85:0c:4e:b9:72:15:26:1a:45:78:42:
                    d5:80:f8:ea:0a:5b:84:b4:5e:cd:14:6d:d4:77:18:
                    f1:38:c8:96:65:d2:27:e6:a4:eb:4f:cf:8f:16:f4:
                    3a:4c:59:bc:7e:43:ee:42:55:e1:6b:f5:7d:91:ad:
                    f4:31:1d:3e:2b:6f:e2:b6:92:84:b6:4e:5f:99:5b:
                    9a:06:0c:32:fb:03:3e:5b:f2:d2:95:44:b4:b9:88:
                    80:fc:47:40:17:08:ff:56:b5:ea:ec:b2:57:48:c3:
                    b4:b9:b8:eb:f4:c6:fd:39:06:7f:20:ed:5a:8f:09:
                    f6:e0:39:ed:0d:b7:09:56:07:82:06:5d:94:fd:6b:
                    73:00:b8:fe:fa:62:0e:b0:f8:35:90:9d:73:fd:f0:
                    07:07:c3:ff:0c:7b:4e:0d:47:a8:61:27:d9:33:7e:
                    4d:bc:44:24:36:be:97:3d:e2:fb:f7:c5:77:d7:01:
                    94:be:77:65:fd:48:d6:94:27:86:1d:15:fd:bf:7f:
                    ac:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:A3:0F:1D:6F:AB:CB:72:0C:77:CB:EB:22:82:DB:53:E1:00:E4:25
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/A6MPHW-ry3IMd8vrIoLbU-EA5CU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7803:ffa0::/48

    Signature Algorithm: sha256WithRSAEncryption
         a0:27:50:8e:2f:32:04:b8:c9:dc:0f:2a:54:b2:84:eb:18:70:
         45:31:a4:4a:27:8b:62:0d:f6:d8:ec:a1:60:53:27:d9:93:b0:
         25:af:2f:13:d3:90:52:63:7f:f7:13:d8:d7:e4:3a:dc:ba:62:
         cf:f3:c8:20:56:e9:f2:c9:36:0d:cd:c5:2d:3f:28:9f:55:78:
         75:01:1f:82:a4:a8:e2:4f:e2:e3:49:22:84:3a:3f:55:2c:ed:
         77:0c:b2:20:10:03:db:5c:74:4b:cb:74:50:21:d6:ed:85:fb:
         1b:eb:b2:16:77:02:ae:83:d4:6b:b6:68:3f:1a:e8:31:4f:26:
         de:12:3f:04:0c:e8:5a:b1:ef:c5:10:90:4a:40:c2:c8:1b:15:
         af:cd:67:82:03:47:59:e2:d2:88:ce:d9:8b:b6:60:e5:95:ce:
         b7:f2:e2:15:90:ae:42:6b:69:fd:64:1d:5d:24:70:96:4a:8e:
         1e:60:08:50:82:8a:4e:fb:be:48:47:04:28:1a:25:cb:a5:1f:
         38:01:cf:e5:95:c3:ce:e5:19:16:5a:11:c3:6c:4a:ed:cd:28:
         35:81:a9:71:87:17:d1:64:db:7c:88:ca:dd:4c:3b:d9:1a:6c:
         ca:39:14:d4:65:36:78:f2:c9:ca:6f:ce:37:a4:c8:d0:2f:61:
         9a:f3:0f:8c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJGWKOvx3+4o4jfqDY88eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjQwMTAxMDgyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2EzMGYxZDZmYWJjYjcyMGM3N2NiZWIyMjgyZGI1M2UxMDBlNDI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjDnZ7T2vzfzHmERVLfyUZjcqSyt1
F+UIIzj1w4vs2sHFn52IZvRJBFuTTWgh3dI8GKMqt5RHh0i7ppL5xiBthQxOuXIV
JhpFeELVgPjqCluEtF7NFG3UdxjxOMiWZdIn5qTrT8+PFvQ6TFm8fkPuQlXha/V9
ka30MR0+K2/itpKEtk5fmVuaBgwy+wM+W/LSlUS0uYiA/EdAFwj/VrXq7LJXSMO0
ubjr9Mb9OQZ/IO1ajwn24DntDbcJVgeCBl2U/WtzALj++mIOsPg1kJ1z/fAHB8P/
DHtODUeoYSfZM35NvEQkNr6XPeL798V31wGUvndl/UjWlCeGHRX9v3+sswIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAOjDx1vq8tyDHfL6yKC21PhAOQlMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvQTZNUEhXLXJ5M0lNZDh2cklvTGJVLUVBNUNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg94A/+g
MA0GCSqGSIb3DQEBCwUAA4IBAQCgJ1COLzIEuMncDypUsoTrGHBFMaRKJ4tiDfbY
7KFgUyfZk7Alry8T05BSY3/3E9jX5DrcumLP88ggVunyyTYNzcUtPyifVXh1AR+C
pKjiT+LjSSKEOj9VLO13DLIgEAPbXHRLy3RQIdbthfsb67IWdwKug9Rrtmg/Gugx
TybeEj8EDOhase/FEJBKQMLIGxWvzWeCA0dZ4tKIztmLtmDllc638uIVkK5Ca2n9
ZB1dJHCWSo4eYAhQgopO+75IRwQoGiXLpR84Ac/llcPO5RkWWhHDbErtzSg1galx
hxfRZNt8iMrdTDvZGmzKORTUZTZ48snKb843pMjQL2Ga8w+M
-----END CERTIFICATE-----