Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/Aeg4t5zAcG8xwJ8QPYSwmh7CdVE.roa
File:                     Aeg4t5zAcG8xwJ8QPYSwmh7CdVE.roa (raw, json)
Hash identifier:          o0mir75yWWb6Nwwebvcm5Cwnf9rtl/49JZhmAxJ/Z3c=
Subject key identifier:   01:E8:38:B7:9C:C0:70:6F:31:C0:9F:10:3D:84:B0:9A:1E:C2:75:51
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       018CC42463B044FDF90920980544AA3D4CA4
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/Aeg4t5zAcG8xwJ8QPYSwmh7CdVE.roa
Signing time:             Mon 01 Jan 2024 08:29:28 +0000
ROA not before:           Mon 01 Jan 2024 08:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198266
IP address blocks:        2a0f:7803:ffd0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:02:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:63:b0:44:fd:f9:09:20:98:05:44:aa:3d:4c:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jan  1 08:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=01e838b79cc0706f31c09f103d84b09a1ec27551
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:49:66:ba:54:b0:ce:65:c0:55:87:10:81:49:
                    d6:b2:0c:31:48:9f:90:03:f6:9b:16:8e:33:0b:04:
                    6e:dc:97:92:7e:d4:38:9f:96:c1:83:10:5a:51:28:
                    9e:93:80:22:9d:70:56:ac:90:ce:b6:ca:1e:24:3b:
                    73:f2:65:5d:49:56:0a:92:18:f1:5a:db:05:43:d8:
                    3b:5b:c1:77:e9:f1:25:f0:74:11:6e:fd:5e:6a:86:
                    1a:cf:9a:eb:74:34:5e:37:2f:e0:b8:35:f6:93:8e:
                    28:85:cc:60:da:83:6b:34:68:d5:e9:12:f8:15:a4:
                    ef:6f:b3:d7:b1:aa:c7:15:82:39:5a:2c:75:0a:4f:
                    1c:d0:92:40:a6:59:fd:b9:60:93:14:67:21:0d:16:
                    8f:0d:00:e6:c8:0c:86:50:de:b3:6b:a7:73:d5:ee:
                    89:98:c8:f1:f0:21:01:02:48:fe:dd:1a:9d:ce:7c:
                    f0:7e:8c:43:96:7d:01:f7:08:ca:93:a6:99:3c:c8:
                    8b:ef:85:b6:c6:71:71:87:59:7e:69:d6:66:d2:5f:
                    df:b3:2e:e1:bb:54:aa:81:ba:79:be:3e:f8:46:38:
                    06:02:05:d8:1f:ce:cb:80:3d:02:61:2c:6f:97:58:
                    be:3b:4e:aa:fe:e9:cd:0a:57:1b:7c:69:a2:3b:aa:
                    5b:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:E8:38:B7:9C:C0:70:6F:31:C0:9F:10:3D:84:B0:9A:1E:C2:75:51
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/Aeg4t5zAcG8xwJ8QPYSwmh7CdVE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7803:ffd0::/44

    Signature Algorithm: sha256WithRSAEncryption
         03:d9:4f:73:d6:b6:f8:9b:67:68:de:1b:f4:19:82:31:34:fc:
         3c:2e:a3:15:d6:ea:81:2d:4e:6a:a4:d6:62:b2:6e:ae:db:a5:
         cd:bc:29:ff:a0:b3:a4:d3:3c:8e:f4:38:1e:88:63:bc:45:fd:
         5f:e3:78:67:fd:44:07:f6:34:f0:76:c9:c2:aa:02:7c:28:01:
         c7:92:80:a6:c0:cd:14:76:c9:68:19:d6:d1:53:46:aa:4f:af:
         c6:fd:6e:3e:7a:61:1a:6e:1c:af:7a:79:a1:7a:47:96:8f:7b:
         92:47:e1:a0:21:85:86:d3:39:51:4a:1e:1f:0c:7a:47:6f:3e:
         1c:92:dd:b2:68:2f:c1:47:1d:e0:aa:6c:c7:1e:1d:77:28:05:
         ab:7c:96:6f:d8:18:ca:ed:c6:5c:8a:11:2a:6e:84:f8:31:91:
         32:5b:0f:eb:24:d1:50:54:4e:27:cd:1d:2a:96:5d:f2:f7:7a:
         e9:40:4a:25:1d:9d:1a:cb:3b:1a:6f:f9:c7:d2:d7:ad:14:d5:
         a4:0c:19:33:c7:72:fa:1e:19:e2:d9:c5:e0:eb:d6:1b:b2:f0:
         db:11:70:b9:ac:e0:23:20:c3:f8:42:ed:25:7f:fd:49:e1:99:
         1f:b5:ed:06:e7:04:e0:0b:6a:be:f6:f2:81:83:62:70:2e:c7:
         64:a3:00:50
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJGOwRP35CSCYBUSqPUykMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjQwMTAxMDgyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWU4MzhiNzljYzA3MDZmMzFjMDlmMTAzZDg0YjA5YTFlYzI3NTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiUlmulSwzmXAVYcQgUnWsgwxSJ+Q
A/abFo4zCwRu3JeSftQ4n5bBgxBaUSiek4AinXBWrJDOtsoeJDtz8mVdSVYKkhjx
WtsFQ9g7W8F36fEl8HQRbv1eaoYaz5rrdDReNy/guDX2k44ohcxg2oNrNGjV6RL4
FaTvb7PXsarHFYI5Wix1Ck8c0JJApln9uWCTFGchDRaPDQDmyAyGUN6za6dz1e6J
mMjx8CEBAkj+3RqdznzwfoxDln0B9wjKk6aZPMiL74W2xnFxh1l+adZm0l/fsy7h
u1Sqgbp5vj74RjgGAgXYH87LgD0CYSxvl1i+O06q/unNClcbfGmiO6pbVQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAHoOLecwHBvMcCfED2EsJoewnVRMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvQWVnNHQ1ekFjRzh4d0o4UVBZU3dtaDdDZFZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg94A//Q
MA0GCSqGSIb3DQEBCwUAA4IBAQAD2U9z1rb4m2do3hv0GYIxNPw8LqMV1uqBLU5q
pNZism6u26XNvCn/oLOk0zyO9DgeiGO8Rf1f43hn/UQH9jTwdsnCqgJ8KAHHkoCm
wM0UdsloGdbRU0aqT6/G/W4+emEabhyvenmhekeWj3uSR+GgIYWG0zlRSh4fDHpH
bz4ckt2yaC/BRx3gqmzHHh13KAWrfJZv2BjK7cZcihEqboT4MZEyWw/rJNFQVE4n
zR0qll3y93rpQEolHZ0ayzsab/nH0tetFNWkDBkzx3L6Hhni2cXg69YbsvDbEXC5
rOAjIMP4Qu0lf/1J4Zkfte0G5wTgC2q+9vKBg2JwLsdkowBQ
-----END CERTIFICATE-----