Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/BTd6aueMfJjiVH5hJV12_5glpSk.roa
File:                     BTd6aueMfJjiVH5hJV12_5glpSk.roa (raw, json)
Hash identifier:          UFFwOobIvPr5KHXb4QrjyLntgm8PHx51UF+Nc4ynPh4=
Subject key identifier:   05:37:7A:6A:E7:8C:7C:98:E2:54:7E:61:25:5D:76:FF:98:25:A5:29
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       0190CC26475D3C492F6EB6384D99847C1CA2
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/BTd6aueMfJjiVH5hJV12_5glpSk.roa
Signing time:             Fri 19 Jul 2024 17:59:39 +0000
ROA not before:           Fri 19 Jul 2024 17:59:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        2a0f:7803:db1f::/48 maxlen: 48
                          2a0f:7803:db73::/48 maxlen: 48
                          2a0f:7803:fc50::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:cc:26:47:5d:3c:49:2f:6e:b6:38:4d:99:84:7c:1c:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jul 19 17:59:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=05377a6ae78c7c98e2547e61255d76ff9825a529
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:55:7b:09:a5:16:95:a4:b9:e6:cd:47:59:09:
                    b6:fa:f3:ca:72:fb:6a:c9:28:83:b7:95:38:1c:6e:
                    97:97:93:34:78:cc:e8:bb:6a:53:10:ed:14:09:4e:
                    d5:b5:88:86:30:03:75:4c:16:03:80:b4:8d:de:8b:
                    4d:b2:29:b8:2b:ba:15:6b:bb:96:7b:89:32:87:2b:
                    88:87:17:c1:c2:f6:64:81:1d:99:50:1b:cc:d4:e4:
                    29:58:ca:88:91:5a:a5:21:0e:fd:fd:2b:3a:82:40:
                    94:3e:13:0b:b5:62:71:f0:6c:7e:71:c3:76:78:71:
                    78:64:12:2d:e1:07:5a:e0:89:2d:53:93:87:d1:43:
                    46:24:72:a9:54:fe:81:d7:ff:28:a8:8b:7a:4a:36:
                    ff:82:11:a1:45:71:ed:90:9f:8d:cf:44:24:ef:cb:
                    4a:08:f5:f6:f7:05:1a:7b:d6:cf:28:40:14:66:fd:
                    0b:e7:e8:3a:d9:44:1d:a9:4e:4a:e6:67:48:55:66:
                    bb:d7:96:62:26:70:63:9d:c6:75:6e:04:bc:0e:f9:
                    94:5b:fc:30:c6:47:6e:70:c7:5b:ae:12:5e:de:a6:
                    dd:15:b5:c4:85:0c:49:56:7f:81:4b:69:61:78:1b:
                    48:2f:88:78:a3:f6:16:f1:69:79:24:c8:61:4d:54:
                    62:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:37:7A:6A:E7:8C:7C:98:E2:54:7E:61:25:5D:76:FF:98:25:A5:29
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/BTd6aueMfJjiVH5hJV12_5glpSk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7803:db1f::/48
                  2a0f:7803:db73::/48
                  2a0f:7803:fc50::/48

    Signature Algorithm: sha256WithRSAEncryption
         3e:5f:b6:74:8c:74:64:9c:b8:35:aa:5c:6a:1e:6a:10:be:06:
         e2:c0:56:bb:2b:f5:a2:65:e1:32:99:84:3c:96:a3:7d:51:d5:
         e8:ef:26:4c:dd:94:b1:69:1e:c4:a8:99:10:78:d7:01:0a:2f:
         d1:c8:86:2a:a0:52:f1:9e:03:32:2a:9c:19:29:63:3a:85:de:
         e2:c2:13:c2:64:c7:e7:c8:77:b5:68:ed:65:b5:e5:f7:ca:9c:
         1a:9c:39:ec:43:96:f4:a9:15:73:25:0c:cb:88:4f:f5:72:6e:
         14:70:33:35:f3:27:f8:11:0c:72:b2:9e:2f:77:84:a1:8a:be:
         af:fa:9f:83:ff:db:ff:eb:78:d3:c7:fe:f9:3e:87:b8:ce:a6:
         b6:82:ca:41:0e:eb:55:c7:fd:82:90:26:bc:94:67:bb:70:5b:
         87:e0:a2:e1:66:c0:d8:83:05:1a:7a:34:1d:ce:18:63:e0:fb:
         71:48:42:66:94:58:48:26:d4:42:71:02:de:df:b7:d0:98:1c:
         b4:5c:78:78:b9:e1:1a:36:af:c4:e8:95:0d:43:f9:4e:4d:30:
         34:f0:2c:20:0c:18:82:4f:3f:b5:67:f5:8b:00:4b:dc:0c:a4:
         12:a2:f3:8f:31:56:75:2f:56:09:06:e5:4a:1e:f7:21:22:56:
         d2:3b:56:9a
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZDMJkddPEkvbrY4TZmEfByiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjQwNzE5MTc1OTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTM3N2E2YWU3OGM3Yzk4ZTI1NDdlNjEyNTVkNzZmZjk4MjVhNTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx1V7CaUWlaS55s1HWQm2+vPKcvtq
ySiDt5U4HG6Xl5M0eMzou2pTEO0UCU7VtYiGMAN1TBYDgLSN3otNsim4K7oVa7uW
e4kyhyuIhxfBwvZkgR2ZUBvM1OQpWMqIkVqlIQ79/Ss6gkCUPhMLtWJx8Gx+ccN2
eHF4ZBIt4Qda4IktU5OH0UNGJHKpVP6B1/8oqIt6Sjb/ghGhRXHtkJ+Nz0Qk78tK
CPX29wUae9bPKEAUZv0L5+g62UQdqU5K5mdIVWa715ZiJnBjncZ1bgS8DvmUW/ww
xkducMdbrhJe3qbdFbXEhQxJVn+BS2lheBtIL4h4o/YW8Wl5JMhhTVRiKQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFAU3emrnjHyY4lR+YSVddv+YJaUpMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvQlRkNmF1ZU1mSmppVkg1aEpWMTJfNWdscFNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcAKg94A9sf
AwcAKg94A9tzAwcAKg94A/xQMA0GCSqGSIb3DQEBCwUAA4IBAQA+X7Z0jHRknLg1
qlxqHmoQvgbiwFa7K/WiZeEymYQ8lqN9UdXo7yZM3ZSxaR7EqJkQeNcBCi/RyIYq
oFLxngMyKpwZKWM6hd7iwhPCZMfnyHe1aO1lteX3ypwanDnsQ5b0qRVzJQzLiE/1
cm4UcDM18yf4EQxysp4vd4Shir6v+p+D/9v/63jTx/75Poe4zqa2gspBDutVx/2C
kCa8lGe7cFuH4KLhZsDYgwUaejQdzhhj4PtxSEJmlFhIJtRCcQLe37fQmBy0XHh4
ueEaNq/E6JUNQ/lOTTA08CwgDBiCTz+1Z/WLAEvcDKQSovOPMVZ1L1YJBuVKHvch
IlbSO1aa
-----END CERTIFICATE-----