Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/CVs8OwBEt5LSTy02Gmm2nEQoc6Y.roa
File:                     CVs8OwBEt5LSTy02Gmm2nEQoc6Y.roa (raw, json)
Hash identifier:          r0KDtpYvp6ZkplvxOP+6momfyMxg4NZqR2oxwkwrG/Y=
Subject key identifier:   09:5B:3C:3B:00:44:B7:92:D2:4F:2D:36:1A:69:B6:9C:44:28:73:A6
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       018EB39CAFD8D92BE0B60CE1D97EF81B8158
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/CVs8OwBEt5LSTy02Gmm2nEQoc6Y.roa
Signing time:             Sat 06 Apr 2024 13:32:54 +0000
ROA not before:           Sat 06 Apr 2024 13:32:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215276
IP address blocks:        2a0f:7803:fad0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:b3:9c:af:d8:d9:2b:e0:b6:0c:e1:d9:7e:f8:1b:81:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Apr  6 13:32:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=095b3c3b0044b792d24f2d361a69b69c442873a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:e0:fc:ba:b2:39:0e:6b:d8:66:7f:c7:d0:00:
                    d9:86:8a:e3:9e:a1:62:98:12:f7:d3:9a:a9:81:6e:
                    27:89:bb:2d:1d:2f:30:57:b0:d7:3a:bd:dd:3e:b1:
                    39:99:fa:ad:61:32:7f:53:7e:3c:25:eb:83:ab:c0:
                    d5:c0:8a:85:85:a1:3f:e9:d4:93:3e:fe:49:51:37:
                    22:ce:c1:03:93:44:78:f3:c6:85:34:67:26:50:b2:
                    7a:a4:ec:69:b1:06:e6:a3:af:c6:31:96:8d:ea:7f:
                    a5:31:75:f8:94:b5:92:c2:ca:58:35:c0:26:f8:20:
                    ef:af:16:2c:d4:1a:f3:9a:7a:44:43:e5:bb:30:69:
                    5b:53:ca:cd:90:06:5e:5f:95:40:af:ed:e0:9d:01:
                    94:4d:e5:f6:24:c2:c4:73:1b:38:09:b3:7c:04:61:
                    90:d3:1f:6f:32:c6:ff:c6:3f:87:a8:8c:2a:20:19:
                    05:2a:ac:45:49:2f:9b:73:c5:ae:86:5a:47:86:78:
                    1a:e7:ac:f3:dc:d0:60:0b:2e:df:9d:e5:58:0e:40:
                    89:21:9a:94:1f:0f:cf:f1:eb:8b:40:d4:a4:d5:f0:
                    3b:17:d9:34:34:60:e5:60:b6:56:06:a3:46:7a:07:
                    b4:96:e3:a3:33:b4:e9:4f:fc:83:ff:7c:fe:99:d0:
                    78:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:5B:3C:3B:00:44:B7:92:D2:4F:2D:36:1A:69:B6:9C:44:28:73:A6
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/CVs8OwBEt5LSTy02Gmm2nEQoc6Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7803:fad0::/44

    Signature Algorithm: sha256WithRSAEncryption
         16:19:b0:85:61:00:e1:e3:9b:15:bb:96:32:a1:93:c1:d1:b5:
         dd:85:b7:ca:6f:9d:bc:6e:64:b9:a8:c2:21:2c:93:31:79:60:
         23:c6:5a:74:52:34:a5:8e:97:2e:86:84:ab:f1:45:3c:cf:5a:
         42:69:00:41:60:f6:68:81:97:5a:5b:e1:ab:92:7a:68:c4:61:
         01:6f:ec:33:10:b8:9c:58:1f:3e:9b:2c:4e:b7:21:de:11:4d:
         40:d4:64:9d:b3:c2:b7:39:1e:08:25:ac:7d:c5:0f:cb:ac:39:
         71:d2:35:20:b7:7e:e5:6a:97:db:bb:1a:af:e8:24:9b:1e:1c:
         fd:be:bf:cf:66:d9:39:41:7b:e6:66:5b:0e:3f:5f:d7:c3:f2:
         a3:a0:69:38:4f:45:dc:e2:df:09:37:3c:91:34:6f:53:61:b3:
         c1:de:0f:e2:4c:46:f7:a1:4d:6f:aa:97:f7:60:cb:58:ac:ca:
         b6:c9:15:17:ed:11:e6:b5:74:5e:eb:5c:83:2f:9b:26:74:e7:
         d4:15:58:81:a0:7d:dd:ec:43:9c:de:80:3b:d3:eb:69:d5:15:
         e4:df:6f:64:cd:de:5b:65:59:29:3c:0f:88:62:af:bb:ca:b1:
         d3:93:67:11:8f:d8:67:50:97:83:51:07:90:2c:62:5a:63:bd:
         14:3d:ff:77
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY6znK/Y2Svgtgzh2X74G4FYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjQwNDA2MTMzMjU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTViM2MzYjAwNDRiNzkyZDI0ZjJkMzYxYTY5YjY5YzQ0Mjg3M2E2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1OD8urI5DmvYZn/H0ADZhorjnqFi
mBL305qpgW4nibstHS8wV7DXOr3dPrE5mfqtYTJ/U348JeuDq8DVwIqFhaE/6dST
Pv5JUTcizsEDk0R488aFNGcmULJ6pOxpsQbmo6/GMZaN6n+lMXX4lLWSwspYNcAm
+CDvrxYs1BrzmnpEQ+W7MGlbU8rNkAZeX5VAr+3gnQGUTeX2JMLEcxs4CbN8BGGQ
0x9vMsb/xj+HqIwqIBkFKqxFSS+bc8WuhlpHhnga56zz3NBgCy7fneVYDkCJIZqU
Hw/P8euLQNSk1fA7F9k0NGDlYLZWBqNGege0luOjM7TpT/yD/3z+mdB4CQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAlbPDsARLeS0k8tNhpptpxEKHOmMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvQ1ZzOE93QkV0NUxTVHkwMkdtbTJuRVFvYzZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg94A/rQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAWGbCFYQDh45sVu5YyoZPB0bXdhbfKb528bmS5
qMIhLJMxeWAjxlp0UjSljpcuhoSr8UU8z1pCaQBBYPZogZdaW+GrknpoxGEBb+wz
ELicWB8+myxOtyHeEU1A1GSds8K3OR4IJax9xQ/LrDlx0jUgt37lapfbuxqv6CSb
Hhz9vr/PZtk5QXvmZlsOP1/Xw/KjoGk4T0Xc4t8JNzyRNG9TYbPB3g/iTEb3oU1v
qpf3YMtYrMq2yRUX7RHmtXRe61yDL5smdOfUFViBoH3d7EOc3oA70+tp1RXk329k
zd5bZVkpPA+IYq+7yrHTk2cRj9hnUJeDUQeQLGJaY70UPf93
-----END CERTIFICATE-----