Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/DjK3wWqSzHB10S1nokvJjM0OsUE.roa
File:                     DjK3wWqSzHB10S1nokvJjM0OsUE.roa (raw, json)
Hash identifier:          rZT0Kc6EuzDhyibrBz3CgMVx2sVf7jg6JnlEX4ISVMk=
Subject key identifier:   0E:32:B7:C1:6A:92:CC:70:75:D1:2D:67:A2:4B:C9:8C:CD:0E:B1:41
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       01942369E947B0F1F3AE50C0CDDDBFED3EBE
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/DjK3wWqSzHB10S1nokvJjM0OsUE.roa
Signing time:             Wed 01 Jan 2025 19:48:51 +0000
ROA not before:           Wed 01 Jan 2025 19:48:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197860
IP address blocks:        2a0f:7803:fed0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:e9:47:b0:f1:f3:ae:50:c0:cd:dd:bf:ed:3e:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jan  1 19:48:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0e32b7c16a92cc7075d12d67a24bc98ccd0eb141
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:1d:f5:34:57:fd:c8:79:41:ce:cf:43:52:b7:
                    38:37:65:02:67:d8:93:1e:3c:76:22:42:9a:3a:62:
                    5c:65:94:e6:d6:d7:f1:71:e2:aa:7d:ff:35:15:8c:
                    43:fa:c5:9f:58:7c:84:9f:25:e7:14:78:26:f7:6f:
                    35:9e:50:2a:4e:24:14:e3:8e:e1:c9:77:96:f1:10:
                    6e:3c:5c:46:8e:7c:13:a3:d6:94:54:bd:6d:75:3b:
                    5f:4d:a0:ea:99:cb:49:f4:61:1d:c7:62:f8:d1:d7:
                    63:fb:37:03:fb:83:c7:6a:91:6c:2b:83:50:08:13:
                    94:d7:d6:42:ad:04:a5:84:d4:24:ca:17:3f:f0:d6:
                    24:4c:22:11:04:41:c3:10:b4:c2:72:04:8c:f4:6e:
                    d1:3f:cb:b1:93:83:38:04:ec:4a:4d:cc:f8:a5:f5:
                    19:f1:20:11:47:39:62:aa:98:16:4b:33:a5:14:79:
                    d0:8f:53:9b:1b:a7:80:37:50:ed:41:38:95:67:06:
                    2a:15:d3:3b:c9:7a:0e:3e:62:2f:0e:6a:83:f0:ee:
                    2a:7e:b2:7e:a2:31:3b:15:1a:7b:2f:bb:7d:5c:fa:
                    cc:47:b7:d3:26:5a:60:93:d8:c0:d2:40:dc:72:ef:
                    e6:4c:70:2a:c1:84:ce:b5:6d:94:e4:f9:37:57:7e:
                    d1:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:32:B7:C1:6A:92:CC:70:75:D1:2D:67:A2:4B:C9:8C:CD:0E:B1:41
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/DjK3wWqSzHB10S1nokvJjM0OsUE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7803:fed0::/44

    Signature Algorithm: sha256WithRSAEncryption
         26:52:3f:7b:03:37:41:3e:98:de:4d:3f:d1:10:bf:0d:92:3d:
         f0:9c:a1:3b:0a:93:59:0c:cf:15:02:bd:22:7c:b1:f4:07:aa:
         ae:77:6b:93:25:79:a7:4e:e8:8c:93:40:06:d1:17:68:76:44:
         f2:83:91:d5:e3:d9:d5:83:82:85:35:bd:0a:2c:eb:56:63:3d:
         a7:24:77:d5:5c:b9:84:ad:31:9c:80:19:07:b1:6b:72:d0:91:
         76:ef:07:50:31:2d:73:b8:3d:dd:b7:db:5e:c2:60:72:85:6f:
         7e:93:91:02:e5:ae:22:e4:84:44:0c:f9:b2:5a:8f:6e:de:82:
         74:14:d3:5a:9e:59:d9:d1:c0:f9:32:61:c6:37:66:63:a1:f6:
         ef:2a:f8:b7:a2:2d:30:68:a5:f1:06:f1:29:51:cd:d1:48:ff:
         5a:f4:e5:2d:50:c0:29:d6:1d:44:cc:b6:0e:ed:e0:4b:3e:0b:
         0a:15:34:f1:fd:fb:65:03:3c:53:e0:93:f1:be:86:f0:d5:00:
         db:8c:bb:ba:c5:f1:b5:35:f2:85:cf:fd:c0:bd:8c:bd:e9:20:
         c6:e5:ac:fd:b2:3e:29:f6:05:e0:7f:c1:11:ca:9e:61:71:2b:
         2e:f1:ff:cc:2b:12:36:74:89:17:9a:60:96:40:ed:8f:d1:ac:
         77:03:7f:73
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQjaelHsPHzrlDAzd2/7T6+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjUwMTAxMTk0ODUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTMyYjdjMTZhOTJjYzcwNzVkMTJkNjdhMjRiYzk4Y2NkMGViMTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxR31NFf9yHlBzs9DUrc4N2UCZ9iT
Hjx2IkKaOmJcZZTm1tfxceKqff81FYxD+sWfWHyEnyXnFHgm9281nlAqTiQU447h
yXeW8RBuPFxGjnwTo9aUVL1tdTtfTaDqmctJ9GEdx2L40ddj+zcD+4PHapFsK4NQ
CBOU19ZCrQSlhNQkyhc/8NYkTCIRBEHDELTCcgSM9G7RP8uxk4M4BOxKTcz4pfUZ
8SARRzliqpgWSzOlFHnQj1ObG6eAN1DtQTiVZwYqFdM7yXoOPmIvDmqD8O4qfrJ+
ojE7FRp7L7t9XPrMR7fTJlpgk9jA0kDccu/mTHAqwYTOtW2U5Pk3V37RJwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFA4yt8FqksxwddEtZ6JLyYzNDrFBMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvRGpLM3dXcVN6SEIxMFMxbm9rdkpqTTBPc1VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg94A/7Q
MA0GCSqGSIb3DQEBCwUAA4IBAQAmUj97AzdBPpjeTT/REL8Nkj3wnKE7CpNZDM8V
Ar0ifLH0B6qud2uTJXmnTuiMk0AG0RdodkTyg5HV49nVg4KFNb0KLOtWYz2nJHfV
XLmErTGcgBkHsWty0JF27wdQMS1zuD3dt9tewmByhW9+k5EC5a4i5IREDPmyWo9u
3oJ0FNNanlnZ0cD5MmHGN2ZjofbvKvi3oi0waKXxBvEpUc3RSP9a9OUtUMAp1h1E
zLYO7eBLPgsKFTTx/ftlAzxT4JPxvobw1QDbjLu6xfG1NfKFz/3AvYy96SDG5az9
sj4p9gXgf8ERyp5hcSsu8f/MKxI2dIkXmmCWQO2P0ax3A39z
-----END CERTIFICATE-----