Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/Egt-d83CcFNcDr33icWcGimJX1Q.roa
File:                     Egt-d83CcFNcDr33icWcGimJX1Q.roa (raw, json)
Hash identifier:          Q+Q3GmXisv6JU9gym07auBKGQk4oHQXielXhxEAhxqw=
Subject key identifier:   12:0B:7E:77:CD:C2:70:53:5C:0E:BD:F7:89:C5:9C:1A:29:89:5F:54
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       018CC4245F591A37AE605C522B6EAB1F4DAB
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/Egt-d83CcFNcDr33icWcGimJX1Q.roa
Signing time:             Mon 01 Jan 2024 08:29:27 +0000
ROA not before:           Mon 01 Jan 2024 08:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        2a0f:7803:fd11::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:5f:59:1a:37:ae:60:5c:52:2b:6e:ab:1f:4d:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jan  1 08:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=120b7e77cdc270535c0ebdf789c59c1a29895f54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:8b:0d:3c:14:0a:b8:52:ff:7c:b1:7a:2e:3e:
                    2e:be:f3:b5:a5:4d:cb:5b:d4:a4:f1:2b:2e:20:19:
                    1e:0e:39:e9:e8:0e:21:c5:97:80:e7:ee:ce:2b:db:
                    7c:fb:29:4a:70:44:32:48:7f:a6:6f:e7:b5:fc:cc:
                    7e:36:d8:7a:4c:40:bd:31:23:a2:ac:c7:8c:85:23:
                    30:de:13:da:9f:c4:ad:dd:7b:19:a6:7d:9a:99:86:
                    f2:dc:42:55:2b:2e:d6:8e:e2:08:11:f4:91:9c:d9:
                    40:ca:ed:0e:3b:7c:a1:28:8a:2c:bd:9e:5c:30:3c:
                    03:df:29:75:19:99:b0:24:2c:2f:12:17:01:0e:cf:
                    f5:de:d1:67:08:ff:ee:fd:56:77:fd:44:1e:5d:d6:
                    3e:0c:fe:1c:a6:58:25:23:03:98:74:de:22:4c:54:
                    0a:72:e1:68:61:a0:34:e4:33:21:a4:4b:0a:af:d3:
                    c8:31:eb:21:32:01:c5:ad:82:5c:33:e3:ba:bd:97:
                    3a:51:62:20:71:22:63:d1:a8:e9:4c:ee:05:9c:ac:
                    a4:0a:1f:c5:49:fa:b0:7e:9c:20:18:e5:62:b7:d1:
                    24:89:99:1f:63:89:c8:24:15:01:cb:f6:e6:af:85:
                    62:f5:c2:f7:30:4d:9e:0a:7b:a2:72:ff:42:91:88:
                    fa:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:0B:7E:77:CD:C2:70:53:5C:0E:BD:F7:89:C5:9C:1A:29:89:5F:54
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/Egt-d83CcFNcDr33icWcGimJX1Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7803:fd11::/48

    Signature Algorithm: sha256WithRSAEncryption
         3d:38:20:9d:57:3b:d3:a5:36:b3:be:99:de:f5:14:b9:55:d2:
         60:90:db:43:4c:f3:d4:19:e6:83:64:1c:83:88:02:19:3e:51:
         28:94:b2:32:81:73:6f:d8:dc:e2:75:21:11:7d:9d:47:b1:01:
         11:e7:9e:a5:0b:ba:37:05:76:31:e9:02:f0:5b:3f:62:66:47:
         c8:37:3f:e6:6d:b4:bc:b5:98:36:e3:b4:00:94:71:d6:05:f2:
         23:e7:91:e6:eb:f7:8f:03:d2:8b:58:49:d2:64:12:1f:82:d1:
         a8:3b:00:fb:1d:fc:6b:3a:95:b7:c2:1d:92:6f:47:bc:9d:5d:
         da:32:7f:8b:c9:60:c0:bf:5c:00:70:30:f2:88:10:19:44:29:
         40:b7:fe:ae:62:80:5d:88:13:86:f6:07:67:3a:1d:e0:27:d2:
         0b:f4:b5:ad:77:02:03:a5:7e:44:a2:2f:c5:4b:0a:c6:75:5a:
         dd:91:3a:d3:8b:fd:ac:66:93:30:05:c5:0f:b6:ff:b1:16:61:
         99:16:bb:d1:ea:58:1e:83:7b:cd:89:d4:cc:da:7d:6f:13:9d:
         0a:5c:6a:90:c7:8e:b8:c0:62:e0:f5:b1:44:ae:de:62:d4:34:
         fc:8c:92:6e:ef:bb:a9:cb:5e:3a:3f:47:85:fd:15:21:3c:ac:
         67:28:0a:30
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJF9ZGjeuYFxSK26rH02rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjQwMTAxMDgyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjBiN2U3N2NkYzI3MDUzNWMwZWJkZjc4OWM1OWMxYTI5ODk1ZjU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoIsNPBQKuFL/fLF6Lj4uvvO1pU3L
W9Sk8SsuIBkeDjnp6A4hxZeA5+7OK9t8+ylKcEQySH+mb+e1/Mx+Nth6TEC9MSOi
rMeMhSMw3hPan8St3XsZpn2amYby3EJVKy7WjuIIEfSRnNlAyu0OO3yhKIosvZ5c
MDwD3yl1GZmwJCwvEhcBDs/13tFnCP/u/VZ3/UQeXdY+DP4cplglIwOYdN4iTFQK
cuFoYaA05DMhpEsKr9PIMeshMgHFrYJcM+O6vZc6UWIgcSJj0ajpTO4FnKykCh/F
SfqwfpwgGOVit9EkiZkfY4nIJBUBy/bmr4Vi9cL3ME2eCnuicv9CkYj6XQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBILfnfNwnBTXA6994nFnBopiV9UMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvRWd0LWQ4M0NjRk5jRHIzM2ljV2NHaW1KWDFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg94A/0R
MA0GCSqGSIb3DQEBCwUAA4IBAQA9OCCdVzvTpTazvpne9RS5VdJgkNtDTPPUGeaD
ZByDiAIZPlEolLIygXNv2NzidSERfZ1HsQER556lC7o3BXYx6QLwWz9iZkfINz/m
bbS8tZg247QAlHHWBfIj55Hm6/ePA9KLWEnSZBIfgtGoOwD7HfxrOpW3wh2Sb0e8
nV3aMn+LyWDAv1wAcDDyiBAZRClAt/6uYoBdiBOG9gdnOh3gJ9IL9LWtdwIDpX5E
oi/FSwrGdVrdkTrTi/2sZpMwBcUPtv+xFmGZFrvR6lgeg3vNidTM2n1vE50KXGqQ
x464wGLg9bFErt5i1DT8jJJu77upy146P0eF/RUhPKxnKAow
-----END CERTIFICATE-----