Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/IOQ5z1_3Ey-Hst4lhBc2BZkzvKc.roa
File:                     IOQ5z1_3Ey-Hst4lhBc2BZkzvKc.roa (raw, json)
Hash identifier:          OENMFmGXS5v6r3EsJUf143faV41gz/zbYMgEDMP97qs=
Subject key identifier:   20:E4:39:CF:5F:F7:13:2F:87:B2:DE:25:84:17:36:05:99:33:BC:A7
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       019160F435CA71516848C2AD6637AB1DB7C1
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/IOQ5z1_3Ey-Hst4lhBc2BZkzvKc.roa
Signing time:             Sat 17 Aug 2024 15:28:22 +0000
ROA not before:           Sat 17 Aug 2024 15:28:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214672
IP address blocks:        2a0f:7803:f980::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 08:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:60:f4:35:ca:71:51:68:48:c2:ad:66:37:ab:1d:b7:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Aug 17 15:28:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=20e439cf5ff7132f87b2de25841736059933bca7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:17:12:e7:ed:ad:40:42:e4:8a:2c:c6:ec:5e:
                    df:db:90:b2:20:ec:e4:82:fe:ef:f9:7a:2a:7d:10:
                    47:86:2f:42:17:ef:43:56:9f:54:83:36:8c:e9:64:
                    fe:46:82:ac:8a:7a:1e:9d:72:0e:1b:d0:f1:4a:76:
                    df:a1:32:7c:27:5c:dc:21:98:ea:92:e9:c8:66:ff:
                    95:9a:c5:4f:fc:9f:3e:aa:7b:74:b9:95:ce:9e:7a:
                    1e:04:95:d6:16:99:0c:8e:b5:8b:f4:b5:b5:07:01:
                    a8:34:4f:a6:68:24:0f:e6:2c:2a:ee:b6:8b:0d:55:
                    38:a6:12:60:7e:be:3b:1a:e3:bd:89:5b:a2:10:b3:
                    7f:df:96:01:1f:d0:c8:26:01:13:08:be:f9:33:c7:
                    4d:35:a9:f4:ab:f1:90:07:1d:a2:d2:f5:24:34:22:
                    ef:d9:c5:87:91:d3:9c:f8:76:1e:81:8a:90:81:6e:
                    60:fc:fd:85:d7:95:50:0c:e8:9f:1c:47:16:27:07:
                    8b:46:03:cd:de:79:d2:52:17:71:59:08:fa:f5:4b:
                    9e:bd:cb:4c:78:36:93:17:f7:09:e3:25:24:01:bb:
                    9b:d5:4b:c0:8b:70:f5:47:e1:82:c7:10:ef:ba:70:
                    74:63:76:d0:d4:f0:e0:b4:c9:86:ec:d4:97:5d:95:
                    b5:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:E4:39:CF:5F:F7:13:2F:87:B2:DE:25:84:17:36:05:99:33:BC:A7
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/IOQ5z1_3Ey-Hst4lhBc2BZkzvKc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7803:f980::/44

    Signature Algorithm: sha256WithRSAEncryption
         7a:07:55:93:12:d0:6d:2d:65:97:dd:0f:0b:ef:be:98:e9:af:
         ae:54:d6:13:29:59:8d:a1:a8:98:fd:d9:e0:df:70:62:36:5b:
         91:b6:38:f7:bc:76:07:36:25:fc:a2:13:14:f7:42:fd:6d:28:
         74:b2:92:87:92:92:4f:34:f3:62:5a:7e:d1:54:b0:29:12:2b:
         84:62:f5:f9:44:9f:8c:22:19:96:7d:fc:b3:d6:86:8c:70:d6:
         95:6a:ef:4e:3d:04:84:df:72:83:e7:06:bf:e4:6d:a4:8d:3a:
         0c:6f:31:4e:53:db:b0:6a:02:e2:84:cb:f8:59:d0:a8:ec:59:
         a3:a8:a3:1d:7c:26:ba:f7:e2:ae:de:b4:18:21:f0:7d:08:1a:
         29:bb:c8:60:08:be:5a:82:d7:75:14:4c:23:8b:de:b9:d7:79:
         66:c0:9a:88:78:f4:d9:ee:be:90:42:9e:f7:df:3a:c1:4e:fe:
         36:ee:bf:b5:d2:f2:08:f5:82:d4:4d:91:79:79:37:4f:9c:0b:
         1d:c0:ab:14:a2:61:c0:e5:dc:e8:da:52:c9:4a:cf:41:c0:ab:
         21:8e:86:e7:9c:0a:61:77:d0:b0:fa:ad:ed:74:97:78:65:e6:
         42:13:c2:48:19:ce:13:51:96:9d:c1:4f:6d:29:31:48:9f:a8:
         3b:01:e1:74
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZFg9DXKcVFoSMKtZjerHbfBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjQwODE3MTUyODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGU0MzljZjVmZjcxMzJmODdiMmRlMjU4NDE3MzYwNTk5MzNiY2E3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoRcS5+2tQELkiizG7F7f25CyIOzk
gv7v+XoqfRBHhi9CF+9DVp9UgzaM6WT+RoKsinoenXIOG9DxSnbfoTJ8J1zcIZjq
kunIZv+VmsVP/J8+qnt0uZXOnnoeBJXWFpkMjrWL9LW1BwGoNE+maCQP5iwq7raL
DVU4phJgfr47GuO9iVuiELN/35YBH9DIJgETCL75M8dNNan0q/GQBx2i0vUkNCLv
2cWHkdOc+HYegYqQgW5g/P2F15VQDOifHEcWJweLRgPN3nnSUhdxWQj69UuevctM
eDaTF/cJ4yUkAbub1UvAi3D1R+GCxxDvunB0Y3bQ1PDgtMmG7NSXXZW1MQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCDkOc9f9xMvh7LeJYQXNgWZM7ynMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvSU9RNXoxXzNFeS1Ic3Q0bGhCYzJCWmt6dktjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg94A/mA
MA0GCSqGSIb3DQEBCwUAA4IBAQB6B1WTEtBtLWWX3Q8L776Y6a+uVNYTKVmNoaiY
/dng33BiNluRtjj3vHYHNiX8ohMU90L9bSh0spKHkpJPNPNiWn7RVLApEiuEYvX5
RJ+MIhmWffyz1oaMcNaVau9OPQSE33KD5wa/5G2kjToMbzFOU9uwagLihMv4WdCo
7FmjqKMdfCa69+Ku3rQYIfB9CBopu8hgCL5agtd1FEwji96513lmwJqIePTZ7r6Q
Qp733zrBTv427r+10vII9YLUTZF5eTdPnAsdwKsUomHA5dzo2lLJSs9BwKshjobn
nAphd9Cw+q3tdJd4ZeZCE8JIGc4TUZadwU9tKTFIn6g7AeF0
-----END CERTIFICATE-----