Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/Jwm1aDJVaDqgmIXNd8NeSkpbNWc.roa
File:                     Jwm1aDJVaDqgmIXNd8NeSkpbNWc.roa (raw, json)
Hash identifier:          ZedZaWM1LKV5JBtsZOKql3EHlZQrOK/Q4X+Eb+7I+lw=
Subject key identifier:   27:09:B5:68:32:55:68:3A:A0:98:85:CD:77:C3:5E:4A:4A:5B:35:67
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       018CC42465C09000FF2E870E0AA28E86FD08
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/Jwm1aDJVaDqgmIXNd8NeSkpbNWc.roa
Signing time:             Mon 01 Jan 2024 08:29:28 +0000
ROA not before:           Mon 01 Jan 2024 08:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202402
IP address blocks:        2a0f:7803:ff90::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:65:c0:90:00:ff:2e:87:0e:0a:a2:8e:86:fd:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jan  1 08:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2709b5683255683aa09885cd77c35e4a4a5b3567
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:1c:62:cc:24:56:36:9f:0a:17:ff:b3:c1:aa:
                    0f:3f:9b:a3:56:a1:64:c4:98:9f:a1:a9:8f:86:10:
                    35:0c:a4:8e:6f:87:a4:9e:0b:22:4a:e1:3f:49:09:
                    c7:ed:83:2e:80:ed:99:da:c9:d7:89:24:4c:73:7a:
                    59:0a:8e:36:bd:ba:5d:00:23:38:83:bc:9a:1b:bc:
                    dd:cb:ae:a2:95:39:e3:8c:32:73:de:b9:0a:2a:ed:
                    50:3b:12:1e:0b:c8:5e:c5:20:22:ec:6b:1d:ae:7f:
                    98:14:84:bd:70:24:8f:21:01:ad:26:c5:ee:ab:6e:
                    fa:85:5a:67:fe:7c:c0:cd:2d:47:23:15:2b:c9:93:
                    6a:65:7a:da:9e:8c:54:26:ca:f7:bf:d1:7c:81:e9:
                    b7:4c:e1:ce:c2:6f:78:f3:96:7c:18:43:ca:c9:09:
                    34:c4:83:a8:53:5c:c7:50:b6:4e:bf:c8:29:86:22:
                    ab:1f:09:58:eb:64:8a:95:8a:75:d4:60:5d:79:d3:
                    ac:01:10:42:79:b4:ca:48:60:ab:86:c6:52:07:e8:
                    18:00:22:5f:11:cb:10:bc:e1:a5:6b:26:63:93:30:
                    b9:70:f2:d6:d3:c2:ff:54:fe:f6:72:9f:54:5f:9c:
                    5c:d6:0a:34:98:62:90:cd:f4:1b:7e:9a:ff:a5:1f:
                    0d:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:09:B5:68:32:55:68:3A:A0:98:85:CD:77:C3:5E:4A:4A:5B:35:67
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/Jwm1aDJVaDqgmIXNd8NeSkpbNWc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7803:ff90::/44

    Signature Algorithm: sha256WithRSAEncryption
         7d:04:48:e7:11:88:d0:d9:62:59:03:7e:c6:f4:05:f1:69:cd:
         c8:de:67:45:cc:1d:42:46:0b:22:8e:6a:1e:47:43:97:a2:c7:
         9d:32:92:d8:de:54:bf:a4:9f:7a:55:5e:ff:31:09:4f:94:f5:
         75:17:8b:17:01:52:3c:4b:4c:bb:4b:05:4f:5a:81:df:77:03:
         66:26:ff:d6:07:58:a4:00:60:22:d7:62:9b:8c:36:2e:19:96:
         ad:14:91:26:23:b8:90:10:8e:2c:d3:5b:00:54:cf:07:24:7c:
         ed:aa:92:15:52:db:e9:3d:ba:c5:b0:f3:52:a7:b2:9b:af:45:
         0a:5e:5f:99:2a:5d:29:29:65:e5:4a:d9:7b:57:68:9a:30:dd:
         a6:5c:58:7b:7e:f3:94:2c:27:23:5d:5b:a5:f6:df:12:7b:23:
         b6:91:f2:d0:d4:b1:d5:5c:de:7e:aa:d9:4b:da:dd:01:fd:16:
         95:74:cf:b6:c5:e4:fc:b3:ca:8f:f5:30:9b:1b:27:09:11:b1:
         99:99:80:29:74:8f:86:a8:aa:ae:c2:09:64:9a:d3:83:e9:d2:
         a9:ac:d0:4c:75:7b:51:d3:d4:12:dd:7f:21:7b:ea:7e:ae:3b:
         0e:09:ca:e4:af:5a:4c:6f:86:ad:2c:c7:45:3c:73:f6:41:17:
         c6:b3:0c:fe
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJGXAkAD/LocOCqKOhv0IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjQwMTAxMDgyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzA5YjU2ODMyNTU2ODNhYTA5ODg1Y2Q3N2MzNWU0YTRhNWIzNTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8RxizCRWNp8KF/+zwaoPP5ujVqFk
xJifoamPhhA1DKSOb4ekngsiSuE/SQnH7YMugO2Z2snXiSRMc3pZCo42vbpdACM4
g7yaG7zdy66ilTnjjDJz3rkKKu1QOxIeC8hexSAi7Gsdrn+YFIS9cCSPIQGtJsXu
q276hVpn/nzAzS1HIxUryZNqZXranoxUJsr3v9F8gem3TOHOwm9485Z8GEPKyQk0
xIOoU1zHULZOv8gphiKrHwlY62SKlYp11GBdedOsARBCebTKSGCrhsZSB+gYACJf
EcsQvOGlayZjkzC5cPLW08L/VP72cp9UX5xc1go0mGKQzfQbfpr/pR8NQQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCcJtWgyVWg6oJiFzXfDXkpKWzVnMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvSndtMWFESlZhRHFnbUlYTmQ4TmVTa3BiTldjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg94A/+Q
MA0GCSqGSIb3DQEBCwUAA4IBAQB9BEjnEYjQ2WJZA37G9AXxac3I3mdFzB1CRgsi
jmoeR0OXosedMpLY3lS/pJ96VV7/MQlPlPV1F4sXAVI8S0y7SwVPWoHfdwNmJv/W
B1ikAGAi12KbjDYuGZatFJEmI7iQEI4s01sAVM8HJHztqpIVUtvpPbrFsPNSp7Kb
r0UKXl+ZKl0pKWXlStl7V2iaMN2mXFh7fvOULCcjXVul9t8SeyO2kfLQ1LHVXN5+
qtlL2t0B/RaVdM+2xeT8s8qP9TCbGycJEbGZmYApdI+GqKquwglkmtOD6dKprNBM
dXtR09QS3X8he+p+rjsOCcrkr1pMb4atLMdFPHP2QRfGswz+
-----END CERTIFICATE-----