Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/KVOTlYUdbYnffozD9kpZYmu-CEg.roa
File:                     KVOTlYUdbYnffozD9kpZYmu-CEg.roa (raw, json)
Hash identifier:          FtawEdH9vdXHCSfc0Dt9WPQgs4+ya5aMq2JTcI/5xJ4=
Subject key identifier:   29:53:93:95:85:1D:6D:89:DF:7E:8C:C3:F6:4A:59:62:6B:BE:08:48
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       01942369E132CD3176C2A0EC48AEBDB9BF26
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/KVOTlYUdbYnffozD9kpZYmu-CEg.roa
Signing time:             Wed 01 Jan 2025 19:48:48 +0000
ROA not before:           Wed 01 Jan 2025 19:48:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3258
IP address blocks:        2a0f:7800:900::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:e1:32:cd:31:76:c2:a0:ec:48:ae:bd:b9:bf:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jan  1 19:48:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=29539395851d6d89df7e8cc3f64a59626bbe0848
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:23:50:71:5f:03:17:34:4e:af:23:69:91:7a:
                    34:bb:06:aa:6a:78:28:71:02:bf:c9:a2:7d:5c:b8:
                    cb:af:b8:93:93:cd:1c:37:1a:ed:9c:64:f1:0d:07:
                    8d:0e:da:00:3e:d9:ab:de:b7:48:21:86:58:0a:2e:
                    47:65:77:04:47:8a:c0:b6:2d:67:9b:26:47:45:6d:
                    00:1e:0b:a3:12:44:83:91:51:ee:e5:4d:a9:41:8f:
                    f7:d2:67:58:fc:88:ba:6e:d8:ef:db:50:0c:aa:3f:
                    f1:d0:f8:7a:8b:49:97:69:41:76:47:09:98:7f:0f:
                    78:97:c9:b7:b4:f5:d4:7c:1f:91:d6:33:12:5b:c1:
                    16:f5:83:62:f4:a4:3a:ae:8b:27:c4:e6:c2:2c:6c:
                    b5:52:37:f1:31:c7:6e:d0:b4:73:0c:7f:8c:15:6e:
                    c4:f9:ef:73:45:04:fc:de:5c:d6:4a:ad:a0:0a:23:
                    29:b0:a1:97:70:c3:68:17:c0:de:0f:a0:f5:61:85:
                    31:f6:fa:1c:24:77:01:fa:c6:dc:2d:a7:2b:d1:f8:
                    15:c0:4d:b3:4b:8c:0a:49:f4:77:da:7c:9e:f8:49:
                    bc:c4:b7:67:ab:57:ae:5d:b8:7b:f6:63:b6:6a:11:
                    85:16:f7:f0:32:fa:ca:61:50:80:88:aa:8f:20:81:
                    c9:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:53:93:95:85:1D:6D:89:DF:7E:8C:C3:F6:4A:59:62:6B:BE:08:48
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/KVOTlYUdbYnffozD9kpZYmu-CEg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7800:900::/40

    Signature Algorithm: sha256WithRSAEncryption
         71:d5:48:21:af:fa:13:c8:9c:1c:ec:e8:eb:50:ff:de:97:8e:
         fd:f1:35:74:a8:f7:19:a2:da:e1:a4:72:f4:48:a0:00:d2:ca:
         60:c2:05:7b:22:15:df:2a:3d:4a:9a:41:ff:73:c0:e8:9f:f2:
         bf:a5:f0:6d:38:fd:b7:8d:8a:c5:6a:fb:53:4e:97:85:a6:64:
         04:17:96:2c:05:6c:ac:9f:d8:e5:23:a6:ec:76:3c:15:5d:51:
         d7:ae:b7:74:e6:44:ac:da:49:d4:f3:dc:79:1e:0c:3f:8c:b0:
         43:5f:20:b6:69:0e:ab:ab:81:32:ae:c1:31:87:c4:ed:7b:d5:
         5d:34:0c:d2:b2:a4:12:3f:bb:dd:7f:9c:44:93:65:53:59:ca:
         4a:f1:64:96:1c:83:84:8d:a3:11:e2:21:7d:26:3e:92:30:9e:
         d2:9f:87:c3:85:cd:8d:2c:f0:f5:18:43:67:f0:f4:38:a3:81:
         45:a1:d0:e5:d3:28:56:4d:49:b1:32:62:de:79:3d:53:b0:04:
         bc:52:65:f6:08:59:13:b1:86:da:4c:1a:b1:24:5e:a9:46:43:
         ba:7b:73:00:74:d3:a7:8a:da:18:1e:d9:b7:6b:d8:cd:1b:c5:
         30:9f:4b:9e:4a:3d:37:83:2b:a9:6a:da:4c:00:64:b9:cf:47:
         82:10:25:06
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQjaeEyzTF2wqDsSK69ub8mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjUwMTAxMTk0ODQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTUzOTM5NTg1MWQ2ZDg5ZGY3ZThjYzNmNjRhNTk2MjZiYmUwODQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5iNQcV8DFzROryNpkXo0uwaqango
cQK/yaJ9XLjLr7iTk80cNxrtnGTxDQeNDtoAPtmr3rdIIYZYCi5HZXcER4rAti1n
myZHRW0AHgujEkSDkVHu5U2pQY/30mdY/Ii6btjv21AMqj/x0Ph6i0mXaUF2RwmY
fw94l8m3tPXUfB+R1jMSW8EW9YNi9KQ6rosnxObCLGy1UjfxMcdu0LRzDH+MFW7E
+e9zRQT83lzWSq2gCiMpsKGXcMNoF8DeD6D1YYUx9vocJHcB+sbcLacr0fgVwE2z
S4wKSfR32nye+Em8xLdnq1euXbh79mO2ahGFFvfwMvrKYVCAiKqPIIHJTQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFClTk5WFHW2J336Mw/ZKWWJrvghIMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvS1ZPVGxZVWRiWW5mZm96RDlrcFpZbXUtQ0VnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg94AAkw
DQYJKoZIhvcNAQELBQADggEBAHHVSCGv+hPInBzs6OtQ/96Xjv3xNXSo9xmi2uGk
cvRIoADSymDCBXsiFd8qPUqaQf9zwOif8r+l8G04/beNisVq+1NOl4WmZAQXliwF
bKyf2OUjpux2PBVdUdeut3TmRKzaSdTz3HkeDD+MsENfILZpDqurgTKuwTGHxO17
1V00DNKypBI/u91/nESTZVNZykrxZJYcg4SNoxHiIX0mPpIwntKfh8OFzY0s8PUY
Q2fw9DijgUWh0OXTKFZNSbEyYt55PVOwBLxSZfYIWROxhtpMGrEkXqlGQ7p7cwB0
06eK2hge2bdr2M0bxTCfS55KPTeDK6lq2kwAZLnPR4IQJQY=
-----END CERTIFICATE-----