Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/L0-_xPYGlr9KTSwbZTPNBF_wVYc.roa
File:                     L0-_xPYGlr9KTSwbZTPNBF_wVYc.roa (raw, json)
Hash identifier:          0X86YtAntoTcB7M8XWOZMUlDB7JM72+321gbc2EcByw=
Subject key identifier:   2F:4F:BF:C4:F6:06:96:BF:4A:4D:2C:1B:65:33:CD:04:5F:F0:55:87
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       018FB125E8FCAE9EB0446CA2B998447B96B7
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/L0-_xPYGlr9KTSwbZTPNBF_wVYc.roa
Signing time:             Sat 25 May 2024 19:06:42 +0000
ROA not before:           Sat 25 May 2024 19:06:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215269
IP address blocks:        2a0f:7803:fae0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:b1:25:e8:fc:ae:9e:b0:44:6c:a2:b9:98:44:7b:96:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: May 25 19:06:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2f4fbfc4f60696bf4a4d2c1b6533cd045ff05587
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:9a:81:bd:35:a5:b2:6b:b4:a2:9d:da:b2:06:
                    aa:f0:dd:40:85:85:a7:17:97:d6:f9:04:f9:0c:ff:
                    a3:eb:33:37:43:3c:50:b0:a8:36:86:15:30:9d:2c:
                    4b:46:3c:bb:73:04:9e:a6:63:db:ca:9e:98:22:48:
                    0e:3e:29:fc:3e:01:f7:09:b3:5b:08:ab:c6:ac:0f:
                    00:f8:34:35:60:15:3c:d6:06:ba:e3:c0:3a:52:20:
                    8b:79:b1:73:3e:1c:1b:8b:0e:97:fd:5c:5f:35:38:
                    3c:51:6a:98:f8:45:7e:af:73:41:dd:2e:5d:ce:f7:
                    11:33:fa:ea:a5:be:d4:0d:a4:e0:3b:da:0a:ee:e9:
                    b9:6c:3d:86:e5:00:fd:ed:55:64:03:5e:db:63:a7:
                    12:40:00:ee:d4:9f:92:18:e2:4e:b3:b6:42:b4:ba:
                    86:c1:9b:58:2e:ed:50:a9:91:46:3c:af:7f:16:50:
                    87:70:27:2b:d4:54:ab:45:6d:23:7e:44:3d:0c:d3:
                    66:c5:00:1c:aa:87:f8:4c:14:8d:03:d3:a5:37:c0:
                    9a:64:1c:5b:6b:9a:a3:d1:61:95:4c:28:a2:af:fe:
                    d8:4f:5d:b9:05:45:79:c6:ba:de:77:85:12:54:4e:
                    76:77:84:a6:5d:70:46:4f:66:1d:fe:c7:28:ab:bb:
                    21:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:4F:BF:C4:F6:06:96:BF:4A:4D:2C:1B:65:33:CD:04:5F:F0:55:87
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/L0-_xPYGlr9KTSwbZTPNBF_wVYc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7803:fae0::/44

    Signature Algorithm: sha256WithRSAEncryption
         7d:a1:96:41:a2:47:41:1d:79:de:68:ef:df:af:c6:68:a0:a7:
         cc:77:c7:8c:8c:dc:d6:d9:9b:c0:ea:1f:f9:9c:8e:6f:30:d9:
         93:c2:38:77:d2:c2:09:4a:55:ec:4e:fe:83:71:c4:51:79:e0:
         3b:4a:d8:0f:c8:b0:63:c4:e7:a8:1e:7b:18:e9:25:b0:d3:8c:
         99:19:c8:22:4e:1a:a9:3c:73:c9:97:dc:46:66:4d:a2:83:e8:
         f7:86:41:c8:c5:0c:e3:1e:16:9a:c2:e3:6f:f5:b4:bf:e0:75:
         0a:0d:41:55:4b:ca:4e:5b:84:f8:0f:f7:45:ed:6f:6d:23:a1:
         97:e8:61:78:cf:d1:8c:10:98:12:94:8e:6d:bd:fc:75:8e:25:
         8a:c3:31:55:c3:a7:0f:9e:13:0e:2c:90:33:61:0b:6f:49:62:
         55:87:97:5c:85:f1:65:2c:21:28:25:76:1d:2d:7d:cf:48:ae:
         1a:e0:7b:63:55:ba:69:af:ff:b3:08:5e:49:ed:d0:8d:8c:f9:
         67:1e:af:ff:41:c1:2b:28:f3:14:fb:8e:f4:98:98:9b:df:58:
         11:35:eb:c3:fc:b4:4d:1f:61:03:2e:8e:d5:cf:60:00:fd:dd:
         4a:4d:bb:55:51:47:52:48:b1:98:a7:f8:a3:c6:d4:cd:64:19:
         b0:95:b8:3d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY+xJej8rp6wRGyiuZhEe5a3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjQwNTI1MTkwNjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjRmYmZjNGY2MDY5NmJmNGE0ZDJjMWI2NTMzY2QwNDVmZjA1NTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1pqBvTWlsmu0op3asgaq8N1AhYWn
F5fW+QT5DP+j6zM3QzxQsKg2hhUwnSxLRjy7cwSepmPbyp6YIkgOPin8PgH3CbNb
CKvGrA8A+DQ1YBU81ga648A6UiCLebFzPhwbiw6X/VxfNTg8UWqY+EV+r3NB3S5d
zvcRM/rqpb7UDaTgO9oK7um5bD2G5QD97VVkA17bY6cSQADu1J+SGOJOs7ZCtLqG
wZtYLu1QqZFGPK9/FlCHcCcr1FSrRW0jfkQ9DNNmxQAcqof4TBSNA9OlN8CaZBxb
a5qj0WGVTCiir/7YT125BUV5xrred4USVE52d4SmXXBGT2Yd/scoq7shcQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFC9Pv8T2Bpa/Sk0sG2UzzQRf8FWHMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvTDAtX3hQWUdscjlLVFN3YlpUUE5CRl93VlljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg94A/rg
MA0GCSqGSIb3DQEBCwUAA4IBAQB9oZZBokdBHXneaO/fr8ZooKfMd8eMjNzW2ZvA
6h/5nI5vMNmTwjh30sIJSlXsTv6DccRReeA7StgPyLBjxOeoHnsY6SWw04yZGcgi
ThqpPHPJl9xGZk2ig+j3hkHIxQzjHhaawuNv9bS/4HUKDUFVS8pOW4T4D/dF7W9t
I6GX6GF4z9GMEJgSlI5tvfx1jiWKwzFVw6cPnhMOLJAzYQtvSWJVh5dchfFlLCEo
JXYdLX3PSK4a4HtjVbppr/+zCF5J7dCNjPlnHq//QcErKPMU+470mJib31gRNevD
/LRNH2EDLo7Vz2AA/d1KTbtVUUdSSLGYp/ijxtTNZBmwlbg9
-----END CERTIFICATE-----