Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/L8tZWjNWSaekHdWevyC5u7iiRhg.roa
File:                     L8tZWjNWSaekHdWevyC5u7iiRhg.roa (raw, json)
Hash identifier:          DDADheuyCv7Y8aoIkSHBJ1cn3r/VmkmC6hn4sBqnHu8=
Subject key identifier:   2F:CB:59:5A:33:56:49:A7:A4:1D:D5:9E:BF:20:B9:BB:B8:A2:46:18
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       018CC424662EC929A663609D095D51ED0E99
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/L8tZWjNWSaekHdWevyC5u7iiRhg.roa
Signing time:             Mon 01 Jan 2024 08:29:28 +0000
ROA not before:           Mon 01 Jan 2024 08:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202888
IP address blocks:        2a0f:7800::/31 maxlen: 48
                          2a0f:7804::/31 maxlen: 48
                          2a0f:7806::/31 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:66:2e:c9:29:a6:63:60:9d:09:5d:51:ed:0e:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jan  1 08:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2fcb595a335649a7a41dd59ebf20b9bbb8a24618
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:02:a6:66:a6:0e:07:7e:81:9d:25:17:f8:58:
                    ac:2f:69:54:5e:57:86:a7:ba:90:d1:43:24:cf:6c:
                    8e:d2:37:dd:81:71:35:2c:25:7c:ea:9d:dd:a7:23:
                    a3:ac:89:34:04:59:58:5c:eb:b3:38:e5:97:f8:a7:
                    b5:ad:c5:41:ff:fe:c0:31:93:7b:02:fe:3f:57:9b:
                    fb:b2:2d:00:83:61:0c:94:97:54:27:48:a2:8f:e3:
                    05:9b:3b:d3:9d:ad:a1:46:59:af:92:9e:e3:da:86:
                    3d:b0:7f:5d:b2:c6:d3:71:b2:92:bf:87:77:21:b8:
                    99:d4:61:bc:03:2c:33:c3:a8:eb:7d:69:bf:f4:03:
                    d6:fb:a1:c6:54:84:53:6a:d1:02:1d:96:30:91:59:
                    4d:53:93:81:6d:6d:27:c1:16:a3:18:54:40:8c:1c:
                    15:3a:53:11:4f:5a:99:b6:0a:62:86:aa:98:cb:70:
                    d2:94:d1:60:e5:01:16:45:73:71:a3:de:de:f6:02:
                    19:69:fe:78:b4:25:8a:97:28:b8:bb:d4:52:60:dd:
                    35:4e:f2:47:8c:6e:a5:84:35:7b:cf:11:46:95:6e:
                    c1:94:5d:85:0c:f8:a5:08:08:f8:09:32:ab:82:06:
                    31:69:2b:37:08:b6:f8:ec:0d:df:6c:8b:ea:0c:06:
                    43:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:CB:59:5A:33:56:49:A7:A4:1D:D5:9E:BF:20:B9:BB:B8:A2:46:18
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/L8tZWjNWSaekHdWevyC5u7iiRhg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7800::/31
                  2a0f:7804::/30

    Signature Algorithm: sha256WithRSAEncryption
         99:63:d8:f0:01:2b:55:0d:17:41:24:22:74:f1:97:7d:d8:ea:
         da:a7:f5:1b:c8:14:88:7e:8f:1a:f1:25:31:03:4d:28:c5:8a:
         8c:4b:9b:a0:86:2b:e0:4d:c7:59:b3:2f:f5:56:a7:b6:29:1a:
         eb:db:29:61:a0:01:a2:c2:f0:3a:76:96:6c:ab:f2:f8:bd:30:
         fb:92:a8:63:30:f1:31:dc:73:21:9a:be:a9:f4:8f:97:31:48:
         42:4f:c8:bb:45:c6:76:4e:92:a8:d4:c0:d5:22:87:35:15:ea:
         c5:39:bb:93:e5:ac:25:72:e1:e3:bc:8e:a3:83:a4:f0:54:25:
         2b:d7:6a:a6:a9:c6:94:1f:93:d3:15:72:e7:6b:e2:37:72:0b:
         20:12:17:5d:64:ba:a1:3e:a1:03:5e:cf:5f:d1:e4:65:85:d6:
         85:96:73:d0:91:80:ba:cb:96:56:3e:83:e9:b6:af:2d:7c:0d:
         7a:a9:bc:f8:11:24:4e:73:72:55:f6:c0:83:1e:f0:62:a4:ea:
         09:23:37:c6:d3:44:34:76:67:d6:b9:d7:6a:1a:2a:96:ec:5d:
         d8:aa:6d:eb:1a:42:e1:69:bf:2b:68:72:0c:4b:2d:b4:c6:e7:
         92:c2:4f:3b:d2:f1:c4:70:24:91:c1:47:66:73:f1:37:ad:dd:
         df:17:39:d7
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzEJGYuySmmY2CdCV1R7Q6ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjQwMTAxMDgyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmNiNTk1YTMzNTY0OWE3YTQxZGQ1OWViZjIwYjliYmI4YTI0NjE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAngKmZqYOB36BnSUX+FisL2lUXleG
p7qQ0UMkz2yO0jfdgXE1LCV86p3dpyOjrIk0BFlYXOuzOOWX+Ke1rcVB//7AMZN7
Av4/V5v7si0Ag2EMlJdUJ0iij+MFmzvTna2hRlmvkp7j2oY9sH9dssbTcbKSv4d3
IbiZ1GG8Aywzw6jrfWm/9APW+6HGVIRTatECHZYwkVlNU5OBbW0nwRajGFRAjBwV
OlMRT1qZtgpihqqYy3DSlNFg5QEWRXNxo97e9gIZaf54tCWKlyi4u9RSYN01TvJH
jG6lhDV7zxFGlW7BlF2FDPilCAj4CTKrggYxaSs3CLb47A3fbIvqDAZD/wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFC/LWVozVkmnpB3Vnr8gubu4okYYMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvTDh0WldqTldTYWVrSGRXZXZ5QzV1N2lpUmhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUBKg94AAMF
AioPeAQwDQYJKoZIhvcNAQELBQADggEBAJlj2PABK1UNF0EkInTxl33Y6tqn9RvI
FIh+jxrxJTEDTSjFioxLm6CGK+BNx1mzL/VWp7YpGuvbKWGgAaLC8Dp2lmyr8vi9
MPuSqGMw8THccyGavqn0j5cxSEJPyLtFxnZOkqjUwNUihzUV6sU5u5PlrCVy4eO8
jqODpPBUJSvXaqapxpQfk9MVcudr4jdyCyASF11kuqE+oQNez1/R5GWF1oWWc9CR
gLrLllY+g+m2ry18DXqpvPgRJE5zclX2wIMe8GKk6gkjN8bTRDR2Z9a512oaKpbs
XdiqbesaQuFpvytocgxLLbTG55LCTzvS8cRwJJHBR2Zz8Tet3d8XOdc=
-----END CERTIFICATE-----