Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/MXOdUCvuEFwbSMJQSk-lj8STNRE.roa
File:                     MXOdUCvuEFwbSMJQSk-lj8STNRE.roa (raw, json)
Hash identifier:          lXJiZ3GXchvXtSuYcs9f6PKRrt4YOHod1oxYbRGsZj8=
Subject key identifier:   31:73:9D:50:2B:EE:10:5C:1B:48:C2:50:4A:4F:A5:8F:C4:93:35:11
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       018CC42464D5159B2E995D0072A4524C6FBE
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/MXOdUCvuEFwbSMJQSk-lj8STNRE.roa
Signing time:             Mon 01 Jan 2024 08:29:28 +0000
ROA not before:           Mon 01 Jan 2024 08:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200827
IP address blocks:        2a0f:7802:f000::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:64:d5:15:9b:2e:99:5d:00:72:a4:52:4c:6f:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jan  1 08:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=31739d502bee105c1b48c2504a4fa58fc4933511
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:8a:93:6b:0d:90:50:c6:90:d4:e1:cd:ab:07:
                    ec:5a:10:0b:89:0a:c8:5c:9b:3b:db:f5:41:2e:c6:
                    2e:5f:8a:45:d0:7a:1e:f0:01:42:c0:a6:e3:e0:3a:
                    66:a0:fb:eb:98:5e:c2:4a:d0:e2:b1:8b:81:86:9a:
                    2e:e9:86:ef:75:69:7a:58:f8:7c:f4:71:8d:90:df:
                    34:43:c6:ae:11:b7:c7:80:fa:2a:a7:c8:70:92:b4:
                    26:48:4d:40:a6:07:78:7a:fc:cc:c6:97:d7:77:7c:
                    3b:d6:36:0b:22:18:7d:ba:ef:96:73:1c:4a:24:30:
                    de:d0:5a:99:39:08:e8:e6:1c:cc:61:8f:0c:7e:09:
                    67:54:4a:5b:ab:43:90:6f:53:f7:bd:5e:c9:56:39:
                    96:62:91:63:a7:8d:17:a4:3a:ca:4f:1d:63:82:46:
                    38:b4:20:bd:69:90:f1:4d:50:07:b8:68:85:aa:27:
                    69:28:9f:3e:62:10:6c:25:93:41:85:84:33:db:87:
                    3c:f5:d5:6d:48:1e:11:ea:a5:36:4c:b2:a5:ed:4a:
                    8c:41:04:53:18:f2:15:1c:95:86:fc:6e:7a:ba:63:
                    c3:0d:95:ab:5d:8e:5d:2e:36:8c:9f:cf:38:84:02:
                    b6:74:31:dc:fc:2c:92:7c:13:32:1b:e7:a7:83:c1:
                    3a:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:73:9D:50:2B:EE:10:5C:1B:48:C2:50:4A:4F:A5:8F:C4:93:35:11
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/MXOdUCvuEFwbSMJQSk-lj8STNRE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7802:f000::/36

    Signature Algorithm: sha256WithRSAEncryption
         b4:e4:9a:7a:58:ac:93:4d:34:19:9e:d5:5b:b0:5e:b9:24:40:
         f0:be:52:1d:b6:94:a4:7e:41:45:99:7a:53:8a:f7:f4:65:32:
         11:3c:24:1f:5e:ca:bb:a1:12:72:be:21:6d:fd:e3:c4:e9:24:
         42:e0:34:3d:63:d2:f1:ed:a9:48:b4:67:08:63:57:21:4b:bb:
         1c:c8:06:7c:2f:ed:24:2c:59:d0:0f:17:f4:32:55:97:1d:89:
         50:d1:82:db:18:18:1e:7e:f4:5d:83:d6:fd:2b:19:81:67:58:
         33:e3:18:45:bc:f1:1a:56:a5:f2:c9:b0:c1:50:e0:aa:c6:bf:
         61:14:8d:dd:ec:2d:1c:98:d6:0d:e4:05:ed:a5:4a:8e:92:f0:
         e9:7f:41:75:a5:c2:cb:9d:09:0c:00:8a:79:10:b4:67:81:de:
         ef:ad:1c:32:f1:3b:b5:db:5a:8f:ab:62:69:16:0e:51:b9:87:
         a0:b2:bf:df:bb:86:f0:1a:7b:ee:19:6d:e5:df:e1:f0:c2:b6:
         db:9f:7e:4a:54:c1:78:1a:d1:99:68:e3:a5:80:2f:9e:c0:0b:
         de:ea:9e:3a:9a:69:87:8c:0c:fa:56:36:61:5a:b3:1d:39:c6:
         12:5e:2c:20:4a:03:cd:34:ac:59:7d:6c:f6:b9:0a:b3:87:1e:
         ca:a2:1c:e0
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzEJGTVFZsumV0AcqRSTG++MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjQwMTAxMDgyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTczOWQ1MDJiZWUxMDVjMWI0OGMyNTA0YTRmYTU4ZmM0OTMzNTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAooqTaw2QUMaQ1OHNqwfsWhALiQrI
XJs72/VBLsYuX4pF0Hoe8AFCwKbj4DpmoPvrmF7CStDisYuBhpou6YbvdWl6WPh8
9HGNkN80Q8auEbfHgPoqp8hwkrQmSE1Apgd4evzMxpfXd3w71jYLIhh9uu+WcxxK
JDDe0FqZOQjo5hzMYY8MfglnVEpbq0OQb1P3vV7JVjmWYpFjp40XpDrKTx1jgkY4
tCC9aZDxTVAHuGiFqidpKJ8+YhBsJZNBhYQz24c89dVtSB4R6qU2TLKl7UqMQQRT
GPIVHJWG/G56umPDDZWrXY5dLjaMn884hAK2dDHc/CySfBMyG+eng8E6CwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFDFznVAr7hBcG0jCUEpPpY/EkzURMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvTVhPZFVDdnVFRndiU01KUVNrLWxqOFNUTlJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKg94AvAw
DQYJKoZIhvcNAQELBQADggEBALTkmnpYrJNNNBme1VuwXrkkQPC+Uh22lKR+QUWZ
elOK9/RlMhE8JB9eyruhEnK+IW3948TpJELgND1j0vHtqUi0ZwhjVyFLuxzIBnwv
7SQsWdAPF/QyVZcdiVDRgtsYGB5+9F2D1v0rGYFnWDPjGEW88RpWpfLJsMFQ4KrG
v2EUjd3sLRyY1g3kBe2lSo6S8Ol/QXWlwsudCQwAinkQtGeB3u+tHDLxO7XbWo+r
YmkWDlG5h6Cyv9+7hvAae+4ZbeXf4fDCttuffkpUwXga0Zlo46WAL57AC97qnjqa
aYeMDPpWNmFasx05xhJeLCBKA800rFl9bPa5CrOHHsqiHOA=
-----END CERTIFICATE-----