Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/OCcnlbCu2hEcy3T7AzG9gRMGEf0.roa
File:                     OCcnlbCu2hEcy3T7AzG9gRMGEf0.roa (raw, json)
Hash identifier:          7NMLFHh49RjpZgZPYZPDSEC7gEYgodldTCMz4jiOS/s=
Subject key identifier:   38:27:27:95:B0:AE:DA:11:1C:CB:74:FB:03:31:BD:81:13:06:11:FD
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       0190CED896FE4E6AED4BCB199F21889A873F
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/OCcnlbCu2hEcy3T7AzG9gRMGEf0.roa
Signing time:             Sat 20 Jul 2024 06:33:39 +0000
ROA not before:           Sat 20 Jul 2024 06:33:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214495
IP address blocks:        2a0f:7803:db00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 16:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:ce:d8:96:fe:4e:6a:ed:4b:cb:19:9f:21:88:9a:87:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jul 20 06:33:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=38272795b0aeda111ccb74fb0331bd81130611fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:75:fb:61:45:58:31:86:2b:3f:c9:bf:61:42:
                    71:aa:e5:f5:f7:96:fb:76:b5:8b:b3:a6:ef:e6:1f:
                    a9:8c:03:56:69:c1:fc:5a:18:f5:25:20:ba:53:a7:
                    ec:58:1e:8e:d9:01:b9:3f:0f:50:b7:3a:ff:0e:c7:
                    e3:5e:1c:34:2a:50:94:0b:54:e9:61:7d:0e:8d:ee:
                    7d:11:56:8b:b5:de:3e:6f:21:f0:88:a3:5d:6c:bf:
                    37:09:11:db:bc:e6:eb:1d:e0:d0:c4:b7:1d:e1:02:
                    ac:cb:3a:51:5f:dd:98:a5:a5:4a:dc:43:3b:96:0e:
                    0b:29:d6:07:4f:78:71:e3:3b:e8:e9:2f:9e:33:e4:
                    de:be:69:07:cb:2d:f5:48:70:e5:7e:47:b8:5c:76:
                    76:69:12:af:9a:9b:45:2e:03:82:8e:b7:cc:4d:31:
                    2f:81:1e:79:1a:a7:d6:20:12:45:59:f1:b1:f3:78:
                    5a:25:a2:27:9e:f7:06:c8:01:22:bc:27:0d:59:9b:
                    73:ce:d3:61:11:56:41:63:32:96:0b:01:62:b9:ae:
                    16:33:5c:98:b2:68:c1:80:90:64:28:4f:cf:ea:e7:
                    29:08:51:70:b5:4e:cc:95:67:74:58:dd:bc:60:c7:
                    5b:b1:a3:c0:b3:4b:7b:a5:be:06:fe:34:e3:fc:e0:
                    e7:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:27:27:95:B0:AE:DA:11:1C:CB:74:FB:03:31:BD:81:13:06:11:FD
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/OCcnlbCu2hEcy3T7AzG9gRMGEf0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7803:db00::/40

    Signature Algorithm: sha256WithRSAEncryption
         3c:21:61:a4:db:ac:a4:47:92:b3:ea:e9:6a:3d:d6:6f:55:27:
         c7:be:3e:b0:d9:b5:e5:fe:d9:5e:c5:aa:41:8f:31:21:fd:f9:
         66:0a:f1:27:e1:df:7a:58:1d:c4:b3:28:ca:5c:66:40:49:80:
         49:a4:b8:2c:53:b8:c4:ad:ca:ab:17:e5:d6:69:be:9c:28:b6:
         7a:e4:fc:c4:61:75:41:8b:d2:8e:db:fd:54:4d:c5:d7:4d:a0:
         d3:93:28:a5:83:18:b7:8e:e5:52:0f:72:54:0e:e4:64:b2:70:
         34:c0:88:93:1e:57:54:ac:26:79:c8:a7:24:ba:d4:3d:a2:44:
         ea:73:46:f2:db:12:f6:04:65:da:e8:ce:b5:49:79:f6:4b:12:
         6d:9e:ba:d0:03:9b:50:42:64:ce:94:63:ed:f5:4f:d2:d4:6c:
         ee:c8:be:97:6b:ad:fb:b8:23:8c:b6:d2:1e:b1:a9:4c:c1:24:
         c8:7d:6e:28:06:d4:7b:85:79:92:70:7a:d3:70:c9:6c:f1:10:
         8f:56:36:7a:62:37:62:0e:ec:c5:8f:f6:e1:14:46:1e:3d:e1:
         70:f4:59:b1:6b:46:a0:05:aa:06:30:36:57:b5:71:0f:d2:23:
         58:43:25:08:e4:c5:b6:1c:1d:f0:e8:49:2a:60:8c:54:42:93:
         94:bc:ae:b1
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZDO2Jb+TmrtS8sZnyGImoc/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjQwNzIwMDYzMzM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODI3Mjc5NWIwYWVkYTExMWNjYjc0ZmIwMzMxYmQ4MTEzMDYxMWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAunX7YUVYMYYrP8m/YUJxquX195b7
drWLs6bv5h+pjANWacH8Whj1JSC6U6fsWB6O2QG5Pw9Qtzr/DsfjXhw0KlCUC1Tp
YX0Oje59EVaLtd4+byHwiKNdbL83CRHbvObrHeDQxLcd4QKsyzpRX92YpaVK3EM7
lg4LKdYHT3hx4zvo6S+eM+TevmkHyy31SHDlfke4XHZ2aRKvmptFLgOCjrfMTTEv
gR55GqfWIBJFWfGx83haJaInnvcGyAEivCcNWZtzztNhEVZBYzKWCwFiua4WM1yY
smjBgJBkKE/P6ucpCFFwtU7MlWd0WN28YMdbsaPAs0t7pb4G/jTj/ODniwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFDgnJ5WwrtoRHMt0+wMxvYETBhH9MB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvT0NjbmxiQ3UyaEVjeTNUN0F6RzlnUk1HRWYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg94A9sw
DQYJKoZIhvcNAQELBQADggEBADwhYaTbrKRHkrPq6Wo91m9VJ8e+PrDZteX+2V7F
qkGPMSH9+WYK8Sfh33pYHcSzKMpcZkBJgEmkuCxTuMStyqsX5dZpvpwotnrk/MRh
dUGL0o7b/VRNxddNoNOTKKWDGLeO5VIPclQO5GSycDTAiJMeV1SsJnnIpyS61D2i
ROpzRvLbEvYEZdrozrVJefZLEm2eutADm1BCZM6UY+31T9LUbO7Ivpdrrfu4I4y2
0h6xqUzBJMh9bigG1HuFeZJwetNwyWzxEI9WNnpiN2IO7MWP9uEURh494XD0WbFr
RqAFqgYwNle1cQ/SI1hDJQjkxbYcHfDoSSpgjFRCk5S8rrE=
-----END CERTIFICATE-----