Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/Q6I_zNboHV-8QgbbZO-qYA7gy-A.roa
File:                     Q6I_zNboHV-8QgbbZO-qYA7gy-A.roa (raw, json)
Hash identifier:          3WEwWYSlS4L1dcaXgWrcEM63S1RtJI/mt4FW26hOHD4=
Subject key identifier:   43:A2:3F:CC:D6:E8:1D:5F:BC:42:06:DB:64:EF:AA:60:0E:E0:CB:E0
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       01942369F0E7BD88348BA650A9C6A9EE6166
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/Q6I_zNboHV-8QgbbZO-qYA7gy-A.roa
Signing time:             Wed 01 Jan 2025 19:48:52 +0000
ROA not before:           Wed 01 Jan 2025 19:48:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214495
IP address blocks:        2a0f:7803:db00::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:f0:e7:bd:88:34:8b:a6:50:a9:c6:a9:ee:61:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jan  1 19:48:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=43a23fccd6e81d5fbc4206db64efaa600ee0cbe0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:a4:d2:23:57:00:e8:30:39:f0:61:44:33:0a:
                    24:51:e4:ed:52:18:6d:66:93:4e:84:70:be:f8:7f:
                    e5:5c:d6:fc:28:ae:9e:43:f0:75:ef:c9:24:8b:9c:
                    65:a9:b1:98:9c:34:f6:c1:6b:4b:98:47:d3:97:c2:
                    0e:d6:c4:df:a4:b0:07:e6:95:db:e6:9b:a9:d0:69:
                    af:26:59:4a:ec:79:79:15:39:5f:26:c4:23:61:db:
                    77:d2:0f:c5:4e:56:6c:3f:58:8f:7a:1f:12:50:12:
                    75:19:75:e3:6f:82:69:56:33:e2:d7:e5:cb:2d:7d:
                    86:11:05:0d:72:00:51:4f:f7:0f:4c:0b:cc:f6:79:
                    02:41:5b:c7:a6:fe:05:68:72:f9:4b:d5:60:c7:57:
                    d5:2d:ef:02:b5:fa:a3:0a:b0:46:f1:20:36:ca:e0:
                    f9:73:98:8b:0a:34:92:c0:29:b7:b2:c4:93:fb:15:
                    d7:f6:56:c9:2e:f5:c4:57:03:ef:59:01:9b:10:c9:
                    33:c1:22:ca:01:8d:c1:0e:f3:75:e8:38:1e:e1:d2:
                    9d:11:50:63:73:90:53:c6:46:38:b7:2f:35:f0:3b:
                    70:eb:e3:60:e5:48:0c:b0:36:ad:e4:f6:7f:f1:67:
                    70:1b:c7:94:55:99:6f:b7:96:db:28:08:03:c6:28:
                    ae:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:A2:3F:CC:D6:E8:1D:5F:BC:42:06:DB:64:EF:AA:60:0E:E0:CB:E0
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/Q6I_zNboHV-8QgbbZO-qYA7gy-A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7803:db00::/40

    Signature Algorithm: sha256WithRSAEncryption
         75:4e:e9:73:22:85:52:cc:7f:20:d6:a7:1b:eb:2c:b4:c4:b7:
         00:8f:c0:8b:63:09:e7:3a:69:aa:9c:f7:c0:73:19:a0:11:c4:
         f0:9c:eb:ce:dd:9a:c6:ab:27:4c:e7:e2:eb:91:dc:d9:10:ad:
         d5:7f:ba:bd:ee:ff:57:ba:be:28:20:c1:4b:bb:3d:18:7e:55:
         6d:9e:fd:8c:f2:5d:c4:93:8a:b4:93:7b:9e:c2:42:07:fd:85:
         e7:da:f4:c0:2a:1b:52:3c:04:6e:7c:d4:2b:61:bd:ed:c9:57:
         bf:cf:41:f8:72:c8:e2:23:1c:4e:e0:be:c5:84:d2:fb:7e:71:
         75:1f:d1:04:08:55:10:af:74:4c:7b:e5:bc:ef:72:cb:fd:67:
         86:fe:b7:e9:5e:f0:9a:f0:42:03:0f:b4:99:bd:96:67:64:9d:
         80:fe:25:f9:65:39:c6:c5:67:56:8a:4b:22:18:b4:35:20:23:
         cc:43:c3:ca:09:52:ac:cf:cc:1a:fa:21:ec:8a:e4:e3:62:6a:
         60:ef:c2:86:8d:4b:6b:86:9a:b6:b8:01:1a:5c:86:78:fa:19:
         28:46:4c:66:07:5d:36:a0:3b:ea:d6:b6:f8:23:ea:dc:74:ba:
         5a:a1:fd:8e:89:6b:c5:47:d7:27:2a:a0:23:12:03:2d:6a:02:
         90:31:68:e4
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQjafDnvYg0i6ZQqcap7mFmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjUwMTAxMTk0ODUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2EyM2ZjY2Q2ZTgxZDVmYmM0MjA2ZGI2NGVmYWE2MDBlZTBjYmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1qTSI1cA6DA58GFEMwokUeTtUhht
ZpNOhHC++H/lXNb8KK6eQ/B178kki5xlqbGYnDT2wWtLmEfTl8IO1sTfpLAH5pXb
5pup0GmvJllK7Hl5FTlfJsQjYdt30g/FTlZsP1iPeh8SUBJ1GXXjb4JpVjPi1+XL
LX2GEQUNcgBRT/cPTAvM9nkCQVvHpv4FaHL5S9Vgx1fVLe8CtfqjCrBG8SA2yuD5
c5iLCjSSwCm3ssST+xXX9lbJLvXEVwPvWQGbEMkzwSLKAY3BDvN16Dge4dKdEVBj
c5BTxkY4ty818Dtw6+Ng5UgMsDat5PZ/8WdwG8eUVZlvt5bbKAgDxiiukwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFEOiP8zW6B1fvEIG22TvqmAO4MvgMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvUTZJX3pOYm9IVi04UWdiYlpPLXFZQTdneS1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg94A9sw
DQYJKoZIhvcNAQELBQADggEBAHVO6XMihVLMfyDWpxvrLLTEtwCPwItjCec6aaqc
98BzGaARxPCc687dmsarJ0zn4uuR3NkQrdV/ur3u/1e6viggwUu7PRh+VW2e/Yzy
XcSTirSTe57CQgf9hefa9MAqG1I8BG581Cthve3JV7/PQfhyyOIjHE7gvsWE0vt+
cXUf0QQIVRCvdEx75bzvcsv9Z4b+t+le8JrwQgMPtJm9lmdknYD+JfllOcbFZ1aK
SyIYtDUgI8xDw8oJUqzPzBr6IeyK5ONiamDvwoaNS2uGmra4ARpchnj6GShGTGYH
XTagO+rWtvgj6tx0ulqh/Y6Ja8VH1ycqoCMSAy1qApAxaOQ=
-----END CERTIFICATE-----