Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/RqLglfQmhgd6zxuVoOoB7Hcym0M.roa
File:                     RqLglfQmhgd6zxuVoOoB7Hcym0M.roa (raw, json)
Hash identifier:          RebARMhaQXf+uHFFkW9likec4a7mrCx0k6u0gEfD8Rk=
Subject key identifier:   46:A2:E0:95:F4:26:86:07:7A:CF:1B:95:A0:EA:01:EC:77:32:9B:43
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       0191BD99DBC8E27466A5BE6EF2DE08568096
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/RqLglfQmhgd6zxuVoOoB7Hcym0M.roa
Signing time:             Wed 04 Sep 2024 15:14:22 +0000
ROA not before:           Wed 04 Sep 2024 15:14:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202888
IP address blocks:        2a0f:7800::/31 maxlen: 48
                          2a0f:7804::/31 maxlen: 48
                          2a0f:7806::/31 maxlen: 48
                          2a0f:7806:fffe::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:bd:99:db:c8:e2:74:66:a5:be:6e:f2:de:08:56:80:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Sep  4 15:14:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=46a2e095f42686077acf1b95a0ea01ec77329b43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:6c:1a:32:72:6a:f4:3d:0d:10:ba:c3:10:60:
                    b1:60:9e:8e:2a:c3:14:fe:69:8a:86:9f:91:d5:82:
                    81:98:27:da:be:15:66:e4:ca:80:a1:f3:65:3e:26:
                    2f:57:3f:0d:c1:28:c2:da:f5:0d:6e:98:6a:7d:8d:
                    d6:52:d9:96:73:b9:a3:8f:41:58:04:f6:50:52:e8:
                    ee:76:05:1d:a7:dd:75:ab:42:70:d0:17:e5:77:8a:
                    dd:5f:28:18:26:5b:f2:4f:a6:9e:7d:03:11:5e:42:
                    72:f2:db:c7:77:8c:68:a0:dc:8d:1b:a4:7f:29:8d:
                    f1:3f:2d:82:f4:8d:1d:e6:1c:3b:68:72:47:b4:67:
                    fb:3a:8b:0c:86:0b:c9:9d:d5:35:cd:c3:1c:ae:10:
                    47:db:81:27:89:2d:82:6c:e3:42:f5:aa:0b:0b:31:
                    48:13:a4:a3:d9:51:e7:c1:53:4b:2b:37:be:c7:f3:
                    b5:93:d6:51:28:03:60:3f:82:71:4a:89:a9:d3:a3:
                    03:fb:5d:bd:25:3f:40:03:4b:16:1f:5d:d9:23:28:
                    cb:8a:a7:6c:e7:19:99:e9:f4:bf:12:4c:89:88:ef:
                    3c:f5:9a:57:97:0b:2b:a2:db:4c:25:08:6c:c4:59:
                    0f:44:c7:f6:69:43:53:aa:9e:bd:d6:97:f1:7b:83:
                    7d:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:A2:E0:95:F4:26:86:07:7A:CF:1B:95:A0:EA:01:EC:77:32:9B:43
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/RqLglfQmhgd6zxuVoOoB7Hcym0M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7800::/31
                  2a0f:7804::/30

    Signature Algorithm: sha256WithRSAEncryption
         3b:8a:9c:1d:d5:a4:d8:bd:68:6e:23:99:54:62:7b:a4:85:b2:
         7e:13:a0:90:bb:4e:13:3c:c9:35:97:64:79:9e:10:63:9e:8e:
         f5:54:74:f2:cf:a1:73:30:dd:b3:81:60:c6:46:a4:48:e8:3e:
         ee:84:74:b4:b1:62:75:67:ab:9f:81:06:3d:98:95:28:c8:ce:
         8e:10:d3:6c:a2:82:52:c3:1b:77:0c:09:5a:60:d4:4a:4e:9d:
         3e:61:42:b5:7f:84:cf:36:67:76:d8:96:86:39:54:94:51:7c:
         b2:40:01:51:6f:a0:01:59:a6:01:6b:99:bb:10:78:9e:85:ed:
         6f:1d:ff:36:a2:72:ee:68:04:01:9b:03:f9:d6:68:32:46:74:
         2d:bf:94:55:ec:d5:3e:ba:28:ac:9f:fc:2e:fc:8e:af:a3:32:
         0f:dc:72:2d:d9:96:93:60:6c:28:64:4e:8a:6e:9f:7b:58:a8:
         a3:5b:36:3f:90:51:6a:fc:bc:47:d8:02:0e:08:e7:ab:08:7c:
         0b:ad:5e:dd:1d:63:6c:24:e9:28:b7:c8:92:57:1f:a3:8e:8b:
         82:91:ab:6e:03:37:fb:32:79:3b:04:d8:3b:92:f1:85:6b:6d:
         89:99:5e:95:34:a8:fd:5f:d7:89:33:31:96:2d:6b:9e:c6:c0:
         34:3c:d3:2b
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZG9mdvI4nRmpb5u8t4IVoCWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjQwOTA0MTUxNDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmEyZTA5NWY0MjY4NjA3N2FjZjFiOTVhMGVhMDFlYzc3MzI5YjQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvmwaMnJq9D0NELrDEGCxYJ6OKsMU
/mmKhp+R1YKBmCfavhVm5MqAofNlPiYvVz8NwSjC2vUNbphqfY3WUtmWc7mjj0FY
BPZQUujudgUdp911q0Jw0Bfld4rdXygYJlvyT6aefQMRXkJy8tvHd4xooNyNG6R/
KY3xPy2C9I0d5hw7aHJHtGf7OosMhgvJndU1zcMcrhBH24EniS2CbONC9aoLCzFI
E6Sj2VHnwVNLKze+x/O1k9ZRKANgP4JxSomp06MD+129JT9AA0sWH13ZIyjLiqds
5xmZ6fS/EkyJiO889ZpXlwsrottMJQhsxFkPRMf2aUNTqp691pfxe4N9yQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFEai4JX0JoYHes8blaDqAex3MptDMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvUnFMZ2xmUW1oZ2Q2enh1Vm9Pb0I3SGN5bTBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUBKg94AAMF
AioPeAQwDQYJKoZIhvcNAQELBQADggEBADuKnB3VpNi9aG4jmVRie6SFsn4ToJC7
ThM8yTWXZHmeEGOejvVUdPLPoXMw3bOBYMZGpEjoPu6EdLSxYnVnq5+BBj2YlSjI
zo4Q02yiglLDG3cMCVpg1EpOnT5hQrV/hM82Z3bYloY5VJRRfLJAAVFvoAFZpgFr
mbsQeJ6F7W8d/zaicu5oBAGbA/nWaDJGdC2/lFXs1T66KKyf/C78jq+jMg/cci3Z
lpNgbChkTopun3tYqKNbNj+QUWr8vEfYAg4I56sIfAutXt0dY2wk6Si3yJJXH6OO
i4KRq24DN/syeTsE2DuS8YVrbYmZXpU0qP1f14kzMZYta57GwDQ80ys=
-----END CERTIFICATE-----