Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/TVyy6AvkP1QocIxunIZuIJu3SBw.roa
File:                     TVyy6AvkP1QocIxunIZuIJu3SBw.roa (raw, json)
Hash identifier:          p/OTNsY6xvfY9O24/vQyrEVykKSgyiWBC/sHU25jmnQ=
Subject key identifier:   4D:5C:B2:E8:0B:E4:3F:54:28:70:8C:6E:9C:86:6E:20:9B:B7:48:1C
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       018CC424618F1CD384CE4CD159CF4E5EABAA
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/TVyy6AvkP1QocIxunIZuIJu3SBw.roa
Signing time:             Mon 01 Jan 2024 08:29:27 +0000
ROA not before:           Mon 01 Jan 2024 08:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     140096
IP address blocks:        2a0f:7802:f000::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:61:8f:1c:d3:84:ce:4c:d1:59:cf:4e:5e:ab:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jan  1 08:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d5cb2e80be43f5428708c6e9c866e209bb7481c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:0f:20:a2:88:28:c8:3f:66:25:97:fa:b7:d7:
                    91:93:b4:8e:72:74:40:96:01:06:25:62:ad:c4:cf:
                    9f:95:df:c5:9a:9e:06:cc:d6:de:79:87:f0:bd:2a:
                    06:f1:80:18:53:12:ed:c7:0b:51:31:0d:d4:a3:c8:
                    f9:12:fc:01:f5:f5:c3:ec:f2:4e:fe:52:fb:ac:cb:
                    e2:61:94:d0:a8:7a:c1:0f:26:7e:42:de:84:80:65:
                    40:fe:c7:b3:82:b0:93:a1:37:ae:45:f9:30:9f:9e:
                    62:39:00:17:be:5f:60:03:57:41:d8:72:44:7a:78:
                    5d:cb:1b:a2:29:5e:c2:66:99:72:76:f5:6e:2f:b9:
                    a3:ad:0c:21:5a:5a:0f:43:7c:c4:c4:a4:d5:86:3d:
                    aa:86:fb:63:e0:33:87:11:8c:a8:a3:a5:40:2e:8e:
                    64:2d:45:46:fb:89:3c:fa:e3:81:57:54:3b:2a:2e:
                    f2:6d:1e:eb:91:0f:f1:90:b9:9c:b4:a0:49:bc:b0:
                    5b:f6:02:55:c8:ff:bc:9a:a7:66:82:31:ce:2d:2d:
                    58:fe:2c:e1:34:e5:02:56:98:6b:b4:dd:bf:e6:1c:
                    0b:7b:94:00:54:f4:f7:7d:bd:09:52:a3:ce:db:4f:
                    76:2c:25:d4:2f:4e:79:4f:cd:df:61:09:95:5c:2f:
                    41:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:5C:B2:E8:0B:E4:3F:54:28:70:8C:6E:9C:86:6E:20:9B:B7:48:1C
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/TVyy6AvkP1QocIxunIZuIJu3SBw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7802:f000::/36

    Signature Algorithm: sha256WithRSAEncryption
         a1:b4:8e:d1:6b:a9:6b:ac:54:7b:99:f4:57:0a:f3:cf:75:d2:
         d7:23:93:08:a8:36:1a:ad:53:93:04:32:a0:04:d0:98:83:83:
         48:77:6f:71:11:e7:05:36:23:d2:d1:67:98:db:67:a5:7b:4d:
         57:58:ec:54:37:ab:a4:88:99:0d:ca:ee:38:d4:69:09:bf:19:
         f2:48:1a:11:95:77:b4:ab:0c:9f:65:88:46:5a:cb:bf:c2:89:
         d3:0e:df:b2:45:d2:4e:0f:41:33:07:72:65:c2:99:1a:96:74:
         7d:78:b0:0a:70:e4:3f:32:ba:0c:1a:36:9b:46:e6:05:eb:19:
         3b:0e:0f:94:4f:4b:bc:7e:04:26:0e:20:8c:75:d1:30:9f:b5:
         fa:20:58:e9:f3:c5:e5:f4:20:c4:cb:b7:b8:37:f1:9f:27:96:
         f4:af:30:3a:da:a3:17:3e:c7:8d:cc:ea:9a:e4:1c:8e:36:fe:
         90:e0:87:c4:b2:32:41:72:86:f8:23:b9:48:8b:12:66:82:49:
         33:ed:6b:dd:b6:3a:52:df:5a:69:23:78:1f:e2:53:9b:a7:92:
         85:32:89:2d:28:59:5c:89:af:30:4d:78:ce:28:90:2c:32:81:
         5b:b4:83:89:62:c0:db:bd:47:db:47:89:c6:21:10:14:eb:72:
         c8:8a:04:0a
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzEJGGPHNOEzkzRWc9OXquqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjQwMTAxMDgyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDVjYjJlODBiZTQzZjU0Mjg3MDhjNmU5Yzg2NmUyMDliYjc0ODFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkA8googoyD9mJZf6t9eRk7SOcnRA
lgEGJWKtxM+fld/Fmp4GzNbeeYfwvSoG8YAYUxLtxwtRMQ3Uo8j5EvwB9fXD7PJO
/lL7rMviYZTQqHrBDyZ+Qt6EgGVA/sezgrCToTeuRfkwn55iOQAXvl9gA1dB2HJE
enhdyxuiKV7CZplydvVuL7mjrQwhWloPQ3zExKTVhj2qhvtj4DOHEYyoo6VALo5k
LUVG+4k8+uOBV1Q7Ki7ybR7rkQ/xkLmctKBJvLBb9gJVyP+8mqdmgjHOLS1Y/izh
NOUCVphrtN2/5hwLe5QAVPT3fb0JUqPO2092LCXUL055T83fYQmVXC9B5wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFE1csugL5D9UKHCMbpyGbiCbt0gcMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvVFZ5eTZBdmtQMVFvY0l4dW5JWnVJSnUzU0J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKg94AvAw
DQYJKoZIhvcNAQELBQADggEBAKG0jtFrqWusVHuZ9FcK88910tcjkwioNhqtU5ME
MqAE0JiDg0h3b3ER5wU2I9LRZ5jbZ6V7TVdY7FQ3q6SImQ3K7jjUaQm/GfJIGhGV
d7SrDJ9liEZay7/CidMO37JF0k4PQTMHcmXCmRqWdH14sApw5D8yugwaNptG5gXr
GTsOD5RPS7x+BCYOIIx10TCftfogWOnzxeX0IMTLt7g38Z8nlvSvMDraoxc+x43M
6prkHI42/pDgh8SyMkFyhvgjuUiLEmaCSTPta922OlLfWmkjeB/iU5unkoUyiS0o
WVyJrzBNeM4okCwygVu0g4liwNu9R9tHicYhEBTrcsiKBAo=
-----END CERTIFICATE-----