Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/VgiyKfBl9RU-CfUMeQzo4rQftk4.roa
File:                     VgiyKfBl9RU-CfUMeQzo4rQftk4.roa (raw, json)
Hash identifier:          3LVAVUGMJtK07CV72wXCDM20IvBErpyIIHB7J1s++JU=
Subject key identifier:   56:08:B2:29:F0:65:F5:15:3E:09:F5:0C:79:0C:E8:E2:B4:1F:B6:4E
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       01942369F56F5B00BD4763395839E1D83ED8
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/VgiyKfBl9RU-CfUMeQzo4rQftk4.roa
Signing time:             Wed 01 Jan 2025 19:48:54 +0000
ROA not before:           Wed 01 Jan 2025 19:48:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214716
IP address blocks:        2a0f:7803:fa70::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:f5:6f:5b:00:bd:47:63:39:58:39:e1:d8:3e:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jan  1 19:48:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5608b229f065f5153e09f50c790ce8e2b41fb64e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:74:34:b0:3f:dd:2d:79:35:b0:ce:70:eb:43:
                    e6:0a:4d:c7:b7:a8:dd:33:f7:b3:1f:9e:fc:b2:f4:
                    e4:4f:11:8a:a3:61:64:96:f6:53:76:54:77:83:9b:
                    95:cc:a2:3e:52:96:19:dc:33:27:3f:af:82:b9:4e:
                    a8:51:f3:e6:06:2b:f9:d8:0d:2c:f4:18:af:bc:53:
                    b5:b8:b6:49:a4:f0:4a:95:17:ff:fe:84:4a:a9:71:
                    f8:b6:59:03:cd:b8:73:40:df:1a:02:f3:2d:29:e5:
                    59:aa:ee:32:78:99:14:16:3c:6e:5e:8a:5a:44:30:
                    51:2d:8f:7b:11:34:69:f7:6c:bc:6c:0e:64:39:2f:
                    f0:f6:a8:c4:d5:7e:be:76:89:bd:b4:f6:5e:e7:d6:
                    96:59:15:c3:37:f4:7b:a0:45:97:05:4b:1f:6a:0f:
                    d8:b3:32:32:66:f2:a6:b7:ee:de:98:c3:3a:7f:6a:
                    0f:cb:02:1f:bc:9c:e6:90:6e:08:e0:d4:d1:d4:b8:
                    84:b8:df:53:01:77:84:20:ac:8c:15:ba:9e:af:c5:
                    6d:a6:97:f6:22:7f:aa:0d:d2:fc:49:c0:1e:21:45:
                    e7:4d:91:07:2a:31:82:6b:68:03:f1:5b:c5:b2:15:
                    38:2d:ab:c8:5b:60:75:a1:e6:e0:c6:bb:1d:23:86:
                    ff:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:08:B2:29:F0:65:F5:15:3E:09:F5:0C:79:0C:E8:E2:B4:1F:B6:4E
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/VgiyKfBl9RU-CfUMeQzo4rQftk4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7803:fa70::/44

    Signature Algorithm: sha256WithRSAEncryption
         3a:cd:9b:c6:a2:32:34:5c:da:8d:87:19:c0:9b:d8:3e:09:22:
         2e:77:39:e1:c9:53:a9:75:09:ff:f1:6a:5e:3b:a4:7a:10:94:
         bf:f9:62:4e:ac:da:4c:2b:c4:9f:25:17:d8:3b:f7:bc:a6:e6:
         f7:d0:78:bd:b7:30:02:b8:39:02:1d:73:0e:36:10:8e:3d:f7:
         1c:7e:7b:98:70:47:1c:96:86:ff:51:1a:d0:1e:f1:b8:d5:0c:
         b8:7d:f9:65:f5:72:c5:97:b0:27:92:94:dd:c3:d1:a9:d7:e6:
         c0:20:8c:4e:f2:50:21:3a:23:a2:a6:14:24:96:93:af:f6:cf:
         ef:c1:4b:3a:47:1c:e8:ee:dc:f3:70:e0:80:79:fb:01:ed:d1:
         d1:cc:e0:5a:f4:ab:b6:c8:75:aa:f8:05:e1:e2:2e:96:5b:99:
         07:13:e1:34:99:6e:6e:93:ac:b1:a0:90:57:cb:af:77:84:c7:
         c6:38:d8:b7:1e:a0:63:34:64:de:99:4b:73:55:87:5d:2a:1c:
         11:3a:3a:87:be:37:78:af:50:6d:f9:fc:ff:90:99:9e:2d:7a:
         72:cc:a8:dc:14:40:7e:10:0f:6a:dd:fe:b3:66:b5:e1:c0:51:
         12:e9:03:bf:4d:b5:08:04:cf:c4:25:29:47:2e:8f:a5:9b:30:
         d4:6d:46:92
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQjafVvWwC9R2M5WDnh2D7YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjUwMTAxMTk0ODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjA4YjIyOWYwNjVmNTE1M2UwOWY1MGM3OTBjZThlMmI0MWZiNjRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl3Q0sD/dLXk1sM5w60PmCk3Ht6jd
M/ezH578svTkTxGKo2FklvZTdlR3g5uVzKI+UpYZ3DMnP6+CuU6oUfPmBiv52A0s
9BivvFO1uLZJpPBKlRf//oRKqXH4tlkDzbhzQN8aAvMtKeVZqu4yeJkUFjxuXopa
RDBRLY97ETRp92y8bA5kOS/w9qjE1X6+dom9tPZe59aWWRXDN/R7oEWXBUsfag/Y
szIyZvKmt+7emMM6f2oPywIfvJzmkG4I4NTR1LiEuN9TAXeEIKyMFbqer8Vtppf2
In+qDdL8ScAeIUXnTZEHKjGCa2gD8VvFshU4LavIW2B1oebgxrsdI4b/sQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFYIsinwZfUVPgn1DHkM6OK0H7ZOMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvVmdpeUtmQmw5UlUtQ2ZVTWVRem80clFmdGs0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg94A/pw
MA0GCSqGSIb3DQEBCwUAA4IBAQA6zZvGojI0XNqNhxnAm9g+CSIudznhyVOpdQn/
8WpeO6R6EJS/+WJOrNpMK8SfJRfYO/e8pub30Hi9tzACuDkCHXMONhCOPfccfnuY
cEcclob/URrQHvG41Qy4ffll9XLFl7AnkpTdw9Gp1+bAIIxO8lAhOiOiphQklpOv
9s/vwUs6Rxzo7tzzcOCAefsB7dHRzOBa9Ku2yHWq+AXh4i6WW5kHE+E0mW5uk6yx
oJBXy693hMfGONi3HqBjNGTemUtzVYddKhwROjqHvjd4r1Bt+fz/kJmeLXpyzKjc
FEB+EA9q3f6zZrXhwFES6QO/TbUIBM/EJSlHLo+lmzDUbUaS
-----END CERTIFICATE-----