Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/VyP27KPblI1bWFxi2D-maMd1pAo.roa
File:                     VyP27KPblI1bWFxi2D-maMd1pAo.roa (raw, json)
Hash identifier:          f5vEtc2JpRlFT0wUa/OxLCjh5jfQHwl/1QeMs+Dhtg4=
Subject key identifier:   57:23:F6:EC:A3:DB:94:8D:5B:58:5C:62:D8:3F:A6:68:C7:75:A4:0A
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       01930C073DD4D719A7EE521436776474E6AA
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/VyP27KPblI1bWFxi2D-maMd1pAo.roa
Signing time:             Fri 08 Nov 2024 13:47:01 +0000
ROA not before:           Fri 08 Nov 2024 13:47:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213903
IP address blocks:        2a0f:7807::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:0c:07:3d:d4:d7:19:a7:ee:52:14:36:77:64:74:e6:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Nov  8 13:47:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5723f6eca3db948d5b585c62d83fa668c775a40a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:f4:1b:26:0d:d9:f8:eb:9d:da:58:b6:11:80:
                    da:df:57:27:d1:be:15:c1:7d:c9:b2:3f:b9:02:29:
                    9d:fc:11:7c:23:09:ce:1b:72:ea:87:b9:ba:70:77:
                    16:25:a0:b8:56:e5:f7:aa:3b:3f:84:12:93:15:5c:
                    dc:9a:52:23:6b:db:02:84:88:47:10:29:ec:bd:76:
                    21:54:38:ea:7a:6b:59:43:3e:f5:01:5f:4e:cc:cf:
                    bd:70:65:83:a6:65:88:25:5a:d2:c7:54:a5:02:c0:
                    25:be:d3:33:0b:b8:9e:22:11:8c:88:bb:3f:ed:fd:
                    89:85:ed:ad:b1:13:a1:c5:ff:60:51:d5:8a:cd:69:
                    94:7d:04:6c:aa:e2:a2:0e:8e:90:85:7b:66:33:80:
                    46:04:4b:ba:5b:87:9e:ce:5b:04:c3:ae:58:51:ef:
                    e8:b7:8e:25:63:fe:a7:b8:e9:31:b2:9e:0a:02:86:
                    8d:30:1c:61:2f:a7:f2:0b:0d:24:df:b8:ef:55:cc:
                    69:8e:57:b7:a7:15:b6:5d:9d:b5:85:f5:08:06:f7:
                    8d:c6:b0:76:47:ea:ce:e8:ac:a9:6b:a6:4f:a9:72:
                    c9:48:22:91:ce:09:a7:b6:06:8d:cb:e6:91:fc:53:
                    5a:31:e3:54:ec:b7:60:6c:fd:55:89:6c:27:69:36:
                    93:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:23:F6:EC:A3:DB:94:8D:5B:58:5C:62:D8:3F:A6:68:C7:75:A4:0A
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/VyP27KPblI1bWFxi2D-maMd1pAo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7807::/32

    Signature Algorithm: sha256WithRSAEncryption
         8a:ee:6f:c9:c7:f3:54:ac:10:2a:f8:6f:9d:50:89:dd:5c:db:
         2c:c4:f2:d6:cc:90:7b:7f:d0:b4:33:1c:6b:c3:a3:3c:fd:31:
         9d:f6:ea:d9:1a:a9:b6:7a:bd:6b:17:cc:8e:d3:c1:4c:97:3d:
         44:2a:0e:ae:e3:99:6d:78:06:d7:f6:c2:6b:ff:7f:15:60:41:
         4a:05:fb:f7:8f:80:35:62:60:a7:e3:2a:4e:fc:76:52:28:12:
         09:75:fb:3e:63:ac:4c:3d:c1:f6:4b:29:fd:c0:80:59:db:78:
         1a:5e:63:0e:68:47:e1:f1:59:e7:c6:8b:d4:33:38:a7:de:70:
         40:f8:5b:81:88:35:43:52:e1:85:f9:93:27:6f:69:92:51:c0:
         ca:89:af:7d:2a:79:3b:62:ea:c5:2a:91:63:aa:22:93:fe:d0:
         9d:92:58:72:6c:5d:1c:5e:4d:26:47:96:d8:50:f7:85:2a:40:
         03:6c:a2:33:b3:85:85:15:b1:5d:82:c1:d7:c5:b3:68:6e:ec:
         f2:79:35:d7:c9:ea:29:8d:9b:0f:80:aa:7f:39:2d:6f:c8:3a:
         50:6b:50:ff:b9:1e:14:66:7e:49:6b:95:ec:cc:98:8e:c1:25:
         13:de:41:f2:75:28:d9:d5:64:fa:8c:9e:d1:0e:75:46:17:3b:
         cd:52:e2:fb
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZMMBz3U1xmn7lIUNndkdOaqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjQxMTA4MTM0NzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzIzZjZlY2EzZGI5NDhkNWI1ODVjNjJkODNmYTY2OGM3NzVhNDBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjfQbJg3Z+Oud2li2EYDa31cn0b4V
wX3Jsj+5Aimd/BF8IwnOG3Lqh7m6cHcWJaC4VuX3qjs/hBKTFVzcmlIja9sChIhH
ECnsvXYhVDjqemtZQz71AV9OzM+9cGWDpmWIJVrSx1SlAsAlvtMzC7ieIhGMiLs/
7f2Jhe2tsROhxf9gUdWKzWmUfQRsquKiDo6QhXtmM4BGBEu6W4eezlsEw65YUe/o
t44lY/6nuOkxsp4KAoaNMBxhL6fyCw0k37jvVcxpjle3pxW2XZ21hfUIBveNxrB2
R+rO6Kypa6ZPqXLJSCKRzgmntgaNy+aR/FNaMeNU7LdgbP1ViWwnaTaTIQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFcj9uyj25SNW1hcYtg/pmjHdaQKMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvVnlQMjdLUGJsSTFiV0Z4aTJELW1hTWQxcEFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg94BzAN
BgkqhkiG9w0BAQsFAAOCAQEAiu5vycfzVKwQKvhvnVCJ3VzbLMTy1syQe3/QtDMc
a8OjPP0xnfbq2Rqptnq9axfMjtPBTJc9RCoOruOZbXgG1/bCa/9/FWBBSgX794+A
NWJgp+MqTvx2UigSCXX7PmOsTD3B9ksp/cCAWdt4Gl5jDmhH4fFZ58aL1DM4p95w
QPhbgYg1Q1LhhfmTJ29pklHAyomvfSp5O2LqxSqRY6oik/7QnZJYcmxdHF5NJkeW
2FD3hSpAA2yiM7OFhRWxXYLB18WzaG7s8nk118nqKY2bD4Cqfzktb8g6UGtQ/7ke
FGZ+SWuV7MyYjsElE95B8nUo2dVk+oye0Q51Rhc7zVLi+w==
-----END CERTIFICATE-----