Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/XeDN-vkxzoaPiS9301U_HRV9nCQ.roa
File:                     XeDN-vkxzoaPiS9301U_HRV9nCQ.roa (raw, json)
Hash identifier:          sV97A3byvJpoRJo/PmtdCcKZT/uItyeVbQvlKZo8/OA=
Subject key identifier:   5D:E0:CD:FA:F9:31:CE:86:8F:89:2F:77:D3:55:3F:1D:15:7D:9C:24
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       01942369FC5F74597F705757A89DCA9E3BE6
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/XeDN-vkxzoaPiS9301U_HRV9nCQ.roa
Signing time:             Wed 01 Jan 2025 19:48:55 +0000
ROA not before:           Wed 01 Jan 2025 19:48:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215750
IP address blocks:        2a0f:7803:e300::/40 maxlen: 48
                          2a0f:7803:fe40::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:fc:5f:74:59:7f:70:57:57:a8:9d:ca:9e:3b:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jan  1 19:48:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5de0cdfaf931ce868f892f77d3553f1d157d9c24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:9e:85:59:38:83:44:d4:1c:91:4d:18:db:08:
                    8c:3e:28:0d:c9:f3:09:d6:b2:84:79:46:d9:a4:c1:
                    50:d2:10:00:d3:3b:9d:63:55:c4:34:68:f4:27:be:
                    80:51:ef:72:02:68:ed:08:5a:38:f9:82:3a:ef:50:
                    2c:58:08:0f:3d:88:72:b8:4a:b7:f3:4c:66:b1:ba:
                    9e:3a:79:70:0a:9f:e5:30:04:e1:93:31:8c:a9:40:
                    e2:57:11:5c:f7:3a:f7:ab:73:76:9a:9c:b9:06:4b:
                    2f:ba:49:6d:a0:56:2c:21:f2:32:d6:47:70:ce:37:
                    ac:95:5e:12:40:fc:3d:bd:87:09:a0:e1:d3:a5:a1:
                    b2:db:71:41:e4:4b:78:8f:d7:c4:9e:6e:17:e5:05:
                    82:75:88:43:3f:34:d4:ab:84:31:86:b3:18:39:a6:
                    77:b1:ec:15:88:00:b4:9b:68:70:c8:b7:40:c1:2e:
                    27:a0:77:58:77:32:de:e9:0d:c1:fc:91:3a:85:f9:
                    39:87:a1:72:43:29:22:36:9d:9d:23:c0:4b:49:de:
                    d0:8b:a2:9d:b6:ac:42:e7:65:bf:44:b1:85:7a:a8:
                    27:91:81:6f:51:06:f7:d5:45:09:6f:77:3a:1f:5a:
                    52:b8:e4:f5:57:8f:3d:53:c4:e2:c1:70:9c:0a:d2:
                    34:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:E0:CD:FA:F9:31:CE:86:8F:89:2F:77:D3:55:3F:1D:15:7D:9C:24
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/XeDN-vkxzoaPiS9301U_HRV9nCQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7803:e300::/40
                  2a0f:7803:fe40::/44

    Signature Algorithm: sha256WithRSAEncryption
         7e:c5:07:90:da:3a:b7:92:24:1a:93:41:a3:7c:6b:1c:b5:af:
         f1:44:b4:3b:42:7c:67:8d:b6:18:88:c7:19:da:75:5d:1a:6b:
         ca:04:4a:fe:86:69:91:a3:ae:cb:3f:04:de:14:d5:82:b4:0a:
         f4:74:65:48:4f:4e:82:11:5b:14:50:91:50:2c:80:70:46:e3:
         57:06:c0:85:e0:0a:74:91:81:49:d1:1f:e0:15:ce:fd:0f:2f:
         bc:0e:f9:d0:65:8e:1d:fc:a9:a2:b0:1c:0e:cc:7b:41:c4:43:
         f9:52:d0:a1:9c:b0:0e:75:8a:d8:eb:71:ad:f3:2f:44:92:37:
         24:25:e6:c9:84:db:86:8e:a5:53:1d:0e:7b:95:9d:7b:5f:1d:
         92:e9:5a:38:3b:03:75:44:e7:d3:de:a7:f5:98:9a:97:e2:08:
         1b:f3:31:6b:0a:c6:14:b3:62:77:7d:db:d8:ba:2f:91:c4:1c:
         ef:87:f2:34:67:cb:a3:1a:44:89:9f:51:6a:97:b9:46:8b:98:
         f6:c9:4b:41:7e:c6:fc:39:21:95:e7:7b:a5:89:35:ae:bf:71:
         cf:bd:48:13:14:68:34:ad:e7:06:0e:0a:7f:65:63:75:08:a3:
         a7:e7:29:15:73:9e:69:0b:7c:d4:14:46:19:b6:2f:c5:3e:7b:
         34:be:16:fb
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAZQjafxfdFl/cFdXqJ3KnjvmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjUwMTAxMTk0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGUwY2RmYWY5MzFjZTg2OGY4OTJmNzdkMzU1M2YxZDE1N2Q5YzI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkp6FWTiDRNQckU0Y2wiMPigNyfMJ
1rKEeUbZpMFQ0hAA0zudY1XENGj0J76AUe9yAmjtCFo4+YI671AsWAgPPYhyuEq3
80xmsbqeOnlwCp/lMAThkzGMqUDiVxFc9zr3q3N2mpy5BksvukltoFYsIfIy1kdw
zjeslV4SQPw9vYcJoOHTpaGy23FB5Et4j9fEnm4X5QWCdYhDPzTUq4QxhrMYOaZ3
sewViAC0m2hwyLdAwS4noHdYdzLe6Q3B/JE6hfk5h6FyQykiNp2dI8BLSd7Qi6Kd
tqxC52W/RLGFeqgnkYFvUQb31UUJb3c6H1pSuOT1V489U8TiwXCcCtI0wwIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFF3gzfr5Mc6Gj4kvd9NVPx0VfZwkMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvWGVETi12a3h6b2FQaVM5MzAxVV9IUlY5bkNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwYAKg94A+MD
BwQqD3gD/kAwDQYJKoZIhvcNAQELBQADggEBAH7FB5DaOreSJBqTQaN8axy1r/FE
tDtCfGeNthiIxxnadV0aa8oESv6GaZGjrss/BN4U1YK0CvR0ZUhPToIRWxRQkVAs
gHBG41cGwIXgCnSRgUnRH+AVzv0PL7wO+dBljh38qaKwHA7Me0HEQ/lS0KGcsA51
itjrca3zL0SSNyQl5smE24aOpVMdDnuVnXtfHZLpWjg7A3VE59Pep/WYmpfiCBvz
MWsKxhSzYnd929i6L5HEHO+H8jRny6MaRImfUWqXuUaLmPbJS0F+xvw5IZXne6WJ
Na6/cc+9SBMUaDSt5wYOCn9lY3UIo6fnKRVznmkLfNQURhm2L8U+ezS+Fvs=
-----END CERTIFICATE-----