Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/Xrrc4Fnv3BvKS2wB6ZY7U68ku9Y.roa
File:                     Xrrc4Fnv3BvKS2wB6ZY7U68ku9Y.roa (raw, json)
Hash identifier:          LCh55UOXYjq1VL/9vEST1JO3KJbNO8N7yYnzELU7Ck8=
Subject key identifier:   5E:BA:DC:E0:59:EF:DC:1B:CA:4B:6C:01:E9:96:3B:53:AF:24:BB:D6
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       01942369F36836D1A2712E4CE576EBEBD49E
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/Xrrc4Fnv3BvKS2wB6ZY7U68ku9Y.roa
Signing time:             Wed 01 Jan 2025 19:48:53 +0000
ROA not before:           Wed 01 Jan 2025 19:48:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214711
IP address blocks:        2a0f:7803:fa30::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:f3:68:36:d1:a2:71:2e:4c:e5:76:eb:eb:d4:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jan  1 19:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5ebadce059efdc1bca4b6c01e9963b53af24bbd6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:6f:e1:3f:69:02:c4:ba:11:6c:5c:f9:f9:59:
                    0a:98:40:fc:83:a3:e7:51:bd:66:01:55:a1:47:35:
                    54:c8:58:bb:7e:5f:82:43:cc:38:a1:31:30:f6:1d:
                    06:47:dd:87:16:fe:fe:01:8c:64:03:fe:3d:8a:e6:
                    06:ce:b8:12:4d:fc:27:c1:84:13:99:56:18:60:11:
                    69:d0:2e:f7:b4:f1:0f:4a:e6:87:f5:39:6a:72:44:
                    f0:ae:83:f3:bd:5b:71:73:c4:dc:34:7c:24:25:49:
                    b4:03:65:3f:1e:42:45:32:16:4b:db:a6:d0:e3:e3:
                    b1:7d:0c:10:c6:45:a6:cc:00:c3:fa:c0:15:16:34:
                    39:10:d6:20:bc:5b:f2:aa:34:8f:54:13:fe:67:56:
                    1f:c3:a3:81:4c:59:99:28:62:88:a0:1a:10:09:40:
                    9c:33:44:23:22:86:ff:38:be:75:fb:9b:2e:ea:5e:
                    c6:f4:62:1c:b5:5c:4c:d4:70:9f:93:58:e7:2a:6e:
                    f5:4c:fa:80:13:4d:27:30:27:d1:04:dc:9d:cd:c3:
                    2d:c7:a1:ce:7b:75:10:af:49:64:e8:0b:80:42:83:
                    8b:0a:7e:de:da:5f:02:3b:09:ee:d4:b8:d6:13:48:
                    f4:46:72:6e:f8:4b:d8:33:f1:a3:73:70:b9:00:e4:
                    da:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:BA:DC:E0:59:EF:DC:1B:CA:4B:6C:01:E9:96:3B:53:AF:24:BB:D6
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/Xrrc4Fnv3BvKS2wB6ZY7U68ku9Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7803:fa30::/44

    Signature Algorithm: sha256WithRSAEncryption
         12:2d:90:49:09:09:35:08:75:00:95:6e:73:3a:9b:83:c5:45:
         39:ee:0d:47:97:41:a1:5d:11:c5:e3:8d:1b:b2:5b:49:de:07:
         49:64:79:db:a9:ba:c3:46:c6:89:f1:e0:a5:72:d5:53:8f:42:
         e4:70:ca:95:2f:84:83:fb:2e:45:15:e7:ca:58:38:00:ba:c3:
         73:7e:ac:66:a3:c0:60:3b:8b:92:82:eb:95:2c:65:ab:7a:be:
         c0:a0:86:13:e3:4a:af:03:dd:fb:79:91:a5:d3:6e:cd:26:d6:
         97:e3:c3:8d:81:04:84:2d:a0:dc:bc:e5:07:3f:6f:6d:a4:f0:
         3a:fc:1d:51:7b:99:26:6d:3f:e9:af:40:20:1f:36:2a:6f:b2:
         a3:a9:bb:06:4a:11:0d:07:9d:ea:6d:d8:dc:bb:60:ab:b6:f8:
         ec:21:82:a1:48:39:41:43:49:74:d8:c2:63:11:40:e2:bf:02:
         4c:4c:4c:d8:85:ba:a0:e8:77:79:78:51:db:f5:40:bc:b6:07:
         cd:ce:a5:ba:18:5a:f8:62:5c:e3:0e:0b:df:c0:21:eb:b7:98:
         8b:03:b1:6f:4f:df:e6:45:9e:1b:4b:e1:2c:73:26:ae:b1:4f:
         71:74:05:4d:02:5b:4f:ff:eb:c0:de:5d:9c:86:b5:10:57:44:
         b9:63:e8:d9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQjafNoNtGicS5M5Xbr69SeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjUwMTAxMTk0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWJhZGNlMDU5ZWZkYzFiY2E0YjZjMDFlOTk2M2I1M2FmMjRiYmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqW/hP2kCxLoRbFz5+VkKmED8g6Pn
Ub1mAVWhRzVUyFi7fl+CQ8w4oTEw9h0GR92HFv7+AYxkA/49iuYGzrgSTfwnwYQT
mVYYYBFp0C73tPEPSuaH9TlqckTwroPzvVtxc8TcNHwkJUm0A2U/HkJFMhZL26bQ
4+OxfQwQxkWmzADD+sAVFjQ5ENYgvFvyqjSPVBP+Z1Yfw6OBTFmZKGKIoBoQCUCc
M0QjIob/OL51+5su6l7G9GIctVxM1HCfk1jnKm71TPqAE00nMCfRBNydzcMtx6HO
e3UQr0lk6AuAQoOLCn7e2l8COwnu1LjWE0j0RnJu+EvYM/Gjc3C5AOTaWwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFF663OBZ79wbyktsAemWO1OvJLvWMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvWHJyYzRGbnYzQnZLUzJ3QjZaWTdVNjhrdTlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg94A/ow
MA0GCSqGSIb3DQEBCwUAA4IBAQASLZBJCQk1CHUAlW5zOpuDxUU57g1Hl0GhXRHF
440bsltJ3gdJZHnbqbrDRsaJ8eClctVTj0LkcMqVL4SD+y5FFefKWDgAusNzfqxm
o8BgO4uSguuVLGWrer7AoIYT40qvA937eZGl027NJtaX48ONgQSELaDcvOUHP29t
pPA6/B1Re5kmbT/pr0AgHzYqb7KjqbsGShENB53qbdjcu2CrtvjsIYKhSDlBQ0l0
2MJjEUDivwJMTEzYhbqg6Hd5eFHb9UC8tgfNzqW6GFr4YlzjDgvfwCHrt5iLA7Fv
T9/mRZ4bS+EscyausU9xdAVNAltP/+vA3l2chrUQV0S5Y+jZ
-----END CERTIFICATE-----