Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/aC4-FI8kd6GlMgUF4O_4l8fo0tc.roa
File:                     aC4-FI8kd6GlMgUF4O_4l8fo0tc.roa (raw, json)
Hash identifier:          R8A2hUHqaa8gvbEDe6QQXMIn2VtbiJoYVGi0HMrluP8=
Subject key identifier:   68:2E:3E:14:8F:24:77:A1:A5:32:05:05:E0:EF:F8:97:C7:E8:D2:D7
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       01900CFF478C9DD7BB443453C0DF3E30220F
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/aC4-FI8kd6GlMgUF4O_4l8fo0tc.roa
Signing time:             Wed 12 Jun 2024 15:09:34 +0000
ROA not before:           Wed 12 Jun 2024 15:09:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214716
IP address blocks:        2a0f:7803:fa70::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 08:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:0c:ff:47:8c:9d:d7:bb:44:34:53:c0:df:3e:30:22:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jun 12 15:09:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=682e3e148f2477a1a5320505e0eff897c7e8d2d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:4b:6c:aa:15:1b:cd:e6:56:93:95:c5:ee:82:
                    58:13:2b:b4:38:57:15:c9:28:c3:83:56:f2:f1:1c:
                    6c:c9:ee:c8:eb:f7:f3:7f:fd:e7:03:17:a5:5f:be:
                    6f:6a:41:11:f0:0c:57:6c:4f:36:9d:bb:98:9e:2f:
                    fd:78:d1:45:6b:70:98:74:85:01:62:5b:91:72:56:
                    ef:76:19:38:e1:69:e1:a7:05:7b:74:31:03:44:c5:
                    e2:16:3d:ce:05:63:79:1b:b5:95:d5:d8:bf:27:fd:
                    c8:51:61:c0:f0:5a:de:83:51:41:06:2a:68:cc:f4:
                    ca:e9:88:5a:ac:a8:f6:32:12:34:24:05:7b:d8:ec:
                    75:25:e6:e6:81:15:b1:5a:44:93:01:2f:e3:c5:6b:
                    a8:0d:ff:aa:95:b5:c8:f2:de:d6:ea:0b:37:49:76:
                    f9:54:a5:58:e7:8a:52:91:fc:01:93:cf:0d:01:5f:
                    a8:43:a2:75:a7:f6:50:42:b1:53:cc:39:32:bf:9f:
                    88:70:5d:5f:90:6c:01:74:6a:de:1b:dd:4e:77:2b:
                    97:be:b6:38:59:9a:d0:c4:12:ed:5d:7c:16:4a:66:
                    00:a2:be:c9:3d:be:a6:48:0f:77:e8:e2:8c:55:05:
                    76:80:5d:a6:12:08:4a:05:6e:a5:46:4c:08:5b:03:
                    3b:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:2E:3E:14:8F:24:77:A1:A5:32:05:05:E0:EF:F8:97:C7:E8:D2:D7
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/aC4-FI8kd6GlMgUF4O_4l8fo0tc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7803:fa70::/44

    Signature Algorithm: sha256WithRSAEncryption
         25:f9:92:92:41:5e:a4:31:6c:56:59:c0:e7:91:e0:f9:ed:f5:
         8b:72:9d:11:a2:c4:3c:95:7d:3c:77:45:74:11:10:eb:ef:43:
         cf:93:b0:29:ca:d4:cf:23:d8:f2:30:ab:a7:a5:09:50:6d:21:
         67:a9:a2:68:1b:2a:75:f8:2e:56:c4:a0:51:e8:36:24:85:10:
         0b:85:89:2a:aa:6e:47:41:5f:7b:ad:bf:c0:7a:44:0e:4d:a4:
         54:d4:02:99:87:2d:44:59:c4:d4:2e:26:45:3d:87:e5:54:30:
         f2:ab:7b:b5:7c:13:ce:9e:ce:cf:cd:5e:86:17:5b:57:14:18:
         cf:2a:55:7f:da:ac:1d:0d:2d:28:f2:f9:aa:37:3e:ce:9a:59:
         5d:c2:51:23:21:13:d8:af:89:f2:f4:dc:a4:91:a0:3a:29:a9:
         97:19:ef:0f:a5:8c:b1:e3:af:80:19:ff:68:9f:a0:1e:95:8c:
         fa:9c:4f:54:c5:5a:fc:c4:d5:27:7b:bf:15:69:29:e7:15:cf:
         58:1e:a9:e6:1a:4e:03:af:2a:85:b1:48:78:7a:2e:98:37:9c:
         00:35:49:6b:d2:9b:03:f7:2a:24:23:5f:79:11:65:f9:43:93:
         5d:47:ce:b6:1d:34:00:2f:57:db:71:9f:e7:b1:2d:a1:b1:9b:
         4d:42:4d:2a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZAM/0eMnde7RDRTwN8+MCIPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjQwNjEyMTUwOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODJlM2UxNDhmMjQ3N2ExYTUzMjA1MDVlMGVmZjg5N2M3ZThkMmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7ktsqhUbzeZWk5XF7oJYEyu0OFcV
ySjDg1by8Rxsye7I6/fzf/3nAxelX75vakER8AxXbE82nbuYni/9eNFFa3CYdIUB
YluRclbvdhk44WnhpwV7dDEDRMXiFj3OBWN5G7WV1di/J/3IUWHA8Freg1FBBipo
zPTK6YharKj2MhI0JAV72Ox1JebmgRWxWkSTAS/jxWuoDf+qlbXI8t7W6gs3SXb5
VKVY54pSkfwBk88NAV+oQ6J1p/ZQQrFTzDkyv5+IcF1fkGwBdGreG91OdyuXvrY4
WZrQxBLtXXwWSmYAor7JPb6mSA936OKMVQV2gF2mEghKBW6lRkwIWwM7UQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGguPhSPJHehpTIFBeDv+JfH6NLXMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvYUM0LUZJOGtkNkdsTWdVRjRPXzRsOGZvMHRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg94A/pw
MA0GCSqGSIb3DQEBCwUAA4IBAQAl+ZKSQV6kMWxWWcDnkeD57fWLcp0RosQ8lX08
d0V0ERDr70PPk7ApytTPI9jyMKunpQlQbSFnqaJoGyp1+C5WxKBR6DYkhRALhYkq
qm5HQV97rb/AekQOTaRU1AKZhy1EWcTULiZFPYflVDDyq3u1fBPOns7PzV6GF1tX
FBjPKlV/2qwdDS0o8vmqNz7OmlldwlEjIRPYr4ny9NykkaA6KamXGe8PpYyx46+A
Gf9on6AelYz6nE9UxVr8xNUne78VaSnnFc9YHqnmGk4DryqFsUh4ei6YN5wANUlr
0psD9yokI195EWX5Q5NdR862HTQAL1fbcZ/nsS2hsZtNQk0q
-----END CERTIFICATE-----