Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/dOxXJVjRxZouiKvEZLmfiZWLwFs.roa
File:                     dOxXJVjRxZouiKvEZLmfiZWLwFs.roa (raw, json)
Hash identifier:          NeYBSDSUF6CDppwLjJvE4k6uCtG+7GJuYWaWRKYAQk0=
Subject key identifier:   74:EC:57:25:58:D1:C5:9A:2E:88:AB:C4:64:B9:9F:89:95:8B:C0:5B
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       018E339017DBC00776805F1128A2A3FE136F
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/dOxXJVjRxZouiKvEZLmfiZWLwFs.roa
Signing time:             Tue 12 Mar 2024 16:47:45 +0000
ROA not before:           Tue 12 Mar 2024 16:47:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215543
IP address blocks:        2a0f:7803:fb30::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:33:90:17:db:c0:07:76:80:5f:11:28:a2:a3:fe:13:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Mar 12 16:47:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=74ec572558d1c59a2e88abc464b99f89958bc05b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:3c:d2:e6:57:11:17:de:8c:0d:ee:29:66:98:
                    86:02:19:96:d8:63:90:9c:60:47:50:5c:d0:56:c8:
                    c4:8e:65:d7:bb:aa:b4:cd:5a:e8:e8:f9:06:67:c2:
                    79:b1:d2:b7:f3:d3:a3:a8:48:a8:cb:89:b6:5a:c1:
                    38:25:4f:4a:40:7b:d2:e2:d5:6c:58:e5:ff:da:9e:
                    9f:24:64:ef:d7:14:02:e7:3c:72:6d:cd:42:a4:07:
                    7f:5a:4c:80:94:b3:26:3a:19:6d:af:eb:bb:0a:8b:
                    5e:fd:26:b2:e8:27:ce:a3:c6:23:a6:0d:e4:01:db:
                    2d:0e:2a:04:3d:0d:b1:80:c4:e5:de:47:93:1d:43:
                    3b:c4:dd:38:51:24:65:e4:d5:a9:7f:9b:d5:ec:c9:
                    3f:3b:a0:55:52:e0:40:63:b9:52:85:ae:4a:9f:88:
                    24:51:30:0c:4d:10:7f:4f:f3:33:87:ee:5b:06:74:
                    2e:f1:d2:ef:0c:03:99:6c:23:87:da:05:db:e2:bd:
                    36:6c:87:93:d0:8e:70:97:14:c6:91:e4:28:62:6e:
                    fe:66:b3:8c:58:f4:96:92:89:0c:d6:1d:eb:0d:a2:
                    37:e5:47:56:56:d5:11:7e:23:9c:58:9f:03:54:3f:
                    00:2b:6f:40:5c:ac:72:9f:5b:f2:8d:dc:bc:eb:6a:
                    c5:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:EC:57:25:58:D1:C5:9A:2E:88:AB:C4:64:B9:9F:89:95:8B:C0:5B
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/dOxXJVjRxZouiKvEZLmfiZWLwFs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7803:fb30::/44

    Signature Algorithm: sha256WithRSAEncryption
         b5:1d:50:85:34:79:df:0a:e6:0c:9c:f4:f1:23:19:fc:a6:5e:
         ae:a2:ac:d9:f7:ba:b2:df:5a:32:82:57:11:94:f2:69:80:fe:
         bd:05:d4:90:e8:45:e7:f6:31:86:2d:9b:b5:0b:6b:e2:86:bd:
         fb:b8:b7:a3:5f:9e:6d:34:57:61:df:ce:33:b0:de:98:ee:99:
         69:24:02:d6:3a:88:1f:17:50:0a:71:0f:67:ed:06:17:e8:5c:
         db:2f:08:ab:e4:2b:48:a5:75:05:ec:47:88:55:f1:25:8d:55:
         38:ef:30:0b:e0:d5:05:3c:c8:cd:23:85:15:a8:f5:4c:17:9b:
         35:44:94:d7:6a:bc:4e:31:29:51:10:48:47:cd:1d:49:0c:44:
         9c:55:1f:28:14:7b:7f:2a:dd:2e:ca:2a:62:16:fb:1c:6a:fa:
         bf:b1:65:cb:19:0e:a4:5f:67:cd:6c:b2:c1:2c:7a:3e:50:90:
         04:59:90:f9:a6:71:b9:03:32:9b:40:d7:7c:83:7f:13:13:d7:
         79:2e:83:a0:9b:4b:8f:a6:d6:d8:17:22:f9:49:c0:e9:f8:a8:
         d9:7d:26:60:17:b4:24:27:a2:e8:a3:e2:22:a6:1b:56:6a:ec:
         2a:1d:93:e4:73:4a:3c:84:fd:32:3d:ce:f7:88:f2:cd:36:81:
         33:d9:8e:d5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY4zkBfbwAd2gF8RKKKj/hNvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjQwMzEyMTY0NzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGVjNTcyNTU4ZDFjNTlhMmU4OGFiYzQ2NGI5OWY4OTk1OGJjMDViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvTzS5lcRF96MDe4pZpiGAhmW2GOQ
nGBHUFzQVsjEjmXXu6q0zVro6PkGZ8J5sdK389OjqEioy4m2WsE4JU9KQHvS4tVs
WOX/2p6fJGTv1xQC5zxybc1CpAd/WkyAlLMmOhltr+u7Cote/Say6CfOo8Yjpg3k
AdstDioEPQ2xgMTl3keTHUM7xN04USRl5NWpf5vV7Mk/O6BVUuBAY7lSha5Kn4gk
UTAMTRB/T/Mzh+5bBnQu8dLvDAOZbCOH2gXb4r02bIeT0I5wlxTGkeQoYm7+ZrOM
WPSWkokM1h3rDaI35UdWVtURfiOcWJ8DVD8AK29AXKxyn1vyjdy862rF7QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHTsVyVY0cWaLoirxGS5n4mVi8BbMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvZE94WEpWalJ4Wm91aUt2RVpMbWZpWldMd0ZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg94A/sw
MA0GCSqGSIb3DQEBCwUAA4IBAQC1HVCFNHnfCuYMnPTxIxn8pl6uoqzZ97qy31oy
glcRlPJpgP69BdSQ6EXn9jGGLZu1C2vihr37uLejX55tNFdh384zsN6Y7plpJALW
OogfF1AKcQ9n7QYX6FzbLwir5CtIpXUF7EeIVfEljVU47zAL4NUFPMjNI4UVqPVM
F5s1RJTXarxOMSlREEhHzR1JDEScVR8oFHt/Kt0uyipiFvscavq/sWXLGQ6kX2fN
bLLBLHo+UJAEWZD5pnG5AzKbQNd8g38TE9d5LoOgm0uPptbYFyL5ScDp+KjZfSZg
F7QkJ6Loo+IiphtWauwqHZPkc0o8hP0yPc73iPLNNoEz2Y7V
-----END CERTIFICATE-----