Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/e79HhdxL-HNXY413RCHJjDOusgQ.roa
File:                     e79HhdxL-HNXY413RCHJjDOusgQ.roa (raw, json)
Hash identifier:          YyXd9qCskrVyikY9KAxhYoiMTyWW/mwHcHoBS8ET1SI=
Subject key identifier:   7B:BF:47:85:DC:4B:F8:73:57:63:8D:77:44:21:C9:8C:33:AE:B2:04
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       0190777F6FF6ABD441C122AF87BDB512E130
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/e79HhdxL-HNXY413RCHJjDOusgQ.roa
Signing time:             Wed 03 Jul 2024 07:29:18 +0000
ROA not before:           Wed 03 Jul 2024 07:29:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199436
IP address blocks:        2a0f:7802:e000::/40 maxlen: 48
                          2a0f:7802:e100::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:77:7f:6f:f6:ab:d4:41:c1:22:af:87:bd:b5:12:e1:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jul  3 07:29:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7bbf4785dc4bf87357638d774421c98c33aeb204
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:41:9e:67:a8:37:0c:41:b2:93:b5:1e:98:f3:
                    3d:0c:f5:7d:3c:f8:48:3f:47:2b:48:d7:09:f8:e3:
                    11:df:6e:a5:81:b3:6d:4a:98:99:75:fd:b0:d9:32:
                    7e:a0:50:f5:bf:12:4b:ee:b1:76:b7:ea:a3:fb:3f:
                    66:df:78:44:10:64:82:4c:fd:01:a2:c3:de:8c:4e:
                    49:56:bb:d0:82:09:6f:f8:0a:9b:ab:e6:27:6d:25:
                    3f:d6:45:b7:b2:e0:33:b9:70:8d:6b:13:f7:e3:2d:
                    96:63:9a:1c:57:b0:82:90:b3:f8:df:6e:e8:d6:aa:
                    8f:ac:72:be:ab:e2:08:d5:50:4d:20:84:54:2c:1e:
                    9b:2c:c3:4c:e1:3d:ff:84:80:5c:96:85:86:ab:23:
                    45:4c:45:bf:c4:cb:32:19:86:61:09:8e:55:ad:57:
                    e1:6a:b4:74:20:c7:19:54:6e:6a:7d:f9:ca:8a:41:
                    be:78:7e:c0:ff:ef:df:5f:bc:a6:89:3f:01:89:46:
                    ab:66:a9:4b:e8:98:0c:15:10:9d:83:87:26:53:ed:
                    41:a4:77:19:6f:e7:61:66:fc:20:44:d2:bf:33:c5:
                    0a:ca:ce:07:d1:7c:8d:2d:0a:75:f5:9d:06:e9:8a:
                    b3:b2:ab:b3:d6:20:0f:5c:24:5c:97:00:f3:97:29:
                    28:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:BF:47:85:DC:4B:F8:73:57:63:8D:77:44:21:C9:8C:33:AE:B2:04
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/e79HhdxL-HNXY413RCHJjDOusgQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7802:e000::/39

    Signature Algorithm: sha256WithRSAEncryption
         9a:ac:b2:dc:27:c0:94:df:53:7a:bd:3c:c7:99:06:b5:25:e3:
         09:f1:0b:88:82:24:85:06:6b:67:65:ae:52:8e:57:c5:b5:47:
         82:43:7c:77:9f:b5:2d:0f:31:64:2b:83:ce:e0:de:19:15:f2:
         39:15:3d:3f:1f:8b:f0:95:26:a9:02:08:89:23:fd:78:f0:9a:
         67:21:8a:60:11:74:70:97:de:17:cd:d4:f9:94:ff:88:71:49:
         3e:6f:aa:d0:26:23:db:f6:ad:cc:e6:7a:07:9c:f9:1a:5d:d9:
         ae:c6:2d:68:05:92:27:25:c5:3f:c1:1a:f0:4a:21:86:24:47:
         91:cf:76:68:b8:c7:87:59:72:41:18:a4:88:f8:a5:2f:a1:46:
         f7:8c:cc:e6:24:c6:dc:b7:da:66:f1:02:ca:43:1d:d5:cf:a5:
         e1:9d:95:69:a4:f7:82:0f:9b:ca:95:ca:19:82:f0:bb:5f:9a:
         e0:3e:73:5c:aa:9d:80:68:99:b9:82:1c:d5:f0:98:91:77:e1:
         c1:00:69:3a:f6:27:f8:aa:5f:61:6e:c4:ff:e9:e2:f0:52:08:
         3e:50:83:44:c2:97:17:cf:fa:40:d8:65:8b:66:56:8d:dc:37:
         f2:ff:52:d9:88:9c:51:56:1d:55:a4:8c:1f:e8:e5:52:39:b0:
         83:93:7c:c5
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZB3f2/2q9RBwSKvh721EuEwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjQwNzAzMDcyOTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmJmNDc4NWRjNGJmODczNTc2MzhkNzc0NDIxYzk4YzMzYWViMjA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj0GeZ6g3DEGyk7UemPM9DPV9PPhI
P0crSNcJ+OMR326lgbNtSpiZdf2w2TJ+oFD1vxJL7rF2t+qj+z9m33hEEGSCTP0B
osPejE5JVrvQgglv+Aqbq+YnbSU/1kW3suAzuXCNaxP34y2WY5ocV7CCkLP4327o
1qqPrHK+q+II1VBNIIRULB6bLMNM4T3/hIBcloWGqyNFTEW/xMsyGYZhCY5VrVfh
arR0IMcZVG5qffnKikG+eH7A/+/fX7ymiT8BiUarZqlL6JgMFRCdg4cmU+1BpHcZ
b+dhZvwgRNK/M8UKys4H0XyNLQp19Z0G6Yqzsquz1iAPXCRclwDzlykoWwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFHu/R4XcS/hzV2ONd0QhyYwzrrIEMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvZTc5SGhkeEwtSE5YWTQxM1JDSEpqRE91c2dRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYBKg94AuAw
DQYJKoZIhvcNAQELBQADggEBAJqsstwnwJTfU3q9PMeZBrUl4wnxC4iCJIUGa2dl
rlKOV8W1R4JDfHeftS0PMWQrg87g3hkV8jkVPT8fi/CVJqkCCIkj/XjwmmchimAR
dHCX3hfN1PmU/4hxST5vqtAmI9v2rczmegec+Rpd2a7GLWgFkiclxT/BGvBKIYYk
R5HPdmi4x4dZckEYpIj4pS+hRveMzOYkxty32mbxAspDHdXPpeGdlWmk94IPm8qV
yhmC8LtfmuA+c1yqnYBombmCHNXwmJF34cEAaTr2J/iqX2FuxP/p4vBSCD5Qg0TC
lxfP+kDYZYtmVo3cN/L/UtmInFFWHVWkjB/o5VI5sIOTfMU=
-----END CERTIFICATE-----