Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/er3hE85P8bfzLY4Ef-Hp7-NmwHY.roa
File:                     er3hE85P8bfzLY4Ef-Hp7-NmwHY.roa (raw, json)
Hash identifier:          ljz3Xk6z9N+bt7FCTpg9hub7GM6qpYMEzA1t8etifVY=
Subject key identifier:   7A:BD:E1:13:CE:4F:F1:B7:F3:2D:8E:04:7F:E1:E9:EF:E3:66:C0:76
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       018CC42460937A1CD5A5BADA968E11A75F8C
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/er3hE85P8bfzLY4Ef-Hp7-NmwHY.roa
Signing time:             Mon 01 Jan 2024 08:29:27 +0000
ROA not before:           Mon 01 Jan 2024 08:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51087
IP address blocks:        2a0f:7803:ff70::/44 maxlen: 48
                          2a0f:7802:1000::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:60:93:7a:1c:d5:a5:ba:da:96:8e:11:a7:5f:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jan  1 08:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7abde113ce4ff1b7f32d8e047fe1e9efe366c076
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:fc:1d:28:95:9b:e1:2b:9d:52:dd:34:c3:11:
                    82:e7:8b:5b:37:f2:f7:ae:89:27:69:f3:4f:6d:13:
                    ce:3e:7d:bf:3b:be:f5:97:91:ad:7e:80:bc:d5:d0:
                    21:87:f9:2a:24:6e:8d:76:52:4e:dd:e3:72:d5:6f:
                    e8:0f:0f:f7:01:45:a5:4e:62:0a:a9:8b:a0:0f:8a:
                    75:4f:12:b2:a0:7d:c2:47:47:2d:af:b6:35:d2:a1:
                    3d:08:8b:6a:8f:75:83:a3:2a:9d:4f:8c:42:1f:f6:
                    7e:07:a1:04:7d:7d:2c:18:28:51:aa:ea:21:84:0f:
                    4d:01:e6:d5:5e:bf:89:62:94:6d:c7:dc:1d:cc:0d:
                    5e:a1:96:57:8b:a5:f9:de:98:6d:62:19:11:65:a3:
                    3f:44:c6:ae:35:88:46:44:b6:58:61:39:bf:b4:68:
                    2a:67:00:e2:db:69:99:38:40:d6:62:fb:77:14:c0:
                    73:8d:24:d0:a3:79:f9:68:1e:14:07:ab:d9:e2:3f:
                    bb:b7:f5:37:00:c4:4f:35:9e:77:07:52:d3:bd:f8:
                    83:90:0d:bf:ba:85:f5:7b:b2:7d:5f:0d:97:e2:4f:
                    cc:dc:0b:26:38:50:91:9d:f5:ce:ea:0e:64:76:00:
                    22:2c:59:da:42:db:ae:b1:9e:4c:c9:d1:61:0d:e7:
                    d2:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:BD:E1:13:CE:4F:F1:B7:F3:2D:8E:04:7F:E1:E9:EF:E3:66:C0:76
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/er3hE85P8bfzLY4Ef-Hp7-NmwHY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7802:1000::/36
                  2a0f:7803:ff70::/44

    Signature Algorithm: sha256WithRSAEncryption
         5e:5b:30:dd:d4:d4:60:0e:e9:34:a4:47:91:fb:cd:26:12:ad:
         1e:9e:bd:01:4b:7d:05:3c:fa:37:ba:a4:a1:c6:21:ee:66:4a:
         26:5a:02:f7:e5:64:ef:dc:b8:78:cf:be:1c:17:4a:17:49:0a:
         c8:76:44:5d:4a:1b:82:92:76:77:23:de:bd:92:85:b1:2f:55:
         8e:da:32:7e:ee:e8:05:76:e0:63:cd:b5:03:d4:44:da:a1:00:
         69:f0:8c:17:5c:ce:2c:14:14:af:cd:50:54:ff:05:93:c0:40:
         65:94:0b:c4:7c:0a:51:07:4e:c1:09:8f:f5:1e:18:de:06:ba:
         20:4b:14:97:73:62:0e:b5:87:37:bb:8e:73:5c:e6:25:06:20:
         d6:96:bc:62:50:61:ae:55:c0:3e:e9:69:1b:e5:98:8f:63:72:
         0c:47:c9:ba:b6:cd:b9:43:c3:dd:46:f3:a6:52:22:95:c0:37:
         6b:8a:07:bc:d9:3a:ee:5a:6d:04:f6:db:3b:a1:f6:c1:35:99:
         60:5e:4c:23:02:57:e3:38:63:1f:d4:78:76:79:1b:91:e3:a9:
         b7:b4:01:af:84:22:17:46:09:fa:bd:3c:7e:90:e3:d1:f1:e0:
         35:57:05:11:49:8e:9f:0c:09:e8:2f:a5:31:d1:5c:ee:5b:df:
         6d:6f:7e:68
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAYzEJGCTehzVpbralo4Rp1+MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjQwMTAxMDgyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWJkZTExM2NlNGZmMWI3ZjMyZDhlMDQ3ZmUxZTllZmUzNjZjMDc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvvwdKJWb4SudUt00wxGC54tbN/L3
roknafNPbRPOPn2/O771l5GtfoC81dAhh/kqJG6NdlJO3eNy1W/oDw/3AUWlTmIK
qYugD4p1TxKyoH3CR0ctr7Y10qE9CItqj3WDoyqdT4xCH/Z+B6EEfX0sGChRquoh
hA9NAebVXr+JYpRtx9wdzA1eoZZXi6X53phtYhkRZaM/RMauNYhGRLZYYTm/tGgq
ZwDi22mZOEDWYvt3FMBzjSTQo3n5aB4UB6vZ4j+7t/U3AMRPNZ53B1LTvfiDkA2/
uoX1e7J9Xw2X4k/M3AsmOFCRnfXO6g5kdgAiLFnaQtuusZ5MydFhDefSRwIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFHq94RPOT/G38y2OBH/h6e/jZsB2MB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvZXIzaEU4NVA4YmZ6TFk0RWYtSHA3LU5td0hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwYEKg94AhAD
BwQqD3gD/3AwDQYJKoZIhvcNAQELBQADggEBAF5bMN3U1GAO6TSkR5H7zSYSrR6e
vQFLfQU8+je6pKHGIe5mSiZaAvflZO/cuHjPvhwXShdJCsh2RF1KG4KSdncj3r2S
hbEvVY7aMn7u6AV24GPNtQPURNqhAGnwjBdcziwUFK/NUFT/BZPAQGWUC8R8ClEH
TsEJj/UeGN4GuiBLFJdzYg61hze7jnNc5iUGINaWvGJQYa5VwD7paRvlmI9jcgxH
ybq2zblDw91G86ZSIpXAN2uKB7zZOu5abQT22zuh9sE1mWBeTCMCV+M4Yx/UeHZ5
G5Hjqbe0Aa+EIhdGCfq9PH6Q49Hx4DVXBRFJjp8MCegvpTHRXO5b321vfmg=
-----END CERTIFICATE-----