Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/fH9dkv_8XfMck0mXlU1Ttl3pG0M.roa
File:                     fH9dkv_8XfMck0mXlU1Ttl3pG0M.roa (raw, json)
Hash identifier:          jgh8i3yx0l5ylsJWKXPIRJm4Dj+NYdJ4euoBrH+i+r4=
Subject key identifier:   7C:7F:5D:92:FF:FC:5D:F3:1C:93:49:97:95:4D:53:B6:5D:E9:1B:43
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       018CC4246400CB0A17F12714E7E0C5D5945F
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/fH9dkv_8XfMck0mXlU1Ttl3pG0M.roa
Signing time:             Mon 01 Jan 2024 08:29:28 +0000
ROA not before:           Mon 01 Jan 2024 08:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198316
IP address blocks:        2a0f:7803:ffe0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 08:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:64:00:cb:0a:17:f1:27:14:e7:e0:c5:d5:94:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jan  1 08:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c7f5d92fffc5df31c934997954d53b65de91b43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:4a:7c:7d:06:e7:08:89:aa:cf:b5:24:11:be:
                    04:3c:d5:96:37:8e:59:3f:eb:b0:d7:85:d8:4a:13:
                    f8:e4:e1:ea:28:25:6b:9e:96:e3:e7:46:7a:1a:50:
                    d5:1b:25:f1:a9:c7:42:ad:52:bb:53:ef:6f:80:75:
                    57:fa:40:00:df:bd:11:92:9e:77:8c:e0:a4:9b:fa:
                    91:ea:df:f4:29:06:77:44:e2:90:eb:42:70:d2:a4:
                    e3:61:cd:f0:60:11:6c:7b:4f:8b:fd:13:1a:26:1e:
                    2b:8f:fc:85:9a:66:f2:23:f8:cd:3f:00:a7:c8:13:
                    73:fc:83:26:bd:8d:25:0d:64:1a:d7:e0:b3:3f:c5:
                    d8:a4:7a:15:f6:3b:54:63:dc:46:0a:24:7d:52:c8:
                    84:2a:53:50:e4:06:fd:3f:54:74:1f:10:cb:d8:ed:
                    2f:c3:c5:68:6e:a5:a8:27:54:c4:39:13:24:0c:f4:
                    ed:64:0a:04:44:14:be:aa:46:e5:08:32:76:c6:77:
                    88:a3:2b:1d:ec:b4:d7:e5:84:c4:52:2a:45:51:f0:
                    97:a6:fa:41:df:9c:f7:df:5e:e9:2e:ad:e0:58:e3:
                    a6:0d:b7:95:6b:16:a1:3a:44:cb:4f:42:10:3c:b7:
                    63:b2:0f:7d:2a:da:38:dc:6c:e3:7d:f4:49:1b:c2:
                    48:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:7F:5D:92:FF:FC:5D:F3:1C:93:49:97:95:4D:53:B6:5D:E9:1B:43
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/fH9dkv_8XfMck0mXlU1Ttl3pG0M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7803:ffe0::/44

    Signature Algorithm: sha256WithRSAEncryption
         a3:ad:7e:b4:6a:1b:41:88:80:29:52:25:11:7a:5e:9a:3d:a6:
         ab:21:22:71:bd:e7:ce:b9:84:a6:c2:a9:1e:ac:e9:5c:f1:7e:
         e0:fb:03:b9:ab:72:25:23:ba:1f:b5:52:e7:73:86:77:9f:7c:
         30:07:e5:69:9d:c9:0d:3b:ce:8b:6e:78:f1:a4:df:8e:de:04:
         67:86:56:bc:1a:bc:b3:36:1e:2d:af:26:84:1e:df:90:c5:4a:
         0d:69:a1:46:b6:09:6a:0e:d6:96:f9:47:16:bb:a6:77:dd:e6:
         08:35:e8:c3:b5:dd:10:13:d1:2f:a2:db:12:d3:49:48:50:0f:
         06:a0:4f:d1:03:8d:b7:d6:9a:71:3a:84:9f:47:72:dd:0f:3c:
         bd:8e:d7:54:52:fb:9d:7b:fa:71:d0:b4:8f:82:84:ca:8f:36:
         33:6b:65:83:13:8e:c3:25:36:57:cc:25:e4:a8:29:02:b2:04:
         29:99:f9:87:fb:74:cc:40:0d:8f:21:0f:05:9f:9e:96:50:03:
         87:08:f4:b1:13:1b:ae:70:df:c2:1d:13:f2:f9:79:92:0e:46:
         ba:34:50:16:e8:1a:64:57:38:e4:92:1f:11:4c:d1:cc:f8:06:
         58:b0:a1:06:7b:da:9f:90:7d:d3:2e:9c:8e:17:a0:b2:44:33:
         83:c5:47:ec
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJGQAywoX8ScU5+DF1ZRfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjQwMTAxMDgyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzdmNWQ5MmZmZmM1ZGYzMWM5MzQ5OTc5NTRkNTNiNjVkZTkxYjQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlEp8fQbnCImqz7UkEb4EPNWWN45Z
P+uw14XYShP45OHqKCVrnpbj50Z6GlDVGyXxqcdCrVK7U+9vgHVX+kAA370Rkp53
jOCkm/qR6t/0KQZ3ROKQ60Jw0qTjYc3wYBFse0+L/RMaJh4rj/yFmmbyI/jNPwCn
yBNz/IMmvY0lDWQa1+CzP8XYpHoV9jtUY9xGCiR9UsiEKlNQ5Ab9P1R0HxDL2O0v
w8VobqWoJ1TEORMkDPTtZAoERBS+qkblCDJ2xneIoysd7LTX5YTEUipFUfCXpvpB
35z3317pLq3gWOOmDbeVaxahOkTLT0IQPLdjsg99Kto43GzjffRJG8JIKwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHx/XZL//F3zHJNJl5VNU7Zd6RtDMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvZkg5ZGt2XzhYZk1jazBtWGxVMVR0bDNwRzBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg94A//g
MA0GCSqGSIb3DQEBCwUAA4IBAQCjrX60ahtBiIApUiURel6aPaarISJxvefOuYSm
wqkerOlc8X7g+wO5q3IlI7oftVLnc4Z3n3wwB+VpnckNO86LbnjxpN+O3gRnhla8
GryzNh4tryaEHt+QxUoNaaFGtglqDtaW+UcWu6Z33eYINejDtd0QE9EvotsS00lI
UA8GoE/RA4231ppxOoSfR3LdDzy9jtdUUvude/px0LSPgoTKjzYza2WDE47DJTZX
zCXkqCkCsgQpmfmH+3TMQA2PIQ8Fn56WUAOHCPSxExuucN/CHRPy+XmSDka6NFAW
6BpkVzjkkh8RTNHM+AZYsKEGe9qfkH3TLpyOF6CyRDODxUfs
-----END CERTIFICATE-----