Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/joPC3I-8SN6RQsWe6Yat1S0GsWg.roa
File:                     joPC3I-8SN6RQsWe6Yat1S0GsWg.roa (raw, json)
Hash identifier:          z1gGEZ9+/0FPrYx5wovrdS8IIMCha459IrfoOuAbFDs=
Subject key identifier:   8E:83:C2:DC:8F:BC:48:DE:91:42:C5:9E:E9:86:AD:D5:2D:06:B1:68
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       01900757D2655B0DD8C5D8F65326E304D853
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/joPC3I-8SN6RQsWe6Yat1S0GsWg.roa
Signing time:             Tue 11 Jun 2024 12:48:34 +0000
ROA not before:           Tue 11 Jun 2024 12:48:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215575
IP address blocks:        2a0f:7803:fa90::/44 maxlen: 48
                          2a0f:7803:fb20::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:07:57:d2:65:5b:0d:d8:c5:d8:f6:53:26:e3:04:d8:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jun 11 12:48:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e83c2dc8fbc48de9142c59ee986add52d06b168
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:12:c8:06:c4:0b:48:c9:33:97:f8:a4:cd:34:
                    4c:4d:02:38:dd:92:d2:53:cb:48:5d:fe:1e:26:ec:
                    26:c5:52:39:2b:2e:f6:ba:b7:57:4a:5a:40:86:04:
                    48:ac:ca:ea:cd:75:06:36:65:23:98:21:d6:85:1f:
                    e0:5c:52:4b:9f:2e:cc:00:98:08:ad:94:a4:4b:61:
                    5a:2f:36:3c:75:e6:3f:65:c7:45:b5:18:3f:fc:90:
                    b5:a1:0f:80:ca:18:3b:95:bf:a4:b2:a6:48:c8:af:
                    8f:ed:80:26:55:50:2c:a6:92:ae:69:3c:96:64:d6:
                    1b:5e:a8:83:77:f3:b0:56:02:88:1f:07:67:39:b8:
                    31:75:0f:f2:aa:67:82:24:f8:02:6c:fc:35:25:46:
                    fc:38:98:00:43:ee:77:b5:55:7d:99:76:b4:92:fb:
                    b4:b0:b1:e2:f8:bc:d3:8c:8a:2f:ce:d6:c5:79:35:
                    0b:08:25:c4:88:d0:85:0e:8f:3b:8b:ef:a1:c9:40:
                    95:7f:2a:6f:10:ff:07:7e:9b:5c:19:b2:a2:c6:8e:
                    9d:ef:e0:a5:af:fa:c3:53:2e:c1:67:62:03:a8:0c:
                    b4:90:d0:d8:5b:9d:36:4b:ca:ae:3b:95:d3:bf:25:
                    c4:4c:88:e0:77:6f:de:8e:62:8f:4e:20:19:2e:e8:
                    39:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:83:C2:DC:8F:BC:48:DE:91:42:C5:9E:E9:86:AD:D5:2D:06:B1:68
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/joPC3I-8SN6RQsWe6Yat1S0GsWg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7803:fa90::/44
                  2a0f:7803:fb20::/44

    Signature Algorithm: sha256WithRSAEncryption
         6b:95:55:d1:bd:63:e6:4f:01:4f:9e:86:10:a7:b7:d5:c5:71:
         d9:d7:f3:14:27:59:e0:69:91:48:17:35:4d:1d:c8:37:71:ff:
         82:f0:12:0b:5a:2c:49:0b:97:de:c2:2d:2d:81:89:f7:42:c9:
         1b:44:ad:1b:37:5f:7f:57:fb:65:3e:9c:62:e9:58:64:15:b1:
         b5:30:da:d4:5a:82:ca:60:b7:42:68:db:3c:39:65:87:36:94:
         88:d0:94:cd:24:bf:38:5d:77:2e:5c:79:1a:84:47:d6:2d:cf:
         19:2f:23:8a:14:3a:26:be:35:ec:67:cf:8e:f4:98:d1:f8:27:
         15:ac:92:d3:c6:49:be:07:84:6e:de:9c:4c:98:87:93:89:c4:
         e0:a6:0c:aa:53:f5:f2:aa:76:b1:76:32:e2:e3:7e:26:0c:ef:
         76:39:4c:01:79:90:a4:e4:5e:dc:d1:06:44:6e:08:38:05:0a:
         1d:2b:c1:6c:65:56:10:47:18:e0:62:ab:44:13:e5:0d:cb:79:
         4c:33:b2:d0:30:80:81:50:11:1c:e1:96:8b:bd:a0:de:2a:43:
         0a:58:f7:06:e3:bf:32:41:99:62:2d:9a:9f:de:19:48:fc:d6:
         5a:dc:1d:ae:85:17:f7:d2:4b:a7:19:9c:aa:cf:8b:e5:01:7a:
         4b:33:97:3d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZAHV9JlWw3Yxdj2UybjBNhTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjQwNjExMTI0ODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTgzYzJkYzhmYmM0OGRlOTE0MmM1OWVlOTg2YWRkNTJkMDZiMTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiBLIBsQLSMkzl/ikzTRMTQI43ZLS
U8tIXf4eJuwmxVI5Ky72urdXSlpAhgRIrMrqzXUGNmUjmCHWhR/gXFJLny7MAJgI
rZSkS2FaLzY8deY/ZcdFtRg//JC1oQ+Ayhg7lb+ksqZIyK+P7YAmVVAsppKuaTyW
ZNYbXqiDd/OwVgKIHwdnObgxdQ/yqmeCJPgCbPw1JUb8OJgAQ+53tVV9mXa0kvu0
sLHi+LzTjIovztbFeTULCCXEiNCFDo87i++hyUCVfypvEP8HfptcGbKixo6d7+Cl
r/rDUy7BZ2IDqAy0kNDYW502S8quO5XTvyXETIjgd2/ejmKPTiAZLug5SQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFI6DwtyPvEjekULFnumGrdUtBrFoMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvam9QQzNJLThTTjZSUXNXZTZZYXQxUzBHc1dnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKg94A/qQ
AwcEKg94A/sgMA0GCSqGSIb3DQEBCwUAA4IBAQBrlVXRvWPmTwFPnoYQp7fVxXHZ
1/MUJ1ngaZFIFzVNHcg3cf+C8BILWixJC5fewi0tgYn3QskbRK0bN19/V/tlPpxi
6VhkFbG1MNrUWoLKYLdCaNs8OWWHNpSI0JTNJL84XXcuXHkahEfWLc8ZLyOKFDom
vjXsZ8+O9JjR+CcVrJLTxkm+B4Ru3pxMmIeTicTgpgyqU/XyqnaxdjLi434mDO92
OUwBeZCk5F7c0QZEbgg4BQodK8FsZVYQRxjgYqtEE+UNy3lMM7LQMICBUBEc4ZaL
vaDeKkMKWPcG478yQZliLZqf3hlI/NZa3B2uhRf30kunGZyqz4vlAXpLM5c9
-----END CERTIFICATE-----