Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/lQxYrNc3yphH6LhsnKfvf4qPTi8.roa
File:                     lQxYrNc3yphH6LhsnKfvf4qPTi8.roa (raw, json)
Hash identifier:          la+OeyAVV7cirGYHqRiznLqPkVW2keF2e1f7O4yIdHI=
Subject key identifier:   95:0C:58:AC:D7:37:CA:98:47:E8:B8:6C:9C:A7:EF:7F:8A:8F:4E:2F
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       018D87E2AB54944D47D45B9C66930B813412
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/lQxYrNc3yphH6LhsnKfvf4qPTi8.roa
Signing time:             Thu 08 Feb 2024 08:43:15 +0000
ROA not before:           Thu 08 Feb 2024 08:43:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198100
IP address blocks:        2a0f:7803:ffb1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:87:e2:ab:54:94:4d:47:d4:5b:9c:66:93:0b:81:34:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Feb  8 08:43:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=950c58acd737ca9847e8b86c9ca7ef7f8a8f4e2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:4e:fe:09:fb:57:a0:8d:e8:b9:e4:f2:6d:aa:
                    37:5c:e5:8a:32:cf:9e:5f:4d:ba:90:a4:4c:20:c6:
                    cc:03:eb:60:87:83:f5:62:af:6e:59:9e:75:6a:c0:
                    7e:1b:86:54:f2:61:8d:27:2e:6a:bf:22:d9:73:6d:
                    5f:3d:ed:52:3c:20:97:97:db:8d:7f:26:27:99:d5:
                    b0:b8:b4:2c:bb:f3:24:72:f6:c9:55:1e:a3:76:69:
                    70:e8:c4:61:e8:62:c0:54:46:75:ed:68:54:1b:7b:
                    6b:5c:55:73:30:ff:89:43:31:69:ad:17:93:b9:1c:
                    96:51:63:0e:f2:58:f7:0a:c0:42:a2:c0:6e:34:ac:
                    05:47:79:47:cb:5c:d1:6f:bb:bd:0c:49:71:24:d4:
                    c1:00:87:d6:65:54:0e:72:b6:95:ec:a6:dd:1f:bb:
                    d8:9b:94:d8:3c:af:2a:85:f2:b9:bb:0a:9f:db:83:
                    3c:46:05:98:2a:fa:0b:6f:68:5d:5c:ba:2c:13:46:
                    92:5c:52:25:1b:eb:66:8b:eb:90:43:d0:95:75:87:
                    81:59:ae:77:ab:28:41:e5:d9:3e:ee:de:8b:d6:a0:
                    48:b4:4b:49:f5:7c:ae:37:fa:bb:c8:fb:e3:3a:2b:
                    a7:41:34:12:0a:f7:5e:50:50:7b:cd:7b:5e:dc:54:
                    e7:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:0C:58:AC:D7:37:CA:98:47:E8:B8:6C:9C:A7:EF:7F:8A:8F:4E:2F
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/lQxYrNc3yphH6LhsnKfvf4qPTi8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7803:ffb1::/48

    Signature Algorithm: sha256WithRSAEncryption
         19:a5:93:88:2e:67:e8:b9:0e:21:49:b7:77:ab:ba:a0:e6:15:
         34:8b:ac:e9:bf:08:8f:58:98:b5:4b:cf:db:b1:62:f8:c8:04:
         74:f5:b0:3a:40:5b:2b:a6:43:d2:4e:61:b9:d5:f0:d3:ae:95:
         19:73:ac:91:9a:8f:95:76:87:ca:b1:72:3a:4a:26:fa:f9:e8:
         18:f9:b0:34:43:fc:b3:98:e9:50:cb:13:b0:c4:b4:77:f4:63:
         09:73:5d:d3:fe:c4:a1:75:2a:04:2d:78:0f:37:e3:44:7a:76:
         a9:2f:f7:ff:4f:04:66:bf:d4:87:26:62:87:63:98:7f:9d:df:
         86:e3:85:7e:e6:fb:57:b0:2f:f6:5e:4e:71:94:0f:c5:66:89:
         a8:1c:c7:f2:0e:e2:5c:d3:15:32:7a:5b:15:26:05:09:ab:25:
         3f:95:98:54:ac:68:1c:25:36:65:24:a6:f0:88:e6:a0:f1:a6:
         76:8b:d3:41:3f:0b:14:47:55:7c:91:0a:b6:a2:5a:96:29:25:
         89:2a:bc:54:94:de:b3:59:73:94:1d:c0:b0:1f:92:e4:de:89:
         9f:94:77:85:71:bf:95:46:bc:d1:22:ef:88:94:05:10:03:69:
         1d:83:da:89:e2:06:14:bd:60:99:60:71:ac:e5:c8:72:53:b3:
         9b:f0:59:d3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY2H4qtUlE1H1FucZpMLgTQSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjQwMjA4MDg0MzE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTBjNThhY2Q3MzdjYTk4NDdlOGI4NmM5Y2E3ZWY3ZjhhOGY0ZTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoE7+CftXoI3oueTybao3XOWKMs+e
X026kKRMIMbMA+tgh4P1Yq9uWZ51asB+G4ZU8mGNJy5qvyLZc21fPe1SPCCXl9uN
fyYnmdWwuLQsu/MkcvbJVR6jdmlw6MRh6GLAVEZ17WhUG3trXFVzMP+JQzFprReT
uRyWUWMO8lj3CsBCosBuNKwFR3lHy1zRb7u9DElxJNTBAIfWZVQOcraV7KbdH7vY
m5TYPK8qhfK5uwqf24M8RgWYKvoLb2hdXLosE0aSXFIlG+tmi+uQQ9CVdYeBWa53
qyhB5dk+7t6L1qBItEtJ9XyuN/q7yPvjOiunQTQSCvdeUFB7zXte3FTnQwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJUMWKzXN8qYR+i4bJyn73+Kj04vMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvbFF4WXJOYzN5cGhINkxoc25LZnZmNHFQVGk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg94A/+x
MA0GCSqGSIb3DQEBCwUAA4IBAQAZpZOILmfouQ4hSbd3q7qg5hU0i6zpvwiPWJi1
S8/bsWL4yAR09bA6QFsrpkPSTmG51fDTrpUZc6yRmo+VdofKsXI6Sib6+egY+bA0
Q/yzmOlQyxOwxLR39GMJc13T/sShdSoELXgPN+NEenapL/f/TwRmv9SHJmKHY5h/
nd+G44V+5vtXsC/2Xk5xlA/FZomoHMfyDuJc0xUyelsVJgUJqyU/lZhUrGgcJTZl
JKbwiOag8aZ2i9NBPwsUR1V8kQq2olqWKSWJKrxUlN6zWXOUHcCwH5Lk3omflHeF
cb+VRrzRIu+IlAUQA2kdg9qJ4gYUvWCZYHGs5chyU7Ob8FnT
-----END CERTIFICATE-----