Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/moeE2dxn3GP_4flf1gIz6edwvXI.roa
File:                     moeE2dxn3GP_4flf1gIz6edwvXI.roa (raw, json)
Hash identifier:          hKlkkO4l9v9r7i7UO5i01Fd3jQTlByCNygTHtrqw4tA=
Subject key identifier:   9A:87:84:D9:DC:67:DC:63:FF:E1:F9:5F:D6:02:33:E9:E7:70:BD:72
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       01942369F4DCEEE0C116838D9FBDA3BD210C
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/moeE2dxn3GP_4flf1gIz6edwvXI.roa
Signing time:             Wed 01 Jan 2025 19:48:53 +0000
ROA not before:           Wed 01 Jan 2025 19:48:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214715
IP address blocks:        2a0f:7803:fa60::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:f4:dc:ee:e0:c1:16:83:8d:9f:bd:a3:bd:21:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jan  1 19:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9a8784d9dc67dc63ffe1f95fd60233e9e770bd72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:0d:85:ac:80:1d:8b:72:d6:80:bc:0e:55:26:
                    ac:95:e0:7e:98:38:34:23:47:d2:0a:ae:ea:af:d6:
                    af:77:d7:0f:77:a5:cd:30:0c:28:b5:25:89:8d:2f:
                    c0:97:3b:66:46:7e:e6:80:39:84:80:03:c8:af:5e:
                    63:4c:17:55:61:e1:de:6c:c1:a7:6a:a0:51:55:67:
                    79:18:34:13:3e:32:51:13:23:21:c0:ad:e5:d9:9b:
                    af:13:03:01:2e:68:97:a8:e7:60:a9:06:09:d1:1a:
                    8c:eb:28:02:07:c1:90:56:69:13:09:2f:53:68:13:
                    69:a0:dd:93:eb:64:6e:66:60:09:cc:7d:79:42:6c:
                    f5:f8:dc:a6:2c:fd:12:ae:ca:6e:d3:64:7c:69:e6:
                    e9:e8:f7:f8:70:4d:3f:46:5d:54:62:ae:8c:22:48:
                    71:63:0f:c3:ba:6b:fd:1e:73:41:7e:2a:34:be:d4:
                    66:ee:c3:2e:e2:19:35:8b:a8:a1:7c:27:c4:6c:f5:
                    4b:3a:73:ba:3d:31:e9:fb:7f:ad:04:76:14:c9:6e:
                    cb:a4:38:0e:0b:91:32:32:cb:fa:af:d7:b6:5a:89:
                    12:35:74:8f:f1:6b:13:46:4d:4b:2f:98:7d:8a:8d:
                    93:91:43:d3:d7:d1:a6:5d:61:82:35:18:7f:91:1a:
                    ca:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:87:84:D9:DC:67:DC:63:FF:E1:F9:5F:D6:02:33:E9:E7:70:BD:72
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/moeE2dxn3GP_4flf1gIz6edwvXI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7803:fa60::/44

    Signature Algorithm: sha256WithRSAEncryption
         87:d2:b4:aa:9d:a2:af:17:e0:30:79:a7:76:b0:b5:87:57:31:
         4e:7c:d4:e4:03:e3:1c:6c:a7:78:a0:ff:f9:e2:dc:24:55:55:
         f2:ca:92:1e:90:33:45:97:f5:bd:c0:a8:49:48:fc:3a:29:a1:
         2a:77:53:d8:fa:d1:2f:d8:c7:ca:a4:f5:a5:a6:43:96:07:0c:
         59:af:68:79:c2:ba:9b:ac:58:5b:d4:06:20:0a:ca:38:c8:2b:
         dd:db:5d:ce:9a:27:1f:74:c9:b2:98:12:13:61:ae:ff:1c:ca:
         cc:31:84:1a:4d:29:7f:91:15:a6:45:c7:19:a4:ae:42:86:48:
         25:1b:a3:88:99:13:69:b4:2e:5c:d6:73:e2:b5:28:89:97:67:
         9f:f8:2b:10:c3:ff:17:05:d8:2a:fb:30:6b:ca:8a:c8:b7:f5:
         70:25:cd:ce:e0:b8:a6:0c:60:64:05:a8:36:da:7b:7d:53:56:
         92:a9:de:e2:70:ac:a8:e9:9c:63:77:1a:2f:1c:5c:27:c6:a7:
         13:8a:c7:10:d2:51:d8:c3:89:7e:d6:0b:8b:55:35:ec:2d:3d:
         7d:82:f1:3a:83:ce:2b:7c:c7:66:44:4a:74:68:72:01:cc:25:
         e1:39:f3:f2:42:42:86:df:fc:67:c4:fd:9c:c5:d9:03:e3:ee:
         be:b5:41:b3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQjafTc7uDBFoONn72jvSEMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjUwMTAxMTk0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTg3ODRkOWRjNjdkYzYzZmZlMWY5NWZkNjAyMzNlOWU3NzBiZDcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7w2FrIAdi3LWgLwOVSasleB+mDg0
I0fSCq7qr9avd9cPd6XNMAwotSWJjS/AlztmRn7mgDmEgAPIr15jTBdVYeHebMGn
aqBRVWd5GDQTPjJREyMhwK3l2ZuvEwMBLmiXqOdgqQYJ0RqM6ygCB8GQVmkTCS9T
aBNpoN2T62RuZmAJzH15Qmz1+NymLP0Srspu02R8aebp6Pf4cE0/Rl1UYq6MIkhx
Yw/Dumv9HnNBfio0vtRm7sMu4hk1i6ihfCfEbPVLOnO6PTHp+3+tBHYUyW7LpDgO
C5EyMsv6r9e2WokSNXSP8WsTRk1LL5h9io2TkUPT19GmXWGCNRh/kRrKWQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJqHhNncZ9xj/+H5X9YCM+nncL1yMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvbW9lRTJkeG4zR1BfNGZsZjFnSXo2ZWR3dlhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg94A/pg
MA0GCSqGSIb3DQEBCwUAA4IBAQCH0rSqnaKvF+Awead2sLWHVzFOfNTkA+McbKd4
oP/54twkVVXyypIekDNFl/W9wKhJSPw6KaEqd1PY+tEv2MfKpPWlpkOWBwxZr2h5
wrqbrFhb1AYgCso4yCvd213OmicfdMmymBITYa7/HMrMMYQaTSl/kRWmRccZpK5C
hkglG6OImRNptC5c1nPitSiJl2ef+CsQw/8XBdgq+zBryorIt/VwJc3O4LimDGBk
Bag22nt9U1aSqd7icKyo6ZxjdxovHFwnxqcTiscQ0lHYw4l+1guLVTXsLT19gvE6
g84rfMdmREp0aHIBzCXhOfPyQkKG3/xnxP2cxdkD4+6+tUGz
-----END CERTIFICATE-----