Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/mprdw6APwZ2STj9h9Cw6BmUT_mI.roa
File:                     mprdw6APwZ2STj9h9Cw6BmUT_mI.roa (raw, json)
Hash identifier:          WRl8RdqNAOyMeFygGHP597bSwc7SjjQUq4KdGxK0SAg=
Subject key identifier:   9A:9A:DD:C3:A0:0F:C1:9D:92:4E:3F:61:F4:2C:3A:06:65:13:FE:62
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       0191663F2FE1F9DA6A23ADFF811BED33C767
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/mprdw6APwZ2STj9h9Cw6BmUT_mI.roa
Signing time:             Sun 18 Aug 2024 16:08:22 +0000
ROA not before:           Sun 18 Aug 2024 16:08:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        2a0f:7803:f98f::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:66:3f:2f:e1:f9:da:6a:23:ad:ff:81:1b:ed:33:c7:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Aug 18 16:08:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9a9addc3a00fc19d924e3f61f42c3a066513fe62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:c3:74:6a:86:47:79:c2:4d:8d:19:90:40:9c:
                    d5:e2:0b:19:a4:75:fa:ee:e3:5a:07:33:4c:94:96:
                    4c:ae:b5:7f:37:7c:80:72:2f:c4:c1:22:82:8a:53:
                    3a:85:05:55:f4:ea:da:44:e0:18:14:f6:63:9f:48:
                    2f:96:09:83:e5:12:e2:03:76:3a:41:73:b1:3a:22:
                    b0:d8:39:7e:b8:e7:ff:50:20:ad:dd:84:b2:25:6b:
                    2d:8a:cf:fd:03:ce:be:b2:89:08:e9:c3:55:57:cb:
                    a7:4b:17:98:f8:fd:c7:49:ce:79:7c:b5:6b:cd:67:
                    cc:85:ab:da:ad:d1:23:32:be:05:7a:66:7f:66:3a:
                    f0:0b:9b:95:70:28:cd:1a:4d:58:1f:f9:d2:94:70:
                    dc:d5:5b:0a:23:df:ae:ba:98:d8:10:97:5f:d6:f6:
                    da:b4:e2:0e:e9:64:a0:b7:1f:78:2e:74:7f:23:1b:
                    43:8e:d2:f0:7a:24:55:2e:6f:42:f3:05:06:4d:8c:
                    af:ea:23:98:c3:1c:c4:51:f4:97:cd:6a:34:f4:0d:
                    9a:47:f8:5e:e5:22:8a:c3:33:44:37:11:1c:4c:95:
                    ee:ea:b6:72:fc:a6:6d:26:9a:20:f3:ea:09:e4:56:
                    e5:6b:1f:5a:6c:ba:6b:8c:0f:ee:bd:97:d3:de:68:
                    71:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:9A:DD:C3:A0:0F:C1:9D:92:4E:3F:61:F4:2C:3A:06:65:13:FE:62
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/mprdw6APwZ2STj9h9Cw6BmUT_mI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7803:f98f::/48

    Signature Algorithm: sha256WithRSAEncryption
         13:4d:65:1d:f6:6a:b8:bb:e2:be:41:01:13:aa:05:f0:bd:e2:
         02:6e:b2:e5:5d:12:5a:5c:f4:53:9c:e9:e6:c5:5c:1a:33:b4:
         f9:9d:bc:87:05:3d:bb:8e:53:15:b9:ca:08:43:85:4c:d4:f5:
         9e:8d:b0:fa:23:3d:2f:4f:8b:cf:83:49:2a:ae:f1:44:b8:97:
         78:63:61:6c:b2:7e:30:3c:4f:50:c7:52:bc:58:4b:de:57:ea:
         37:77:7c:48:95:4f:bf:d8:6b:28:0a:d0:7e:dd:c1:de:e3:77:
         16:16:c0:53:44:9f:98:a9:aa:54:46:73:b5:43:45:9e:fd:b1:
         fd:f2:ee:33:1e:4e:6d:71:da:34:b3:93:d0:99:b1:84:e9:99:
         0f:ab:dd:af:14:08:2e:b8:94:66:0d:0c:70:dc:6e:5f:e5:10:
         93:5b:34:ab:ef:17:39:27:7b:3b:95:3a:b0:29:c4:4d:04:9b:
         dc:32:50:aa:b5:f7:31:29:6f:48:5b:04:d7:f2:d6:e0:89:87:
         6a:46:c2:f4:57:92:7d:f0:bc:62:27:85:37:b7:9f:d4:2a:72:
         79:7d:6d:6e:84:8a:be:f4:c0:f0:29:9b:06:5c:94:1d:58:d6:
         bc:96:16:ed:69:66:f0:39:16:07:7f:5f:69:53:78:cf:56:cd:
         73:d9:8c:61
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZFmPy/h+dpqI63/gRvtM8dnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjQwODE4MTYwODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTlhZGRjM2EwMGZjMTlkOTI0ZTNmNjFmNDJjM2EwNjY1MTNmZTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwsN0aoZHecJNjRmQQJzV4gsZpHX6
7uNaBzNMlJZMrrV/N3yAci/EwSKCilM6hQVV9OraROAYFPZjn0gvlgmD5RLiA3Y6
QXOxOiKw2Dl+uOf/UCCt3YSyJWstis/9A86+sokI6cNVV8unSxeY+P3HSc55fLVr
zWfMhavardEjMr4FemZ/ZjrwC5uVcCjNGk1YH/nSlHDc1VsKI9+uupjYEJdf1vba
tOIO6WSgtx94LnR/IxtDjtLweiRVLm9C8wUGTYyv6iOYwxzEUfSXzWo09A2aR/he
5SKKwzNENxEcTJXu6rZy/KZtJpog8+oJ5Fblax9abLprjA/uvZfT3mhxnwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJqa3cOgD8Gdkk4/YfQsOgZlE/5iMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvbXByZHc2QVB3WjJTVGo5aDlDdzZCbVVUX21JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg94A/mP
MA0GCSqGSIb3DQEBCwUAA4IBAQATTWUd9mq4u+K+QQETqgXwveICbrLlXRJaXPRT
nOnmxVwaM7T5nbyHBT27jlMVucoIQ4VM1PWejbD6Iz0vT4vPg0kqrvFEuJd4Y2Fs
sn4wPE9Qx1K8WEveV+o3d3xIlU+/2GsoCtB+3cHe43cWFsBTRJ+YqapURnO1Q0We
/bH98u4zHk5tcdo0s5PQmbGE6ZkPq92vFAguuJRmDQxw3G5f5RCTWzSr7xc5J3s7
lTqwKcRNBJvcMlCqtfcxKW9IWwTX8tbgiYdqRsL0V5J98LxiJ4U3t5/UKnJ5fW1u
hIq+9MDwKZsGXJQdWNa8lhbtaWbwORYHf19pU3jPVs1z2Yxh
-----END CERTIFICATE-----