Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/oW66WyadehNivoR9zENFXu3wahU.roa
File:                     oW66WyadehNivoR9zENFXu3wahU.roa (raw, json)
Hash identifier:          pTrIOtSCJk8t5iJvyIWxqAdjNmd2Zrs9Be58kJVLRxk=
Subject key identifier:   A1:6E:BA:5B:26:9D:7A:13:62:BE:84:7D:CC:43:45:5E:ED:F0:6A:15
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       01942369FCE8A320D982C41394AFA7DF9BCA
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/oW66WyadehNivoR9zENFXu3wahU.roa
Signing time:             Wed 01 Jan 2025 19:48:56 +0000
ROA not before:           Wed 01 Jan 2025 19:48:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215832
IP address blocks:        2a0f:7803:fe80::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:fc:e8:a3:20:d9:82:c4:13:94:af:a7:df:9b:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jan  1 19:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a16eba5b269d7a1362be847dcc43455eedf06a15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:94:86:e9:d9:49:7c:bb:84:2e:f8:04:84:ad:
                    1d:85:fa:f5:46:55:96:ee:5a:09:43:41:cd:f6:f8:
                    a4:c5:2c:4d:7a:cf:5f:1b:fa:31:f6:67:69:58:ca:
                    9e:d2:0e:86:fe:45:c8:9e:44:fe:ad:f3:02:1c:83:
                    f1:3a:15:3b:23:2a:72:48:15:7b:83:48:56:6c:89:
                    f9:9c:8d:84:5f:41:3b:b0:d2:b2:37:12:77:67:b0:
                    c8:41:0f:b9:96:f1:2f:77:fc:41:59:51:96:23:1b:
                    bc:fe:a1:b9:0f:88:ed:36:66:fe:62:fd:8d:50:77:
                    63:c4:e9:33:62:e8:a6:06:b0:0d:80:8f:44:37:6b:
                    67:ed:b4:86:26:ab:14:31:64:4f:32:28:74:2f:65:
                    2b:31:13:5d:ce:6d:17:a9:c2:d4:3f:c1:08:8b:70:
                    ee:2a:c6:d3:56:21:ce:12:1a:ec:e6:75:ec:a4:fc:
                    ed:94:51:55:61:e6:18:81:e0:73:e0:30:84:96:ca:
                    13:f8:3c:9e:cd:24:7b:f8:f6:7a:97:a4:37:d4:ce:
                    64:b5:90:11:d0:ea:f6:df:8e:00:f0:cf:b1:69:f8:
                    1c:c2:90:20:1c:bb:5a:7c:09:95:55:fd:22:8f:07:
                    f7:4a:a5:fd:d5:80:9f:63:61:b3:2c:38:80:45:60:
                    bb:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:6E:BA:5B:26:9D:7A:13:62:BE:84:7D:CC:43:45:5E:ED:F0:6A:15
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/oW66WyadehNivoR9zENFXu3wahU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7803:fe80::/44

    Signature Algorithm: sha256WithRSAEncryption
         74:d1:54:37:b2:d0:ae:37:7b:66:8c:80:48:b5:bd:4c:da:a1:
         9f:0d:ac:bc:3d:d9:e4:93:79:2b:af:c1:cf:d7:db:8b:d0:15:
         5f:d4:f8:55:ad:a9:c0:99:b9:ad:a3:3a:c4:81:c0:9f:7d:75:
         e4:9d:5b:68:86:0e:94:b0:93:45:c5:31:f0:b8:d1:65:13:b2:
         df:b1:84:78:a0:f2:07:d8:2a:b6:d3:f1:b2:58:9a:6d:fa:e8:
         d5:f0:05:97:3b:40:61:73:d1:66:b0:a1:28:83:16:25:1a:6f:
         32:cc:ca:c0:09:8e:f4:f9:ba:9d:de:1b:10:2b:cf:95:25:d5:
         f3:5e:11:a1:f3:e5:93:63:48:3d:ac:8f:57:d2:53:86:c1:1e:
         6f:d3:c2:09:7d:7c:f0:80:87:08:cc:48:22:50:35:5f:db:18:
         cb:5b:82:c9:37:3d:9a:2a:82:50:22:4d:10:37:16:34:ac:dc:
         34:78:80:52:ba:0a:60:92:e6:5c:e0:ee:68:0a:ce:43:a2:8c:
         16:2b:9b:07:37:be:be:fb:d6:d3:ed:fc:13:69:6a:95:ba:31:
         58:58:0a:f7:5e:ff:6b:11:89:4c:0b:79:22:2f:40:14:82:70:
         6f:c1:76:03:ee:92:52:f5:ae:a2:72:f6:32:4c:0a:dc:0e:0c:
         9c:49:f8:55
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQjafzooyDZgsQTlK+n35vKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjUwMTAxMTk0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTZlYmE1YjI2OWQ3YTEzNjJiZTg0N2RjYzQzNDU1ZWVkZjA2YTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpSG6dlJfLuELvgEhK0dhfr1RlWW
7loJQ0HN9vikxSxNes9fG/ox9mdpWMqe0g6G/kXInkT+rfMCHIPxOhU7IypySBV7
g0hWbIn5nI2EX0E7sNKyNxJ3Z7DIQQ+5lvEvd/xBWVGWIxu8/qG5D4jtNmb+Yv2N
UHdjxOkzYuimBrANgI9EN2tn7bSGJqsUMWRPMih0L2UrMRNdzm0XqcLUP8EIi3Du
KsbTViHOEhrs5nXspPztlFFVYeYYgeBz4DCElsoT+DyezSR7+PZ6l6Q31M5ktZAR
0Or2344A8M+xafgcwpAgHLtafAmVVf0ijwf3SqX91YCfY2GzLDiARWC7nwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKFuulsmnXoTYr6EfcxDRV7t8GoVMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvb1c2Nld5YWRlaE5pdm9SOXpFTkZYdTN3YWhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg94A/6A
MA0GCSqGSIb3DQEBCwUAA4IBAQB00VQ3stCuN3tmjIBItb1M2qGfDay8Pdnkk3kr
r8HP19uL0BVf1PhVranAmbmtozrEgcCffXXknVtohg6UsJNFxTHwuNFlE7LfsYR4
oPIH2Cq20/GyWJpt+ujV8AWXO0Bhc9FmsKEogxYlGm8yzMrACY70+bqd3hsQK8+V
JdXzXhGh8+WTY0g9rI9X0lOGwR5v08IJfXzwgIcIzEgiUDVf2xjLW4LJNz2aKoJQ
Ik0QNxY0rNw0eIBSugpgkuZc4O5oCs5DoowWK5sHN76++9bT7fwTaWqVujFYWAr3
Xv9rEYlMC3kiL0AUgnBvwXYD7pJS9a6icvYyTArcDgycSfhV
-----END CERTIFICATE-----