Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/pksjBxVUwoNatcl5Qj_PecG2K5c.roa
File:                     pksjBxVUwoNatcl5Qj_PecG2K5c.roa (raw, json)
Hash identifier:          bj8Ku/jc4YJbIdBA2LcVDxkuyZeTfMr11ArBGiotPow=
Subject key identifier:   A6:4B:23:07:15:54:C2:83:5A:B5:C9:79:42:3F:CF:79:C1:B6:2B:97
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       0191AC7D0EFB59E61A862C286E668868699E
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/pksjBxVUwoNatcl5Qj_PecG2K5c.roa
Signing time:             Sun 01 Sep 2024 07:29:22 +0000
ROA not before:           Sun 01 Sep 2024 07:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215592
IP address blocks:        2a0f:7803:f830::/44 maxlen: 48
                          2a0f:7803:fb10::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 08:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:ac:7d:0e:fb:59:e6:1a:86:2c:28:6e:66:88:68:69:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Sep  1 07:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a64b23071554c2835ab5c979423fcf79c1b62b97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:ac:d0:0d:e4:69:93:60:af:6f:be:dc:5d:7a:
                    4f:6d:08:27:ea:64:f7:d9:d6:4c:6b:a7:49:ba:9b:
                    2b:c7:d9:59:eb:ce:fc:34:bd:20:5b:dc:d9:21:28:
                    5f:56:0e:6d:47:ea:f6:d9:f4:b7:00:4c:20:03:c2:
                    39:01:b7:fb:3a:d5:8a:db:7d:a0:05:7f:0d:b5:cc:
                    7b:cb:97:55:10:28:23:93:db:7a:b1:38:47:5c:e0:
                    29:23:8f:ab:1c:68:de:df:d4:37:cf:1c:b9:88:1a:
                    67:4f:8d:59:f5:33:ca:2d:79:9b:1b:07:1f:af:5c:
                    6c:7b:9a:e1:38:0b:36:c4:36:cb:81:14:50:8e:bc:
                    be:f2:9a:6d:05:9a:0b:f3:d3:28:84:16:f9:bd:e0:
                    ba:8d:df:8f:51:f9:34:c7:87:b2:47:9d:95:14:69:
                    59:97:59:79:2d:ae:6c:e6:e2:c4:d8:67:e9:e8:e9:
                    e7:c9:cf:ec:06:83:1d:f5:72:d1:90:7e:be:99:6c:
                    db:a2:09:d9:32:f3:6f:ec:06:2a:2e:8f:d1:2c:9c:
                    ed:b4:6e:4e:01:04:35:bc:8a:8d:13:2e:53:33:fc:
                    d0:b0:ad:6b:e5:25:ea:6f:af:3f:12:44:cd:91:2f:
                    8f:52:00:93:de:55:5d:21:ed:5e:93:4f:61:e1:d3:
                    62:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:4B:23:07:15:54:C2:83:5A:B5:C9:79:42:3F:CF:79:C1:B6:2B:97
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/pksjBxVUwoNatcl5Qj_PecG2K5c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7803:f830::/44
                  2a0f:7803:fb10::/48

    Signature Algorithm: sha256WithRSAEncryption
         2f:45:3a:2e:0a:91:b9:44:fb:87:54:27:b0:86:1d:c6:26:46:
         f7:c4:71:2e:15:e4:1a:f4:d8:69:ab:81:f3:f0:e9:f1:61:17:
         ea:de:ae:5c:28:67:1c:2e:0b:e4:2b:19:86:57:50:68:8e:2e:
         b0:c0:86:07:51:83:b8:47:c9:ba:58:be:00:12:28:1f:ed:11:
         68:39:8f:88:57:d0:42:a5:a6:30:60:d2:b4:a6:4c:3e:68:11:
         6b:70:25:c5:9b:29:3d:db:7a:68:b8:89:20:52:d9:96:c3:1a:
         8b:c6:61:f5:3d:7d:5f:dc:9b:6d:77:b3:7a:33:73:16:6b:2a:
         a4:23:b2:37:e2:42:5f:50:9e:1f:ab:60:b1:49:77:1f:8a:4d:
         44:ae:04:2b:3d:0a:1d:dd:d4:98:bc:84:52:f3:96:f4:a7:5f:
         d9:ba:a8:47:49:89:c7:e5:23:00:2b:c1:10:df:1e:8a:2a:44:
         40:b9:52:36:eb:e0:31:e7:2d:71:1e:2c:2b:90:bf:14:dd:78:
         25:f6:82:c5:85:b2:74:30:fc:d4:6f:e0:ce:cc:9d:89:ef:5d:
         e2:3a:02:bc:98:58:8c:a6:26:ed:a0:e4:e9:28:0f:0d:b4:9f:
         04:17:b9:44:dc:4c:56:6b:a9:85:37:13:2e:8c:b9:f9:80:a3:
         31:a4:6f:cf
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZGsfQ77WeYahiwobmaIaGmeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjQwOTAxMDcyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjRiMjMwNzE1NTRjMjgzNWFiNWM5Nzk0MjNmY2Y3OWMxYjYyYjk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx6zQDeRpk2Cvb77cXXpPbQgn6mT3
2dZMa6dJupsrx9lZ6878NL0gW9zZIShfVg5tR+r22fS3AEwgA8I5Abf7OtWK232g
BX8Ntcx7y5dVECgjk9t6sThHXOApI4+rHGje39Q3zxy5iBpnT41Z9TPKLXmbGwcf
r1xse5rhOAs2xDbLgRRQjry+8pptBZoL89MohBb5veC6jd+PUfk0x4eyR52VFGlZ
l1l5La5s5uLE2Gfp6Onnyc/sBoMd9XLRkH6+mWzbognZMvNv7AYqLo/RLJzttG5O
AQQ1vIqNEy5TM/zQsK1r5SXqb68/EkTNkS+PUgCT3lVdIe1ek09h4dNieQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKZLIwcVVMKDWrXJeUI/z3nBtiuXMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvcGtzakJ4VlV3b05hdGNsNVFqX1BlY0cySzVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKg94A/gw
AwcAKg94A/sQMA0GCSqGSIb3DQEBCwUAA4IBAQAvRTouCpG5RPuHVCewhh3GJkb3
xHEuFeQa9Nhpq4Hz8OnxYRfq3q5cKGccLgvkKxmGV1Boji6wwIYHUYO4R8m6WL4A
Eigf7RFoOY+IV9BCpaYwYNK0pkw+aBFrcCXFmyk923pouIkgUtmWwxqLxmH1PX1f
3Jttd7N6M3MWayqkI7I34kJfUJ4fq2CxSXcfik1ErgQrPQod3dSYvIRS85b0p1/Z
uqhHSYnH5SMAK8EQ3x6KKkRAuVI26+Ax5y1xHiwrkL8U3Xgl9oLFhbJ0MPzUb+DO
zJ2J713iOgK8mFiMpibtoOTpKA8NtJ8EF7lE3ExWa6mFNxMujLn5gKMxpG/P
-----END CERTIFICATE-----