Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/qHpGuKgWrNqkpO2PQ60V60SQ4GY.roa
File:                     qHpGuKgWrNqkpO2PQ60V60SQ4GY.roa (raw, json)
Hash identifier:          07Ct6NU3wK7ATIz9/FSoS6xH+0zlCjrrvmP0E8npBS0=
Subject key identifier:   A8:7A:46:B8:A8:16:AC:DA:A4:A4:ED:8F:43:AD:15:EB:44:90:E0:66
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       018FEDBC8C4182D25FE19C12E9AAD74D8AF4
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/qHpGuKgWrNqkpO2PQ60V60SQ4GY.roa
Signing time:             Thu 06 Jun 2024 13:28:27 +0000
ROA not before:           Thu 06 Jun 2024 13:28:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214747
IP address blocks:        2a0f:7803:faa0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 08:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:ed:bc:8c:41:82:d2:5f:e1:9c:12:e9:aa:d7:4d:8a:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jun  6 13:28:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a87a46b8a816acdaa4a4ed8f43ad15eb4490e066
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:9b:c0:ea:89:c8:6f:73:cd:90:d4:75:2c:9a:
                    a6:95:74:ec:8f:30:74:2a:22:ea:72:12:59:a1:e2:
                    a8:20:7b:86:13:56:b2:b8:87:07:bc:26:8b:3d:99:
                    38:ab:7a:66:01:ac:35:bd:ce:3f:cc:e2:74:b4:63:
                    c3:77:b1:80:a1:24:cf:f2:c7:73:d0:20:53:26:84:
                    d1:a9:81:79:2b:8b:02:22:d4:7b:bf:33:49:7d:80:
                    86:c6:e6:36:e1:60:c7:0d:d8:22:8f:82:fa:d4:5f:
                    b4:22:3a:33:5f:09:31:71:a0:23:85:f0:3b:cb:57:
                    ad:43:83:e3:88:8e:b4:95:b5:ee:29:be:2d:99:f2:
                    a0:88:b2:03:c3:ae:89:60:ac:05:1a:d3:d2:7b:95:
                    34:41:96:33:74:94:f2:4e:2e:92:e6:32:35:22:64:
                    51:cb:b3:6c:01:ab:fc:09:04:b1:e8:5f:37:04:5c:
                    3b:a5:69:63:47:87:2f:37:66:22:9c:02:96:cd:d4:
                    3c:b8:a2:3f:99:48:0f:c0:cf:b7:1a:63:35:50:6d:
                    b6:cd:99:e0:29:45:19:46:97:94:68:25:91:2a:11:
                    8e:81:a6:37:66:9e:94:4e:a4:38:b1:1e:6a:b7:65:
                    fa:3e:3c:fc:0c:5c:9d:f4:f1:d4:95:8d:16:bb:24:
                    71:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:7A:46:B8:A8:16:AC:DA:A4:A4:ED:8F:43:AD:15:EB:44:90:E0:66
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/qHpGuKgWrNqkpO2PQ60V60SQ4GY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7803:faa0::/44

    Signature Algorithm: sha256WithRSAEncryption
         4d:23:fc:2a:c6:9b:54:d9:d7:c8:6d:f7:05:90:e3:96:1a:b7:
         98:30:8f:97:3b:52:6c:c2:0e:06:46:9d:c7:ec:0f:4e:ea:79:
         f9:5c:3e:3b:0c:39:cd:4d:7b:26:77:69:78:01:1a:02:16:5f:
         1c:42:fe:ba:0f:67:1e:bc:94:fe:76:65:77:b9:e0:e9:82:ab:
         97:d3:87:32:5c:43:fe:0a:4a:fe:fc:19:03:3a:23:e6:77:81:
         af:f6:8d:2e:d2:9c:f8:9e:33:25:c8:8d:0a:50:1e:b6:19:09:
         70:5d:c5:55:81:85:8a:03:24:b0:24:e3:a4:8e:24:10:9f:57:
         06:21:ba:02:37:4d:22:12:9f:1e:28:73:3a:5b:84:0b:bf:18:
         27:83:b6:36:14:bc:6a:93:cf:e8:d6:5c:6e:3e:bd:b4:42:68:
         dc:b4:d4:2b:89:ff:80:0f:1c:1c:69:86:36:3d:2f:99:7f:ca:
         e8:b4:17:f5:be:03:90:74:55:c9:f1:56:82:15:3f:3b:07:35:
         32:68:5b:74:89:93:4b:dc:e3:f7:0d:6a:b5:0a:05:f0:ea:f5:
         50:8e:c7:34:e9:df:a8:c8:52:93:7a:e5:8c:9e:7a:ed:7f:ef:
         b2:eb:01:c4:b9:91:6f:b0:b1:fc:53:14:b2:a9:d3:8e:31:97:
         6e:9b:03:78
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY/tvIxBgtJf4ZwS6arXTYr0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjQwNjA2MTMyODI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODdhNDZiOGE4MTZhY2RhYTRhNGVkOGY0M2FkMTVlYjQ0OTBlMDY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA35vA6onIb3PNkNR1LJqmlXTsjzB0
KiLqchJZoeKoIHuGE1ayuIcHvCaLPZk4q3pmAaw1vc4/zOJ0tGPDd7GAoSTP8sdz
0CBTJoTRqYF5K4sCItR7vzNJfYCGxuY24WDHDdgij4L61F+0IjozXwkxcaAjhfA7
y1etQ4PjiI60lbXuKb4tmfKgiLIDw66JYKwFGtPSe5U0QZYzdJTyTi6S5jI1ImRR
y7NsAav8CQSx6F83BFw7pWljR4cvN2YinAKWzdQ8uKI/mUgPwM+3GmM1UG22zZng
KUUZRpeUaCWRKhGOgaY3Zp6UTqQ4sR5qt2X6Pjz8DFyd9PHUlY0WuyRx7wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKh6RrioFqzapKTtj0OtFetEkOBmMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvcUhwR3VLZ1dyTnFrcE8yUFE2MFY2MFNRNEdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg94A/qg
MA0GCSqGSIb3DQEBCwUAA4IBAQBNI/wqxptU2dfIbfcFkOOWGreYMI+XO1Jswg4G
Rp3H7A9O6nn5XD47DDnNTXsmd2l4ARoCFl8cQv66D2cevJT+dmV3ueDpgquX04cy
XEP+Ckr+/BkDOiPmd4Gv9o0u0pz4njMlyI0KUB62GQlwXcVVgYWKAySwJOOkjiQQ
n1cGIboCN00iEp8eKHM6W4QLvxgng7Y2FLxqk8/o1lxuPr20QmjctNQrif+ADxwc
aYY2PS+Zf8rotBf1vgOQdFXJ8VaCFT87BzUyaFt0iZNL3OP3DWq1CgXw6vVQjsc0
6d+oyFKTeuWMnnrtf++y6wHEuZFvsLH8UxSyqdOOMZdumwN4
-----END CERTIFICATE-----