Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/rNEqtQHVdruEMsv_GcYrqeKc0E0.roa
File:                     rNEqtQHVdruEMsv_GcYrqeKc0E0.roa (raw, json)
Hash identifier:          9ieMAwP0/mGFWmuyRhtZMSGdlFTgOwYwKX9ugX+fh/s=
Subject key identifier:   AC:D1:2A:B5:01:D5:76:BB:84:32:CB:FF:19:C6:2B:A9:E2:9C:D0:4D
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       01942369EFE04950548C7BD8BCCCA768806A
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/rNEqtQHVdruEMsv_GcYrqeKc0E0.roa
Signing time:             Wed 01 Jan 2025 19:48:52 +0000
ROA not before:           Wed 01 Jan 2025 19:48:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214013
IP address blocks:        2a0f:7803:f6c0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:ef:e0:49:50:54:8c:7b:d8:bc:cc:a7:68:80:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jan  1 19:48:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=acd12ab501d576bb8432cbff19c62ba9e29cd04d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:71:45:3e:19:74:60:55:fb:7d:3b:a7:70:b7:
                    7d:61:cb:3e:c5:c7:86:f6:38:0b:3d:e6:52:c1:b9:
                    86:ff:63:10:4a:ac:26:48:61:ad:88:8e:26:79:86:
                    65:d1:ad:78:af:67:a4:f1:bd:1b:37:aa:c3:27:aa:
                    69:36:78:b7:4b:25:96:e9:f5:82:7c:2a:41:85:59:
                    56:74:ca:2f:e1:35:4d:21:19:5f:16:20:42:77:8f:
                    75:08:0b:39:15:19:fc:18:c1:4e:35:6e:b4:83:c0:
                    c1:52:d5:d1:36:15:01:7e:32:ab:47:8b:55:0d:ed:
                    1c:9b:fc:3e:89:ca:86:b2:0f:e5:aa:55:ec:d3:06:
                    c2:75:3b:2b:67:d6:21:e1:71:d2:2d:7a:5d:a4:1c:
                    b0:1c:4d:62:1e:8d:b3:fd:ac:90:03:98:41:91:54:
                    c0:4e:6c:97:75:cb:56:12:c2:14:3f:c3:ac:91:a0:
                    28:fb:f9:e3:6c:fc:3f:67:24:a6:d0:12:63:d8:98:
                    40:73:7d:1b:03:0d:a4:55:9d:c4:79:03:91:f7:ab:
                    ac:00:ac:8e:1c:2b:80:45:ff:f3:fe:e5:d5:a9:38:
                    e8:94:86:28:e1:6a:ee:3c:10:d5:dd:fe:c9:aa:fb:
                    80:f8:cc:3e:80:d6:f8:21:74:86:ef:f3:f8:8a:ee:
                    45:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:D1:2A:B5:01:D5:76:BB:84:32:CB:FF:19:C6:2B:A9:E2:9C:D0:4D
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/rNEqtQHVdruEMsv_GcYrqeKc0E0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7803:f6c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         0c:f4:7d:c7:f9:54:b8:fe:55:0d:a6:c4:60:19:5a:61:92:74:
         53:df:44:6e:3c:41:c4:be:d5:51:7c:11:6d:eb:05:89:4d:89:
         46:89:78:39:b3:8e:67:44:14:c5:62:c4:42:67:65:1f:32:7c:
         5e:bb:24:5c:d0:81:21:fb:5b:68:60:72:ab:07:22:e0:ce:ac:
         fe:8f:e0:4f:a8:88:14:78:a3:1b:7a:7e:22:f1:f6:89:d5:cb:
         06:d9:6e:18:b3:c7:99:aa:94:0c:68:53:68:ad:51:c2:70:6c:
         00:b6:c5:e1:be:50:2c:0d:b0:25:05:6f:a3:34:c7:e0:15:25:
         97:f6:89:6a:5e:c4:a4:b5:fb:82:78:be:01:3d:5d:69:fc:03:
         de:f4:5b:ff:cf:be:86:6a:de:00:f2:7b:41:a7:90:9c:c8:ce:
         c7:5a:3a:60:2e:b0:87:bd:91:55:9c:22:23:22:bc:53:73:4a:
         69:ed:28:94:3a:7e:45:0a:75:54:44:57:f2:dd:1e:2d:46:a5:
         19:58:2e:d1:79:32:ea:00:8f:50:f5:80:75:26:bc:9f:43:c0:
         52:d5:b6:7c:1c:aa:48:fb:39:3f:70:e2:44:3b:4f:93:c4:7f:
         86:b9:d2:52:09:a0:f8:af:f6:a6:9a:b6:7c:82:56:95:d0:5f:
         95:cf:da:e3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQjae/gSVBUjHvYvMynaIBqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjUwMTAxMTk0ODUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2QxMmFiNTAxZDU3NmJiODQzMmNiZmYxOWM2MmJhOWUyOWNkMDRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwXFFPhl0YFX7fTuncLd9Ycs+xceG
9jgLPeZSwbmG/2MQSqwmSGGtiI4meYZl0a14r2ek8b0bN6rDJ6ppNni3SyWW6fWC
fCpBhVlWdMov4TVNIRlfFiBCd491CAs5FRn8GMFONW60g8DBUtXRNhUBfjKrR4tV
De0cm/w+icqGsg/lqlXs0wbCdTsrZ9Yh4XHSLXpdpBywHE1iHo2z/ayQA5hBkVTA
TmyXdctWEsIUP8OskaAo+/njbPw/ZySm0BJj2JhAc30bAw2kVZ3EeQOR96usAKyO
HCuARf/z/uXVqTjolIYo4WruPBDV3f7JqvuA+Mw+gNb4IXSG7/P4iu5FOwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKzRKrUB1Xa7hDLL/xnGK6ninNBNMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvck5FcXRRSFZkcnVFTXN2X0djWXJxZUtjMEUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg94A/bA
MA0GCSqGSIb3DQEBCwUAA4IBAQAM9H3H+VS4/lUNpsRgGVphknRT30RuPEHEvtVR
fBFt6wWJTYlGiXg5s45nRBTFYsRCZ2UfMnxeuyRc0IEh+1toYHKrByLgzqz+j+BP
qIgUeKMben4i8faJ1csG2W4Ys8eZqpQMaFNorVHCcGwAtsXhvlAsDbAlBW+jNMfg
FSWX9olqXsSktfuCeL4BPV1p/APe9Fv/z76Gat4A8ntBp5CcyM7HWjpgLrCHvZFV
nCIjIrxTc0pp7SiUOn5FCnVURFfy3R4tRqUZWC7ReTLqAI9Q9YB1JryfQ8BS1bZ8
HKpI+zk/cOJEO0+TxH+GudJSCaD4r/ammrZ8glaV0F+Vz9rj
-----END CERTIFICATE-----