Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/ug5UOhwKsysss8p70n3Ynq9MX-s.roa
File:                     ug5UOhwKsysss8p70n3Ynq9MX-s.roa (raw, json)
Hash identifier:          tNNLZuXuVi3hIqNP/0Cr1X5c9PGwSce/rrD3eCm5Abc=
Subject key identifier:   BA:0E:54:3A:1C:0A:B3:2B:2C:B3:CA:7B:D2:7D:D8:9E:AF:4C:5F:EB
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       019339E7C387A0769BB975A79F84F0B49018
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/ug5UOhwKsysss8p70n3Ynq9MX-s.roa
Signing time:             Sun 17 Nov 2024 11:35:10 +0000
ROA not before:           Sun 17 Nov 2024 11:35:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214040
IP address blocks:        2a0f:7804:f650::/44 maxlen: 48
                          2a0f:7804:f9f0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 08:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:39:e7:c3:87:a0:76:9b:b9:75:a7:9f:84:f0:b4:90:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Nov 17 11:35:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba0e543a1c0ab32b2cb3ca7bd27dd89eaf4c5feb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:80:83:28:e5:4a:a5:5f:c8:88:b3:3b:c4:9c:
                    1f:a4:a3:44:6c:02:61:dc:89:c2:40:c6:87:47:37:
                    3f:43:5e:d5:0d:7a:5e:e5:a4:66:1f:d4:c1:dc:84:
                    0b:3c:90:8f:30:64:9b:03:e2:ed:f1:8c:f2:62:f5:
                    65:2d:c7:26:36:d8:29:1b:94:1c:61:39:a0:03:eb:
                    11:61:68:c6:af:11:0e:19:63:f3:2e:f7:22:db:16:
                    1e:4c:6e:b6:9e:73:e9:d2:5b:23:1e:c7:f2:e6:ac:
                    02:39:43:c6:45:09:f0:e3:5e:f3:a7:7e:08:ad:9a:
                    af:9a:b1:ad:fd:e6:45:a5:8f:ae:51:96:8d:30:ea:
                    09:92:f4:cd:a6:83:0e:91:30:f6:7d:87:7c:a0:8a:
                    01:35:83:af:b1:35:7a:34:de:d4:ae:17:7c:d2:74:
                    b6:86:2c:94:6c:9a:0a:7e:c9:a8:f9:82:72:0f:35:
                    15:32:98:2f:62:2f:6a:8a:94:1d:39:19:f9:9c:10:
                    e3:f7:40:1f:4b:a1:1d:13:7f:be:e0:c8:81:ff:47:
                    41:cf:24:60:39:b1:7a:b0:1c:81:1a:81:34:31:b8:
                    a2:5e:c4:9b:13:34:fa:43:38:3e:eb:18:94:e8:22:
                    3f:2d:28:73:6c:98:00:64:7c:b9:bf:63:1f:45:fe:
                    a2:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:0E:54:3A:1C:0A:B3:2B:2C:B3:CA:7B:D2:7D:D8:9E:AF:4C:5F:EB
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/ug5UOhwKsysss8p70n3Ynq9MX-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7804:f650::/44
                  2a0f:7804:f9f0::/44

    Signature Algorithm: sha256WithRSAEncryption
         71:8b:09:a0:5f:f6:5e:98:bf:3e:48:ea:5a:58:3e:74:31:a6:
         ca:7e:a5:b9:54:2c:e5:83:87:7a:73:62:98:4a:43:e6:84:f7:
         05:db:14:11:43:a5:a5:66:73:36:9b:c2:7e:e3:2f:d3:07:c1:
         a1:dc:89:5f:59:59:a0:7f:1e:c1:c5:a4:e3:23:86:f1:3c:57:
         32:1b:37:48:f8:f9:4e:2f:93:3c:e3:85:4b:5e:dd:0f:c4:7d:
         21:02:10:23:bb:af:46:97:fe:cd:96:f7:43:54:c1:74:07:62:
         3b:db:22:fc:9d:92:4d:97:91:b4:74:60:12:c8:35:28:61:97:
         7b:43:bf:e7:fe:89:fa:8e:b9:54:e0:63:11:4d:93:74:d9:a7:
         67:56:fc:14:b3:d4:e1:c3:f5:e5:6e:eb:40:d5:76:bf:91:cb:
         d1:f5:70:ab:33:6d:61:45:3d:73:bb:5e:fe:0e:b7:11:e0:f7:
         58:b0:ff:0f:a4:d2:6b:20:31:4f:e7:e7:a8:72:7d:3a:92:f9:
         ea:d8:57:ed:e5:2a:d5:30:cc:ad:3b:c3:c5:83:26:c1:36:17:
         0f:00:3d:7f:b7:a2:75:5e:2b:cc:d5:66:dd:58:6e:fc:cf:ff:
         81:d2:99:c4:6f:58:40:1a:35:f0:28:8a:70:e7:b5:81:05:bf:
         87:0d:0a:23
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZM558OHoHabuXWnn4TwtJAYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjQxMTE3MTEzNTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTBlNTQzYTFjMGFiMzJiMmNiM2NhN2JkMjdkZDg5ZWFmNGM1ZmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy4CDKOVKpV/IiLM7xJwfpKNEbAJh
3InCQMaHRzc/Q17VDXpe5aRmH9TB3IQLPJCPMGSbA+Lt8YzyYvVlLccmNtgpG5Qc
YTmgA+sRYWjGrxEOGWPzLvci2xYeTG62nnPp0lsjHsfy5qwCOUPGRQnw417zp34I
rZqvmrGt/eZFpY+uUZaNMOoJkvTNpoMOkTD2fYd8oIoBNYOvsTV6NN7Urhd80nS2
hiyUbJoKfsmo+YJyDzUVMpgvYi9qipQdORn5nBDj90AfS6EdE3++4MiB/0dBzyRg
ObF6sByBGoE0MbiiXsSbEzT6Qzg+6xiU6CI/LShzbJgAZHy5v2MfRf6iQwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLoOVDocCrMrLLPKe9J92J6vTF/rMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvdWc1VU9od0tzeXNzczhwNzBuM1lucTlNWC1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKg94BPZQ
AwcEKg94BPnwMA0GCSqGSIb3DQEBCwUAA4IBAQBxiwmgX/ZemL8+SOpaWD50MabK
fqW5VCzlg4d6c2KYSkPmhPcF2xQRQ6WlZnM2m8J+4y/TB8Gh3IlfWVmgfx7BxaTj
I4bxPFcyGzdI+PlOL5M844VLXt0PxH0hAhAju69Gl/7NlvdDVMF0B2I72yL8nZJN
l5G0dGASyDUoYZd7Q7/n/on6jrlU4GMRTZN02adnVvwUs9Thw/XlbutA1Xa/kcvR
9XCrM21hRT1zu17+DrcR4PdYsP8PpNJrIDFP5+eocn06kvnq2Fft5SrVMMytO8PF
gybBNhcPAD1/t6J1XivM1WbdWG78z/+B0pnEb1hAGjXwKIpw57WBBb+HDQoj
-----END CERTIFICATE-----