Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/usXd_oSAX0PM-sst0J_qLa0j9-0.roa
File:                     usXd_oSAX0PM-sst0J_qLa0j9-0.roa (raw, json)
Hash identifier:          PNkZXvOoRyxuhmU8tVGIQQNJE4V8eMblQ35Aswa6dyg=
Subject key identifier:   BA:C5:DD:FE:84:80:5F:43:CC:FA:CB:2D:D0:9F:EA:2D:AD:23:F7:ED
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       018F2036173016499815088F8320C1FC32F8
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/usXd_oSAX0PM-sst0J_qLa0j9-0.roa
Signing time:             Sat 27 Apr 2024 15:39:26 +0000
ROA not before:           Sat 27 Apr 2024 15:39:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     23470
IP address blocks:        2a0f:7803:fb4e::/48 maxlen: 48
                          2a0f:7803:fe50::/44 maxlen: 48
                          2a0f:7803:fec0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 11 Nov 2024 10:00:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:20:36:17:30:16:49:98:15:08:8f:83:20:c1:fc:32:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Apr 27 15:39:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bac5ddfe84805f43ccfacb2dd09fea2dad23f7ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:53:96:ca:ce:0a:41:f1:72:21:6b:0e:bb:c5:
                    e2:d6:49:48:a8:26:3d:b6:7c:5f:81:93:9d:5f:65:
                    de:ec:0a:64:22:23:27:e9:a5:fb:b7:05:10:1b:90:
                    a0:1f:b7:48:97:26:9a:51:49:09:3c:d2:08:b4:5f:
                    19:f9:ed:cd:c0:34:fa:32:89:38:45:b1:e2:68:ca:
                    95:ce:5b:6a:dc:46:1d:ae:ba:77:bc:00:51:79:8c:
                    d1:62:cb:8d:bd:3c:14:15:dc:da:a1:c6:77:8e:fe:
                    be:3d:4d:ab:09:22:fa:8c:d5:1c:0f:74:4b:95:32:
                    49:9e:4f:8c:a5:57:64:fc:2e:88:ed:63:68:3b:04:
                    ed:6c:5e:ca:81:3e:48:57:fd:36:25:78:29:5a:08:
                    aa:36:d3:36:6d:34:70:3d:52:c6:f5:a9:ce:6c:66:
                    82:da:72:c5:6d:79:a8:e1:9b:12:14:8a:cc:25:b4:
                    88:0d:51:77:af:01:36:5e:5f:64:66:e0:78:49:80:
                    93:17:78:55:a2:30:fb:6f:d1:b1:28:7e:ad:a1:c7:
                    73:c4:13:3b:77:d5:a3:a7:31:5e:9d:85:b3:1d:72:
                    db:b3:0a:76:33:2a:17:0a:ab:c6:7e:ea:30:41:7f:
                    90:64:72:44:e6:48:ad:13:3b:c1:1f:85:03:8d:05:
                    d4:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:C5:DD:FE:84:80:5F:43:CC:FA:CB:2D:D0:9F:EA:2D:AD:23:F7:ED
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/usXd_oSAX0PM-sst0J_qLa0j9-0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7803:fb4e::/48
                  2a0f:7803:fe50::/44
                  2a0f:7803:fec0::/44

    Signature Algorithm: sha256WithRSAEncryption
         40:09:d8:cd:47:ee:d9:19:92:54:06:f5:3d:ea:73:35:92:0b:
         f1:0f:b6:48:e5:10:c7:af:b8:d8:2d:21:2e:94:85:91:1d:ce:
         26:62:8a:d1:6e:8a:26:fe:41:c5:a9:4f:7f:bd:cf:fe:19:d1:
         b5:a8:67:91:bd:6c:16:56:5c:5f:96:41:66:0f:9d:dd:b2:4a:
         9f:46:c7:5b:82:a8:e5:d5:a6:ad:a5:b7:b7:ea:fd:aa:a8:de:
         f5:50:b1:97:0a:6d:01:65:4b:cd:d8:01:9a:7e:c3:3f:7e:41:
         0a:72:c8:3d:60:46:37:02:0e:56:e4:af:92:72:2a:c2:02:3f:
         fc:4d:ed:c0:03:4c:95:e5:07:2e:1c:52:f9:5e:f9:d3:23:50:
         c4:e3:09:c0:7c:bd:6b:5e:44:50:ce:d5:bd:45:f6:bf:1d:24:
         69:1d:ad:53:17:37:7d:79:c4:f9:52:ba:59:c8:92:25:c0:35:
         6d:e0:a1:4b:3e:35:86:61:83:27:76:0b:56:f8:e8:a4:4d:f7:
         db:9c:5a:d0:6e:7f:86:1f:69:bb:94:ff:80:d2:84:ae:14:2c:
         c5:13:1a:d0:b0:4e:9c:c4:dd:1c:f9:51:d8:81:a6:59:6b:c3:
         31:75:41:21:cb:bc:63:ed:0e:25:32:8b:ba:14:7b:b6:16:7e:
         22:49:5a:81
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAY8gNhcwFkmYFQiPgyDB/DL4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjQwNDI3MTUzOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWM1ZGRmZTg0ODA1ZjQzY2NmYWNiMmRkMDlmZWEyZGFkMjNmN2VkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1OWys4KQfFyIWsOu8Xi1klIqCY9
tnxfgZOdX2Xe7ApkIiMn6aX7twUQG5CgH7dIlyaaUUkJPNIItF8Z+e3NwDT6Mok4
RbHiaMqVzltq3EYdrrp3vABReYzRYsuNvTwUFdzaocZ3jv6+PU2rCSL6jNUcD3RL
lTJJnk+MpVdk/C6I7WNoOwTtbF7KgT5IV/02JXgpWgiqNtM2bTRwPVLG9anObGaC
2nLFbXmo4ZsSFIrMJbSIDVF3rwE2Xl9kZuB4SYCTF3hVojD7b9GxKH6tocdzxBM7
d9WjpzFenYWzHXLbswp2MyoXCqvGfuowQX+QZHJE5kitEzvBH4UDjQXUBQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLrF3f6EgF9DzPrLLdCf6i2tI/ftMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvdXNYZF9vU0FYMFBNLXNzdDBKX3FMYTBqOS0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcAKg94A/tO
AwcEKg94A/5QAwcEKg94A/7AMA0GCSqGSIb3DQEBCwUAA4IBAQBACdjNR+7ZGZJU
BvU96nM1kgvxD7ZI5RDHr7jYLSEulIWRHc4mYorRboom/kHFqU9/vc/+GdG1qGeR
vWwWVlxflkFmD53dskqfRsdbgqjl1aatpbe36v2qqN71ULGXCm0BZUvN2AGafsM/
fkEKcsg9YEY3Ag5W5K+ScirCAj/8Te3AA0yV5QcuHFL5XvnTI1DE4wnAfL1rXkRQ
ztW9Rfa/HSRpHa1TFzd9ecT5UrpZyJIlwDVt4KFLPjWGYYMndgtW+OikTffbnFrQ
bn+GH2m7lP+A0oSuFCzFExrQsE6cxN0c+VHYgaZZa8MxdUEhy7xj7Q4lMou6FHu2
Fn4iSVqB
-----END CERTIFICATE-----