Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/v89PyDjMr-RQrPAfbTnkPv_wxHw.roa
File:                     v89PyDjMr-RQrPAfbTnkPv_wxHw.roa (raw, json)
Hash identifier:          G8u/aMyjleDI+DtdMLFF6Ud5xf0SwdpiZx1ECHKefTk=
Subject key identifier:   BF:CF:4F:C8:38:CC:AF:E4:50:AC:F0:1F:6D:39:E4:3E:FF:F0:C4:7C
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       01942369FDB1CD58917814BA8FB701BD3F99
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/v89PyDjMr-RQrPAfbTnkPv_wxHw.roa
Signing time:             Wed 01 Jan 2025 19:48:56 +0000
ROA not before:           Wed 01 Jan 2025 19:48:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216044
IP address blocks:        2a0f:7803:fea0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:fd:b1:cd:58:91:78:14:ba:8f:b7:01:bd:3f:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jan  1 19:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bfcf4fc838ccafe450acf01f6d39e43efff0c47c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:f8:0b:8e:0e:10:14:f9:69:84:f4:97:27:5d:
                    c7:4c:7d:5c:89:90:fb:cd:2b:f4:4a:62:fb:cd:d0:
                    e7:37:2f:2d:ee:1a:44:3a:13:27:f1:d3:75:79:57:
                    f2:99:32:71:39:80:02:8b:7b:8b:4f:89:fe:a8:9c:
                    ba:c0:ce:13:fe:8a:34:9b:19:1e:cc:55:b9:3b:b8:
                    b2:ea:16:97:77:08:96:7c:77:9d:16:02:8a:a4:0b:
                    85:05:f2:6b:ad:30:78:15:a7:7e:8a:87:3c:dd:ce:
                    db:f9:b4:26:cd:94:b9:d7:ca:5e:5c:0a:7e:be:8e:
                    8b:81:57:b0:95:9f:c2:3b:2d:08:4d:2b:3a:87:62:
                    aa:7e:1e:df:ba:78:8d:ef:c6:a8:02:2d:ae:a0:59:
                    90:13:b0:ce:32:6b:5e:4f:55:38:93:a5:20:d6:49:
                    6d:2c:67:09:24:2f:a8:cd:24:28:f4:11:4b:bc:28:
                    8d:2e:8d:97:35:7f:ab:8b:ea:8e:72:28:fc:f4:36:
                    ad:b1:1b:99:ce:f3:55:f3:51:8a:a5:6c:51:93:63:
                    6c:7f:0e:39:16:c8:8b:88:b6:f5:86:34:78:be:28:
                    2e:da:80:94:c1:25:36:bb:11:ee:da:bf:77:74:54:
                    80:28:19:a6:6c:f2:d6:0a:ac:48:aa:3d:f0:03:b5:
                    2d:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:CF:4F:C8:38:CC:AF:E4:50:AC:F0:1F:6D:39:E4:3E:FF:F0:C4:7C
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/v89PyDjMr-RQrPAfbTnkPv_wxHw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7803:fea0::/44

    Signature Algorithm: sha256WithRSAEncryption
         3a:09:79:99:4b:48:1a:7e:fc:5f:c0:70:88:04:20:13:c4:a0:
         6c:8b:14:ab:e2:e7:7b:13:d2:7d:71:d9:99:34:d7:7d:30:2c:
         58:b7:57:81:02:1f:aa:ca:5a:19:42:6e:62:ac:b8:af:ce:1e:
         5a:d8:3e:ca:3a:55:3f:66:62:b4:10:54:67:ae:cb:83:64:eb:
         08:12:ae:27:b8:5c:3c:0d:d5:fb:19:a9:22:89:52:af:2d:4e:
         af:37:e9:0a:67:4d:2f:2b:86:08:9c:88:98:8d:6d:83:ee:22:
         af:4f:b0:61:78:50:d5:4f:aa:26:cb:c5:62:fc:42:b6:c5:34:
         41:1e:e3:94:4c:e3:b5:71:f7:f2:58:99:56:d8:08:87:b5:56:
         cf:1b:17:1c:fe:98:23:a9:9a:e5:a2:d1:41:be:ce:f9:d4:ad:
         0d:d9:bd:8c:3a:19:9f:98:44:4f:e3:1e:0d:88:2c:e1:b4:b2:
         20:eb:9f:a7:3e:f3:87:ad:a8:f5:9c:93:24:31:63:5e:04:55:
         82:ea:d3:a7:b2:41:63:55:56:28:89:31:b2:67:b2:71:bf:a2:
         61:3a:36:01:e6:11:08:0c:3d:87:43:e0:30:c1:d3:4f:41:b1:
         21:83:57:f4:2a:14:e7:a5:4b:d6:18:a6:aa:57:19:d6:2c:ea:
         a8:f4:a5:8f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQjaf2xzViReBS6j7cBvT+ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjUwMTAxMTk0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmNmNGZjODM4Y2NhZmU0NTBhY2YwMWY2ZDM5ZTQzZWZmZjBjNDdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApPgLjg4QFPlphPSXJ13HTH1ciZD7
zSv0SmL7zdDnNy8t7hpEOhMn8dN1eVfymTJxOYACi3uLT4n+qJy6wM4T/oo0mxke
zFW5O7iy6haXdwiWfHedFgKKpAuFBfJrrTB4Fad+ioc83c7b+bQmzZS518peXAp+
vo6LgVewlZ/COy0ITSs6h2Kqfh7funiN78aoAi2uoFmQE7DOMmteT1U4k6Ug1klt
LGcJJC+ozSQo9BFLvCiNLo2XNX+ri+qOcij89DatsRuZzvNV81GKpWxRk2Nsfw45
FsiLiLb1hjR4vigu2oCUwSU2uxHu2r93dFSAKBmmbPLWCqxIqj3wA7UtuwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFL/PT8g4zK/kUKzwH2055D7/8MR8MB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvdjg5UHlEak1yLVJRclBBZmJUbmtQdl93eEh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg94A/6g
MA0GCSqGSIb3DQEBCwUAA4IBAQA6CXmZS0gafvxfwHCIBCATxKBsixSr4ud7E9J9
cdmZNNd9MCxYt1eBAh+qyloZQm5irLivzh5a2D7KOlU/ZmK0EFRnrsuDZOsIEq4n
uFw8DdX7GakiiVKvLU6vN+kKZ00vK4YInIiYjW2D7iKvT7BheFDVT6omy8Vi/EK2
xTRBHuOUTOO1cffyWJlW2AiHtVbPGxcc/pgjqZrlotFBvs751K0N2b2MOhmfmERP
4x4NiCzhtLIg65+nPvOHraj1nJMkMWNeBFWC6tOnskFjVVYoiTGyZ7Jxv6JhOjYB
5hEIDD2HQ+AwwdNPQbEhg1f0KhTnpUvWGKaqVxnWLOqo9KWP
-----END CERTIFICATE-----