Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/xpX8dvOlx6TrAn24HEPdTFcbhFk.roa
File:                     xpX8dvOlx6TrAn24HEPdTFcbhFk.roa (raw, json)
Hash identifier:          Jeh6/qRHNi9UFob06X0yUKDh0yUK3pX/MeFuNRO3V3Q=
Subject key identifier:   C6:95:FC:76:F3:A5:C7:A4:EB:02:7D:B8:1C:43:DD:4C:57:1B:84:59
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       018D7E3E67FFE001F9B6D473DA758BF2C7A5
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/xpX8dvOlx6TrAn24HEPdTFcbhFk.roa
Signing time:             Tue 06 Feb 2024 11:47:15 +0000
ROA not before:           Tue 06 Feb 2024 11:47:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215592
IP address blocks:        2a0f:7803:fb10::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7e:3e:67:ff:e0:01:f9:b6:d4:73:da:75:8b:f2:c7:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Feb  6 11:47:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c695fc76f3a5c7a4eb027db81c43dd4c571b8459
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:9e:db:30:e5:b9:7f:cf:51:e6:aa:4f:4a:4c:
                    04:a5:cc:e4:dd:b1:a3:12:c5:86:a9:8e:8c:e0:39:
                    aa:f5:56:ed:9e:2a:95:d8:fc:cc:2d:b0:f1:77:c3:
                    18:10:3a:84:ee:5c:a9:59:1d:a8:1d:7c:bb:2c:fa:
                    67:7d:b7:b1:e6:55:f8:93:44:ea:2a:80:4b:0f:49:
                    01:f9:e4:34:5b:09:64:75:31:33:00:07:7d:d5:57:
                    a1:6b:13:bf:e1:d4:dc:23:e1:72:80:3f:53:ee:13:
                    b1:93:a0:80:a9:08:95:06:12:48:a8:ed:29:5f:d4:
                    cb:9b:97:ce:8a:36:10:46:59:30:fe:e1:95:90:2b:
                    25:59:16:9a:a0:a8:7f:31:cb:cf:1c:a5:d7:f5:0b:
                    d6:59:69:3d:3b:f3:3e:29:5f:17:24:35:ed:1f:b7:
                    f7:87:8f:2e:ef:05:da:5d:05:0d:39:7c:40:63:d9:
                    50:bd:ac:43:df:98:d2:84:90:96:a2:5d:98:e2:85:
                    f2:da:4b:ac:6c:be:db:46:03:d9:20:26:a2:98:8e:
                    56:d0:8d:fa:33:67:d2:90:1e:88:a1:65:fb:c8:89:
                    17:9e:a6:0e:a7:80:75:52:6e:6f:31:29:bd:4c:7d:
                    1f:32:26:4b:19:f0:de:46:6b:69:98:99:7c:dc:3b:
                    2a:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:95:FC:76:F3:A5:C7:A4:EB:02:7D:B8:1C:43:DD:4C:57:1B:84:59
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/xpX8dvOlx6TrAn24HEPdTFcbhFk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7803:fb10::/48

    Signature Algorithm: sha256WithRSAEncryption
         81:59:cc:81:ee:55:6b:d7:d2:f1:fa:85:a2:15:b3:9e:93:78:
         e5:88:b5:7f:e0:06:48:9f:95:f9:d0:5e:ed:83:2f:1c:1f:42:
         d5:0f:46:29:b8:73:f3:af:a2:6b:d5:97:8f:35:ab:2c:2c:c4:
         22:6c:96:ef:ea:6f:56:a5:77:08:52:04:f5:39:ac:2e:6f:ef:
         98:da:3b:8c:4c:25:bf:90:9e:d9:ed:19:9c:91:80:a2:c9:70:
         25:09:66:dd:27:dd:1c:2a:f1:8f:0c:6c:40:30:8e:31:ed:50:
         e5:f9:4c:91:8e:1e:d7:94:7d:6a:aa:72:d9:13:e0:3e:8c:20:
         90:85:96:73:9b:64:3c:ad:6b:49:79:12:ca:35:9b:8d:94:d5:
         59:6f:55:0e:29:5b:7b:4b:32:cc:58:68:61:54:40:3b:d9:bf:
         0a:b6:eb:4b:44:2f:22:a1:ce:c5:83:65:8b:e2:13:c8:02:19:
         53:24:77:db:cc:37:a0:42:66:d0:87:17:4b:19:e4:35:cc:5b:
         6b:01:18:4f:37:bc:cf:d2:87:8a:fb:e8:26:75:3a:6d:ed:e3:
         d8:46:c9:c3:3b:42:c5:e2:c9:33:3c:26:ac:9d:f2:56:42:bf:
         1e:f2:43:04:58:69:c0:89:e4:8b:79:a7:3f:56:be:1f:c2:04:
         66:4a:63:32
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY1+Pmf/4AH5ttRz2nWL8selMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjQwMjA2MTE0NzE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjk1ZmM3NmYzYTVjN2E0ZWIwMjdkYjgxYzQzZGQ0YzU3MWI4NDU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoJ7bMOW5f89R5qpPSkwEpczk3bGj
EsWGqY6M4Dmq9VbtniqV2PzMLbDxd8MYEDqE7lypWR2oHXy7LPpnfbex5lX4k0Tq
KoBLD0kB+eQ0WwlkdTEzAAd91VehaxO/4dTcI+FygD9T7hOxk6CAqQiVBhJIqO0p
X9TLm5fOijYQRlkw/uGVkCslWRaaoKh/McvPHKXX9QvWWWk9O/M+KV8XJDXtH7f3
h48u7wXaXQUNOXxAY9lQvaxD35jShJCWol2Y4oXy2kusbL7bRgPZICaimI5W0I36
M2fSkB6IoWX7yIkXnqYOp4B1Um5vMSm9TH0fMiZLGfDeRmtpmJl83DsqTQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMaV/Hbzpcek6wJ9uBxD3UxXG4RZMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEveHBYOGR2T2x4NlRyQW4yNEhFUGRURmNiaEZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg94A/sQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCBWcyB7lVr19Lx+oWiFbOek3jliLV/4AZIn5X5
0F7tgy8cH0LVD0YpuHPzr6Jr1ZePNassLMQibJbv6m9WpXcIUgT1Oawub++Y2juM
TCW/kJ7Z7RmckYCiyXAlCWbdJ90cKvGPDGxAMI4x7VDl+UyRjh7XlH1qqnLZE+A+
jCCQhZZzm2Q8rWtJeRLKNZuNlNVZb1UOKVt7SzLMWGhhVEA72b8KtutLRC8ioc7F
g2WL4hPIAhlTJHfbzDegQmbQhxdLGeQ1zFtrARhPN7zP0oeK++gmdTpt7ePYRsnD
O0LF4skzPCasnfJWQr8e8kMEWGnAieSLeac/Vr4fwgRmSmMy
-----END CERTIFICATE-----