Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/yjPEy3ddAD8WA755xNtnJArJon4.roa
File:                     yjPEy3ddAD8WA755xNtnJArJon4.roa (raw, json)
Hash identifier:          dCI+PineNmeECh+f2F1qxNIgz2ACMa+MHKcj/6vNSYk=
Subject key identifier:   CA:33:C4:CB:77:5D:00:3F:16:03:BE:79:C4:DB:67:24:0A:C9:A2:7E
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       01900CFF4736678BC976C20C3B645B01DF91
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/yjPEy3ddAD8WA755xNtnJArJon4.roa
Signing time:             Wed 12 Jun 2024 15:09:34 +0000
ROA not before:           Wed 12 Jun 2024 15:09:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214715
IP address blocks:        2a0f:7803:fa60::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 08:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:0c:ff:47:36:67:8b:c9:76:c2:0c:3b:64:5b:01:df:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jun 12 15:09:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca33c4cb775d003f1603be79c4db67240ac9a27e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:a9:35:cf:bf:36:18:39:75:e7:e8:a7:5f:09:
                    e7:05:75:e7:ff:fe:b7:74:b8:65:44:2a:1a:4b:6b:
                    28:f8:a6:4a:a4:cc:56:73:74:cd:3d:a4:64:d9:36:
                    79:17:15:83:89:e2:5f:de:47:83:63:bf:c7:54:4d:
                    1a:df:ce:5e:a1:9c:d7:26:be:c6:e4:cf:d5:e7:27:
                    0e:98:3a:9c:ec:86:a7:b8:95:85:a5:74:21:5c:f5:
                    d8:f3:b3:ee:ed:c0:0a:15:26:7d:64:e7:4f:cc:ce:
                    9b:36:02:79:ba:70:24:71:b4:10:61:53:89:27:1b:
                    f5:12:50:68:46:05:2e:3f:81:87:94:da:23:79:dc:
                    3a:a5:76:02:7d:c8:a7:90:7b:32:26:79:69:6f:ed:
                    91:34:b9:4e:d8:ae:89:71:5f:ab:f9:e9:bf:30:52:
                    30:8c:a1:6f:82:e5:08:a5:cb:c1:05:04:1c:e0:f5:
                    f5:c7:96:35:93:0f:78:b2:ba:81:d0:ba:01:ee:3e:
                    c8:6b:08:db:c6:f7:9e:bd:09:4e:87:94:55:2d:a4:
                    ca:a4:02:63:91:e3:cf:4b:64:09:c2:0d:8f:56:e5:
                    74:40:7b:60:3c:f1:68:1c:08:67:5f:65:9f:75:f9:
                    b7:08:0f:ab:3e:af:2d:2c:f8:3e:75:7a:90:65:ef:
                    25:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:33:C4:CB:77:5D:00:3F:16:03:BE:79:C4:DB:67:24:0A:C9:A2:7E
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/yjPEy3ddAD8WA755xNtnJArJon4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7803:fa60::/44

    Signature Algorithm: sha256WithRSAEncryption
         ae:10:1f:cf:83:87:4b:de:ad:00:b0:5e:14:c5:ee:b2:6b:89:
         d8:8a:1a:b6:db:ac:a1:0e:44:92:e6:1a:1d:b2:67:9b:a0:69:
         f0:dc:62:80:01:3f:a3:60:20:7e:87:fc:33:70:47:b4:03:ab:
         01:2d:e1:ab:56:a2:b8:a9:ab:05:1b:c1:39:e2:ba:84:67:7b:
         1e:a5:47:a1:19:bd:68:d1:33:74:10:84:b3:86:0e:e3:0c:1c:
         04:b5:2b:dd:23:e7:6e:ab:2a:3c:5f:0a:55:13:13:15:de:77:
         ca:8b:0f:7b:a9:19:15:97:5f:e3:bb:70:7e:9e:56:5d:3b:47:
         9b:09:7e:90:b8:80:a0:8c:f5:4b:f1:e3:d9:c1:d0:34:81:3a:
         cd:1e:3c:07:77:ed:8e:f7:1b:13:25:3e:14:90:12:b9:99:7d:
         db:f0:f2:12:3c:c6:4d:c2:81:86:fe:f9:82:fc:81:d8:05:cb:
         e1:2c:4d:07:11:14:d7:55:ab:33:8c:b0:bd:fc:46:df:6d:c5:
         6b:a8:d6:97:bf:de:e7:e7:dd:99:bb:78:18:61:90:11:72:81:
         6e:ff:d4:75:81:d1:e8:27:2f:8f:58:b5:88:10:72:9b:78:d2:
         e5:ee:90:da:0c:59:96:b4:fe:21:a5:34:ce:30:17:c7:24:ec:
         b8:1a:2b:80
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZAM/0c2Z4vJdsIMO2RbAd+RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjQwNjEyMTUwOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTMzYzRjYjc3NWQwMDNmMTYwM2JlNzljNGRiNjcyNDBhYzlhMjdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp6k1z782GDl15+inXwnnBXXn//63
dLhlRCoaS2so+KZKpMxWc3TNPaRk2TZ5FxWDieJf3keDY7/HVE0a385eoZzXJr7G
5M/V5ycOmDqc7IanuJWFpXQhXPXY87Pu7cAKFSZ9ZOdPzM6bNgJ5unAkcbQQYVOJ
Jxv1ElBoRgUuP4GHlNojedw6pXYCfcinkHsyJnlpb+2RNLlO2K6JcV+r+em/MFIw
jKFvguUIpcvBBQQc4PX1x5Y1kw94srqB0LoB7j7IawjbxveevQlOh5RVLaTKpAJj
kePPS2QJwg2PVuV0QHtgPPFoHAhnX2Wfdfm3CA+rPq8tLPg+dXqQZe8lNQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMozxMt3XQA/FgO+ecTbZyQKyaJ+MB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEveWpQRXkzZGRBRDhXQTc1NXhOdG5KQXJKb240LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg94A/pg
MA0GCSqGSIb3DQEBCwUAA4IBAQCuEB/Pg4dL3q0AsF4Uxe6ya4nYihq226yhDkSS
5hodsmeboGnw3GKAAT+jYCB+h/wzcEe0A6sBLeGrVqK4qasFG8E54rqEZ3sepUeh
Gb1o0TN0EISzhg7jDBwEtSvdI+duqyo8XwpVExMV3nfKiw97qRkVl1/ju3B+nlZd
O0ebCX6QuICgjPVL8ePZwdA0gTrNHjwHd+2O9xsTJT4UkBK5mX3b8PISPMZNwoGG
/vmC/IHYBcvhLE0HERTXVaszjLC9/EbfbcVrqNaXv97n592Zu3gYYZARcoFu/9R1
gdHoJy+PWLWIEHKbeNLl7pDaDFmWtP4hpTTOMBfHJOy4GiuA
-----END CERTIFICATE-----