Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/ymdNS9pHrN8VxSdcZq0PVdM-2Uk.roa
File:                     ymdNS9pHrN8VxSdcZq0PVdM-2Uk.roa (raw, json)
Hash identifier:          khNKYEr6B6OShvzz5iedSUz51r7T7FCwvTwPq+T90Xs=
Subject key identifier:   CA:67:4D:4B:DA:47:AC:DF:15:C5:27:5C:66:AD:0F:55:D3:3E:D9:49
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       01900CFF47FDE8A42833551DA512722329CD
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/ymdNS9pHrN8VxSdcZq0PVdM-2Uk.roa
Signing time:             Wed 12 Jun 2024 15:09:35 +0000
ROA not before:           Wed 12 Jun 2024 15:09:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214717
IP address blocks:        2a0f:7803:fa80::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 08:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:0c:ff:47:fd:e8:a4:28:33:55:1d:a5:12:72:23:29:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jun 12 15:09:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca674d4bda47acdf15c5275c66ad0f55d33ed949
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:bb:6d:a4:6e:8a:dc:ca:0f:e9:d8:91:89:5f:
                    83:82:8b:25:22:50:d3:14:77:a9:03:ef:81:34:71:
                    c7:4e:ec:68:12:21:29:8e:46:b5:ac:7b:fd:04:f0:
                    c5:83:d1:58:cb:da:56:ea:4f:80:a2:ce:d0:b4:84:
                    1f:02:bb:0b:2f:42:ad:09:e2:c1:ea:fa:74:c6:4d:
                    96:2f:17:4b:ed:b1:16:54:2c:f3:23:06:3c:d8:0a:
                    eb:6e:b3:34:d8:18:97:d1:48:cd:e7:74:54:2a:7b:
                    f9:84:8a:e3:b7:0f:b2:c7:c3:3a:a4:a5:bf:3c:bd:
                    b8:d9:6d:d8:de:50:60:5e:fc:8e:8d:00:15:b0:d2:
                    8c:1c:a7:10:1f:17:a5:75:44:12:2d:46:ac:af:86:
                    a4:95:11:78:f0:11:89:ad:7f:a8:27:ee:dd:a9:d0:
                    8f:b0:17:c5:b5:b2:7d:2a:66:3d:0c:e7:7a:4c:e1:
                    47:71:09:8e:da:3f:74:30:d0:62:75:16:12:ec:e1:
                    3f:d7:a8:30:c9:12:f3:24:09:93:ef:95:54:0d:ad:
                    76:2f:d3:3b:68:d0:71:1f:48:9a:b8:83:ab:84:cd:
                    21:db:77:b7:35:72:5c:bd:da:ee:72:eb:11:78:95:
                    f1:17:df:c1:00:8b:4d:3e:ad:ab:4a:68:bb:4e:4a:
                    c6:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:67:4D:4B:DA:47:AC:DF:15:C5:27:5C:66:AD:0F:55:D3:3E:D9:49
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/ymdNS9pHrN8VxSdcZq0PVdM-2Uk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7803:fa80::/44

    Signature Algorithm: sha256WithRSAEncryption
         59:3b:5a:80:d2:0a:77:ed:0a:92:59:ad:e4:b1:9e:ea:9b:a1:
         0e:20:ee:4c:16:37:9b:39:4e:d2:f3:93:a1:aa:4b:15:cf:c8:
         05:fe:a3:79:44:00:b0:2e:cf:bf:a4:a4:71:ec:a7:ea:e1:ec:
         b5:fb:76:17:c0:e8:87:43:d9:e1:ac:3e:e4:9b:a9:a7:be:03:
         33:80:25:ac:29:c9:9a:fa:71:76:e6:68:49:a8:4d:90:49:a6:
         ef:78:5d:f7:35:62:3e:60:cc:ca:21:ce:15:c2:04:da:e5:55:
         fa:67:c4:70:43:e8:ab:48:5a:ef:d8:1b:1e:60:0b:0b:3a:6f:
         99:fd:7b:84:7e:5e:5e:fd:1d:a1:12:83:e9:61:e9:e7:18:08:
         3a:2c:a0:41:b8:af:12:58:a2:ea:ad:0c:54:2b:fd:f1:b5:57:
         9e:22:b2:b7:92:6e:40:f0:a0:66:12:94:2b:58:87:c1:c5:9a:
         6b:c1:d1:26:56:71:55:16:28:15:d4:7a:ad:d7:e9:c3:be:13:
         c7:4b:4a:d9:84:fe:b7:fc:be:cb:25:ad:1c:48:01:48:94:91:
         5f:69:52:37:86:84:87:10:48:7a:dc:4c:36:3e:13:5d:d0:34:
         b4:8a:ac:14:24:e8:4e:cf:a6:3f:bc:77:a4:4e:25:ad:d6:1e:
         a4:c0:9d:a8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZAM/0f96KQoM1UdpRJyIynNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjQwNjEyMTUwOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTY3NGQ0YmRhNDdhY2RmMTVjNTI3NWM2NmFkMGY1NWQzM2VkOTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArLttpG6K3MoP6diRiV+DgoslIlDT
FHepA++BNHHHTuxoEiEpjka1rHv9BPDFg9FYy9pW6k+Aos7QtIQfArsLL0KtCeLB
6vp0xk2WLxdL7bEWVCzzIwY82ArrbrM02BiX0UjN53RUKnv5hIrjtw+yx8M6pKW/
PL242W3Y3lBgXvyOjQAVsNKMHKcQHxeldUQSLUasr4aklRF48BGJrX+oJ+7dqdCP
sBfFtbJ9KmY9DOd6TOFHcQmO2j90MNBidRYS7OE/16gwyRLzJAmT75VUDa12L9M7
aNBxH0iauIOrhM0h23e3NXJcvdrucusReJXxF9/BAItNPq2rSmi7TkrGdQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMpnTUvaR6zfFcUnXGatD1XTPtlJMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEveW1kTlM5cEhyTjhWeFNkY1pxMFBWZE0tMlVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg94A/qA
MA0GCSqGSIb3DQEBCwUAA4IBAQBZO1qA0gp37QqSWa3ksZ7qm6EOIO5MFjebOU7S
85OhqksVz8gF/qN5RACwLs+/pKRx7Kfq4ey1+3YXwOiHQ9nhrD7km6mnvgMzgCWs
Kcma+nF25mhJqE2QSabveF33NWI+YMzKIc4VwgTa5VX6Z8RwQ+irSFrv2BseYAsL
Om+Z/XuEfl5e/R2hEoPpYennGAg6LKBBuK8SWKLqrQxUK/3xtVeeIrK3km5A8KBm
EpQrWIfBxZprwdEmVnFVFigV1Hqt1+nDvhPHS0rZhP63/L7LJa0cSAFIlJFfaVI3
hoSHEEh63Ew2PhNd0DS0iqwUJOhOz6Y/vHekTiWt1h6kwJ2o
-----END CERTIFICATE-----