Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/zb-Jw-LLP3THAOwUnNG50WX7Cm8.roa
File:                     zb-Jw-LLP3THAOwUnNG50WX7Cm8.roa (raw, json)
Hash identifier:          MQoD0IEGeZ2bUQuGH6oOCMY/lhF4Ne84LFdY9g3WtJI=
Subject key identifier:   CD:BF:89:C3:E2:CB:3F:74:C7:00:EC:14:9C:D1:B9:D1:65:FB:0A:6F
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       0190440DD150A4AE4957315F050B4DD0A18C
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/zb-Jw-LLP3THAOwUnNG50WX7Cm8.roa
Signing time:             Sun 23 Jun 2024 07:44:34 +0000
ROA not before:           Sun 23 Jun 2024 07:44:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214711
IP address blocks:        2a0f:7803:fa30::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 08:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:44:0d:d1:50:a4:ae:49:57:31:5f:05:0b:4d:d0:a1:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jun 23 07:44:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cdbf89c3e2cb3f74c700ec149cd1b9d165fb0a6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:27:8c:80:c2:00:1a:06:4a:d1:7f:6f:25:46:
                    b5:51:5d:b5:a1:d4:b5:51:ef:87:f8:60:62:2c:2a:
                    e8:d4:11:0e:5b:9f:23:60:e7:ac:6b:16:11:21:5a:
                    b1:d3:dc:a7:1c:2b:94:fa:c6:2a:d5:97:2b:54:8f:
                    8d:8f:ab:f1:39:14:40:ea:5f:9f:72:53:92:43:c0:
                    24:fc:07:8a:c7:0a:e5:b6:a5:81:84:c9:7e:f6:ea:
                    9d:a8:e9:b3:c2:64:30:b8:c4:2a:c4:7b:c9:04:63:
                    08:68:c1:65:86:f8:c3:98:76:19:d9:60:6b:0a:9a:
                    6c:67:aa:2b:4f:6b:21:3d:9b:f2:38:e0:59:f8:11:
                    e0:ae:7f:2a:49:52:ef:be:3a:8c:6d:24:56:51:56:
                    06:51:ec:92:97:31:52:56:61:68:e4:25:2b:52:20:
                    aa:53:77:c6:b0:d0:84:e0:a4:04:09:49:68:63:fc:
                    fa:d9:77:fb:c9:f5:7d:ff:18:bd:e8:da:87:a3:67:
                    ef:64:85:d9:54:6e:5c:19:f1:1e:05:6b:4e:79:cf:
                    6e:74:3c:be:5c:8e:3d:b4:28:1c:dc:d3:2b:18:14:
                    2a:fd:8d:2e:d4:ae:de:83:9c:80:25:58:6d:8d:e5:
                    18:ad:ba:14:2c:40:a3:93:66:65:41:e4:98:81:ce:
                    ab:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:BF:89:C3:E2:CB:3F:74:C7:00:EC:14:9C:D1:B9:D1:65:FB:0A:6F
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/zb-Jw-LLP3THAOwUnNG50WX7Cm8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7803:fa30::/44

    Signature Algorithm: sha256WithRSAEncryption
         50:a9:54:26:ec:cd:a9:93:e3:fd:1a:19:56:38:5f:94:b5:fd:
         92:8b:f3:55:bc:42:29:ae:2a:94:e0:2b:85:08:4c:00:7c:a7:
         2e:c1:7c:63:e7:82:d2:bd:a4:59:be:c2:69:25:62:30:f3:6d:
         fc:20:66:36:f7:10:04:c3:4a:1c:0d:3f:a4:7f:c6:35:d7:d8:
         c6:2a:57:b7:95:96:6d:2a:13:07:b4:c6:4d:dd:d9:57:b4:8b:
         52:7e:ed:1f:90:be:ca:32:9c:da:7e:37:48:3d:4b:73:21:f2:
         d1:ae:af:49:45:6a:54:93:da:7f:6f:54:5b:b3:ee:d4:10:1b:
         56:5c:18:9e:02:59:48:25:c7:2b:05:a3:3a:c4:8f:48:d0:d1:
         69:a1:84:a2:02:2a:71:53:ba:37:69:16:bd:0c:a8:cf:f0:3e:
         be:5b:75:98:42:2b:13:1a:e9:72:2f:33:c1:c4:8e:d8:0b:99:
         33:a4:19:13:10:f2:d4:21:7b:f5:03:b9:2c:a8:0e:f9:e1:52:
         81:3c:48:a8:56:6d:b3:4c:af:63:5a:6c:5d:8d:32:c7:03:f2:
         a4:97:cf:8c:b8:bd:6a:36:33:8c:dc:3c:ab:54:1a:61:97:82:
         46:0a:70:e8:c5:4c:1a:ea:ff:ea:3b:51:e0:a1:78:fc:57:fe:
         d8:34:56:fb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZBEDdFQpK5JVzFfBQtN0KGMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjQwNjIzMDc0NDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGJmODljM2UyY2IzZjc0YzcwMGVjMTQ5Y2QxYjlkMTY1ZmIwYTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlieMgMIAGgZK0X9vJUa1UV21odS1
Ue+H+GBiLCro1BEOW58jYOesaxYRIVqx09ynHCuU+sYq1ZcrVI+Nj6vxORRA6l+f
clOSQ8Ak/AeKxwrltqWBhMl+9uqdqOmzwmQwuMQqxHvJBGMIaMFlhvjDmHYZ2WBr
CppsZ6orT2shPZvyOOBZ+BHgrn8qSVLvvjqMbSRWUVYGUeySlzFSVmFo5CUrUiCq
U3fGsNCE4KQECUloY/z62Xf7yfV9/xi96NqHo2fvZIXZVG5cGfEeBWtOec9udDy+
XI49tCgc3NMrGBQq/Y0u1K7eg5yAJVhtjeUYrboULECjk2ZlQeSYgc6rZwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFM2/icPiyz90xwDsFJzRudFl+wpvMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvemItSnctTExQM1RIQU93VW5ORzUwV1g3Q204LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg94A/ow
MA0GCSqGSIb3DQEBCwUAA4IBAQBQqVQm7M2pk+P9GhlWOF+Utf2Si/NVvEIpriqU
4CuFCEwAfKcuwXxj54LSvaRZvsJpJWIw8238IGY29xAEw0ocDT+kf8Y119jGKle3
lZZtKhMHtMZN3dlXtItSfu0fkL7KMpzafjdIPUtzIfLRrq9JRWpUk9p/b1Rbs+7U
EBtWXBieAllIJccrBaM6xI9I0NFpoYSiAipxU7o3aRa9DKjP8D6+W3WYQisTGuly
LzPBxI7YC5kzpBkTEPLUIXv1A7ksqA754VKBPEioVm2zTK9jWmxdjTLHA/Kkl8+M
uL1qNjOM3DyrVBphl4JGCnDoxUwa6v/qO1HgoXj8V/7YNFb7
-----END CERTIFICATE-----