Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/ceJcpyZIXBfpyKg7egaXSAwoodQ.roa
File:                     ceJcpyZIXBfpyKg7egaXSAwoodQ.roa (raw, json)
Hash identifier:          VxAW3vL0MHxZY/wz6TwfjOY/Fgb85E/ZuPkM+u5NcOo=
Subject key identifier:   71:E2:5C:A7:26:48:5C:17:E9:C8:A8:3B:7A:06:97:48:0C:28:A1:D4
Certificate issuer:       /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial:       018FA552425BEF51331C1519DB9C40FE47E8
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/ceJcpyZIXBfpyKg7egaXSAwoodQ.roa
Signing time:             Thu 23 May 2024 11:59:42 +0000
ROA not before:           Thu 23 May 2024 11:59:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215158
IP address blocks:        2a0c:2840::/29 maxlen: 29
                          2a12:2cc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:a5:52:42:5b:ef:51:33:1c:15:19:db:9c:40:fe:47:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
        Validity
            Not Before: May 23 11:59:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=71e25ca726485c17e9c8a83b7a0697480c28a1d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:ba:c8:fd:61:46:06:08:63:de:c3:11:3f:36:
                    46:dd:e6:d8:fb:9e:72:be:f2:da:a7:68:b3:d1:52:
                    f2:06:d8:32:7b:6e:e8:4a:2e:0f:87:d3:e5:65:1b:
                    22:2b:f9:10:d9:3f:1f:8f:c7:f7:20:de:de:4b:6f:
                    e1:3d:0b:39:67:5a:e4:88:fc:d0:bd:31:e2:d4:5c:
                    58:87:97:1a:79:e6:32:e0:98:1e:ed:3f:21:ca:7f:
                    52:1f:43:23:7f:3d:e6:90:ce:f9:ff:1c:d6:f1:f6:
                    c0:b9:05:88:f5:70:cc:6e:89:23:2f:eb:92:12:95:
                    e3:c7:52:29:16:57:8a:79:bf:fe:58:15:ab:17:6a:
                    ba:9b:68:3e:4b:ae:e0:2a:27:39:be:98:a4:a3:6e:
                    67:e4:0a:3b:b5:64:30:de:33:79:e1:3c:79:b5:ea:
                    66:a8:57:ce:99:06:9c:5f:a9:a3:b9:9e:84:16:21:
                    55:9f:59:cd:8e:8c:4a:bb:2c:8b:51:ab:3d:79:f2:
                    e8:32:4d:91:d5:2f:e2:76:6e:13:9e:44:57:bb:b7:
                    25:b0:92:6c:cf:9a:88:2e:65:3d:64:53:cb:76:0e:
                    54:45:3d:6b:f5:e5:31:bb:b3:0f:c6:21:7b:9a:81:
                    98:18:1b:14:06:51:72:93:d4:4a:70:37:e1:81:e2:
                    80:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:E2:5C:A7:26:48:5C:17:E9:C8:A8:3B:7A:06:97:48:0C:28:A1:D4
            X509v3 Authority Key Identifier:
                keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/ceJcpyZIXBfpyKg7egaXSAwoodQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:2840::/29
                  2a12:2cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         2d:56:ca:db:9f:15:20:8b:25:78:3f:12:e5:21:af:60:34:b8:
         c0:76:d7:80:c2:1b:03:97:58:97:6b:94:5a:c4:3e:71:b6:d3:
         14:5c:dc:d6:9e:a5:22:6d:52:ba:e1:57:d0:e2:be:77:56:7c:
         b8:b5:97:d8:d2:8b:ad:f7:a5:2e:07:96:cc:dd:cd:7e:3e:71:
         d6:79:88:b2:6c:05:82:93:b6:a8:68:91:57:b1:c7:dd:72:77:
         7d:a4:da:7b:d2:de:ee:c8:20:70:18:26:88:3c:a4:35:0e:33:
         f6:1c:05:e5:45:5f:01:03:e3:f8:2c:58:8d:72:3d:0f:a8:4d:
         cb:1d:5c:25:0a:34:35:e0:9e:c5:8e:f6:44:49:89:85:ee:34:
         a9:d4:dd:23:c9:64:d6:f7:9a:0e:97:60:c3:f9:d3:b3:a7:33:
         51:4f:64:3d:3d:2b:b4:86:8a:5b:5c:46:fb:ce:18:15:3f:be:
         e5:42:cb:aa:98:a3:5e:7f:bf:16:94:90:bc:50:75:15:e2:d5:
         0f:d6:7f:be:32:3d:c1:a3:6a:c1:c3:bc:39:44:42:74:70:57:
         80:ee:57:e4:76:ee:92:81:99:23:d6:a4:57:85:16:2a:79:cf:
         5d:c2:86:16:d4:a6:a4:0c:f7:11:fc:2a:8b:b6:7f:a9:0a:52:
         13:24:91:25
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY+lUkJb71EzHBUZ25xA/kfoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjQwNTIzMTE1OTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWUyNWNhNzI2NDg1YzE3ZTljOGE4M2I3YTA2OTc0ODBjMjhhMWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAobrI/WFGBghj3sMRPzZG3ebY+55y
vvLap2iz0VLyBtgye27oSi4Ph9PlZRsiK/kQ2T8fj8f3IN7eS2/hPQs5Z1rkiPzQ
vTHi1FxYh5caeeYy4Jge7T8hyn9SH0Mjfz3mkM75/xzW8fbAuQWI9XDMbokjL+uS
EpXjx1IpFleKeb/+WBWrF2q6m2g+S67gKic5vpiko25n5Ao7tWQw3jN54Tx5tepm
qFfOmQacX6mjuZ6EFiFVn1nNjoxKuyyLUas9efLoMk2R1S/idm4TnkRXu7clsJJs
z5qILmU9ZFPLdg5URT1r9eUxu7MPxiF7moGYGBsUBlFyk9RKcDfhgeKALwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFHHiXKcmSFwX6cioO3oGl0gMKKHUMB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvY2VKY3B5WklYQmZweUtnN2VnYVhTQXdvb2RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKgwoQAMF
AyoSLMAwDQYJKoZIhvcNAQELBQADggEBAC1WytufFSCLJXg/EuUhr2A0uMB214DC
GwOXWJdrlFrEPnG20xRc3NaepSJtUrrhV9DivndWfLi1l9jSi633pS4HlszdzX4+
cdZ5iLJsBYKTtqhokVexx91yd32k2nvS3u7IIHAYJog8pDUOM/YcBeVFXwED4/gs
WI1yPQ+oTcsdXCUKNDXgnsWO9kRJiYXuNKnU3SPJZNb3mg6XYMP507OnM1FPZD09
K7SGiltcRvvOGBU/vuVCy6qYo15/vxaUkLxQdRXi1Q/Wf74yPcGjasHDvDlEQnRw
V4DuV+R27pKBmSPWpFeFFip5z13ChhbUpqQM9xH8Kou2f6kKUhMkkSU=
-----END CERTIFICATE-----