Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/5bOPfMo56rXIzp6_djqwTRE2m3Y.roa
File:                     5bOPfMo56rXIzp6_djqwTRE2m3Y.roa (raw, json)
Hash identifier:          qsJJeIlQZWtsvR/wfNaNbOI0byLxGQ6/Pn+jMTzh8gE=
Subject key identifier:   E5:B3:8F:7C:CA:39:EA:B5:C8:CE:9E:BF:76:3A:B0:4D:11:36:9B:76
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       01983A9B3026F44E4C20727A65F3C1A8A119
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/5bOPfMo56rXIzp6_djqwTRE2m3Y.roa
Signing time:             Thu 24 Jul 2025 04:05:05 +0000
ROA not before:           Thu 24 Jul 2025 04:05:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     401776
IP address blocks:        2a0f:7802:e200::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 00:46:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:3a:9b:30:26:f4:4e:4c:20:72:7a:65:f3:c1:a8:a1:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jul 24 04:05:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e5b38f7cca39eab5c8ce9ebf763ab04d11369b76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:c5:94:e9:da:06:a8:0b:7d:c8:98:3b:a4:37:
                    ba:70:11:81:e2:95:5d:35:ff:38:44:4d:be:08:65:
                    08:e2:ae:f0:e9:bd:65:b2:d9:82:67:26:92:2e:58:
                    58:df:5f:60:fe:7f:e9:f8:be:8d:62:20:79:85:93:
                    a9:5a:9c:a6:17:8d:1b:f6:ab:7c:56:eb:36:84:b6:
                    0b:11:6f:20:db:45:36:a7:b3:41:be:53:61:11:4b:
                    00:c3:54:7a:19:87:ad:b9:36:a3:55:a3:43:9a:e6:
                    2a:56:c4:3f:79:9b:13:5f:d8:0e:cd:aa:43:bd:99:
                    7a:2a:9b:c0:07:f0:a7:49:c1:bb:94:8e:3c:24:3d:
                    ce:20:e9:cf:ba:ab:0a:b4:8c:48:56:62:d6:ff:f2:
                    a5:e0:30:78:bb:9f:2b:1f:3d:4d:56:54:d1:45:18:
                    f3:3a:9d:1e:e2:39:bc:c6:3b:f1:23:fe:bd:7a:6b:
                    9f:19:71:c2:01:52:5a:72:0c:c8:bf:5b:7b:37:2d:
                    32:81:bb:ae:34:8e:5c:ef:ae:3f:ae:9b:a2:79:ea:
                    9f:61:53:c1:e6:be:d5:6a:dd:b8:37:f4:72:b0:12:
                    8d:fe:f1:34:9e:f3:66:83:3f:ec:7d:86:1f:37:f2:
                    0a:88:b3:36:e4:f0:06:16:87:2b:e7:87:e2:71:1f:
                    47:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:B3:8F:7C:CA:39:EA:B5:C8:CE:9E:BF:76:3A:B0:4D:11:36:9B:76
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/5bOPfMo56rXIzp6_djqwTRE2m3Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7802:e200::/40

    Signature Algorithm: sha256WithRSAEncryption
         6c:88:39:db:98:30:94:d1:3d:15:81:57:52:ce:d0:e4:d9:b1:
         5b:1a:9e:ff:7f:da:4b:66:65:6a:10:92:62:87:32:ff:7e:70:
         ab:19:ed:c8:99:6c:24:b7:22:e3:60:df:54:1d:8f:52:7e:ea:
         c6:26:e9:1f:3d:fb:e4:f1:98:9f:9d:5c:e0:4e:34:72:12:3a:
         cb:5e:25:13:7e:33:21:ab:43:b8:da:3d:2c:54:04:6e:37:ab:
         c5:75:74:34:6c:f1:a7:d3:b4:78:eb:1b:0b:9c:7a:cf:8e:33:
         2e:5c:17:45:a5:ab:4e:a4:1b:16:51:07:f3:c3:5e:2f:92:1e:
         fd:f1:4d:35:dd:3c:e4:93:c0:fb:0d:6f:09:84:d6:cc:37:3a:
         2d:9f:a6:70:68:59:23:33:4b:7a:da:5c:bb:a6:42:73:5d:31:
         81:cd:05:fd:f6:af:92:1d:82:98:68:80:84:85:50:17:85:b6:
         bc:22:ba:bc:e2:43:07:6f:c7:4d:37:b1:26:cf:7e:9f:7e:52:
         02:0d:73:9e:ea:10:33:9d:19:13:66:75:a2:25:e7:44:fe:94:
         bb:51:60:70:53:16:0f:22:58:c2:ce:6c:32:fc:40:a8:66:fa:
         8b:1e:dd:fa:22:17:e6:4d:2b:51:33:a3:62:25:fa:88:b3:ec:
         24:89:85:5d
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZg6mzAm9E5MIHJ6ZfPBqKEZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjUwNzI0MDQwNTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWIzOGY3Y2NhMzllYWI1YzhjZTllYmY3NjNhYjA0ZDExMzY5Yjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvsWU6doGqAt9yJg7pDe6cBGB4pVd
Nf84RE2+CGUI4q7w6b1lstmCZyaSLlhY319g/n/p+L6NYiB5hZOpWpymF40b9qt8
Vus2hLYLEW8g20U2p7NBvlNhEUsAw1R6GYetuTajVaNDmuYqVsQ/eZsTX9gOzapD
vZl6KpvAB/CnScG7lI48JD3OIOnPuqsKtIxIVmLW//Kl4DB4u58rHz1NVlTRRRjz
Op0e4jm8xjvxI/69emufGXHCAVJacgzIv1t7Ny0ygbuuNI5c764/rpuieeqfYVPB
5r7Vat24N/RysBKN/vE0nvNmgz/sfYYfN/IKiLM25PAGFocr54ficR9HOQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFOWzj3zKOeq1yM6ev3Y6sE0RNpt2MB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvNWJPUGZNbzU2clhJenA2X2RqcXdUUkUybTNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg94AuIw
DQYJKoZIhvcNAQELBQADggEBAGyIOduYMJTRPRWBV1LO0OTZsVsanv9/2ktmZWoQ
kmKHMv9+cKsZ7ciZbCS3IuNg31Qdj1J+6sYm6R89++TxmJ+dXOBONHISOsteJRN+
MyGrQ7jaPSxUBG43q8V1dDRs8afTtHjrGwuces+OMy5cF0Wlq06kGxZRB/PDXi+S
Hv3xTTXdPOSTwPsNbwmE1sw3Oi2fpnBoWSMzS3raXLumQnNdMYHNBf32r5Idgpho
gISFUBeFtrwiurziQwdvx003sSbPfp9+UgINc57qEDOdGRNmdaIl50T+lLtRYHBT
Fg8iWMLObDL8QKhm+ose3foiF+ZNK1Ezo2Il+oiz7CSJhV0=
-----END CERTIFICATE-----