Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/5JfSXt_BAmHEjAHsPvpQLUR1yUQ.roa
File:                     5JfSXt_BAmHEjAHsPvpQLUR1yUQ.roa (raw, json)
Hash identifier:          gj2//N5GYjpXJwxpiYQDI2iiWJkgjB4KC73N8lCA7es=
Subject key identifier:   E4:97:D2:5E:DF:C1:02:61:C4:8C:01:EC:3E:FA:50:2D:44:75:C9:44
Certificate issuer:       /CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
Certificate serial:       018CE5578893CB954F47B81788A50F443D0B
Authority key identifier: C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/5JfSXt_BAmHEjAHsPvpQLUR1yUQ.roa
Signing time:             Sun 07 Jan 2024 19:12:48 +0000
ROA not before:           Sun 07 Jan 2024 19:12:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216072
IP address blocks:        2a05:4140:38::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:e5:57:88:93:cb:95:4f:47:b8:17:88:a5:0f:44:3d:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
        Validity
            Not Before: Jan  7 19:12:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e497d25edfc10261c48c01ec3efa502d4475c944
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:87:75:55:a3:14:67:ff:e8:91:25:2f:35:5a:
                    a9:88:cd:f9:8b:a7:43:fe:59:4d:ce:38:e8:39:03:
                    19:5d:bb:e1:ea:a5:7c:be:54:63:8b:0b:55:f6:94:
                    6b:9e:7d:53:c0:17:e8:87:5d:09:aa:0c:c0:a5:5b:
                    fe:c0:d6:3d:bd:d3:d5:9d:ed:74:1b:9f:7d:f1:5d:
                    5a:27:d4:7a:34:b5:13:04:bb:1e:c4:92:f1:66:cf:
                    ad:bb:48:2f:72:3e:79:f1:b0:65:8b:a4:bd:79:f1:
                    a0:3e:eb:09:6c:30:2f:67:88:7a:bd:91:5b:af:f3:
                    0c:10:23:a2:d5:8e:fa:8f:9c:b9:a2:fe:db:f2:7e:
                    26:21:d9:71:43:4d:39:01:98:b8:a3:80:8a:39:f2:
                    68:86:fa:5e:13:49:1b:4b:ea:e2:22:63:f9:1e:97:
                    8c:b1:2e:f7:93:cd:83:6b:11:11:54:ac:85:1f:e8:
                    69:8e:b1:cd:b3:45:49:33:0e:6d:1f:dc:2a:5f:96:
                    e7:f2:bb:93:00:7b:66:b8:06:79:ec:15:de:d2:af:
                    7d:fd:f8:22:78:3e:58:8b:f0:b9:de:5a:32:6b:da:
                    bb:db:d1:8a:f4:e0:06:53:4a:0d:d6:4e:8e:75:53:
                    a8:d1:11:4f:4f:7b:e2:ec:5e:95:5c:95:16:20:9f:
                    31:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:97:D2:5E:DF:C1:02:61:C4:8C:01:EC:3E:FA:50:2D:44:75:C9:44
            X509v3 Authority Key Identifier:
                keyid:C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/5JfSXt_BAmHEjAHsPvpQLUR1yUQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:4140:38::/48

    Signature Algorithm: sha256WithRSAEncryption
         93:0a:55:7d:31:ae:ad:31:9c:5a:a7:e6:10:10:95:46:7a:00:
         a0:dc:f9:6e:29:aa:5d:6a:46:bb:26:aa:32:54:1a:93:12:fb:
         b1:28:c2:1f:00:2b:dc:c7:7c:64:47:44:d6:6a:98:58:05:56:
         af:e1:17:41:ba:4c:31:e6:3c:71:f3:ee:33:a7:2c:6a:96:89:
         83:9a:f9:5a:20:6b:07:a2:ea:50:21:84:6e:e0:d7:29:f1:e9:
         1a:b1:48:4f:30:43:8c:e5:33:86:e0:a8:77:4a:4e:b1:c4:74:
         c8:75:d0:9c:ef:ef:6f:5e:26:5d:70:51:04:e8:ae:3d:61:95:
         cb:a1:81:ab:58:1a:db:68:c1:0d:01:0f:e8:6a:9e:00:53:2b:
         10:49:3e:44:06:34:f0:24:1a:66:59:45:96:72:7c:2e:62:c4:
         93:1e:e9:ea:06:12:07:ad:22:1f:7b:d8:67:1d:24:d9:db:ab:
         01:c0:1f:5f:60:26:9a:09:94:ef:fe:70:8d:64:02:7b:da:a4:
         d9:98:02:c6:ae:74:0d:a3:18:9d:d4:e7:d6:cd:ce:1b:8f:5c:
         23:29:c4:c7:85:2d:b2:6f:71:c3:3b:7b:d5:ed:d9:9f:6d:5d:
         0d:9c:f4:d2:70:4a:0f:8a:48:71:02:7a:4d:0e:dc:47:0c:51:
         77:51:c5:13
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzlV4iTy5VPR7gXiKUPRD0LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NGM2MGFkZWIwY2Q1NzY4Y2Y3NTZmNTYyYjFiNWNjNWI5
YzE4MGEwHhcNMjQwMTA3MTkxMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDk3ZDI1ZWRmYzEwMjYxYzQ4YzAxZWMzZWZhNTAyZDQ0NzVjOTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmod1VaMUZ//okSUvNVqpiM35i6dD
/llNzjjoOQMZXbvh6qV8vlRjiwtV9pRrnn1TwBfoh10JqgzApVv+wNY9vdPVne10
G5998V1aJ9R6NLUTBLsexJLxZs+tu0gvcj558bBli6S9efGgPusJbDAvZ4h6vZFb
r/MMECOi1Y76j5y5ov7b8n4mIdlxQ005AZi4o4CKOfJohvpeE0kbS+riImP5HpeM
sS73k82DaxERVKyFH+hpjrHNs0VJMw5tH9wqX5bn8ruTAHtmuAZ57BXe0q99/fgi
eD5Yi/C53loya9q729GK9OAGU0oN1k6OdVOo0RFPT3vi7F6VXJUWIJ8xxwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOSX0l7fwQJhxIwB7D76UC1EdclEMB8GA1UdIwQY
MBaAFMdMYK3rDNV2jPdW9WKxtcxbnBgKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMt
ODg1ZTg0ZTc1MTJlLzEvNUpmU1h0X0JBbUhFakFIc1B2cFFMVVIxeVVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMtODg1ZTg0ZTc1MTJl
LzEveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgVBQAA4
MA0GCSqGSIb3DQEBCwUAA4IBAQCTClV9Ma6tMZxap+YQEJVGegCg3PluKapdaka7
JqoyVBqTEvuxKMIfACvcx3xkR0TWaphYBVav4RdBukwx5jxx8+4zpyxqlomDmvla
IGsHoupQIYRu4Ncp8ekasUhPMEOM5TOG4Kh3Sk6xxHTIddCc7+9vXiZdcFEE6K49
YZXLoYGrWBrbaMENAQ/oap4AUysQST5EBjTwJBpmWUWWcnwuYsSTHunqBhIHrSIf
e9hnHSTZ26sBwB9fYCaaCZTv/nCNZAJ72qTZmALGrnQNoxid1OfWzc4bj1wjKcTH
hS2yb3HDO3vV7dmfbV0NnPTScEoPikhxAnpNDtxHDFF3UcUT
-----END CERTIFICATE-----