Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/6sdQrR4TonhANcqWy0dng88bxRw.roa
File:                     6sdQrR4TonhANcqWy0dng88bxRw.roa (raw, json)
Hash identifier:          6rxCsEsz4Md9I1JG7iryWQWRGUnbYmBonB/UG/wjVaY=
Subject key identifier:   EA:C7:50:AD:1E:13:A2:78:40:35:CA:96:CB:47:67:83:CF:1B:C5:1C
Certificate issuer:       /CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
Certificate serial:       018F10E0F2CAC9A63FC4906690A4B5A51747
Authority key identifier: C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/6sdQrR4TonhANcqWy0dng88bxRw.roa
Signing time:             Wed 24 Apr 2024 16:12:08 +0000
ROA not before:           Wed 24 Apr 2024 16:12:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215146
IP address blocks:        2a05:4140:58::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:10:e0:f2:ca:c9:a6:3f:c4:90:66:90:a4:b5:a5:17:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
        Validity
            Not Before: Apr 24 16:12:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eac750ad1e13a2784035ca96cb476783cf1bc51c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:ec:ed:18:c3:03:e0:16:3e:20:e5:e4:03:b8:
                    bf:9a:18:6d:14:af:46:2a:f0:e2:b3:8e:5f:bd:09:
                    b0:01:6e:0f:2b:83:05:57:69:e0:46:b8:6f:61:9d:
                    b4:f1:5f:be:bd:cf:3c:c0:ae:98:46:ab:ea:b4:49:
                    cd:f4:b3:23:5e:52:63:74:b4:a7:d8:55:78:68:fb:
                    fc:4e:d8:cb:4d:8b:74:31:31:9d:12:24:99:fa:de:
                    0a:28:cf:b3:8e:74:fd:1c:06:44:f6:23:3a:01:e2:
                    0d:ee:fe:2f:cf:7c:64:9f:a3:1e:72:58:82:db:40:
                    27:1f:46:1f:86:d6:21:2c:1d:43:1e:8c:be:17:ae:
                    d0:a2:c1:f5:2b:83:95:c9:93:dd:74:27:18:97:ad:
                    23:68:f9:85:cc:c3:8a:74:0e:1f:e3:c3:a8:64:f5:
                    98:f7:d6:eb:56:ef:2c:43:69:49:f7:52:7b:fd:a5:
                    30:dc:46:42:d3:8a:57:b0:fb:db:fe:2f:73:37:ea:
                    86:c3:a3:48:f4:5c:5f:bf:79:0f:0a:f0:bd:d7:7f:
                    32:03:ab:2a:6a:16:3d:b2:49:24:62:c5:ed:47:63:
                    2d:c0:19:6e:7d:93:7f:74:66:8e:34:f4:39:c4:00:
                    22:24:86:7c:2d:ca:d2:b4:87:39:9b:57:69:aa:10:
                    37:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:C7:50:AD:1E:13:A2:78:40:35:CA:96:CB:47:67:83:CF:1B:C5:1C
            X509v3 Authority Key Identifier:
                keyid:C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/6sdQrR4TonhANcqWy0dng88bxRw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:4140:58::/48

    Signature Algorithm: sha256WithRSAEncryption
         2b:7f:5d:41:5a:3b:eb:cc:79:2e:c3:7b:80:15:00:87:f9:0a:
         1f:05:ef:88:a4:13:21:16:50:a0:a1:19:e3:d4:e6:87:b3:e3:
         81:9d:42:46:35:93:56:85:51:b6:2c:c6:3d:54:98:20:0f:23:
         b5:55:25:09:e9:0c:43:83:35:6d:ce:bf:73:a0:86:5b:d5:71:
         af:2e:5b:4b:04:44:fb:ef:1f:df:7a:37:8c:29:ca:85:b3:e6:
         30:e7:66:b8:30:e5:81:84:ff:ea:95:19:3e:c2:43:fc:ab:2c:
         0c:51:e0:fa:f4:48:7b:e5:23:e9:80:97:6f:b9:45:74:da:24:
         00:c9:e0:0d:65:22:20:f9:55:ab:ae:10:a6:72:42:14:d1:9e:
         e4:bf:9e:87:54:4e:13:d6:f0:22:9e:3c:0f:80:1a:1d:5c:89:
         3e:97:f3:1c:a4:c7:8d:6d:d2:8f:97:fd:f9:68:4e:37:8e:ca:
         1d:1d:9a:35:2c:90:4e:fd:ee:02:fe:92:66:44:be:90:22:78:
         8c:31:0d:22:16:fc:59:61:1f:42:bc:ec:bd:0a:d8:31:06:76:
         a6:08:4d:70:67:5d:52:02:ff:f2:26:47:ff:09:cf:99:c5:7d:
         5e:b8:dd:a0:b6:11:c4:e2:65:22:83:be:4d:ef:54:76:02:df:
         e7:ed:e5:8b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY8Q4PLKyaY/xJBmkKS1pRdHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NGM2MGFkZWIwY2Q1NzY4Y2Y3NTZmNTYyYjFiNWNjNWI5
YzE4MGEwHhcNMjQwNDI0MTYxMjA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWM3NTBhZDFlMTNhMjc4NDAzNWNhOTZjYjQ3Njc4M2NmMWJjNTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo+ztGMMD4BY+IOXkA7i/mhhtFK9G
KvDis45fvQmwAW4PK4MFV2ngRrhvYZ208V++vc88wK6YRqvqtEnN9LMjXlJjdLSn
2FV4aPv8TtjLTYt0MTGdEiSZ+t4KKM+zjnT9HAZE9iM6AeIN7v4vz3xkn6MecliC
20AnH0YfhtYhLB1DHoy+F67QosH1K4OVyZPddCcYl60jaPmFzMOKdA4f48OoZPWY
99brVu8sQ2lJ91J7/aUw3EZC04pXsPvb/i9zN+qGw6NI9Fxfv3kPCvC9138yA6sq
ahY9skkkYsXtR2MtwBlufZN/dGaONPQ5xAAiJIZ8LcrStIc5m1dpqhA3ywIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOrHUK0eE6J4QDXKlstHZ4PPG8UcMB8GA1UdIwQY
MBaAFMdMYK3rDNV2jPdW9WKxtcxbnBgKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMt
ODg1ZTg0ZTc1MTJlLzEvNnNkUXJSNFRvbmhBTmNxV3kwZG5nODhieFJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMtODg1ZTg0ZTc1MTJl
LzEveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgVBQABY
MA0GCSqGSIb3DQEBCwUAA4IBAQArf11BWjvrzHkuw3uAFQCH+QofBe+IpBMhFlCg
oRnj1OaHs+OBnUJGNZNWhVG2LMY9VJggDyO1VSUJ6QxDgzVtzr9zoIZb1XGvLltL
BET77x/fejeMKcqFs+Yw52a4MOWBhP/qlRk+wkP8qywMUeD69Eh75SPpgJdvuUV0
2iQAyeANZSIg+VWrrhCmckIU0Z7kv56HVE4T1vAinjwPgBodXIk+l/McpMeNbdKP
l/35aE43jsodHZo1LJBO/e4C/pJmRL6QIniMMQ0iFvxZYR9CvOy9CtgxBnamCE1w
Z11SAv/yJkf/Cc+ZxX1euN2gthHE4mUig75N71R2At/n7eWL
-----END CERTIFICATE-----