Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/C048AJqZVZ9ZOlrQW8UwfuJTGF8.roa
File:                     C048AJqZVZ9ZOlrQW8UwfuJTGF8.roa (raw, json)
Hash identifier:          Shjy/4mSOLRlr6GLdLoPX8Cgf/KuciTn61NpaFVm+Wo=
Subject key identifier:   0B:4E:3C:00:9A:99:55:9F:59:3A:5A:D0:5B:C5:30:7E:E2:53:18:5F
Certificate issuer:       /CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
Certificate serial:       018CC3B67A37C13632C343E21BF8B6799F95
Authority key identifier: C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/C048AJqZVZ9ZOlrQW8UwfuJTGF8.roa
Signing time:             Mon 01 Jan 2024 06:29:25 +0000
ROA not before:           Mon 01 Jan 2024 06:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211772
IP address blocks:        2a05:4140:375::/48 maxlen: 48
                          2a05:4140:325::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 07:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:7a:37:c1:36:32:c3:43:e2:1b:f8:b6:79:9f:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
        Validity
            Not Before: Jan  1 06:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0b4e3c009a99559f593a5ad05bc5307ee253185f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:25:bd:a4:65:4f:7e:9d:2f:b9:af:d4:f7:99:
                    3a:cb:d1:5c:c1:aa:ee:ed:a5:9c:46:bf:75:43:67:
                    b0:e2:2a:4c:7d:0d:09:d1:e4:51:85:6c:05:17:63:
                    6f:e6:40:5a:b3:ac:84:a5:67:76:d8:66:a7:45:63:
                    11:26:40:27:8b:60:fc:5c:76:33:ff:b0:a7:d1:0c:
                    3b:cd:9e:50:22:51:48:7a:7d:c7:1d:41:8d:ac:83:
                    d7:e3:7c:ff:b3:ff:4c:d4:cb:b8:1f:96:ed:17:d9:
                    5c:71:0a:da:04:83:5c:9a:f1:fc:e3:df:d1:a8:df:
                    e9:27:45:ec:92:2f:52:8e:16:30:a9:43:bd:4d:d3:
                    9f:43:68:e1:c2:71:b6:e9:60:97:cc:a2:5f:b1:98:
                    cb:35:8a:19:b2:0f:05:be:2f:e9:71:16:31:26:db:
                    22:ed:fe:74:b1:03:3f:e5:48:a0:21:00:47:4f:18:
                    af:f3:51:c6:df:66:d3:9f:ac:7d:0d:e4:1e:0d:f6:
                    2e:e1:d3:28:b9:d6:41:a5:e3:fd:b8:e4:8f:5c:19:
                    52:23:90:ed:e0:dd:6c:a2:6a:61:4d:a4:8d:b7:30:
                    94:ef:4c:41:aa:e2:b0:a3:c5:dc:4d:76:cf:90:81:
                    ae:4e:0e:2a:56:31:1a:14:81:b3:0a:e0:37:39:21:
                    22:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:4E:3C:00:9A:99:55:9F:59:3A:5A:D0:5B:C5:30:7E:E2:53:18:5F
            X509v3 Authority Key Identifier:
                keyid:C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/C048AJqZVZ9ZOlrQW8UwfuJTGF8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:4140:325::/48
                  2a05:4140:375::/48

    Signature Algorithm: sha256WithRSAEncryption
         54:4b:fd:b4:6f:cb:37:e7:58:41:76:e3:55:c2:59:74:21:fd:
         54:aa:db:b6:41:27:8e:e9:1c:96:22:c5:9e:cc:d6:1e:f8:49:
         df:89:9a:64:2a:9f:58:07:52:d5:a5:e3:9a:8a:05:8f:0f:cc:
         b7:87:b2:55:e3:bb:82:65:37:72:97:00:97:92:08:b2:e7:95:
         4c:47:ee:24:e0:ff:71:3d:5b:59:b2:e3:13:fb:de:fa:6d:ed:
         e7:16:bc:32:04:8c:de:75:14:0a:cb:c6:31:0b:b3:b2:42:4c:
         59:41:e4:f7:0b:48:04:9b:64:14:e1:a2:c6:34:e3:60:c4:96:
         39:01:16:2e:a7:4b:19:48:67:9f:00:26:f4:6b:ab:2d:c5:b0:
         91:c3:d6:15:13:4f:06:b4:24:8e:28:17:64:17:f4:78:b0:d9:
         da:43:22:c8:0b:16:6c:e0:76:c8:53:ef:a2:d6:6f:f1:5d:d9:
         b1:51:24:3c:bc:68:1e:90:51:1b:8d:69:1d:c4:30:28:78:8e:
         8f:22:b8:af:d3:47:9c:45:10:e1:c7:df:47:0c:70:0f:8b:f2:
         24:7e:c5:55:0f:f2:9f:f4:72:63:86:f2:62:0c:25:34:69:c5:
         cc:e8:7a:6c:33:75:37:3f:13:b4:32:2f:c7:dc:c3:df:c6:f6:
         b5:33:f7:46
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzDtno3wTYyw0PiG/i2eZ+VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NGM2MGFkZWIwY2Q1NzY4Y2Y3NTZmNTYyYjFiNWNjNWI5
YzE4MGEwHhcNMjQwMTAxMDYyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjRlM2MwMDlhOTk1NTlmNTkzYTVhZDA1YmM1MzA3ZWUyNTMxODVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoiW9pGVPfp0vua/U95k6y9Fcwaru
7aWcRr91Q2ew4ipMfQ0J0eRRhWwFF2Nv5kBas6yEpWd22GanRWMRJkAni2D8XHYz
/7Cn0Qw7zZ5QIlFIen3HHUGNrIPX43z/s/9M1Mu4H5btF9lccQraBINcmvH849/R
qN/pJ0Xski9SjhYwqUO9TdOfQ2jhwnG26WCXzKJfsZjLNYoZsg8Fvi/pcRYxJtsi
7f50sQM/5UigIQBHTxiv81HG32bTn6x9DeQeDfYu4dMoudZBpeP9uOSPXBlSI5Dt
4N1somphTaSNtzCU70xBquKwo8XcTXbPkIGuTg4qVjEaFIGzCuA3OSEi+QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAtOPACamVWfWTpa0FvFMH7iUxhfMB8GA1UdIwQY
MBaAFMdMYK3rDNV2jPdW9WKxtcxbnBgKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMt
ODg1ZTg0ZTc1MTJlLzEvQzA0OEFKcVpWWjlaT2xyUVc4VXdmdUpUR0Y4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMtODg1ZTg0ZTc1MTJl
LzEveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgVBQAMl
AwcAKgVBQAN1MA0GCSqGSIb3DQEBCwUAA4IBAQBUS/20b8s351hBduNVwll0If1U
qtu2QSeO6RyWIsWezNYe+EnfiZpkKp9YB1LVpeOaigWPD8y3h7JV47uCZTdylwCX
kgiy55VMR+4k4P9xPVtZsuMT+976be3nFrwyBIzedRQKy8YxC7OyQkxZQeT3C0gE
m2QU4aLGNONgxJY5ARYup0sZSGefACb0a6stxbCRw9YVE08GtCSOKBdkF/R4sNna
QyLICxZs4HbIU++i1m/xXdmxUSQ8vGgekFEbjWkdxDAoeI6PIriv00ecRRDhx99H
DHAPi/IkfsVVD/Kf9HJjhvJiDCU0acXM6HpsM3U3PxO0Mi/H3MPfxva1M/dG
-----END CERTIFICATE-----