Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/CDi8vSg_fdYRotnSbMRPDSasq6c.roa
File:                     CDi8vSg_fdYRotnSbMRPDSasq6c.roa (raw, json)
Hash identifier:          7OEMcqwogdkJNcoA2dzyUv5/KIyWaJVisinKvEvTiik=
Subject key identifier:   08:38:BC:BD:28:3F:7D:D6:11:A2:D9:D2:6C:C4:4F:0D:26:AC:AB:A7
Certificate issuer:       /CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
Certificate serial:       0194244598725B252C0BE64D8B7DE45D27D7
Authority key identifier: C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/CDi8vSg_fdYRotnSbMRPDSasq6c.roa
Signing time:             Wed 01 Jan 2025 23:48:48 +0000
ROA not before:           Wed 01 Jan 2025 23:48:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214955
IP address blocks:        2a05:4140:64::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 02:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:98:72:5b:25:2c:0b:e6:4d:8b:7d:e4:5d:27:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
        Validity
            Not Before: Jan  1 23:48:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0838bcbd283f7dd611a2d9d26cc44f0d26acaba7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:a0:f1:e4:33:ee:31:86:72:ba:2c:ed:88:62:
                    20:aa:49:bd:3d:8a:bb:e9:da:a4:e0:95:f9:07:ea:
                    87:97:17:fa:6b:84:0f:f9:22:f2:90:23:79:9e:c5:
                    cb:28:d1:c9:0b:b4:eb:e7:21:64:8b:a0:ee:18:84:
                    49:76:a1:a1:b0:0e:37:28:41:19:79:c4:3f:34:a8:
                    86:17:24:33:07:9c:e5:3a:c9:6b:4c:15:28:6f:41:
                    23:5f:67:27:1b:2a:5e:2d:a0:11:79:73:6d:4c:25:
                    8d:0d:92:44:7d:37:8b:c6:94:95:fa:d9:4b:dd:da:
                    07:84:03:5e:84:0c:c7:c8:57:b1:1a:f6:04:f3:02:
                    01:84:d4:c3:28:ad:c2:a0:db:5c:8f:95:07:07:3d:
                    c8:86:2e:06:c1:92:9e:fa:f8:05:f4:74:c8:95:ed:
                    83:56:21:e5:0f:9b:cd:20:8a:d5:a1:a0:c0:8b:c3:
                    6f:92:65:bf:94:75:5c:14:83:1b:f5:be:2c:91:e5:
                    64:4b:4d:0b:c9:ff:07:5a:cb:a6:88:40:46:d2:f7:
                    8d:aa:40:c1:07:66:dd:32:b2:b0:68:1a:3d:ef:bc:
                    d5:5a:9c:67:cf:2c:3f:79:26:94:88:2e:83:e7:a2:
                    f8:e0:a7:6b:a9:40:99:91:98:2a:41:39:5a:94:6d:
                    0e:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:38:BC:BD:28:3F:7D:D6:11:A2:D9:D2:6C:C4:4F:0D:26:AC:AB:A7
            X509v3 Authority Key Identifier:
                keyid:C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/CDi8vSg_fdYRotnSbMRPDSasq6c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:4140:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         75:a3:15:70:ff:8a:59:61:b1:1c:5d:00:cd:3c:fa:b0:88:bc:
         d6:29:68:cd:60:aa:f2:f9:f2:ba:9a:0b:27:f1:63:65:6f:15:
         1a:01:29:e7:e3:f4:fd:52:41:48:14:07:dd:21:30:70:59:f7:
         39:9c:d0:af:b9:79:d1:5d:78:36:9c:c4:b7:4e:47:d8:04:0b:
         ea:4f:3a:03:a2:49:ee:7d:9e:b1:d2:e6:5d:83:a8:f5:c9:aa:
         c7:3b:47:47:87:fd:da:9c:91:ed:4e:1a:3b:91:a1:8b:27:3e:
         a6:59:3f:cf:00:6f:ef:e3:4f:28:c6:c4:36:be:19:da:68:94:
         d8:90:2e:51:63:ee:41:28:06:15:ed:e5:ba:d4:cf:b4:20:0f:
         dc:33:cb:d6:ce:ea:86:b9:fc:44:5a:3d:fe:d0:1e:2d:a3:1d:
         ed:c5:aa:35:e9:f6:11:4e:e0:1d:e6:d0:16:69:98:81:49:c1:
         cc:62:ae:e6:7d:b6:93:67:27:d4:99:fa:62:d1:72:c9:38:3d:
         26:e4:b1:bc:f0:e5:0c:5a:2f:6e:b5:52:ca:d4:c9:b8:3b:50:
         a3:ae:8f:ca:54:01:58:9b:73:bc:6f:07:96:34:94:32:04:3b:
         69:f7:11:07:26:b9:d8:98:0f:2e:6b:b5:0e:41:1e:48:e6:7f:
         67:be:98:7b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQkRZhyWyUsC+ZNi33kXSfXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NGM2MGFkZWIwY2Q1NzY4Y2Y3NTZmNTYyYjFiNWNjNWI5
YzE4MGEwHhcNMjUwMTAxMjM0ODQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODM4YmNiZDI4M2Y3ZGQ2MTFhMmQ5ZDI2Y2M0NGYwZDI2YWNhYmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6KDx5DPuMYZyuiztiGIgqkm9PYq7
6dqk4JX5B+qHlxf6a4QP+SLykCN5nsXLKNHJC7Tr5yFki6DuGIRJdqGhsA43KEEZ
ecQ/NKiGFyQzB5zlOslrTBUob0EjX2cnGypeLaAReXNtTCWNDZJEfTeLxpSV+tlL
3doHhANehAzHyFexGvYE8wIBhNTDKK3CoNtcj5UHBz3Ihi4GwZKe+vgF9HTIle2D
ViHlD5vNIIrVoaDAi8NvkmW/lHVcFIMb9b4skeVkS00Lyf8HWsumiEBG0veNqkDB
B2bdMrKwaBo977zVWpxnzyw/eSaUiC6D56L44KdrqUCZkZgqQTlalG0O3QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAg4vL0oP33WEaLZ0mzETw0mrKunMB8GA1UdIwQY
MBaAFMdMYK3rDNV2jPdW9WKxtcxbnBgKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMt
ODg1ZTg0ZTc1MTJlLzEvQ0RpOHZTZ19mZFlSb3RuU2JNUlBEU2FzcTZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMtODg1ZTg0ZTc1MTJl
LzEveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgVBQABk
MA0GCSqGSIb3DQEBCwUAA4IBAQB1oxVw/4pZYbEcXQDNPPqwiLzWKWjNYKry+fK6
mgsn8WNlbxUaASnn4/T9UkFIFAfdITBwWfc5nNCvuXnRXXg2nMS3TkfYBAvqTzoD
oknufZ6x0uZdg6j1yarHO0dHh/3anJHtTho7kaGLJz6mWT/PAG/v408oxsQ2vhna
aJTYkC5RY+5BKAYV7eW61M+0IA/cM8vWzuqGufxEWj3+0B4tox3txao16fYRTuAd
5tAWaZiBScHMYq7mfbaTZyfUmfpi0XLJOD0m5LG88OUMWi9utVLK1Mm4O1Cjro/K
VAFYm3O8bweWNJQyBDtp9xEHJrnYmA8ua7UOQR5I5n9nvph7
-----END CERTIFICATE-----