Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/Dbg-4DQ8S_5pPCDRn5r3gCws1UU.roa
File:                     Dbg-4DQ8S_5pPCDRn5r3gCws1UU.roa (raw, json)
Hash identifier:          aFYQmveefWf1K7OwylOxht0xEv7ZgGm01p5pzEkAOG8=
Subject key identifier:   0D:B8:3E:E0:34:3C:4B:FE:69:3C:20:D1:9F:9A:F7:80:2C:2C:D5:45
Certificate issuer:       /CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
Certificate serial:       0190116474C16B33192B84AD7CDB8D3876BB
Authority key identifier: C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/Dbg-4DQ8S_5pPCDRn5r3gCws1UU.roa
Signing time:             Thu 13 Jun 2024 11:38:34 +0000
ROA not before:           Thu 13 Jun 2024 11:38:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44908
IP address blocks:        2a05:4140:3f0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:11:64:74:c1:6b:33:19:2b:84:ad:7c:db:8d:38:76:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
        Validity
            Not Before: Jun 13 11:38:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0db83ee0343c4bfe693c20d19f9af7802c2cd545
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:8f:e3:52:9f:50:9e:19:a4:83:8b:c9:8b:f0:
                    33:23:17:d9:8b:ce:32:f9:06:e3:85:86:fb:76:e1:
                    f9:83:26:42:85:e8:85:f4:62:de:c9:48:30:e8:a6:
                    c7:5c:be:cf:60:c6:bb:5a:92:3d:80:31:47:67:5a:
                    56:e5:c3:a4:e4:10:63:bb:26:b5:b7:41:f2:ea:61:
                    d9:01:9c:6f:05:bd:c5:93:2a:dc:b0:52:47:14:55:
                    ac:d1:3f:b0:88:b9:c4:c3:3d:a7:92:63:95:23:f1:
                    37:09:c4:24:d1:29:7e:38:7a:4c:8f:fd:2d:a2:7c:
                    2f:37:5d:b4:28:0e:07:5a:df:ac:87:4e:87:2e:48:
                    c4:79:ce:37:88:d4:c5:a2:76:6d:07:2e:f6:37:32:
                    55:aa:c4:df:05:07:58:43:52:cd:a6:af:20:d8:c2:
                    e4:4b:1b:35:7f:81:a2:f7:61:22:4a:47:3c:2d:e3:
                    74:02:f0:13:e0:0b:f4:e5:30:b3:8d:3a:7c:94:1c:
                    1b:6a:ad:b3:df:de:76:d8:87:9f:e6:48:64:40:0f:
                    fe:c2:58:8b:d2:95:25:b1:ae:5b:95:5e:04:e8:7c:
                    08:80:69:03:82:aa:cc:a4:28:d6:ed:e8:a9:96:19:
                    96:91:42:19:63:b2:9a:ba:ff:72:c3:50:d4:d9:6c:
                    e2:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:B8:3E:E0:34:3C:4B:FE:69:3C:20:D1:9F:9A:F7:80:2C:2C:D5:45
            X509v3 Authority Key Identifier:
                keyid:C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/Dbg-4DQ8S_5pPCDRn5r3gCws1UU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:4140:3f0::/44

    Signature Algorithm: sha256WithRSAEncryption
         06:aa:c0:b0:c5:8a:aa:64:48:ec:28:c6:1e:11:c6:78:43:6e:
         59:b2:fe:5c:be:b7:d7:fb:0f:35:03:a5:09:ee:67:4b:b2:7e:
         9a:98:d8:80:40:e0:07:9a:aa:a9:b5:08:b1:2e:4e:c2:02:68:
         bb:13:45:21:88:7d:15:4a:b3:3d:cb:de:34:7d:85:bd:7d:bc:
         8e:ac:b4:25:c1:dd:92:47:27:a6:df:2d:69:d8:cc:80:e8:9d:
         5a:d0:f4:06:11:2d:1b:05:85:f3:14:d7:98:a3:13:ba:fb:81:
         99:fb:90:27:69:81:41:47:d3:37:72:1a:88:07:f4:59:fe:d3:
         b0:49:ae:91:cf:f4:cc:3e:6f:4d:b5:25:71:75:c0:6f:38:ae:
         d9:57:75:4e:93:ef:66:02:c2:35:55:2b:29:89:8a:f0:98:df:
         35:54:c7:72:e1:8d:8a:8b:24:e0:b6:e6:ab:f6:69:5f:c1:44:
         31:02:6e:df:53:ea:06:55:b5:44:80:58:df:2e:00:80:63:42:
         25:69:9f:99:c5:9d:e9:08:9b:4f:38:85:df:dd:4b:72:65:93:
         aa:cf:01:69:e9:ca:12:75:3e:d2:3b:fd:b1:bd:b9:a9:28:eb:
         3f:8c:ac:fb:63:17:f6:b9:5a:2f:df:58:6f:6b:37:f8:0c:51:
         dc:d7:bf:9b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZARZHTBazMZK4StfNuNOHa7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NGM2MGFkZWIwY2Q1NzY4Y2Y3NTZmNTYyYjFiNWNjNWI5
YzE4MGEwHhcNMjQwNjEzMTEzODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGI4M2VlMDM0M2M0YmZlNjkzYzIwZDE5ZjlhZjc4MDJjMmNkNTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzY/jUp9Qnhmkg4vJi/AzIxfZi84y
+QbjhYb7duH5gyZCheiF9GLeyUgw6KbHXL7PYMa7WpI9gDFHZ1pW5cOk5BBjuya1
t0Hy6mHZAZxvBb3FkyrcsFJHFFWs0T+wiLnEwz2nkmOVI/E3CcQk0Sl+OHpMj/0t
onwvN120KA4HWt+sh06HLkjEec43iNTFonZtBy72NzJVqsTfBQdYQ1LNpq8g2MLk
Sxs1f4Gi92EiSkc8LeN0AvAT4Av05TCzjTp8lBwbaq2z39522Ief5khkQA/+wliL
0pUlsa5blV4E6HwIgGkDgqrMpCjW7eiplhmWkUIZY7Kauv9yw1DU2Wzi8QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFA24PuA0PEv+aTwg0Z+a94AsLNVFMB8GA1UdIwQY
MBaAFMdMYK3rDNV2jPdW9WKxtcxbnBgKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMt
ODg1ZTg0ZTc1MTJlLzEvRGJnLTREUThTXzVwUENEUm41cjNnQ3dzMVVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMtODg1ZTg0ZTc1MTJl
LzEveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgVBQAPw
MA0GCSqGSIb3DQEBCwUAA4IBAQAGqsCwxYqqZEjsKMYeEcZ4Q25Zsv5cvrfX+w81
A6UJ7mdLsn6amNiAQOAHmqqptQixLk7CAmi7E0UhiH0VSrM9y940fYW9fbyOrLQl
wd2SRyem3y1p2MyA6J1a0PQGES0bBYXzFNeYoxO6+4GZ+5AnaYFBR9M3chqIB/RZ
/tOwSa6Rz/TMPm9NtSVxdcBvOK7ZV3VOk+9mAsI1VSspiYrwmN81VMdy4Y2KiyTg
tuar9mlfwUQxAm7fU+oGVbVEgFjfLgCAY0IlaZ+ZxZ3pCJtPOIXf3UtyZZOqzwFp
6coSdT7SO/2xvbmpKOs/jKz7Yxf2uVov31hvazf4DFHc17+b
-----END CERTIFICATE-----