Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/HXBdsUuoKRRzsS6BlYEqrggj9QU.roa
File:                     HXBdsUuoKRRzsS6BlYEqrggj9QU.roa (raw, json)
Hash identifier:          +03peTSq14B1VFNk5+erzF8RDmS4OejS0QUNrZHgegw=
Subject key identifier:   1D:70:5D:B1:4B:A8:29:14:73:B1:2E:81:95:81:2A:AE:08:23:F5:05
Certificate issuer:       /CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
Certificate serial:       018F86B86D4F99EF02D81C3F89B00F4572D9
Authority key identifier: C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/HXBdsUuoKRRzsS6BlYEqrggj9QU.roa
Signing time:             Fri 17 May 2024 13:23:04 +0000
ROA not before:           Fri 17 May 2024 13:23:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214948
IP address blocks:        2a05:4140:66::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:86:b8:6d:4f:99:ef:02:d8:1c:3f:89:b0:0f:45:72:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
        Validity
            Not Before: May 17 13:23:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d705db14ba8291473b12e8195812aae0823f505
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:fe:2f:0b:70:16:ad:9b:c4:0b:9e:88:0a:8f:
                    4b:36:1b:83:2a:45:e7:47:b2:14:32:5d:1b:c6:9f:
                    18:b4:7d:12:3b:0b:d6:d5:55:c4:95:03:fd:f0:3a:
                    ef:03:29:7c:28:7c:61:bc:a3:8a:cb:0f:a8:af:91:
                    08:74:8c:8d:21:3b:6d:0c:4e:03:9c:15:67:fd:97:
                    08:10:b1:51:6c:72:c8:3f:cc:f6:46:d8:dc:ba:55:
                    87:51:8d:95:f7:93:cf:fe:aa:df:fc:8d:d4:12:09:
                    f6:b8:d6:6f:b2:e3:74:80:33:ff:79:07:0b:8c:dc:
                    b6:4a:5a:05:b3:f8:f9:85:89:9e:51:88:e0:fb:6e:
                    3d:3b:c1:27:53:87:33:12:f0:02:71:af:ba:3e:3c:
                    57:d7:3a:0b:4a:d0:0d:c3:a5:88:0b:2d:fd:42:64:
                    7c:c0:68:00:46:ea:5f:5d:04:0b:de:93:68:98:67:
                    83:67:a6:11:4b:41:b5:df:10:4a:e3:76:3b:d8:c5:
                    25:cc:70:6b:ef:7b:9a:f7:1e:68:b6:a4:b4:6b:92:
                    38:8c:48:12:fc:eb:ed:0d:8c:6f:c0:94:fe:ef:d7:
                    9d:63:93:a1:2c:cd:e4:bf:1e:83:04:80:9a:cd:07:
                    41:29:71:0f:66:ce:95:9c:d2:39:f6:47:b0:4c:fa:
                    d8:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:70:5D:B1:4B:A8:29:14:73:B1:2E:81:95:81:2A:AE:08:23:F5:05
            X509v3 Authority Key Identifier:
                keyid:C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/HXBdsUuoKRRzsS6BlYEqrggj9QU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:4140:66::/48

    Signature Algorithm: sha256WithRSAEncryption
         15:52:e7:b4:d1:ca:7a:18:65:e2:25:10:97:93:0d:a5:a9:9f:
         2f:de:44:90:22:56:4d:96:9a:26:32:1e:40:39:33:35:7f:85:
         ef:d5:3f:d4:33:8e:00:c6:5f:a1:04:d2:1e:80:13:89:03:10:
         57:7a:bc:ec:b9:20:69:c4:13:ea:ce:ca:14:29:60:f2:a3:9c:
         e8:d4:50:00:f2:40:47:f9:0c:e6:3c:82:7a:81:ff:da:1e:5b:
         6d:1a:80:0d:c8:95:b2:b0:60:52:47:b2:b3:87:64:54:6a:ce:
         3a:1a:d0:b3:64:aa:6f:60:ab:e4:1a:5c:b7:d4:cb:d4:7a:91:
         d1:9a:66:40:bc:2c:e0:31:f7:21:7d:7d:d6:74:b2:e4:80:f0:
         77:b6:c3:d1:9b:b1:52:75:c5:00:83:50:25:28:4a:d5:a2:8a:
         11:8e:86:47:d4:06:02:07:97:61:68:d9:4c:0d:5f:c7:66:ac:
         eb:40:af:22:8d:e2:37:ea:87:58:9b:f2:18:a7:20:79:f6:3f:
         85:84:c2:4c:a8:ab:aa:00:80:a8:0c:2c:19:fe:3e:d7:01:f9:
         fe:92:72:a1:34:45:e7:73:27:b2:f1:bb:c6:85:6e:52:fa:1b:
         50:fd:4f:54:1b:b3:4b:04:dc:61:1a:4f:98:3f:a4:31:db:63:
         f2:08:c0:7c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY+GuG1Pme8C2Bw/ibAPRXLZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NGM2MGFkZWIwY2Q1NzY4Y2Y3NTZmNTYyYjFiNWNjNWI5
YzE4MGEwHhcNMjQwNTE3MTMyMzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDcwNWRiMTRiYTgyOTE0NzNiMTJlODE5NTgxMmFhZTA4MjNmNTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApP4vC3AWrZvEC56ICo9LNhuDKkXn
R7IUMl0bxp8YtH0SOwvW1VXElQP98DrvAyl8KHxhvKOKyw+or5EIdIyNITttDE4D
nBVn/ZcIELFRbHLIP8z2RtjculWHUY2V95PP/qrf/I3UEgn2uNZvsuN0gDP/eQcL
jNy2SloFs/j5hYmeUYjg+249O8EnU4czEvACca+6PjxX1zoLStANw6WICy39QmR8
wGgARupfXQQL3pNomGeDZ6YRS0G13xBK43Y72MUlzHBr73ua9x5otqS0a5I4jEgS
/OvtDYxvwJT+79edY5OhLM3kvx6DBICazQdBKXEPZs6VnNI59kewTPrYFQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFB1wXbFLqCkUc7EugZWBKq4II/UFMB8GA1UdIwQY
MBaAFMdMYK3rDNV2jPdW9WKxtcxbnBgKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMt
ODg1ZTg0ZTc1MTJlLzEvSFhCZHNVdW9LUlJ6c1M2QmxZRXFyZ2dqOVFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMtODg1ZTg0ZTc1MTJl
LzEveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgVBQABm
MA0GCSqGSIb3DQEBCwUAA4IBAQAVUue00cp6GGXiJRCXkw2lqZ8v3kSQIlZNlpom
Mh5AOTM1f4Xv1T/UM44Axl+hBNIegBOJAxBXerzsuSBpxBPqzsoUKWDyo5zo1FAA
8kBH+QzmPIJ6gf/aHlttGoANyJWysGBSR7Kzh2RUas46GtCzZKpvYKvkGly31MvU
epHRmmZAvCzgMfchfX3WdLLkgPB3tsPRm7FSdcUAg1AlKErVoooRjoZH1AYCB5dh
aNlMDV/HZqzrQK8ijeI36odYm/IYpyB59j+FhMJMqKuqAICoDCwZ/j7XAfn+knKh
NEXncyey8bvGhW5S+htQ/U9UG7NLBNxhGk+YP6Qx22PyCMB8
-----END CERTIFICATE-----