Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/Ld4yADymVVsInSnqFvq3ZrFU9fI.roa
File:                     Ld4yADymVVsInSnqFvq3ZrFU9fI.roa (raw, json)
Hash identifier:          Awu3rDldjtPWGG9BiN6RIWAazGOHmFuHxK47K2t5fos=
Subject key identifier:   2D:DE:32:00:3C:A6:55:5B:08:9D:29:EA:16:FA:B7:66:B1:54:F5:F2
Certificate issuer:       /CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
Certificate serial:       018CC3B673BEE2BF275AF33D37EE82682207
Authority key identifier: C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/Ld4yADymVVsInSnqFvq3ZrFU9fI.roa
Signing time:             Mon 01 Jan 2024 06:29:23 +0000
ROA not before:           Mon 01 Jan 2024 06:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14315
IP address blocks:        2a05:4140:600::/40 maxlen: 48
                          2a05:4140:19::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:73:be:e2:bf:27:5a:f3:3d:37:ee:82:68:22:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
        Validity
            Not Before: Jan  1 06:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2dde32003ca6555b089d29ea16fab766b154f5f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:d4:60:5f:8c:cf:2b:42:83:52:87:15:59:2d:
                    f5:09:3b:a3:8b:3d:51:52:ed:b3:78:e1:20:18:f7:
                    09:f2:0e:de:a8:f8:d7:a9:ff:ff:f1:51:2a:b3:95:
                    7b:73:22:6c:ad:f9:94:35:9b:0e:85:b7:34:ec:ce:
                    df:b5:86:87:c5:6b:40:d1:d3:12:d6:8d:1e:96:98:
                    05:6d:58:6e:6d:e3:cb:7d:f5:e8:8e:87:21:af:aa:
                    75:4e:09:a6:e5:c8:9a:57:a6:8a:cb:ca:a7:79:93:
                    60:28:1e:74:6e:ac:cb:66:1e:ec:14:54:2e:51:fd:
                    a6:87:8f:39:d0:e2:6b:4b:80:9e:27:97:b4:6c:8f:
                    06:4b:e6:36:e8:cb:07:0b:f3:af:ff:aa:70:0f:42:
                    6b:ad:2a:5c:6f:e8:8a:cc:f7:64:d9:f0:1a:5b:95:
                    cc:ae:54:4d:fd:3f:0f:c8:90:18:b0:d7:2a:11:e1:
                    95:93:13:20:61:7c:1a:89:54:9a:e8:b7:0b:1a:3b:
                    31:68:c0:ed:1e:e2:42:35:a9:88:bc:f7:43:43:7b:
                    b5:90:fb:08:d3:16:b0:cb:be:c1:27:ca:dd:70:22:
                    aa:1b:06:5c:e3:cd:87:20:d8:b3:36:79:f3:df:12:
                    07:89:ab:00:f2:d1:28:77:5c:0c:c9:4e:58:d3:2a:
                    18:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:DE:32:00:3C:A6:55:5B:08:9D:29:EA:16:FA:B7:66:B1:54:F5:F2
            X509v3 Authority Key Identifier:
                keyid:C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/Ld4yADymVVsInSnqFvq3ZrFU9fI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:4140:19::/48
                  2a05:4140:600::/40

    Signature Algorithm: sha256WithRSAEncryption
         54:af:59:9a:c1:c5:76:df:84:e6:fb:a0:31:e7:2e:4b:53:bc:
         8c:22:23:2c:8b:f1:02:e6:d0:49:78:76:cf:30:d9:38:d8:6e:
         ca:a3:0d:6e:3c:38:97:e3:3c:90:f6:02:5b:6d:b0:76:03:93:
         e6:1c:0a:64:e6:7c:e6:d8:16:26:c9:15:49:d4:0d:e2:71:82:
         0f:30:d8:d2:8d:65:9b:82:ea:b6:e2:fa:de:65:59:02:45:cd:
         dd:f5:63:3f:0d:3a:33:e6:ef:6a:bc:8e:aa:75:70:39:18:a3:
         c7:73:21:22:ae:06:20:b8:d7:8e:cb:c4:40:48:b8:e6:05:1c:
         42:d2:51:d8:a8:1f:5e:d3:7e:29:51:9b:b3:cc:1c:85:42:c2:
         b9:24:ce:e8:2b:46:42:e5:f6:6b:00:07:27:97:4e:7a:9e:73:
         5f:b4:8b:2c:2d:fa:e3:86:9d:e2:f4:6b:fa:93:72:9c:4c:6e:
         cf:cc:db:5e:28:7c:a2:fa:fc:c9:26:ae:a3:0f:30:45:0a:7b:
         bb:29:42:f4:5e:73:ce:55:8d:4b:4b:d4:91:8d:95:29:8c:c7:
         55:24:c0:c3:53:a5:8b:bb:42:0f:ad:f4:c5:b8:3c:c9:47:0e:
         e1:3f:73:a2:cf:78:8b:a3:39:fd:bc:94:6f:bf:5d:11:ed:5e:
         f9:ee:0d:17
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAYzDtnO+4r8nWvM9N+6CaCIHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NGM2MGFkZWIwY2Q1NzY4Y2Y3NTZmNTYyYjFiNWNjNWI5
YzE4MGEwHhcNMjQwMTAxMDYyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGRlMzIwMDNjYTY1NTViMDg5ZDI5ZWExNmZhYjc2NmIxNTRmNWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj9RgX4zPK0KDUocVWS31CTujiz1R
Uu2zeOEgGPcJ8g7eqPjXqf//8VEqs5V7cyJsrfmUNZsOhbc07M7ftYaHxWtA0dMS
1o0elpgFbVhubePLffXojochr6p1Tgmm5ciaV6aKy8qneZNgKB50bqzLZh7sFFQu
Uf2mh4850OJrS4CeJ5e0bI8GS+Y26MsHC/Ov/6pwD0JrrSpcb+iKzPdk2fAaW5XM
rlRN/T8PyJAYsNcqEeGVkxMgYXwaiVSa6LcLGjsxaMDtHuJCNamIvPdDQ3u1kPsI
0xawy77BJ8rdcCKqGwZc482HINizNnnz3xIHiasA8tEod1wMyU5Y0yoYoQIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFC3eMgA8plVbCJ0p6hb6t2axVPXyMB8GA1UdIwQY
MBaAFMdMYK3rDNV2jPdW9WKxtcxbnBgKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMt
ODg1ZTg0ZTc1MTJlLzEvTGQ0eUFEeW1WVnNJblNucUZ2cTNackZVOWZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMtODg1ZTg0ZTc1MTJl
LzEveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwcAKgVBQAAZ
AwYAKgVBQAYwDQYJKoZIhvcNAQELBQADggEBAFSvWZrBxXbfhOb7oDHnLktTvIwi
IyyL8QLm0El4ds8w2TjYbsqjDW48OJfjPJD2AlttsHYDk+YcCmTmfObYFibJFUnU
DeJxgg8w2NKNZZuC6rbi+t5lWQJFzd31Yz8NOjPm72q8jqp1cDkYo8dzISKuBiC4
147LxEBIuOYFHELSUdioH17TfilRm7PMHIVCwrkkzugrRkLl9msAByeXTnqec1+0
iywt+uOGneL0a/qTcpxMbs/M214ofKL6/MkmrqMPMEUKe7spQvRec85VjUtL1JGN
lSmMx1UkwMNTpYu7Qg+t9MW4PMlHDuE/c6LPeIujOf28lG+/XRHtXvnuDRc=
-----END CERTIFICATE-----