Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/MvwrdGGrm_TBTyOOfZJTIiIeWXw.roa
File:                     MvwrdGGrm_TBTyOOfZJTIiIeWXw.roa (raw, json)
Hash identifier:          Czfwbes361OZe+qWA/o1I6nT8cW6PcS0wLg8sWUe8LY=
Subject key identifier:   32:FC:2B:74:61:AB:9B:F4:C1:4F:23:8E:7D:92:53:22:22:1E:59:7C
Certificate issuer:       /CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
Certificate serial:       019424459C95155DD0117F5DB51EB347B008
Authority key identifier: C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/MvwrdGGrm_TBTyOOfZJTIiIeWXw.roa
Signing time:             Wed 01 Jan 2025 23:48:49 +0000
ROA not before:           Wed 01 Jan 2025 23:48:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216409
IP address blocks:        2a05:4140:61::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 21:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:9c:95:15:5d:d0:11:7f:5d:b5:1e:b3:47:b0:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
        Validity
            Not Before: Jan  1 23:48:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=32fc2b7461ab9bf4c14f238e7d925322221e597c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:dc:4b:91:19:90:d6:36:a6:22:e0:a4:64:c9:
                    97:e3:39:f5:08:62:13:73:f4:c3:d8:85:73:54:18:
                    86:f2:90:9a:08:cd:1a:e8:2c:fc:b9:f3:c0:20:a4:
                    d4:48:f5:15:22:f9:a6:bc:de:d0:0e:55:b0:06:39:
                    0b:7c:7c:36:95:d5:77:c4:32:10:5b:ff:5a:b9:14:
                    d7:ab:a4:5a:93:f5:97:10:a0:4a:cc:c1:f1:0e:27:
                    40:95:5e:a9:f1:ac:67:87:ba:2f:3b:09:91:3d:ee:
                    f6:9b:f5:1b:c7:09:06:5b:0a:71:6c:12:40:e5:c4:
                    7b:18:2f:01:eb:64:42:60:b8:29:8d:e2:6a:4e:d7:
                    09:1f:15:4e:7f:4f:71:d7:63:78:69:61:6e:68:cb:
                    7e:85:c1:18:53:98:c6:23:37:94:df:97:41:fa:5a:
                    f0:e2:38:63:b0:29:e9:c1:02:0f:33:26:e8:9f:36:
                    5b:e7:01:c4:92:dd:44:a1:fd:d1:54:47:2e:8a:58:
                    10:17:b3:94:71:ed:4b:fa:96:05:33:13:88:34:b7:
                    fc:7e:3d:1d:b2:7c:c3:3c:ea:55:1c:04:64:18:f9:
                    d3:25:8a:a8:28:dc:51:a5:f2:92:72:cb:46:66:dd:
                    b5:29:64:8f:ae:0c:fa:48:7c:39:59:e6:9b:44:0f:
                    18:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:FC:2B:74:61:AB:9B:F4:C1:4F:23:8E:7D:92:53:22:22:1E:59:7C
            X509v3 Authority Key Identifier:
                keyid:C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/MvwrdGGrm_TBTyOOfZJTIiIeWXw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:4140:61::/48

    Signature Algorithm: sha256WithRSAEncryption
         0f:47:e6:ca:84:e9:ba:33:6e:4b:22:d1:b5:33:5a:d0:0d:10:
         8a:2b:b1:a7:5a:a1:3e:c0:e8:32:dd:21:3c:ec:ae:c0:bd:37:
         42:06:1e:6c:91:78:6c:31:b9:73:e0:89:ad:1b:58:a2:d3:02:
         e2:4d:79:05:be:32:a2:16:b6:3b:9d:41:ee:37:19:86:05:64:
         da:f4:38:d9:3c:9d:5b:26:61:1d:91:c3:1c:46:10:87:4e:d5:
         8f:8d:b2:14:cf:6f:ff:82:d3:0f:4e:8a:07:cb:ac:3e:cf:18:
         4a:59:85:02:68:a1:c9:d6:6c:d7:d5:7c:43:f1:5a:f9:1b:1d:
         2a:ee:40:45:e3:e5:03:0e:d9:e4:c8:2a:1b:60:c3:ab:4f:2e:
         0b:fb:ca:b5:15:7d:27:c1:41:95:40:7b:87:40:3c:ea:fe:1c:
         68:43:5c:29:8c:64:8b:60:fd:a9:16:73:6f:b4:d2:89:8c:f0:
         2c:e1:09:85:15:3a:65:84:76:d8:7e:66:62:5b:77:36:2a:f4:
         fc:12:90:42:20:fe:3c:f9:7b:2b:8e:f5:20:98:e0:39:5c:d3:
         b0:fe:fb:51:05:2b:4d:9c:d1:56:21:70:a8:c6:26:c7:c1:11:
         4a:dd:65:56:0e:7b:cc:13:74:39:30:61:fa:c7:87:2f:db:46:
         f0:fc:fe:66
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQkRZyVFV3QEX9dtR6zR7AIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NGM2MGFkZWIwY2Q1NzY4Y2Y3NTZmNTYyYjFiNWNjNWI5
YzE4MGEwHhcNMjUwMTAxMjM0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmZjMmI3NDYxYWI5YmY0YzE0ZjIzOGU3ZDkyNTMyMjIyMWU1OTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmtxLkRmQ1jamIuCkZMmX4zn1CGIT
c/TD2IVzVBiG8pCaCM0a6Cz8ufPAIKTUSPUVIvmmvN7QDlWwBjkLfHw2ldV3xDIQ
W/9auRTXq6Rak/WXEKBKzMHxDidAlV6p8axnh7ovOwmRPe72m/UbxwkGWwpxbBJA
5cR7GC8B62RCYLgpjeJqTtcJHxVOf09x12N4aWFuaMt+hcEYU5jGIzeU35dB+lrw
4jhjsCnpwQIPMybonzZb5wHEkt1Eof3RVEcuilgQF7OUce1L+pYFMxOINLf8fj0d
snzDPOpVHARkGPnTJYqoKNxRpfKScstGZt21KWSPrgz6SHw5WeabRA8YwQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDL8K3Rhq5v0wU8jjn2SUyIiHll8MB8GA1UdIwQY
MBaAFMdMYK3rDNV2jPdW9WKxtcxbnBgKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMt
ODg1ZTg0ZTc1MTJlLzEvTXZ3cmRHR3JtX1RCVHlPT2ZaSlRJaUllV1h3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMtODg1ZTg0ZTc1MTJl
LzEveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgVBQABh
MA0GCSqGSIb3DQEBCwUAA4IBAQAPR+bKhOm6M25LItG1M1rQDRCKK7GnWqE+wOgy
3SE87K7AvTdCBh5skXhsMblz4ImtG1ii0wLiTXkFvjKiFrY7nUHuNxmGBWTa9DjZ
PJ1bJmEdkcMcRhCHTtWPjbIUz2//gtMPTooHy6w+zxhKWYUCaKHJ1mzX1XxD8Vr5
Gx0q7kBF4+UDDtnkyCobYMOrTy4L+8q1FX0nwUGVQHuHQDzq/hxoQ1wpjGSLYP2p
FnNvtNKJjPAs4QmFFTplhHbYfmZiW3c2KvT8EpBCIP48+XsrjvUgmOA5XNOw/vtR
BStNnNFWIXCoxibHwRFK3WVWDnvME3Q5MGH6x4cv20bw/P5m
-----END CERTIFICATE-----