Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/SC8DI0mKcmygQ-O4OwQ5w6_t_1A.roa
File:                     SC8DI0mKcmygQ-O4OwQ5w6_t_1A.roa (raw, json)
Hash identifier:          2g9jv/pkUd+44wd2mxd8a5Lu+7xTzvASG66KMQzNC0g=
Subject key identifier:   48:2F:03:23:49:8A:72:6C:A0:43:E3:B8:3B:04:39:C3:AF:ED:FF:50
Certificate issuer:       /CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
Certificate serial:       018EE755874F1C4D0C12DA9794D91A174366
Authority key identifier: C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/SC8DI0mKcmygQ-O4OwQ5w6_t_1A.roa
Signing time:             Tue 16 Apr 2024 14:35:25 +0000
ROA not before:           Tue 16 Apr 2024 14:35:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216409
IP address blocks:        2a05:4140:61::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e7:55:87:4f:1c:4d:0c:12:da:97:94:d9:1a:17:43:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
        Validity
            Not Before: Apr 16 14:35:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=482f0323498a726ca043e3b83b0439c3afedff50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:5e:ab:1f:fe:8a:6c:84:bc:9f:91:f2:c1:f9:
                    4c:98:2b:be:10:b5:02:04:6e:7b:27:88:0b:c5:95:
                    a4:ee:56:ed:8f:86:c0:25:27:84:b1:dd:a9:0f:af:
                    fb:22:8a:ec:49:63:2e:a4:a0:15:53:fb:5b:6f:2d:
                    25:dc:a8:9a:6d:eb:d0:4f:f1:dc:69:9d:bb:d7:6c:
                    74:25:f3:d1:27:35:1b:0c:fb:cd:81:af:0b:31:9c:
                    b2:bf:99:45:d1:99:cd:58:8c:b6:b2:c4:88:e9:ce:
                    7f:95:2a:0c:ee:97:71:0c:b3:a3:6a:e3:81:fc:38:
                    83:6c:12:d7:c2:97:ef:88:b6:33:b6:df:e7:8b:12:
                    0f:31:5e:da:1e:31:f0:ca:1d:a2:1a:3a:42:3b:33:
                    61:60:67:c6:8b:21:87:9e:78:b4:39:55:24:37:f4:
                    f4:ce:5f:6c:67:99:20:ac:7a:67:6e:20:77:a0:2b:
                    50:de:c7:dd:12:c4:29:d5:66:ab:fc:dc:81:43:ac:
                    52:38:46:27:e4:29:0a:b8:d7:6d:02:a7:79:de:16:
                    e5:41:6b:9c:bf:97:73:60:27:aa:8d:5b:0c:a6:00:
                    00:3e:73:22:84:57:71:1d:cb:f3:7a:0f:4b:68:12:
                    4a:2f:59:a3:1f:d7:06:3c:5e:ac:fd:85:6e:e1:8c:
                    dc:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:2F:03:23:49:8A:72:6C:A0:43:E3:B8:3B:04:39:C3:AF:ED:FF:50
            X509v3 Authority Key Identifier:
                keyid:C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/SC8DI0mKcmygQ-O4OwQ5w6_t_1A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:4140:61::/48

    Signature Algorithm: sha256WithRSAEncryption
         35:c2:5a:d3:38:9c:e2:dc:43:c2:b5:11:a9:20:4a:1d:20:04:
         56:85:c4:77:28:c3:ef:9e:1a:12:87:6b:0f:7a:fb:6a:dd:4d:
         52:20:9c:cb:71:97:2d:f4:2c:f4:bc:30:4c:e1:17:76:bd:dd:
         b6:c4:93:23:e4:37:1a:7d:ce:71:65:91:d7:a6:ba:b0:f3:20:
         2b:71:cc:85:96:a5:92:27:e8:c7:05:2f:b4:51:0a:2b:0e:7b:
         7c:f5:55:66:20:c8:4c:24:b8:26:5e:52:8d:6b:01:1e:5f:e7:
         55:ea:2a:df:bb:77:4c:a0:4d:77:d9:df:40:95:ee:a6:82:fa:
         d8:69:55:b9:b5:c0:63:59:58:83:53:35:1f:25:e4:08:5e:04:
         61:14:a5:af:5d:7e:00:0e:c9:e4:ae:93:7a:a5:23:db:d1:cd:
         ec:73:68:6a:60:c1:35:4c:f5:4e:8f:82:d8:b9:8d:a6:9f:1e:
         62:aa:72:22:d3:c3:aa:1c:b9:d8:97:a4:d1:27:b5:46:57:46:
         16:2a:3f:e2:dc:bb:7a:56:0e:8d:ca:95:9b:76:c2:d2:ca:e3:
         09:4d:4e:a8:bd:28:3c:44:2b:15:f6:e0:86:fd:96:0a:3b:80:
         6d:3e:b4:e4:ec:46:11:51:a0:89:90:43:ce:c7:64:07:79:db:
         68:65:1d:9b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY7nVYdPHE0MEtqXlNkaF0NmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NGM2MGFkZWIwY2Q1NzY4Y2Y3NTZmNTYyYjFiNWNjNWI5
YzE4MGEwHhcNMjQwNDE2MTQzNTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODJmMDMyMzQ5OGE3MjZjYTA0M2UzYjgzYjA0MzljM2FmZWRmZjUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk16rH/6KbIS8n5HywflMmCu+ELUC
BG57J4gLxZWk7lbtj4bAJSeEsd2pD6/7IorsSWMupKAVU/tbby0l3KiabevQT/Hc
aZ2712x0JfPRJzUbDPvNga8LMZyyv5lF0ZnNWIy2ssSI6c5/lSoM7pdxDLOjauOB
/DiDbBLXwpfviLYztt/nixIPMV7aHjHwyh2iGjpCOzNhYGfGiyGHnni0OVUkN/T0
zl9sZ5kgrHpnbiB3oCtQ3sfdEsQp1War/NyBQ6xSOEYn5CkKuNdtAqd53hblQWuc
v5dzYCeqjVsMpgAAPnMihFdxHcvzeg9LaBJKL1mjH9cGPF6s/YVu4YzcQQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEgvAyNJinJsoEPjuDsEOcOv7f9QMB8GA1UdIwQY
MBaAFMdMYK3rDNV2jPdW9WKxtcxbnBgKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMt
ODg1ZTg0ZTc1MTJlLzEvU0M4REkwbUtjbXlnUS1PNE93UTV3Nl90XzFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMtODg1ZTg0ZTc1MTJl
LzEveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgVBQABh
MA0GCSqGSIb3DQEBCwUAA4IBAQA1wlrTOJzi3EPCtRGpIEodIARWhcR3KMPvnhoS
h2sPevtq3U1SIJzLcZct9Cz0vDBM4Rd2vd22xJMj5Dcafc5xZZHXprqw8yArccyF
lqWSJ+jHBS+0UQorDnt89VVmIMhMJLgmXlKNawEeX+dV6irfu3dMoE132d9Ale6m
gvrYaVW5tcBjWViDUzUfJeQIXgRhFKWvXX4ADsnkrpN6pSPb0c3sc2hqYME1TPVO
j4LYuY2mnx5iqnIi08OqHLnYl6TRJ7VGV0YWKj/i3Lt6Vg6NypWbdsLSyuMJTU6o
vSg8RCsV9uCG/ZYKO4BtPrTk7EYRUaCJkEPOx2QHedtoZR2b
-----END CERTIFICATE-----