Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/Y9AVFGDGlg-kDWrQ3btw7owg40U.roa
File:                     Y9AVFGDGlg-kDWrQ3btw7owg40U.roa (raw, json)
Hash identifier:          EHsht5Gu6oEXcTzd2E3tN5sjwT9KZVazxRyrzAq9NAg=
Subject key identifier:   63:D0:15:14:60:C6:96:0F:A4:0D:6A:D0:DD:BB:70:EE:8C:20:E3:45
Certificate issuer:       /CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
Certificate serial:       018CC3B677E9DB46BC6917C451C959295AE5
Authority key identifier: C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/Y9AVFGDGlg-kDWrQ3btw7owg40U.roa
Signing time:             Mon 01 Jan 2024 06:29:24 +0000
ROA not before:           Mon 01 Jan 2024 06:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204729
IP address blocks:        2a05:4140:1220::/43 maxlen: 43

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 04:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:77:e9:db:46:bc:69:17:c4:51:c9:59:29:5a:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
        Validity
            Not Before: Jan  1 06:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=63d0151460c6960fa40d6ad0ddbb70ee8c20e345
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:a1:a5:15:fd:4c:32:03:ff:61:30:af:30:c0:
                    57:87:0f:92:8b:76:3d:03:1d:a9:b3:a5:f4:09:5a:
                    13:17:89:6a:03:7a:83:ef:6f:44:57:3e:24:31:ab:
                    ea:6e:7c:88:4a:e2:dc:b2:67:0f:20:d9:a7:c7:37:
                    a4:c3:0c:6d:ee:5b:9d:5f:74:8c:e3:9d:5b:5e:fd:
                    ba:18:f6:9b:ef:af:c7:52:2a:f9:54:1b:84:f1:56:
                    ca:41:d3:3d:5c:06:b6:33:26:49:a4:4b:47:b5:de:
                    40:70:2c:42:f2:c7:43:1b:b1:e0:3f:eb:dc:df:ed:
                    87:20:e3:9f:d3:29:af:87:6b:22:d0:23:22:47:b0:
                    0c:47:0b:54:e2:26:92:f0:c3:0a:c1:82:4f:e8:cd:
                    ab:03:aa:4f:43:fa:8d:19:73:7d:8a:26:0f:77:db:
                    bc:8b:76:20:2d:d7:63:67:31:49:3f:bf:8f:d6:82:
                    a5:58:c1:ba:ba:53:20:4a:b1:57:f0:62:4a:fa:4f:
                    d6:bd:1b:08:2e:b4:67:41:89:76:e5:a2:c4:67:60:
                    83:76:b9:72:5d:38:37:5f:7d:52:3a:3d:74:ae:7c:
                    72:6e:45:92:20:00:17:84:33:1d:29:4f:24:2e:3a:
                    ca:26:f3:4e:ea:1d:99:cc:8e:a8:7b:ec:8a:e2:5b:
                    e2:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:D0:15:14:60:C6:96:0F:A4:0D:6A:D0:DD:BB:70:EE:8C:20:E3:45
            X509v3 Authority Key Identifier:
                keyid:C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/Y9AVFGDGlg-kDWrQ3btw7owg40U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:4140:1220::/43

    Signature Algorithm: sha256WithRSAEncryption
         02:db:51:01:78:0d:10:5d:40:42:70:c5:0e:e7:3e:c6:89:0b:
         68:d5:0c:f3:50:8f:fe:0f:23:eb:17:2c:cf:47:c8:88:75:25:
         2e:b7:67:01:ef:06:63:60:5e:6f:d9:c4:4a:84:cb:12:6a:54:
         89:61:c6:c1:45:5d:2c:c2:a7:40:3f:e4:4b:c7:15:2f:f3:3f:
         fd:b2:42:9b:a5:57:f7:ec:ff:d0:60:f5:9e:fa:30:9d:86:b3:
         5e:70:6b:df:ff:3d:59:fc:fe:a0:25:f7:fa:23:0b:04:3f:4e:
         ef:60:9c:38:71:96:54:d3:81:b4:c5:cd:15:46:91:24:10:3a:
         73:67:81:ae:37:56:fa:ff:33:c4:ac:7b:c3:0d:b0:9f:61:11:
         3d:ab:90:7b:2e:66:2a:4a:a1:d9:67:08:4a:f0:8a:0d:d0:17:
         26:fc:8a:bd:69:af:e4:48:df:4a:62:a8:68:69:19:ff:5c:db:
         83:46:70:dd:58:e2:85:b6:a8:9f:d0:ef:93:ab:b4:9e:a2:e6:
         7f:fc:90:e5:d1:4d:93:d5:72:25:77:ab:b7:33:4e:ca:30:db:
         f8:5f:2f:e0:40:a1:5c:46:83:25:d4:18:1a:e2:0d:88:12:0d:
         01:1e:d1:b1:8d:01:8d:04:2a:06:7a:3d:95:d7:b1:ed:2a:30:
         26:5e:28:48
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDtnfp20a8aRfEUclZKVrlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NGM2MGFkZWIwY2Q1NzY4Y2Y3NTZmNTYyYjFiNWNjNWI5
YzE4MGEwHhcNMjQwMTAxMDYyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2QwMTUxNDYwYzY5NjBmYTQwZDZhZDBkZGJiNzBlZThjMjBlMzQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnaGlFf1MMgP/YTCvMMBXhw+Si3Y9
Ax2ps6X0CVoTF4lqA3qD729EVz4kMavqbnyISuLcsmcPINmnxzekwwxt7ludX3SM
451bXv26GPab76/HUir5VBuE8VbKQdM9XAa2MyZJpEtHtd5AcCxC8sdDG7HgP+vc
3+2HIOOf0ymvh2si0CMiR7AMRwtU4iaS8MMKwYJP6M2rA6pPQ/qNGXN9iiYPd9u8
i3YgLddjZzFJP7+P1oKlWMG6ulMgSrFX8GJK+k/WvRsILrRnQYl25aLEZ2CDdrly
XTg3X31SOj10rnxybkWSIAAXhDMdKU8kLjrKJvNO6h2ZzI6oe+yK4lvi8QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGPQFRRgxpYPpA1q0N27cO6MIONFMB8GA1UdIwQY
MBaAFMdMYK3rDNV2jPdW9WKxtcxbnBgKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMt
ODg1ZTg0ZTc1MTJlLzEvWTlBVkZHREdsZy1rRFdyUTNidHc3b3dnNDBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMtODg1ZTg0ZTc1MTJl
LzEveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcFKgVBQBIg
MA0GCSqGSIb3DQEBCwUAA4IBAQAC21EBeA0QXUBCcMUO5z7GiQto1QzzUI/+DyPr
FyzPR8iIdSUut2cB7wZjYF5v2cRKhMsSalSJYcbBRV0swqdAP+RLxxUv8z/9skKb
pVf37P/QYPWe+jCdhrNecGvf/z1Z/P6gJff6IwsEP07vYJw4cZZU04G0xc0VRpEk
EDpzZ4GuN1b6/zPErHvDDbCfYRE9q5B7LmYqSqHZZwhK8IoN0Bcm/Iq9aa/kSN9K
YqhoaRn/XNuDRnDdWOKFtqif0O+Tq7SeouZ//JDl0U2T1XIld6u3M07KMNv4Xy/g
QKFcRoMl1Bga4g2IEg0BHtGxjQGNBCoGej2V17HtKjAmXihI
-----END CERTIFICATE-----