Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/Zac6K5GvXSnv5iYhUf3WGl69O34.roa
File:                     Zac6K5GvXSnv5iYhUf3WGl69O34.roa (raw, json)
Hash identifier:          NDO4iSBlSfU3DDjjLSzPR+xW/47dp1NcC12EeV4lod8=
Subject key identifier:   65:A7:3A:2B:91:AF:5D:29:EF:E6:26:21:51:FD:D6:1A:5E:BD:3B:7E
Certificate issuer:       /CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
Certificate serial:       018CC3B67781412CB0D1F27062911AC33241
Authority key identifier: C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/Zac6K5GvXSnv5iYhUf3WGl69O34.roa
Signing time:             Mon 01 Jan 2024 06:29:24 +0000
ROA not before:           Mon 01 Jan 2024 06:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203363
IP address blocks:        2a05:4140:700::/40 maxlen: 40
                          2a05:4140:800::/40 maxlen: 48
                          2a05:4140:19::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:77:81:41:2c:b0:d1:f2:70:62:91:1a:c3:32:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
        Validity
            Not Before: Jan  1 06:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=65a73a2b91af5d29efe6262151fdd61a5ebd3b7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:79:38:a7:83:fe:70:7b:6a:f6:36:03:f7:c6:
                    36:45:8f:a2:1d:34:96:79:dc:46:cc:03:af:44:46:
                    2a:b1:6a:4c:ba:4b:59:de:b8:c9:34:ff:ff:d5:27:
                    70:e1:2c:4a:c1:9d:24:b2:35:0a:28:ae:f1:65:88:
                    1b:96:95:45:24:06:77:bf:5e:5c:e6:10:91:eb:be:
                    81:93:eb:d4:88:ce:10:bf:aa:78:90:09:e9:78:26:
                    a0:76:d6:b2:89:ab:2e:87:34:11:d9:82:31:1b:40:
                    53:6f:69:fa:55:16:89:1f:5e:b5:55:84:c8:08:62:
                    7a:bb:ea:75:e4:38:dd:a1:84:72:85:af:a4:c2:d4:
                    21:0f:08:6d:96:73:90:20:98:51:ed:54:a6:e0:ab:
                    0c:53:7f:79:a0:a9:3d:4d:5f:d9:92:86:1f:9e:c3:
                    e4:e4:ef:f7:61:d2:3f:76:4c:46:28:92:c3:81:78:
                    30:1a:a6:88:34:b6:e5:04:dc:77:e3:8e:ca:e2:bb:
                    5b:99:54:d6:57:a8:42:10:37:50:b5:60:1e:ce:78:
                    15:a1:02:88:0b:db:aa:0c:6f:b9:ff:53:c4:b1:05:
                    97:6e:22:98:3a:0a:5f:65:46:8b:5d:67:09:59:61:
                    a2:f9:84:a0:4c:54:cf:54:37:e1:15:10:09:33:c9:
                    1a:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:A7:3A:2B:91:AF:5D:29:EF:E6:26:21:51:FD:D6:1A:5E:BD:3B:7E
            X509v3 Authority Key Identifier:
                keyid:C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/Zac6K5GvXSnv5iYhUf3WGl69O34.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:4140:19::/48
                  2a05:4140:700::-2a05:4140:8ff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         68:a2:76:4e:05:d1:00:96:31:57:e6:5c:74:e4:3d:b0:59:d5:
         a2:e5:f9:98:db:7b:2b:1f:5a:2a:2e:5e:08:ed:80:50:8b:30:
         d7:d9:f4:20:59:b5:64:ec:06:a7:ac:3e:be:a6:e9:f8:e9:6f:
         32:8c:1c:31:ad:50:2f:d6:cd:9e:14:e1:ab:34:5d:18:69:63:
         33:cd:fb:8c:2e:e1:bc:72:3f:dd:e2:2e:ec:cc:ef:70:df:26:
         5d:9d:6f:a6:ad:eb:c2:ad:29:18:34:ec:db:6a:96:c5:16:25:
         46:d8:3a:c5:27:5f:82:89:be:38:2b:b6:84:d8:b4:bd:9e:f1:
         b0:d5:b1:05:55:1b:da:88:9b:8d:1a:ec:9c:cb:9e:de:39:7b:
         29:6e:93:c0:52:5a:39:ac:22:31:cb:63:c2:54:1d:59:dd:de:
         81:2b:d2:ce:0c:a2:47:61:d2:bd:aa:23:5d:20:5d:63:c9:e5:
         d0:fb:a5:d7:19:6f:d5:c5:6f:2b:de:ad:63:e0:43:a2:32:f2:
         dc:cd:cd:a3:d0:47:87:de:22:3e:a7:ff:8f:d4:58:1f:f9:f9:
         21:10:94:0b:0c:5a:da:f4:e9:99:57:33:e8:b1:7a:7e:b0:6a:
         ec:11:d5:75:08:30:43:0f:aa:f7:03:66:7d:12:a0:35:3a:9f:
         f5:78:42:53
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzDtneBQSyw0fJwYpEawzJBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NGM2MGFkZWIwY2Q1NzY4Y2Y3NTZmNTYyYjFiNWNjNWI5
YzE4MGEwHhcNMjQwMTAxMDYyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWE3M2EyYjkxYWY1ZDI5ZWZlNjI2MjE1MWZkZDYxYTVlYmQzYjdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhXk4p4P+cHtq9jYD98Y2RY+iHTSW
edxGzAOvREYqsWpMuktZ3rjJNP//1Sdw4SxKwZ0ksjUKKK7xZYgblpVFJAZ3v15c
5hCR676Bk+vUiM4Qv6p4kAnpeCagdtayiasuhzQR2YIxG0BTb2n6VRaJH161VYTI
CGJ6u+p15DjdoYRyha+kwtQhDwhtlnOQIJhR7VSm4KsMU395oKk9TV/ZkoYfnsPk
5O/3YdI/dkxGKJLDgXgwGqaINLblBNx3447K4rtbmVTWV6hCEDdQtWAezngVoQKI
C9uqDG+5/1PEsQWXbiKYOgpfZUaLXWcJWWGi+YSgTFTPVDfhFRAJM8kaRQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFGWnOiuRr10p7+YmIVH91hpevTt+MB8GA1UdIwQY
MBaAFMdMYK3rDNV2jPdW9WKxtcxbnBgKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMt
ODg1ZTg0ZTc1MTJlLzEvWmFjNks1R3ZYU252NWlZaFVmM1dHbDY5TzM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMtODg1ZTg0ZTc1MTJl
LzEveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcAKgVBQAAZ
MBADBgAqBUFABwMGACoFQUAIMA0GCSqGSIb3DQEBCwUAA4IBAQBoonZOBdEAljFX
5lx05D2wWdWi5fmY23srH1oqLl4I7YBQizDX2fQgWbVk7AanrD6+pun46W8yjBwx
rVAv1s2eFOGrNF0YaWMzzfuMLuG8cj/d4i7szO9w3yZdnW+mrevCrSkYNOzbapbF
FiVG2DrFJ1+Cib44K7aE2LS9nvGw1bEFVRvaiJuNGuycy57eOXspbpPAUlo5rCIx
y2PCVB1Z3d6BK9LODKJHYdK9qiNdIF1jyeXQ+6XXGW/VxW8r3q1j4EOiMvLczc2j
0EeH3iI+p/+P1Fgf+fkhEJQLDFra9OmZVzPosXp+sGrsEdV1CDBDD6r3A2Z9EqA1
Op/1eEJT
-----END CERTIFICATE-----