Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/bTyvhvXAfSkPlSblz32b9YLktug.roa
File:                     bTyvhvXAfSkPlSblz32b9YLktug.roa (raw, json)
Hash identifier:          U1SxG8/Kx9+0F9Rzxt9g6f7guf4oOCvDTX2a5bgPF9M=
Subject key identifier:   6D:3C:AF:86:F5:C0:7D:29:0F:95:26:E5:CF:7D:9B:F5:82:E4:B6:E8
Certificate issuer:       /CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
Certificate serial:       018CC3B6762D82645087CD1123402CA2E373
Authority key identifier: C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/bTyvhvXAfSkPlSblz32b9YLktug.roa
Signing time:             Mon 01 Jan 2024 06:29:24 +0000
ROA not before:           Mon 01 Jan 2024 06:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202000
IP address blocks:        2a05:4140:900::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 04:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:76:2d:82:64:50:87:cd:11:23:40:2c:a2:e3:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
        Validity
            Not Before: Jan  1 06:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d3caf86f5c07d290f9526e5cf7d9bf582e4b6e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:39:ce:31:e4:0d:0f:72:55:e1:3a:48:e7:12:
                    b3:34:03:e3:d5:0b:6f:92:05:79:dc:32:ce:63:6e:
                    69:32:2c:67:be:53:8d:02:dc:f9:48:f9:b7:82:f0:
                    2d:04:59:ae:8e:2e:62:31:6e:66:ec:13:ff:6c:64:
                    ef:06:ea:33:f6:e2:51:8c:1b:dd:05:f0:1c:17:3e:
                    40:a1:2b:ba:06:53:30:4e:e7:c1:fe:ef:db:13:e3:
                    64:1e:59:8a:d3:5e:fb:bb:8a:ae:d0:19:a2:11:fa:
                    98:63:1a:fd:42:9b:46:fc:4b:0e:82:4f:14:22:83:
                    8e:8a:5a:81:e9:82:21:28:7e:ed:90:4c:ab:49:6c:
                    ab:6d:2f:1b:49:61:f8:dc:03:e0:07:4c:68:3c:e6:
                    ab:12:5a:93:fc:48:8e:c6:9e:05:b3:da:bb:29:8e:
                    66:46:d3:4e:a9:80:bc:69:d9:6f:1c:7d:49:77:49:
                    79:ba:00:c3:9c:7c:c7:82:55:a2:80:23:d5:d6:2b:
                    87:d9:ee:18:4f:91:15:3a:2f:b0:95:4a:45:4c:54:
                    72:98:b9:c4:6f:bd:63:18:18:ec:ed:53:95:3b:41:
                    29:6e:f7:08:dc:51:c1:12:f8:21:42:d3:34:97:cb:
                    52:d5:2c:0c:fc:24:00:3a:f1:3d:b3:42:eb:01:74:
                    72:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:3C:AF:86:F5:C0:7D:29:0F:95:26:E5:CF:7D:9B:F5:82:E4:B6:E8
            X509v3 Authority Key Identifier:
                keyid:C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/bTyvhvXAfSkPlSblz32b9YLktug.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:4140:900::/40

    Signature Algorithm: sha256WithRSAEncryption
         8e:55:08:67:21:9e:e3:90:ae:f9:9a:22:c0:01:a6:1f:47:58:
         2a:b1:c2:16:62:da:be:80:e1:0e:0e:00:ad:1e:e9:71:e5:3a:
         46:79:99:bb:37:3c:28:b6:c0:c8:d7:72:2d:db:e6:cc:a2:6a:
         08:2a:22:6d:90:c7:0b:60:1f:cb:96:d6:d3:fa:ce:3e:36:9a:
         b7:fa:3a:1e:13:c0:46:57:db:ae:05:f8:85:d7:c3:57:f6:9f:
         4a:26:5d:70:e0:74:2d:18:b5:39:d9:8f:f9:79:85:2e:72:22:
         06:3f:12:72:26:6e:1c:19:12:75:2a:96:94:64:be:4a:c6:64:
         69:e5:bd:4c:ff:cb:42:70:83:30:fd:5c:0a:87:43:94:16:2c:
         39:dc:72:83:9e:9a:f0:97:0b:dc:cd:d9:be:18:64:42:16:24:
         09:a5:56:28:b9:68:0a:21:ec:7f:81:af:8e:15:27:25:e2:9d:
         bb:59:46:7f:29:27:d9:5b:49:ac:9b:54:a5:11:48:26:d4:62:
         73:87:8c:68:4a:00:4a:49:16:b7:dc:80:23:c7:e9:e5:d2:8e:
         6f:00:7d:6d:1a:da:4f:76:20:88:54:fa:6b:82:d2:3e:a3:79:
         a7:05:bb:7c:19:26:31:04:e9:54:89:ce:0e:6d:eb:a8:6d:89:
         3b:c7:ec:04
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzDtnYtgmRQh80RI0AsouNzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NGM2MGFkZWIwY2Q1NzY4Y2Y3NTZmNTYyYjFiNWNjNWI5
YzE4MGEwHhcNMjQwMTAxMDYyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDNjYWY4NmY1YzA3ZDI5MGY5NTI2ZTVjZjdkOWJmNTgyZTRiNmU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvjnOMeQND3JV4TpI5xKzNAPj1Qtv
kgV53DLOY25pMixnvlONAtz5SPm3gvAtBFmuji5iMW5m7BP/bGTvBuoz9uJRjBvd
BfAcFz5AoSu6BlMwTufB/u/bE+NkHlmK0177u4qu0BmiEfqYYxr9QptG/EsOgk8U
IoOOilqB6YIhKH7tkEyrSWyrbS8bSWH43APgB0xoPOarElqT/EiOxp4Fs9q7KY5m
RtNOqYC8adlvHH1Jd0l5ugDDnHzHglWigCPV1iuH2e4YT5EVOi+wlUpFTFRymLnE
b71jGBjs7VOVO0EpbvcI3FHBEvghQtM0l8tS1SwM/CQAOvE9s0LrAXRybwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFG08r4b1wH0pD5Um5c99m/WC5LboMB8GA1UdIwQY
MBaAFMdMYK3rDNV2jPdW9WKxtcxbnBgKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMt
ODg1ZTg0ZTc1MTJlLzEvYlR5dmh2WEFmU2tQbFNibHozMmI5WUxrdHVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMtODg1ZTg0ZTc1MTJl
LzEveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgVBQAkw
DQYJKoZIhvcNAQELBQADggEBAI5VCGchnuOQrvmaIsABph9HWCqxwhZi2r6A4Q4O
AK0e6XHlOkZ5mbs3PCi2wMjXci3b5syiaggqIm2QxwtgH8uW1tP6zj42mrf6Oh4T
wEZX264F+IXXw1f2n0omXXDgdC0YtTnZj/l5hS5yIgY/EnImbhwZEnUqlpRkvkrG
ZGnlvUz/y0JwgzD9XAqHQ5QWLDnccoOemvCXC9zN2b4YZEIWJAmlVii5aAoh7H+B
r44VJyXinbtZRn8pJ9lbSaybVKURSCbUYnOHjGhKAEpJFrfcgCPH6eXSjm8AfW0a
2k92IIhU+muC0j6jeacFu3wZJjEE6VSJzg5t66htiTvH7AQ=
-----END CERTIFICATE-----