Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/eTvI3fV2l6gXhWfOYGcPCndQ2W4.roa
File:                     eTvI3fV2l6gXhWfOYGcPCndQ2W4.roa (raw, json)
Hash identifier:          4lXzTxLXjqfOX2HuxLyn4Q7cfie0cfVZXxLpWJH4PhY=
Subject key identifier:   79:3B:C8:DD:F5:76:97:A8:17:85:67:CE:60:67:0F:0A:77:50:D9:6E
Certificate issuer:       /CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
Certificate serial:       01942445936259A45AD13CE8D8CC21CBD32E
Authority key identifier: C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/eTvI3fV2l6gXhWfOYGcPCndQ2W4.roa
Signing time:             Wed 01 Jan 2025 23:48:46 +0000
ROA not before:           Wed 01 Jan 2025 23:48:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204508
IP address blocks:        2a05:4140:300::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:93:62:59:a4:5a:d1:3c:e8:d8:cc:21:cb:d3:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
        Validity
            Not Before: Jan  1 23:48:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=793bc8ddf57697a8178567ce60670f0a7750d96e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:03:49:6e:88:bc:23:61:c3:23:3f:1c:73:73:
                    8b:2c:d6:0d:0e:82:5f:05:10:3f:83:fb:25:bd:5e:
                    d1:b2:7d:3c:c0:77:d8:fb:9a:dd:83:77:21:f4:20:
                    bb:ed:41:2e:ca:46:b0:8c:03:8e:b4:57:5d:f6:78:
                    ab:5f:5b:ee:4e:b9:92:f3:de:a1:b7:46:e1:b6:52:
                    f6:11:92:0d:ae:28:65:a5:2e:49:d2:92:76:1d:ca:
                    6f:a0:7f:99:5e:f9:f4:51:b6:65:bc:f7:0a:b3:f2:
                    f2:cc:97:16:10:d6:2a:4e:27:9b:1c:24:0a:7f:dc:
                    cd:1b:93:9e:bc:6e:02:e2:17:90:e6:44:99:c1:29:
                    cc:b2:f2:41:ff:6e:38:84:00:b0:ef:a8:56:e1:54:
                    6a:9f:d4:cd:2f:55:56:8e:9d:21:b3:2f:0f:1b:cb:
                    5d:9d:1b:b2:6a:ac:a8:86:17:20:4f:1f:32:d4:56:
                    1e:95:1a:24:8c:c6:fc:eb:de:16:8f:cc:f1:4e:16:
                    f6:64:2a:4b:93:e2:86:87:6c:dc:d5:1b:0c:99:27:
                    a6:7e:fd:fc:e0:c7:8a:d5:d1:5e:a2:97:5c:b0:45:
                    4e:6e:5e:d8:1b:76:21:f0:a6:01:cf:cc:ee:29:92:
                    12:53:97:69:d3:8e:23:88:f2:3e:6d:47:69:80:91:
                    39:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:3B:C8:DD:F5:76:97:A8:17:85:67:CE:60:67:0F:0A:77:50:D9:6E
            X509v3 Authority Key Identifier:
                keyid:C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/eTvI3fV2l6gXhWfOYGcPCndQ2W4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:4140:300::/40

    Signature Algorithm: sha256WithRSAEncryption
         01:5b:9f:78:6a:a5:8f:96:7e:62:02:33:57:3d:ef:3a:ba:16:
         d3:f5:e0:11:2e:9b:71:6a:f2:58:4a:87:a1:e7:6e:52:52:50:
         48:3d:f1:64:c7:46:39:77:12:44:e6:c6:96:f0:15:88:7a:4f:
         db:9e:7a:64:f0:5d:a1:fc:22:29:c3:c7:11:ae:dc:a1:33:2a:
         30:33:f9:47:28:53:68:58:ff:75:b3:2b:04:ee:2f:50:ff:11:
         ea:ec:ed:88:85:12:7d:98:2b:f9:63:a5:34:15:1e:d1:69:cb:
         34:0e:a3:d5:65:25:3c:7f:10:70:62:2e:1a:1b:af:17:c1:71:
         4e:cc:a4:f8:cb:f4:dd:be:f5:4c:81:eb:7f:12:68:47:10:e5:
         ba:8e:56:41:5b:05:45:2b:27:02:e2:97:0b:34:ae:41:db:86:
         83:1b:c1:cd:40:dd:f4:a8:a7:dc:06:bb:b2:cc:74:77:b3:e9:
         24:a9:8c:01:e6:02:2f:0f:b2:09:84:27:51:f5:f2:cf:1b:15:
         d6:60:ce:82:75:0a:13:39:a5:cf:12:ce:19:4a:3e:83:e5:9d:
         98:8a:b2:34:3c:b3:bf:63:bd:07:23:01:55:1d:92:bf:4a:d4:
         24:8e:17:4a:6a:60:73:c5:21:a0:79:c7:46:be:a5:04:65:e7:
         7d:2d:50:e5
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQkRZNiWaRa0Tzo2Mwhy9MuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NGM2MGFkZWIwY2Q1NzY4Y2Y3NTZmNTYyYjFiNWNjNWI5
YzE4MGEwHhcNMjUwMTAxMjM0ODQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTNiYzhkZGY1NzY5N2E4MTc4NTY3Y2U2MDY3MGYwYTc3NTBkOTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwANJboi8I2HDIz8cc3OLLNYNDoJf
BRA/g/slvV7Rsn08wHfY+5rdg3ch9CC77UEuykawjAOOtFdd9nirX1vuTrmS896h
t0bhtlL2EZINrihlpS5J0pJ2HcpvoH+ZXvn0UbZlvPcKs/LyzJcWENYqTiebHCQK
f9zNG5OevG4C4heQ5kSZwSnMsvJB/244hACw76hW4VRqn9TNL1VWjp0hsy8PG8td
nRuyaqyohhcgTx8y1FYelRokjMb8694Wj8zxThb2ZCpLk+KGh2zc1RsMmSemfv38
4MeK1dFeopdcsEVObl7YG3Yh8KYBz8zuKZISU5dp044jiPI+bUdpgJE56wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFHk7yN31dpeoF4VnzmBnDwp3UNluMB8GA1UdIwQY
MBaAFMdMYK3rDNV2jPdW9WKxtcxbnBgKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMt
ODg1ZTg0ZTc1MTJlLzEvZVR2STNmVjJsNmdYaFdmT1lHY1BDbmRRMlc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMtODg1ZTg0ZTc1MTJl
LzEveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgVBQAMw
DQYJKoZIhvcNAQELBQADggEBAAFbn3hqpY+WfmICM1c97zq6FtP14BEum3Fq8lhK
h6HnblJSUEg98WTHRjl3EkTmxpbwFYh6T9ueemTwXaH8IinDxxGu3KEzKjAz+Uco
U2hY/3WzKwTuL1D/Eers7YiFEn2YK/ljpTQVHtFpyzQOo9VlJTx/EHBiLhobrxfB
cU7MpPjL9N2+9UyB638SaEcQ5bqOVkFbBUUrJwLilws0rkHbhoMbwc1A3fSop9wG
u7LMdHez6SSpjAHmAi8PsgmEJ1H18s8bFdZgzoJ1ChM5pc8SzhlKPoPlnZiKsjQ8
s79jvQcjAVUdkr9K1CSOF0pqYHPFIaB5x0a+pQRl530tUOU=
-----END CERTIFICATE-----