Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/iJhdPpPWWV7dKDXKQ-a38NXNb4Q.roa
File:                     iJhdPpPWWV7dKDXKQ-a38NXNb4Q.roa (raw, json)
Hash identifier:          gja+oXK5GLTB956MnjQfNbTaoh6ufxKrHKbk2tFKR0U=
Subject key identifier:   88:98:5D:3E:93:D6:59:5E:DD:28:35:CA:43:E6:B7:F0:D5:CD:6F:84
Certificate issuer:       /CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
Certificate serial:       018CC3B67A0248CA0851B6001CE559898B6B
Authority key identifier: C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/iJhdPpPWWV7dKDXKQ-a38NXNb4Q.roa
Signing time:             Mon 01 Jan 2024 06:29:25 +0000
ROA not before:           Mon 01 Jan 2024 06:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211604
IP address blocks:        2a05:4140:375::/48 maxlen: 48
                          2a05:4140:335::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 10:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:7a:02:48:ca:08:51:b6:00:1c:e5:59:89:8b:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
        Validity
            Not Before: Jan  1 06:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=88985d3e93d6595edd2835ca43e6b7f0d5cd6f84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:67:98:b4:50:e7:60:c6:ea:f1:59:bc:1c:1d:
                    72:6a:6e:80:1b:52:f9:45:d0:4a:ee:02:58:15:0a:
                    74:77:80:03:b7:3a:31:e4:0c:10:fa:cf:51:4a:ee:
                    d6:25:8d:14:8a:d4:da:eb:55:ed:97:a7:a7:2b:f6:
                    02:fc:e7:98:8f:8b:70:61:79:6a:bd:c0:b6:98:ec:
                    c3:e7:20:7c:7e:cb:a5:d2:56:6b:09:f7:c2:f2:08:
                    ff:83:b3:a4:16:12:bf:63:b9:f4:63:c6:72:26:19:
                    94:7a:63:bd:24:d7:73:aa:d9:65:09:58:49:25:d7:
                    02:72:ca:b1:00:9c:44:d4:30:1a:b2:1a:f8:e8:50:
                    a6:bd:74:ca:91:45:a7:93:3e:85:31:e3:55:cf:ec:
                    d3:92:78:5f:ba:68:48:bc:b2:78:84:b2:46:e0:ae:
                    b8:d6:40:6f:87:44:72:a4:40:18:b6:b8:58:cb:37:
                    09:1c:95:7d:99:40:bd:67:58:92:f6:b9:47:9e:e3:
                    73:99:42:a0:3e:85:ab:dd:01:06:3f:2b:74:0a:29:
                    93:29:e0:28:65:79:93:cc:e5:4b:03:0a:44:36:a7:
                    70:17:dd:f1:ac:cd:86:69:f7:a0:2e:60:17:52:4e:
                    f6:65:cd:a9:e2:a3:48:7a:81:ed:e9:cc:80:e6:d7:
                    d0:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:98:5D:3E:93:D6:59:5E:DD:28:35:CA:43:E6:B7:F0:D5:CD:6F:84
            X509v3 Authority Key Identifier:
                keyid:C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/iJhdPpPWWV7dKDXKQ-a38NXNb4Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:4140:335::/48
                  2a05:4140:375::/48

    Signature Algorithm: sha256WithRSAEncryption
         69:f4:6c:b5:e1:1d:aa:5f:4a:b6:b6:fc:f5:97:f8:af:26:6c:
         e8:77:fa:38:be:25:93:52:b5:f5:e1:c6:75:79:df:9d:da:84:
         a7:aa:01:ad:84:29:a4:7f:c5:61:a7:61:b1:d6:a5:e6:24:93:
         3f:51:2b:a3:53:65:e9:bb:38:81:c4:5e:cb:13:8f:5c:32:e2:
         00:26:df:25:cc:e1:90:50:30:6b:03:49:fa:a1:53:c0:bd:1d:
         25:03:9f:71:ba:91:13:06:ca:b4:97:87:2d:97:30:ef:72:6a:
         89:ac:f6:d1:f4:c9:37:b4:57:78:63:0c:2c:0d:50:00:9a:aa:
         ab:df:39:b8:c8:9e:b1:3b:6d:1b:c3:f9:a0:be:8e:be:eb:31:
         be:35:a7:5c:7b:05:18:c6:8e:a4:63:f0:52:ba:ed:e0:68:0a:
         a5:26:52:7b:c6:cd:d5:42:fc:03:c4:e9:3e:30:87:e6:22:59:
         ed:17:d1:e5:15:7e:0e:65:b3:02:bf:e7:59:25:51:41:9b:23:
         cc:1b:49:99:ba:48:1b:47:b9:3f:92:c9:e4:23:12:a9:12:5d:
         9d:ec:7b:7d:50:dc:47:e8:61:02:66:32:d9:31:34:c8:ea:6f:
         ed:5f:c5:4e:6f:2d:c0:4d:8b:dc:62:6d:0f:5d:35:0f:c0:1a:
         05:da:26:f7
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzDtnoCSMoIUbYAHOVZiYtrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NGM2MGFkZWIwY2Q1NzY4Y2Y3NTZmNTYyYjFiNWNjNWI5
YzE4MGEwHhcNMjQwMTAxMDYyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODk4NWQzZTkzZDY1OTVlZGQyODM1Y2E0M2U2YjdmMGQ1Y2Q2Zjg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjWeYtFDnYMbq8Vm8HB1yam6AG1L5
RdBK7gJYFQp0d4ADtzox5AwQ+s9RSu7WJY0UitTa61Xtl6enK/YC/OeYj4twYXlq
vcC2mOzD5yB8fsul0lZrCffC8gj/g7OkFhK/Y7n0Y8ZyJhmUemO9JNdzqtllCVhJ
JdcCcsqxAJxE1DAashr46FCmvXTKkUWnkz6FMeNVz+zTknhfumhIvLJ4hLJG4K64
1kBvh0RypEAYtrhYyzcJHJV9mUC9Z1iS9rlHnuNzmUKgPoWr3QEGPyt0CimTKeAo
ZXmTzOVLAwpENqdwF93xrM2GafegLmAXUk72Zc2p4qNIeoHt6cyA5tfQzQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIiYXT6T1lle3Sg1ykPmt/DVzW+EMB8GA1UdIwQY
MBaAFMdMYK3rDNV2jPdW9WKxtcxbnBgKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMt
ODg1ZTg0ZTc1MTJlLzEvaUpoZFBwUFdXVjdkS0RYS1EtYTM4TlhOYjRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMtODg1ZTg0ZTc1MTJl
LzEveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgVBQAM1
AwcAKgVBQAN1MA0GCSqGSIb3DQEBCwUAA4IBAQBp9Gy14R2qX0q2tvz1l/ivJmzo
d/o4viWTUrX14cZ1ed+d2oSnqgGthCmkf8Vhp2Gx1qXmJJM/USujU2XpuziBxF7L
E49cMuIAJt8lzOGQUDBrA0n6oVPAvR0lA59xupETBsq0l4ctlzDvcmqJrPbR9Mk3
tFd4YwwsDVAAmqqr3zm4yJ6xO20bw/mgvo6+6zG+NadcewUYxo6kY/BSuu3gaAql
JlJ7xs3VQvwDxOk+MIfmIlntF9HlFX4OZbMCv+dZJVFBmyPMG0mZukgbR7k/ksnk
IxKpEl2d7Ht9UNxH6GECZjLZMTTI6m/tX8VOby3ATYvcYm0PXTUPwBoF2ib3
-----END CERTIFICATE-----