Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/j2mhF_7j2wyl_syrPrf2Ec8-90k.roa
File:                     j2mhF_7j2wyl_syrPrf2Ec8-90k.roa (raw, json)
Hash identifier:          K5jh5x286Arb/af47yCy+SzGVVEvFZl6agnwqWBmFlw=
Subject key identifier:   8F:69:A1:17:FE:E3:DB:0C:A5:FE:CC:AB:3E:B7:F6:11:CF:3E:F7:49
Certificate issuer:       /CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
Certificate serial:       018CC3B67BB9E5250C1748BA956ED1A46713
Authority key identifier: C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/j2mhF_7j2wyl_syrPrf2Ec8-90k.roa
Signing time:             Mon 01 Jan 2024 06:29:25 +0000
ROA not before:           Mon 01 Jan 2024 06:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216395
IP address blocks:        2a05:4140:7::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 04:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:7b:b9:e5:25:0c:17:48:ba:95:6e:d1:a4:67:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
        Validity
            Not Before: Jan  1 06:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f69a117fee3db0ca5feccab3eb7f611cf3ef749
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:e6:ce:18:db:52:aa:51:8a:fc:3d:55:20:4a:
                    9d:d5:b2:8f:27:28:ea:a2:b7:bf:8d:18:9b:3c:83:
                    5f:e4:aa:09:a9:51:df:12:ce:fe:e3:ee:81:8e:7e:
                    a8:13:ca:67:6a:02:12:3e:ba:c5:5e:c6:f5:48:49:
                    53:c3:90:c7:df:cf:ad:e7:3b:78:0c:64:b2:42:e1:
                    53:f5:71:c2:3f:d2:37:93:68:2f:97:44:39:6b:e3:
                    77:ab:16:58:b2:77:89:2e:db:5c:02:ce:93:99:b4:
                    a2:6d:2a:be:4e:b6:be:ea:1e:46:9b:66:4a:b1:a8:
                    fe:31:13:91:c6:a3:ed:ba:fc:7f:6f:c5:c6:20:b9:
                    5c:f7:fa:00:81:d3:6b:b5:f6:eb:e0:cc:af:a7:c8:
                    76:93:3b:65:10:82:16:a7:17:7b:d1:f6:7e:4f:15:
                    34:b3:a2:14:bf:26:d2:68:21:71:9c:ec:01:52:a2:
                    f7:45:dc:6e:5f:91:75:11:59:06:7c:92:6a:cb:73:
                    a8:81:ab:3c:8f:d6:75:dc:ee:3c:50:c5:a4:b9:7b:
                    ef:b2:b1:e3:82:c9:2e:e5:dc:ba:95:b2:4c:ea:b6:
                    e7:2d:e9:9b:b1:5b:60:ca:9a:6c:e9:ef:f2:81:07:
                    09:11:6f:01:0d:d5:bd:73:4b:f2:95:27:cc:a7:d3:
                    bf:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:69:A1:17:FE:E3:DB:0C:A5:FE:CC:AB:3E:B7:F6:11:CF:3E:F7:49
            X509v3 Authority Key Identifier:
                keyid:C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/j2mhF_7j2wyl_syrPrf2Ec8-90k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:4140:7::/48

    Signature Algorithm: sha256WithRSAEncryption
         3f:47:15:72:5c:b0:63:db:55:21:96:07:b5:ec:db:79:5e:20:
         4c:29:d3:9e:51:90:39:25:18:9a:91:13:e1:3b:6c:4b:5e:ca:
         bb:eb:b2:e3:81:84:fc:0e:d2:9c:f5:9c:0a:a6:27:9f:f8:84:
         ce:51:e7:3a:4b:45:e8:2f:21:18:bb:e4:9e:0e:88:1b:85:f5:
         b5:9a:ae:23:0b:70:3d:ba:5c:34:80:6b:87:b4:24:74:4f:ed:
         1b:5a:79:9a:c4:4f:f2:58:ac:da:f5:0e:ea:3c:cf:90:8e:9a:
         71:7e:2c:bf:c9:ba:39:15:c1:7b:3b:80:89:2f:cf:8a:11:25:
         a3:da:f7:02:16:78:fd:43:21:81:52:23:a4:13:10:3d:bc:1b:
         0d:f6:2d:10:06:ca:8a:db:67:7c:53:eb:ef:c6:c6:66:fc:69:
         2b:bc:8a:1d:cc:8f:a3:dd:07:fb:a7:5e:89:c7:4c:51:20:11:
         37:f3:5a:a2:60:a2:04:d5:ef:fc:af:c9:76:a1:58:8c:93:74:
         35:e1:c2:4f:a2:23:05:d6:58:e1:82:30:d8:db:ac:a1:68:c4:
         08:a8:f1:2a:6b:88:e5:23:6f:cb:6e:07:19:4b:eb:de:e9:13:
         79:71:f5:22:be:c0:bb:80:99:92:9b:37:49:dc:ea:88:53:55:
         04:87:c8:03
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDtnu55SUMF0i6lW7RpGcTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NGM2MGFkZWIwY2Q1NzY4Y2Y3NTZmNTYyYjFiNWNjNWI5
YzE4MGEwHhcNMjQwMTAxMDYyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjY5YTExN2ZlZTNkYjBjYTVmZWNjYWIzZWI3ZjYxMWNmM2VmNzQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmObOGNtSqlGK/D1VIEqd1bKPJyjq
ore/jRibPINf5KoJqVHfEs7+4+6Bjn6oE8pnagISPrrFXsb1SElTw5DH38+t5zt4
DGSyQuFT9XHCP9I3k2gvl0Q5a+N3qxZYsneJLttcAs6TmbSibSq+Tra+6h5Gm2ZK
saj+MRORxqPtuvx/b8XGILlc9/oAgdNrtfbr4Myvp8h2kztlEIIWpxd70fZ+TxU0
s6IUvybSaCFxnOwBUqL3RdxuX5F1EVkGfJJqy3Oogas8j9Z13O48UMWkuXvvsrHj
gsku5dy6lbJM6rbnLembsVtgypps6e/ygQcJEW8BDdW9c0vylSfMp9O/vQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFI9poRf+49sMpf7Mqz639hHPPvdJMB8GA1UdIwQY
MBaAFMdMYK3rDNV2jPdW9WKxtcxbnBgKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMt
ODg1ZTg0ZTc1MTJlLzEvajJtaEZfN2oyd3lsX3N5clByZjJFYzgtOTBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMtODg1ZTg0ZTc1MTJl
LzEveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgVBQAAH
MA0GCSqGSIb3DQEBCwUAA4IBAQA/RxVyXLBj21Uhlge17Nt5XiBMKdOeUZA5JRia
kRPhO2xLXsq767LjgYT8DtKc9ZwKpief+ITOUec6S0XoLyEYu+SeDogbhfW1mq4j
C3A9ulw0gGuHtCR0T+0bWnmaxE/yWKza9Q7qPM+Qjppxfiy/ybo5FcF7O4CJL8+K
ESWj2vcCFnj9QyGBUiOkExA9vBsN9i0QBsqK22d8U+vvxsZm/GkrvIodzI+j3Qf7
p16Jx0xRIBE381qiYKIE1e/8r8l2oViMk3Q14cJPoiMF1ljhgjDY26yhaMQIqPEq
a4jlI2/LbgcZS+ve6RN5cfUivsC7gJmSmzdJ3OqIU1UEh8gD
-----END CERTIFICATE-----