Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/qkFRUJFvVxfcOh6fvsnJz2nYPb4.roa
File:                     qkFRUJFvVxfcOh6fvsnJz2nYPb4.roa (raw, json)
Hash identifier:          vv47JGYRFKfVGOkcicsiABu4SsfHACrhNpIJjVAHzDo=
Subject key identifier:   AA:41:51:50:91:6F:57:17:DC:3A:1E:9F:BE:C9:C9:CF:69:D8:3D:BE
Certificate issuer:       /CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
Certificate serial:       018CC3B676BFBAB063CF06FFEF2E1A3D4665
Authority key identifier: C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/qkFRUJFvVxfcOh6fvsnJz2nYPb4.roa
Signing time:             Mon 01 Jan 2024 06:29:24 +0000
ROA not before:           Mon 01 Jan 2024 06:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202827
IP address blocks:        2a05:4140:1000::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 04:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:76:bf:ba:b0:63:cf:06:ff:ef:2e:1a:3d:46:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
        Validity
            Not Before: Jan  1 06:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aa415150916f5717dc3a1e9fbec9c9cf69d83dbe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:71:d8:ce:7e:c7:71:da:26:b3:70:79:29:f3:
                    f2:16:e2:02:e5:0a:f4:94:db:e6:42:4c:1d:02:4f:
                    0f:7c:a7:f5:24:0f:14:93:fa:7d:f8:24:7b:86:09:
                    45:66:79:33:82:0f:1e:06:04:12:9f:f0:db:0f:78:
                    90:f1:cd:bf:41:72:9e:e4:7a:e4:9e:a7:89:7f:02:
                    a5:09:29:02:2b:1b:1e:dc:b9:cc:78:d3:12:d5:bc:
                    ec:88:49:b8:f2:f5:65:27:a9:ac:ca:f5:fe:14:21:
                    2b:cc:8c:c3:9d:41:08:bc:cf:1c:6d:97:4b:43:30:
                    83:84:61:ea:6b:2c:cb:ce:c2:8b:f7:3a:a6:0b:91:
                    37:dc:37:43:fd:89:e0:ab:eb:80:16:9f:47:50:cd:
                    3b:50:57:7c:93:96:da:b0:d6:a2:cd:e6:44:04:e7:
                    23:fb:9e:40:13:69:fe:68:c7:1d:bc:bc:83:1b:f1:
                    d4:99:68:d9:9a:02:ed:f1:1f:23:d8:2a:ea:da:78:
                    70:92:04:fc:d2:7d:dc:e5:85:5e:f7:26:8f:ef:fc:
                    c4:58:4f:52:02:70:8c:cc:17:47:e3:88:cd:8f:6e:
                    dc:86:c5:81:b5:71:d3:c7:65:fd:e6:8b:f1:61:42:
                    58:4d:39:87:65:94:a4:4b:bd:f3:e8:2d:82:35:77:
                    f3:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:41:51:50:91:6F:57:17:DC:3A:1E:9F:BE:C9:C9:CF:69:D8:3D:BE
            X509v3 Authority Key Identifier:
                keyid:C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/qkFRUJFvVxfcOh6fvsnJz2nYPb4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:4140:1000::/36

    Signature Algorithm: sha256WithRSAEncryption
         70:bb:0b:92:4b:fa:f5:64:c9:f2:11:c3:99:ad:85:cf:a7:dc:
         8a:7d:d2:96:5f:ec:4d:ed:4b:ba:97:a1:1c:dc:bc:82:6a:ad:
         09:c2:dd:ee:5c:cd:f3:09:42:bb:60:b2:8c:09:b8:ae:c3:ba:
         69:ef:da:74:5b:f2:81:c3:c2:70:d1:45:90:27:be:74:30:44:
         74:19:e8:9e:f1:3b:d2:cc:21:79:e3:24:86:1d:ad:0e:db:40:
         cb:c1:5c:c3:d1:06:46:4b:cd:2e:bd:47:bf:ab:86:0d:19:73:
         02:65:f4:49:9e:e7:7b:8f:29:55:38:66:72:07:0b:8a:29:76:
         bc:09:91:12:07:e8:4b:78:d7:19:54:29:cf:76:d8:67:45:fd:
         62:d3:de:0b:1b:96:7c:a1:e8:ff:43:00:a7:ac:c6:3f:80:59:
         25:ed:3a:14:df:71:e4:76:b0:be:2b:1b:ae:84:a8:fe:ac:f1:
         64:e5:e8:c7:dc:ed:cf:45:82:a4:bb:12:39:6c:80:d4:96:64:
         f8:59:9f:f3:d5:25:47:ad:59:07:a1:b9:40:ee:a4:d4:14:ec:
         43:ca:34:e1:23:e6:f9:9e:ee:de:2c:03:3a:c2:18:a1:b1:51:
         db:ce:a1:80:7a:7d:df:19:55:c0:a8:05:a5:00:75:c6:fd:27:
         ce:11:0f:2e
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzDtna/urBjzwb/7y4aPUZlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NGM2MGFkZWIwY2Q1NzY4Y2Y3NTZmNTYyYjFiNWNjNWI5
YzE4MGEwHhcNMjQwMTAxMDYyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTQxNTE1MDkxNmY1NzE3ZGMzYTFlOWZiZWM5YzljZjY5ZDgzZGJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3HHYzn7Hcdoms3B5KfPyFuIC5Qr0
lNvmQkwdAk8PfKf1JA8Uk/p9+CR7hglFZnkzgg8eBgQSn/DbD3iQ8c2/QXKe5Hrk
nqeJfwKlCSkCKxse3LnMeNMS1bzsiEm48vVlJ6msyvX+FCErzIzDnUEIvM8cbZdL
QzCDhGHqayzLzsKL9zqmC5E33DdD/Yngq+uAFp9HUM07UFd8k5basNaizeZEBOcj
+55AE2n+aMcdvLyDG/HUmWjZmgLt8R8j2Crq2nhwkgT80n3c5YVe9yaP7/zEWE9S
AnCMzBdH44jNj27chsWBtXHTx2X95ovxYUJYTTmHZZSkS73z6C2CNXfzPQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFKpBUVCRb1cX3Doen77Jyc9p2D2+MB8GA1UdIwQY
MBaAFMdMYK3rDNV2jPdW9WKxtcxbnBgKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMt
ODg1ZTg0ZTc1MTJlLzEvcWtGUlVKRnZWeGZjT2g2ZnZzbkp6Mm5ZUGI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMtODg1ZTg0ZTc1MTJl
LzEveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKgVBQBAw
DQYJKoZIhvcNAQELBQADggEBAHC7C5JL+vVkyfIRw5mthc+n3Ip90pZf7E3tS7qX
oRzcvIJqrQnC3e5czfMJQrtgsowJuK7Dumnv2nRb8oHDwnDRRZAnvnQwRHQZ6J7x
O9LMIXnjJIYdrQ7bQMvBXMPRBkZLzS69R7+rhg0ZcwJl9Eme53uPKVU4ZnIHC4op
drwJkRIH6Et41xlUKc922GdF/WLT3gsblnyh6P9DAKesxj+AWSXtOhTfceR2sL4r
G66EqP6s8WTl6Mfc7c9FgqS7EjlsgNSWZPhZn/PVJUetWQehuUDupNQU7EPKNOEj
5vme7t4sAzrCGKGxUdvOoYB6fd8ZVcCoBaUAdcb9J84RDy4=
-----END CERTIFICATE-----