Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/sIan_gZSxCDp0J2NEoJ_UhpywTk.roa
File:                     sIan_gZSxCDp0J2NEoJ_UhpywTk.roa (raw, json)
Hash identifier:          nkLucyg7oW5vye0SI2a+c97+4cKSYQceh+g2nNuWyYU=
Subject key identifier:   B0:86:A7:FE:06:52:C4:20:E9:D0:9D:8D:12:82:7F:52:1A:72:C1:39
Certificate issuer:       /CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
Certificate serial:       0194450CDFE2330F4B81C12EB918DE70AF7D
Authority key identifier: C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/sIan_gZSxCDp0J2NEoJ_UhpywTk.roa
Signing time:             Wed 08 Jan 2025 08:34:19 +0000
ROA not before:           Wed 08 Jan 2025 08:34:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199018
IP address blocks:        2a05:4140:25::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:45:0c:df:e2:33:0f:4b:81:c1:2e:b9:18:de:70:af:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
        Validity
            Not Before: Jan  8 08:34:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b086a7fe0652c420e9d09d8d12827f521a72c139
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:1e:ab:0b:3a:66:d2:c2:0f:5c:93:34:94:a0:
                    1a:2f:69:18:54:84:d3:8b:ad:c7:aa:1c:aa:bd:32:
                    08:4f:6d:0c:a7:7a:7b:59:7b:e8:22:e9:1c:98:dd:
                    a4:3e:9a:f5:43:6a:a5:8b:38:94:77:37:96:d0:2a:
                    b8:7d:58:40:3a:41:24:97:df:05:53:8d:30:33:83:
                    a5:4b:d8:20:81:23:52:3b:99:4b:21:7a:1e:e8:38:
                    e0:c2:47:1e:1c:68:dd:6c:ca:c9:f1:5c:4f:b7:f3:
                    0d:df:d9:94:70:5b:8b:57:96:d9:04:ad:3e:27:9c:
                    00:7a:4e:0f:cc:9b:a5:15:e2:77:35:e6:4b:21:19:
                    e3:bb:3a:ec:0e:9b:f6:0f:9b:df:1f:58:17:1e:d8:
                    1a:72:92:7f:27:ef:7f:64:eb:35:87:63:5c:45:46:
                    b8:32:12:a6:2b:cf:0e:e4:b7:a4:b0:2d:35:f0:9d:
                    d3:7f:c8:91:04:4b:08:2f:31:0c:41:b2:14:8e:11:
                    5f:a4:62:2b:39:93:fa:7a:25:b1:22:39:93:af:46:
                    6d:80:6f:d2:91:be:29:23:30:cd:19:1f:90:87:ad:
                    09:2f:08:bb:35:50:8b:8b:2c:4f:ca:49:25:9b:fa:
                    86:39:f8:bf:e0:b3:5e:b3:19:25:4d:26:8a:c4:62:
                    4a:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:86:A7:FE:06:52:C4:20:E9:D0:9D:8D:12:82:7F:52:1A:72:C1:39
            X509v3 Authority Key Identifier:
                keyid:C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/sIan_gZSxCDp0J2NEoJ_UhpywTk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:4140:25::/48

    Signature Algorithm: sha256WithRSAEncryption
         52:0c:08:ab:4b:cc:87:17:fe:3c:ac:b9:35:d8:1c:af:25:39:
         bb:da:31:b4:93:a0:ba:79:9a:99:45:0a:94:30:96:bc:ad:91:
         a2:8f:99:1f:91:38:d0:6c:33:f5:d2:6c:2e:3e:65:b2:62:54:
         8f:36:43:e1:99:ec:44:0f:56:a9:b9:ef:e9:2c:eb:6c:ee:48:
         44:6d:fc:8f:4d:24:1b:e5:03:83:34:95:62:e8:6a:09:06:1a:
         10:6d:30:d3:f5:55:5e:d0:74:ae:f9:12:a9:ac:27:88:e2:60:
         ed:d9:db:0c:1a:79:2b:c4:4a:89:16:51:bd:9a:f2:e9:00:4e:
         04:0d:cd:84:db:66:e2:b8:a7:0e:57:10:6b:c1:bc:bb:01:a2:
         a6:9a:d1:3c:0d:96:a1:f7:d2:d6:9c:89:51:ff:1c:d1:fb:51:
         ce:90:a0:44:66:90:da:7d:10:d9:c2:a6:33:7e:65:f8:51:ba:
         14:cf:b4:7c:d6:9b:38:9b:47:c1:02:38:50:57:d5:7c:b5:be:
         85:a3:a4:aa:27:bc:06:a0:0f:16:d4:2d:09:e4:47:c1:b9:2e:
         bb:15:ca:85:8d:bf:e3:0a:f8:f2:69:e9:09:2c:e0:0b:85:47:
         c1:0b:97:15:58:3b:60:ab:a7:ce:ad:5c:b8:ce:c7:25:38:e5:
         14:af:49:67
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZRFDN/iMw9LgcEuuRjecK99MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NGM2MGFkZWIwY2Q1NzY4Y2Y3NTZmNTYyYjFiNWNjNWI5
YzE4MGEwHhcNMjUwMTA4MDgzNDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDg2YTdmZTA2NTJjNDIwZTlkMDlkOGQxMjgyN2Y1MjFhNzJjMTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoh6rCzpm0sIPXJM0lKAaL2kYVITT
i63HqhyqvTIIT20Mp3p7WXvoIukcmN2kPpr1Q2qliziUdzeW0Cq4fVhAOkEkl98F
U40wM4OlS9gggSNSO5lLIXoe6DjgwkceHGjdbMrJ8VxPt/MN39mUcFuLV5bZBK0+
J5wAek4PzJulFeJ3NeZLIRnjuzrsDpv2D5vfH1gXHtgacpJ/J+9/ZOs1h2NcRUa4
MhKmK88O5LeksC018J3Tf8iRBEsILzEMQbIUjhFfpGIrOZP6eiWxIjmTr0ZtgG/S
kb4pIzDNGR+Qh60JLwi7NVCLiyxPykklm/qGOfi/4LNesxklTSaKxGJK0wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLCGp/4GUsQg6dCdjRKCf1IacsE5MB8GA1UdIwQY
MBaAFMdMYK3rDNV2jPdW9WKxtcxbnBgKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMt
ODg1ZTg0ZTc1MTJlLzEvc0lhbl9nWlN4Q0RwMEoyTkVvSl9VaHB5d1RrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMtODg1ZTg0ZTc1MTJl
LzEveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgVBQAAl
MA0GCSqGSIb3DQEBCwUAA4IBAQBSDAirS8yHF/48rLk12ByvJTm72jG0k6C6eZqZ
RQqUMJa8rZGij5kfkTjQbDP10mwuPmWyYlSPNkPhmexED1apue/pLOts7khEbfyP
TSQb5QODNJVi6GoJBhoQbTDT9VVe0HSu+RKprCeI4mDt2dsMGnkrxEqJFlG9mvLp
AE4EDc2E22biuKcOVxBrwby7AaKmmtE8DZah99LWnIlR/xzR+1HOkKBEZpDafRDZ
wqYzfmX4UboUz7R81ps4m0fBAjhQV9V8tb6Fo6SqJ7wGoA8W1C0J5EfBuS67FcqF
jb/jCvjyaekJLOALhUfBC5cVWDtgq6fOrVy4zsclOOUUr0ln
-----END CERTIFICATE-----