Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/v7KuNdN723ttyHSraAdYyiyupos.roa
File:                     v7KuNdN723ttyHSraAdYyiyupos.roa (raw, json)
Hash identifier:          KuzQa3UPQVf1cOHAkeccPVoeh+KpI/V/vg4ycPWEj5w=
Subject key identifier:   BF:B2:AE:35:D3:7B:DB:7B:6D:C8:74:AB:68:07:58:CA:2C:AE:A6:8B
Certificate issuer:       /CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
Certificate serial:       018E15D7646A8D9D69740233D33499C95405
Authority key identifier: C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/v7KuNdN723ttyHSraAdYyiyupos.roa
Signing time:             Wed 06 Mar 2024 22:17:01 +0000
ROA not before:           Wed 06 Mar 2024 22:17:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197438
IP address blocks:        2a05:4140:2200::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:15:d7:64:6a:8d:9d:69:74:02:33:d3:34:99:c9:54:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
        Validity
            Not Before: Mar  6 22:17:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bfb2ae35d37bdb7b6dc874ab680758ca2caea68b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:7a:9e:64:c3:3e:44:13:fe:fa:4e:45:02:7a:
                    09:a0:27:a1:f5:33:70:ac:fc:e0:1e:a8:7e:62:90:
                    41:49:4f:72:5c:f4:d2:f4:dc:9f:a3:de:d4:07:dd:
                    1f:44:b6:de:f2:dd:36:37:07:52:aa:e5:f5:19:af:
                    4f:d0:0d:3e:02:2b:d0:2a:0a:fa:c5:23:af:b4:4a:
                    dc:c5:0b:e0:8a:4d:9c:30:62:47:de:86:89:e3:fc:
                    b7:7d:6c:54:32:ee:cf:0b:fa:68:bd:86:92:d5:aa:
                    66:7e:0b:a1:3e:94:5d:56:c0:d1:4a:ad:f8:c0:ba:
                    03:81:2f:87:08:26:5c:1e:03:7e:26:ac:75:59:bb:
                    44:01:77:cc:30:bb:ad:6d:f1:69:9c:0c:20:df:41:
                    ed:cd:0a:64:c6:b7:89:c7:35:3d:e9:71:20:c7:ad:
                    a3:14:26:21:c1:60:2c:80:4d:b4:54:8c:1b:ef:91:
                    4e:2b:d5:15:5c:c4:a8:f7:35:b1:33:7f:81:46:33:
                    71:20:4b:c4:27:72:80:28:b8:02:59:7f:40:7c:15:
                    06:9b:ad:82:39:bb:19:97:a6:4d:21:20:94:1e:b9:
                    57:13:0d:6f:f9:20:86:dd:6d:0f:fa:74:43:fa:12:
                    3d:86:08:25:83:1d:95:6c:7c:f8:70:9c:98:ec:4c:
                    1c:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:B2:AE:35:D3:7B:DB:7B:6D:C8:74:AB:68:07:58:CA:2C:AE:A6:8B
            X509v3 Authority Key Identifier:
                keyid:C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/v7KuNdN723ttyHSraAdYyiyupos.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:4140:2200::/40

    Signature Algorithm: sha256WithRSAEncryption
         6d:9b:5e:12:70:0b:43:01:4e:15:03:20:d5:fc:2a:cf:08:52:
         0d:0b:db:b2:0f:47:01:85:b0:4e:a9:12:c2:0e:35:82:e1:c2:
         69:3e:6d:8d:3f:17:c6:0f:1e:22:21:e3:51:71:44:a1:c5:8f:
         64:d7:df:c8:5c:9d:5a:7a:b8:d5:ea:03:47:c7:af:24:c6:2e:
         76:81:ac:3e:b8:94:71:df:bb:e4:3e:df:f5:3b:5f:7b:fe:db:
         81:c2:fb:91:35:1a:91:6c:bd:cb:51:fb:6b:67:8d:70:d3:22:
         56:a2:c5:1f:90:85:2c:5a:29:cd:46:a3:71:09:02:43:56:97:
         9b:da:95:e9:2f:41:80:54:e7:d4:43:0e:73:bb:d6:28:49:e6:
         23:77:65:e1:5e:7d:43:8b:f9:1f:a0:db:3c:1e:b1:4b:ad:f9:
         03:19:53:60:4a:de:a4:49:55:60:2a:e7:53:c7:81:ab:f3:d3:
         d3:14:43:42:53:50:e4:9a:7c:e6:b7:f0:95:73:7a:6a:f6:c6:
         20:84:c2:d9:72:06:81:af:f0:a1:57:9e:65:ab:38:06:b8:a8:
         9a:a6:d6:75:3a:5b:1c:b2:b4:2b:ad:64:b7:42:09:37:ec:14:
         ff:5a:b0:a5:1c:20:f6:84:4a:26:01:35:0d:4b:e6:53:fc:35:
         7d:69:79:9b
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY4V12RqjZ1pdAIz0zSZyVQFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NGM2MGFkZWIwY2Q1NzY4Y2Y3NTZmNTYyYjFiNWNjNWI5
YzE4MGEwHhcNMjQwMzA2MjIxNzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmIyYWUzNWQzN2JkYjdiNmRjODc0YWI2ODA3NThjYTJjYWVhNjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkHqeZMM+RBP++k5FAnoJoCeh9TNw
rPzgHqh+YpBBSU9yXPTS9Nyfo97UB90fRLbe8t02NwdSquX1Ga9P0A0+AivQKgr6
xSOvtErcxQvgik2cMGJH3oaJ4/y3fWxUMu7PC/povYaS1apmfguhPpRdVsDRSq34
wLoDgS+HCCZcHgN+Jqx1WbtEAXfMMLutbfFpnAwg30HtzQpkxreJxzU96XEgx62j
FCYhwWAsgE20VIwb75FOK9UVXMSo9zWxM3+BRjNxIEvEJ3KAKLgCWX9AfBUGm62C
ObsZl6ZNISCUHrlXEw1v+SCG3W0P+nRD+hI9hgglgx2VbHz4cJyY7EwctQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFL+yrjXTe9t7bch0q2gHWMosrqaLMB8GA1UdIwQY
MBaAFMdMYK3rDNV2jPdW9WKxtcxbnBgKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMt
ODg1ZTg0ZTc1MTJlLzEvdjdLdU5kTjcyM3R0eUhTcmFBZFl5aXl1cG9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMtODg1ZTg0ZTc1MTJl
LzEveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgVBQCIw
DQYJKoZIhvcNAQELBQADggEBAG2bXhJwC0MBThUDINX8Ks8IUg0L27IPRwGFsE6p
EsIONYLhwmk+bY0/F8YPHiIh41FxRKHFj2TX38hcnVp6uNXqA0fHryTGLnaBrD64
lHHfu+Q+3/U7X3v+24HC+5E1GpFsvctR+2tnjXDTIlaixR+QhSxaKc1Go3EJAkNW
l5valekvQYBU59RDDnO71ihJ5iN3ZeFefUOL+R+g2zwesUut+QMZU2BK3qRJVWAq
51PHgavz09MUQ0JTUOSafOa38JVzemr2xiCEwtlyBoGv8KFXnmWrOAa4qJqm1nU6
WxyytCutZLdCCTfsFP9asKUcIPaESiYBNQ1L5lP8NX1peZs=
-----END CERTIFICATE-----