Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/deb064-a922-46a6-86ca-e43523983793/1/zdL6w9cIi0a5AVo7WcDTxP0fYdE.roa
File:                     zdL6w9cIi0a5AVo7WcDTxP0fYdE.roa (raw, json)
Hash identifier:          qJCHIMmgFJpgTbL3dQ9E65LyhYZTTILQzdUb6oQhPTM=
Subject key identifier:   CD:D2:FA:C3:D7:08:8B:46:B9:01:5A:3B:59:C0:D3:C4:FD:1F:61:D1
Certificate issuer:       /CN=bf4b51b0bac45fa226bd2dcff11730ed40ec2149
Certificate serial:       018CC8DCD639136E625446E56F719D7071B1
Authority key identifier: BF:4B:51:B0:BA:C4:5F:A2:26:BD:2D:CF:F1:17:30:ED:40:EC:21:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v0tRsLrEX6ImvS3P8Rcw7UDsIUk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/deb064-a922-46a6-86ca-e43523983793/1/zdL6w9cIi0a5AVo7WcDTxP0fYdE.roa
Signing time:             Tue 02 Jan 2024 06:29:25 +0000
ROA not before:           Tue 02 Jan 2024 06:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        141.74.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/deb064-a922-46a6-86ca-e43523983793/1/v0tRsLrEX6ImvS3P8Rcw7UDsIUk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/deb064-a922-46a6-86ca-e43523983793/1/v0tRsLrEX6ImvS3P8Rcw7UDsIUk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v0tRsLrEX6ImvS3P8Rcw7UDsIUk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:d6:39:13:6e:62:54:46:e5:6f:71:9d:70:71:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf4b51b0bac45fa226bd2dcff11730ed40ec2149
        Validity
            Not Before: Jan  2 06:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cdd2fac3d7088b46b9015a3b59c0d3c4fd1f61d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:3c:66:34:e9:45:38:da:b0:7e:3b:86:e0:04:
                    3a:d9:ad:c5:09:9b:b5:bf:bb:fd:70:39:11:e4:30:
                    a9:aa:d3:2e:5f:f1:5e:ea:d4:15:a4:7d:46:d1:dc:
                    2e:e4:77:d6:b1:23:e4:e4:d0:ea:0b:69:f2:b0:01:
                    32:00:ea:c5:a8:f2:f5:7a:f0:cc:26:dd:0a:52:25:
                    28:75:dc:2a:dc:4c:1d:9d:a1:a5:29:57:19:b7:7e:
                    fb:8d:e3:dd:6c:58:f5:2f:52:50:19:ae:25:aa:e6:
                    e6:2b:a0:25:03:28:1d:69:64:bf:94:67:52:be:ec:
                    38:16:91:a6:18:94:3f:2e:45:a5:d3:c3:b0:fb:bc:
                    b6:60:36:e1:c2:a0:08:a9:73:ec:7b:c1:5b:5e:6b:
                    81:96:6d:a0:9c:d6:fa:a7:9f:b4:7e:67:79:94:ae:
                    7b:22:d8:5b:a6:c5:b2:75:94:ce:a0:0e:fd:84:6e:
                    d3:2e:f2:58:32:a1:98:b7:d9:6d:d9:d1:23:fd:fe:
                    39:b2:f0:31:6b:20:b4:f3:06:1e:0a:27:17:b1:74:
                    fa:b9:be:38:3c:1b:3c:c9:ea:f2:14:65:51:f8:90:
                    99:7f:61:cb:cc:ff:ce:01:ed:bf:29:ef:1c:dc:38:
                    b3:d1:91:f8:37:87:ea:42:bd:bb:7d:59:1d:ef:2a:
                    3e:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:D2:FA:C3:D7:08:8B:46:B9:01:5A:3B:59:C0:D3:C4:FD:1F:61:D1
            X509v3 Authority Key Identifier:
                keyid:BF:4B:51:B0:BA:C4:5F:A2:26:BD:2D:CF:F1:17:30:ED:40:EC:21:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v0tRsLrEX6ImvS3P8Rcw7UDsIUk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/deb064-a922-46a6-86ca-e43523983793/1/zdL6w9cIi0a5AVo7WcDTxP0fYdE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/deb064-a922-46a6-86ca-e43523983793/1/v0tRsLrEX6ImvS3P8Rcw7UDsIUk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.74.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         33:14:81:a0:05:2e:80:16:4c:bd:9a:c5:fd:b1:02:cd:38:2a:
         73:cd:f9:e4:c6:88:30:a4:48:b7:3a:33:7f:64:47:cb:92:49:
         16:01:34:f0:6a:46:ca:c9:21:c1:bf:96:a7:7e:ff:42:8b:60:
         d1:e6:d8:7d:8f:2a:4e:ee:b7:56:c7:89:e9:1b:f8:fb:15:33:
         72:ba:16:a3:e0:13:7d:86:c5:6d:0f:e7:d0:b4:09:7e:69:80:
         e7:bd:cb:89:c0:41:32:ff:20:45:34:e4:b6:7b:f7:6a:c7:be:
         87:2f:2f:24:5c:70:e3:1f:dd:2e:08:97:e8:5f:9c:3a:74:29:
         c1:a5:07:d4:a9:1d:91:ba:a1:30:3c:6b:98:be:cd:ed:1f:51:
         59:9f:41:7e:9e:aa:d6:9f:ab:58:38:f1:72:3e:74:d6:4c:fc:
         91:ce:f1:f8:b8:63:c0:e0:11:5f:75:3b:ea:d3:48:b0:39:36:
         e6:8a:71:ca:ce:18:c2:8f:a1:4b:ae:56:2e:da:a5:b0:78:c6:
         63:ff:9d:08:0f:47:4d:af:c7:8f:db:e6:87:e4:e9:ec:9f:14:
         c7:2c:d7:0b:71:2b:e6:bb:77:93:ae:a1:b5:53:81:81:00:a3:
         a1:41:53:48:f4:77:58:b2:c9:16:6e:6a:62:f8:5f:ca:e1:91:
         49:46:6c:2a
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzI3NY5E25iVEblb3GdcHGxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmNGI1MWIwYmFjNDVmYTIyNmJkMmRjZmYxMTczMGVkNDBl
YzIxNDkwHhcNMjQwMTAyMDYyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGQyZmFjM2Q3MDg4YjQ2YjkwMTVhM2I1OWMwZDNjNGZkMWY2MWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgTxmNOlFONqwfjuG4AQ62a3FCZu1
v7v9cDkR5DCpqtMuX/Fe6tQVpH1G0dwu5HfWsSPk5NDqC2nysAEyAOrFqPL1evDM
Jt0KUiUoddwq3EwdnaGlKVcZt377jePdbFj1L1JQGa4lqubmK6AlAygdaWS/lGdS
vuw4FpGmGJQ/LkWl08Ow+7y2YDbhwqAIqXPse8FbXmuBlm2gnNb6p5+0fmd5lK57
IthbpsWydZTOoA79hG7TLvJYMqGYt9lt2dEj/f45svAxayC08wYeCicXsXT6ub44
PBs8yeryFGVR+JCZf2HLzP/OAe2/Ke8c3Diz0ZH4N4fqQr27fVkd7yo+NwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFM3S+sPXCItGuQFaO1nA08T9H2HRMB8GA1UdIwQY
MBaAFL9LUbC6xF+iJr0tz/EXMO1A7CFJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjB0UnNMckVYNkltdlMzUDhSY3c3VURzSVVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9kZWIwNjQtYTkyMi00NmE2LTg2Y2Et
ZTQzNTIzOTgzNzkzLzEvemRMNnc5Y0lpMGE1QVZvN1djRFR4UDBmWWRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9kZWIwNjQtYTkyMi00NmE2LTg2Y2EtZTQzNTIzOTgzNzkz
LzEvdjB0UnNMckVYNkltdlMzUDhSY3c3VURzSVVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjUowDQYJ
KoZIhvcNAQELBQADggEBADMUgaAFLoAWTL2axf2xAs04KnPN+eTGiDCkSLc6M39k
R8uSSRYBNPBqRsrJIcG/lqd+/0KLYNHm2H2PKk7ut1bHiekb+PsVM3K6FqPgE32G
xW0P59C0CX5pgOe9y4nAQTL/IEU05LZ792rHvocvLyRccOMf3S4Il+hfnDp0KcGl
B9SpHZG6oTA8a5i+ze0fUVmfQX6eqtafq1g48XI+dNZM/JHO8fi4Y8DgEV91O+rT
SLA5NuaKccrOGMKPoUuuVi7apbB4xmP/nQgPR02vx4/b5ofk6eyfFMcs1wtxK+a7
d5OuobVTgYEAo6FBU0j0d1iyyRZuamL4X8rhkUlGbCo=
-----END CERTIFICATE-----