Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/kImhZhYdS10-9wfC7u3GoGn4d3o.roa
File:                     kImhZhYdS10-9wfC7u3GoGn4d3o.roa (raw, json)
Hash identifier:          IIInjblsIZeFu122fQKrMKpm6GHJj8uvRs9rR+LcxBA=
Subject key identifier:   90:89:A1:66:16:1D:4B:5D:3E:F7:07:C2:EE:ED:C6:A0:69:F8:77:7A
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC801516268FF9C5B8607D35E43120C0F
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/kImhZhYdS10-9wfC7u3GoGn4d3o.roa
Signing time:             Tue 02 Jan 2024 02:29:38 +0000
ROA not before:           Tue 02 Jan 2024 02:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        2a0c:b641:150::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:51:62:68:ff:9c:5b:86:07:d3:5e:43:12:0c:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9089a166161d4b5d3ef707c2eeedc6a069f8777a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:16:88:a4:9b:c1:e0:79:e9:d6:d9:3f:9e:57:
                    a4:7c:f2:5a:24:7e:ba:98:03:b8:c0:a7:e3:21:a2:
                    47:31:78:6f:cf:52:ea:3a:a5:de:cf:da:10:6b:30:
                    43:ff:98:cd:10:99:df:1b:8b:dd:0f:a1:55:08:39:
                    29:fd:21:c3:6e:46:c8:3d:79:e6:f1:92:8f:02:6f:
                    e1:14:be:2e:eb:42:2d:0f:18:3e:9a:36:54:cf:14:
                    94:84:17:2c:5e:42:6e:06:61:46:3b:b8:77:d3:ed:
                    c9:6d:bc:2c:32:f9:32:7f:16:a7:07:6e:51:14:17:
                    33:06:54:f9:8c:39:ac:bf:ac:59:2b:4f:18:8b:81:
                    f1:8e:a4:4e:5d:ab:67:3c:54:81:71:6c:3c:fe:1e:
                    c2:a0:ed:93:09:1c:69:eb:42:f6:2c:66:ed:ea:4d:
                    62:18:3a:dc:b3:b1:db:32:34:04:b8:7a:4a:79:5c:
                    67:f9:00:6d:ad:d6:3b:00:a2:0b:6e:60:82:ff:f5:
                    42:71:48:17:0e:98:3b:b1:67:52:86:98:5a:15:1d:
                    b8:26:40:ef:bc:67:e6:9b:be:d0:38:d5:d8:10:ff:
                    ac:44:6b:53:dc:c6:46:bb:f8:bc:1d:85:13:ad:dc:
                    16:15:e9:84:2c:83:15:f9:f8:01:b2:29:9f:d8:5e:
                    9c:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:89:A1:66:16:1D:4B:5D:3E:F7:07:C2:EE:ED:C6:A0:69:F8:77:7A
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/kImhZhYdS10-9wfC7u3GoGn4d3o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:150::/44

    Signature Algorithm: sha256WithRSAEncryption
         a0:ee:15:5c:76:52:96:f2:27:c5:44:38:e7:8e:4f:e7:28:75:
         79:d5:ce:76:9b:a4:fd:2f:c5:13:e5:2c:5a:9e:08:72:83:65:
         f1:08:3d:5f:aa:a7:e4:d6:eb:eb:7b:93:b6:fe:c6:9d:54:08:
         24:8d:de:60:24:61:6b:2e:cb:5b:f7:3c:3b:bb:e7:bb:3b:11:
         73:9c:f2:43:1b:cc:88:43:cf:11:69:51:bd:ca:bc:99:98:fe:
         06:94:1c:3c:e5:43:40:c6:c6:54:33:23:fa:d2:87:6f:c6:c0:
         c4:7a:3b:1d:a7:ae:67:9e:e6:0e:08:3f:73:3d:85:22:30:16:
         43:18:04:74:05:13:73:80:c6:4d:2d:04:7b:87:b0:09:e4:35:
         43:a6:81:1a:bb:88:1b:3f:c3:2b:ca:b9:ef:48:e9:b7:fb:45:
         5d:ba:59:99:e7:5a:eb:8c:b9:3a:83:d4:a4:7a:27:c6:48:d7:
         db:08:ef:1a:3e:77:77:4c:b5:06:74:b0:06:79:04:5f:76:de:
         0a:f1:7e:23:9a:61:64:b2:d2:19:7c:f2:2f:26:bb:f8:6e:6f:
         d0:69:be:a0:f9:f0:ff:61:5d:0a:f2:03:32:55:0a:f8:5f:b2:
         2c:e6:1c:29:d2:fd:26:30:d7:97:38:47:5e:a3:31:30:f2:6d:
         82:35:29:79
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAVFiaP+cW4YH015DEgwPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDg5YTE2NjE2MWQ0YjVkM2VmNzA3YzJlZWVkYzZhMDY5Zjg3NzdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqhaIpJvB4Hnp1tk/nlekfPJaJH66
mAO4wKfjIaJHMXhvz1LqOqXez9oQazBD/5jNEJnfG4vdD6FVCDkp/SHDbkbIPXnm
8ZKPAm/hFL4u60ItDxg+mjZUzxSUhBcsXkJuBmFGO7h30+3JbbwsMvkyfxanB25R
FBczBlT5jDmsv6xZK08Yi4HxjqROXatnPFSBcWw8/h7CoO2TCRxp60L2LGbt6k1i
GDrcs7HbMjQEuHpKeVxn+QBtrdY7AKILbmCC//VCcUgXDpg7sWdShphaFR24JkDv
vGfmm77QONXYEP+sRGtT3MZGu/i8HYUTrdwWFemELIMV+fgBsimf2F6cCQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJCJoWYWHUtdPvcHwu7txqBp+Hd6MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEva0ltaFpoWWRTMTAtOXdmQzd1M0dvR240ZDNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQFQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCg7hVcdlKW8ifFRDjnjk/nKHV51c52m6T9L8UT
5Sxanghyg2XxCD1fqqfk1uvre5O2/sadVAgkjd5gJGFrLstb9zw7u+e7OxFznPJD
G8yIQ88RaVG9yryZmP4GlBw85UNAxsZUMyP60odvxsDEejsdp65nnuYOCD9zPYUi
MBZDGAR0BRNzgMZNLQR7h7AJ5DVDpoEau4gbP8MryrnvSOm3+0VdulmZ51rrjLk6
g9SkeifGSNfbCO8aPnd3TLUGdLAGeQRfdt4K8X4jmmFkstIZfPIvJrv4bm/Qab6g
+fD/YV0K8gMyVQr4X7Is5hwp0v0mMNeXOEdeozEw8m2CNSl5
-----END CERTIFICATE-----