Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/df38da-75cd-4e21-ad38-f2a2a5d5045e/1/KVOIZDJArnbSLeT9k2tUY1h3MoM.roa
File:                     KVOIZDJArnbSLeT9k2tUY1h3MoM.roa (raw, json)
Hash identifier:          JCEZL5oEvMvBCyS0o/fDWQ58Z/qUt/3FEkcDoXR4xSQ=
Subject key identifier:   29:53:88:64:32:40:AE:76:D2:2D:E4:FD:93:6B:54:63:58:77:32:83
Certificate issuer:       /CN=c1c26bb574b89b8c1866f8474bb1cb003264ec20
Certificate serial:       018CC3494D018D35E92DF0E83AD54E066A26
Authority key identifier: C1:C2:6B:B5:74:B8:9B:8C:18:66:F8:47:4B:B1:CB:00:32:64:EC:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wcJrtXS4m4wYZvhHS7HLADJk7CA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/df38da-75cd-4e21-ad38-f2a2a5d5045e/1/KVOIZDJArnbSLeT9k2tUY1h3MoM.roa
Signing time:             Mon 01 Jan 2024 04:30:10 +0000
ROA not before:           Mon 01 Jan 2024 04:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        2a0c:4a01:1b::/48 maxlen: 48
                          2a0c:4a01:3b::/48 maxlen: 48
                          2a0c:4a00:2b::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/df38da-75cd-4e21-ad38-f2a2a5d5045e/1/wcJrtXS4m4wYZvhHS7HLADJk7CA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/df38da-75cd-4e21-ad38-f2a2a5d5045e/1/wcJrtXS4m4wYZvhHS7HLADJk7CA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wcJrtXS4m4wYZvhHS7HLADJk7CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:4d:01:8d:35:e9:2d:f0:e8:3a:d5:4e:06:6a:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1c26bb574b89b8c1866f8474bb1cb003264ec20
        Validity
            Not Before: Jan  1 04:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=295388643240ae76d22de4fd936b546358773283
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:b8:08:d8:81:6d:8a:47:fe:5f:f8:a3:79:ff:
                    99:70:a4:73:f0:c8:22:dd:c8:48:99:7d:08:1d:33:
                    29:d0:db:3d:0c:e7:f0:de:f2:c3:fe:42:da:0c:b0:
                    8d:35:a8:fa:7f:d8:c7:9b:b3:74:41:d4:59:00:ca:
                    05:21:8e:0c:53:4f:a3:b2:cf:c8:9b:f3:97:a6:55:
                    c7:68:71:f8:ba:75:65:51:a4:fa:1d:dc:77:1d:d4:
                    22:a1:cb:a9:fc:25:24:d4:90:83:b8:6a:9e:2a:a2:
                    f3:0e:86:b2:c0:8b:96:bf:bc:8a:a5:15:8f:93:bf:
                    ae:96:c4:b9:f1:5b:41:85:34:20:17:16:13:63:70:
                    33:0a:25:6b:c8:bf:15:85:7d:13:24:10:a9:9e:e9:
                    4f:67:44:94:ac:cb:85:85:36:df:56:d5:fb:35:42:
                    ca:cd:7c:30:d5:72:ee:19:c3:06:ab:09:4f:09:53:
                    e6:01:7e:15:80:ea:0e:f8:82:93:f2:ba:fb:aa:88:
                    93:10:6a:c5:1d:71:d9:98:73:d1:75:5e:66:d0:cc:
                    8c:5e:d8:9c:51:e1:e1:47:c3:89:b5:fd:f7:70:6f:
                    79:5f:e4:de:aa:48:d2:5e:97:28:bf:40:a0:cc:2f:
                    e8:16:1e:3a:84:37:ab:5f:d7:76:44:5f:d3:fe:0e:
                    48:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:53:88:64:32:40:AE:76:D2:2D:E4:FD:93:6B:54:63:58:77:32:83
            X509v3 Authority Key Identifier:
                keyid:C1:C2:6B:B5:74:B8:9B:8C:18:66:F8:47:4B:B1:CB:00:32:64:EC:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wcJrtXS4m4wYZvhHS7HLADJk7CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/df38da-75cd-4e21-ad38-f2a2a5d5045e/1/KVOIZDJArnbSLeT9k2tUY1h3MoM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/df38da-75cd-4e21-ad38-f2a2a5d5045e/1/wcJrtXS4m4wYZvhHS7HLADJk7CA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:4a00:2b::/48
                  2a0c:4a01:1b::/48
                  2a0c:4a01:3b::/48

    Signature Algorithm: sha256WithRSAEncryption
         53:03:55:f6:4b:6f:f5:67:32:ad:74:ad:1b:f3:48:9b:55:88:
         4c:8f:64:27:c0:38:16:0d:96:46:d3:4f:0a:e7:4b:d5:25:30:
         05:50:c3:1d:80:0f:3f:c8:2e:51:1a:8e:68:33:4c:fd:e8:b0:
         69:e4:8a:4a:c9:45:ef:6e:3c:5e:09:21:1a:03:0f:c3:4d:ca:
         17:41:e7:3d:1e:8a:eb:72:07:98:f2:44:f2:6d:19:f7:e4:a9:
         be:e5:22:ad:a3:11:c2:6b:72:26:f0:81:1e:78:bd:03:70:2e:
         ac:3a:d2:be:67:89:c2:6e:65:66:1b:f2:7b:9e:5a:c5:e0:e9:
         3d:ee:c7:8a:c0:93:45:9e:c7:73:14:36:6e:eb:71:56:d6:e4:
         da:e3:18:4c:6c:49:9b:28:10:47:cc:3d:0f:ee:90:e3:90:d0:
         cf:63:26:61:bb:3f:0e:b2:d3:4f:cb:8f:3d:39:27:c8:6a:c7:
         ec:03:f9:83:80:cb:f3:60:26:ba:5c:ef:c6:3f:23:6d:d3:89:
         0c:3e:04:c2:1c:48:08:ea:bf:8a:d9:1e:cb:64:f9:f2:35:91:
         c5:0e:94:7c:e4:e2:80:53:92:7d:c4:9e:03:fd:d6:bb:38:18:
         6d:d7:81:0c:78:88:4d:c9:9c:2c:4f:d9:78:ce:94:e0:f3:d9:
         01:3f:8f:c6
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzDSU0BjTXpLfDoOtVOBmomMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxYzI2YmI1NzRiODliOGMxODY2Zjg0NzRiYjFjYjAwMzI2
NGVjMjAwHhcNMjQwMTAxMDQzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTUzODg2NDMyNDBhZTc2ZDIyZGU0ZmQ5MzZiNTQ2MzU4NzczMjgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlLgI2IFtikf+X/ijef+ZcKRz8Mgi
3chImX0IHTMp0Ns9DOfw3vLD/kLaDLCNNaj6f9jHm7N0QdRZAMoFIY4MU0+jss/I
m/OXplXHaHH4unVlUaT6Hdx3HdQiocup/CUk1JCDuGqeKqLzDoaywIuWv7yKpRWP
k7+ulsS58VtBhTQgFxYTY3AzCiVryL8VhX0TJBCpnulPZ0SUrMuFhTbfVtX7NULK
zXww1XLuGcMGqwlPCVPmAX4VgOoO+IKT8rr7qoiTEGrFHXHZmHPRdV5m0MyMXtic
UeHhR8OJtf33cG95X+TeqkjSXpcov0CgzC/oFh46hDerX9d2RF/T/g5IFQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFClTiGQyQK520i3k/ZNrVGNYdzKDMB8GA1UdIwQY
MBaAFMHCa7V0uJuMGGb4R0uxywAyZOwgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2NKcnRYUzRtNHdZWnZoSFM3SExBREprN0NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9kZjM4ZGEtNzVjZC00ZTIxLWFkMzgt
ZjJhMmE1ZDUwNDVlLzEvS1ZPSVpESkFybmJTTGVUOWsydFVZMWgzTW9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9kZjM4ZGEtNzVjZC00ZTIxLWFkMzgtZjJhMmE1ZDUwNDVl
LzEvd2NKcnRYUzRtNHdZWnZoSFM3SExBREprN0NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcAKgxKAAAr
AwcAKgxKAQAbAwcAKgxKAQA7MA0GCSqGSIb3DQEBCwUAA4IBAQBTA1X2S2/1ZzKt
dK0b80ibVYhMj2QnwDgWDZZG008K50vVJTAFUMMdgA8/yC5RGo5oM0z96LBp5IpK
yUXvbjxeCSEaAw/DTcoXQec9HorrcgeY8kTybRn35Km+5SKtoxHCa3Im8IEeeL0D
cC6sOtK+Z4nCbmVmG/J7nlrF4Ok97seKwJNFnsdzFDZu63FW1uTa4xhMbEmbKBBH
zD0P7pDjkNDPYyZhuz8OstNPy489OSfIasfsA/mDgMvzYCa6XO/GPyNt04kMPgTC
HEgI6r+K2R7LZPnyNZHFDpR85OKAU5J9xJ4D/da7OBht14EMeIhNyZwsT9l4zpTg
89kBP4/G
-----END CERTIFICATE-----