Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/b7ca89-70f2-408f-a4e4-b4a0cb8ed821/1/2C-IIyBVt0I7xVposvfTTQap9cE.roa
File:                     2C-IIyBVt0I7xVposvfTTQap9cE.roa (raw, json)
Hash identifier:          nRXABCxynkqknzBUGedUWjbjfnqDYw5/ZNUXJnAGiHI=
Subject key identifier:   D8:2F:88:23:20:55:B7:42:3B:C5:5A:68:B2:F7:D3:4D:06:A9:F5:C1
Certificate issuer:       /CN=6d650af172444b52116a7a67d74aac7df8a55e1c
Certificate serial:       018EDDA253B46DC4C1C1D3079A0C6AB4F657
Authority key identifier: 6D:65:0A:F1:72:44:4B:52:11:6A:7A:67:D7:4A:AC:7D:F8:A5:5E:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bWUK8XJES1IRanpn10qsffilXhw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/b7ca89-70f2-408f-a4e4-b4a0cb8ed821/1/2C-IIyBVt0I7xVposvfTTQap9cE.roa
Signing time:             Sun 14 Apr 2024 17:23:06 +0000
ROA not before:           Sun 14 Apr 2024 17:23:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43129
IP address blocks:        2a0a:11c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/b7ca89-70f2-408f-a4e4-b4a0cb8ed821/1/bWUK8XJES1IRanpn10qsffilXhw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/b7ca89-70f2-408f-a4e4-b4a0cb8ed821/1/bWUK8XJES1IRanpn10qsffilXhw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bWUK8XJES1IRanpn10qsffilXhw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:dd:a2:53:b4:6d:c4:c1:c1:d3:07:9a:0c:6a:b4:f6:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d650af172444b52116a7a67d74aac7df8a55e1c
        Validity
            Not Before: Apr 14 17:23:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d82f88232055b7423bc55a68b2f7d34d06a9f5c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:cc:66:76:ab:0c:a8:b1:34:99:f6:5f:45:67:
                    76:2f:fa:fe:d7:cb:fc:91:44:e5:30:bc:78:1b:31:
                    eb:2c:f5:a2:44:10:d7:e7:5a:50:05:7c:17:bf:dc:
                    93:a1:b7:a3:4a:55:cf:e0:9e:40:3d:e5:44:ff:d5:
                    3c:a3:18:dd:b2:b6:af:f1:a6:08:54:cb:de:d0:5b:
                    04:08:7b:8c:d9:87:9a:d2:57:24:a7:3f:5f:5e:dd:
                    f2:69:a4:35:81:a0:bf:46:2b:23:97:3d:05:11:45:
                    2a:96:ab:4e:3b:ce:71:81:21:ef:30:a4:43:8f:fe:
                    c4:0d:41:22:a2:1d:68:22:7d:13:08:ab:44:3f:d5:
                    70:eb:e4:84:2b:f6:07:63:67:dc:b6:6d:cb:04:30:
                    91:c0:a9:2d:96:f1:65:d0:f4:48:d9:d0:9e:98:c9:
                    46:fb:d2:06:5b:fd:cf:37:da:21:c0:d9:c1:a7:6d:
                    fb:55:e1:1a:2d:07:90:64:c3:7b:3a:9d:9b:ae:79:
                    cb:11:0c:bb:af:97:1b:bd:b3:c7:cf:99:01:c0:4c:
                    79:7a:79:66:f7:94:a4:ff:d0:af:06:c5:e5:e5:4e:
                    1f:5b:cd:d8:fa:d4:bc:72:9f:c3:4d:43:07:98:ce:
                    28:c5:4c:b5:92:29:ef:1e:33:cd:76:a0:62:e1:17:
                    7b:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:2F:88:23:20:55:B7:42:3B:C5:5A:68:B2:F7:D3:4D:06:A9:F5:C1
            X509v3 Authority Key Identifier:
                keyid:6D:65:0A:F1:72:44:4B:52:11:6A:7A:67:D7:4A:AC:7D:F8:A5:5E:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bWUK8XJES1IRanpn10qsffilXhw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/b7ca89-70f2-408f-a4e4-b4a0cb8ed821/1/2C-IIyBVt0I7xVposvfTTQap9cE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/b7ca89-70f2-408f-a4e4-b4a0cb8ed821/1/bWUK8XJES1IRanpn10qsffilXhw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:11c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         01:cd:af:57:eb:f2:16:99:ad:36:bc:e9:3a:d0:80:53:22:04:
         fa:7e:4f:20:47:dc:c9:33:7d:15:22:91:95:1b:12:a6:30:cf:
         b7:c0:9c:c3:28:f1:c0:a5:d6:0e:84:d5:e3:ce:e6:c6:6a:fb:
         c7:2e:c4:5a:81:10:03:01:2d:29:ed:c5:bd:d9:90:9f:36:37:
         d0:30:b2:1e:f5:5d:56:17:f6:fe:54:59:4d:a7:00:51:71:13:
         42:15:13:86:f8:28:f2:29:71:d3:0f:3a:40:98:93:bd:70:e3:
         9a:cb:a7:33:79:ca:98:d0:e1:ed:3e:a6:a5:0e:ab:72:f1:1d:
         a9:ee:72:92:4e:5d:21:1c:05:6c:b9:16:1a:a8:1b:39:41:7b:
         fb:db:d8:83:2b:1b:0e:c5:b8:19:28:3a:71:62:8d:47:6e:b0:
         f4:88:75:c3:8b:4e:56:a9:b0:43:3d:cb:93:2d:11:ba:a0:f8:
         08:89:c0:13:f4:60:4f:1b:90:61:ff:5a:14:46:69:c5:83:05:
         23:9f:41:10:89:c1:89:21:a7:2e:ab:35:f0:22:b0:3b:06:2c:
         78:6a:d3:27:62:41:4c:aa:4e:fe:9f:74:5f:7e:12:26:3b:4a:
         6c:76:f5:0c:93:c2:c1:b4:d3:63:64:02:7c:2c:9e:4a:e7:43:
         fd:5d:bf:6a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY7dolO0bcTBwdMHmgxqtPZXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNjUwYWYxNzI0NDRiNTIxMTZhN2E2N2Q3NGFhYzdkZjhh
NTVlMWMwHhcNMjQwNDE0MTcyMzA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODJmODgyMzIwNTViNzQyM2JjNTVhNjhiMmY3ZDM0ZDA2YTlmNWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvsxmdqsMqLE0mfZfRWd2L/r+18v8
kUTlMLx4GzHrLPWiRBDX51pQBXwXv9yTobejSlXP4J5APeVE/9U8oxjdsrav8aYI
VMve0FsECHuM2Yea0lckpz9fXt3yaaQ1gaC/Risjlz0FEUUqlqtOO85xgSHvMKRD
j/7EDUEioh1oIn0TCKtEP9Vw6+SEK/YHY2fctm3LBDCRwKktlvFl0PRI2dCemMlG
+9IGW/3PN9ohwNnBp237VeEaLQeQZMN7Op2brnnLEQy7r5cbvbPHz5kBwEx5enlm
95Sk/9CvBsXl5U4fW83Y+tS8cp/DTUMHmM4oxUy1kinvHjPNdqBi4Rd7XwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNgviCMgVbdCO8VaaLL3000GqfXBMB8GA1UdIwQY
MBaAFG1lCvFyREtSEWp6Z9dKrH34pV4cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYldVSzhYSkVTMUlSYW5wbjEwcXNmZmlsWGh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC9iN2NhODktNzBmMi00MDhmLWE0ZTQt
YjRhMGNiOGVkODIxLzEvMkMtSUl5QlZ0MEk3eFZwb3N2ZlRUUWFwOWNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC9iN2NhODktNzBmMi00MDhmLWE0ZTQtYjRhMGNiOGVkODIx
LzEvYldVSzhYSkVTMUlSYW5wbjEwcXNmZmlsWGh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgoRwDAN
BgkqhkiG9w0BAQsFAAOCAQEAAc2vV+vyFpmtNrzpOtCAUyIE+n5PIEfcyTN9FSKR
lRsSpjDPt8CcwyjxwKXWDoTV487mxmr7xy7EWoEQAwEtKe3FvdmQnzY30DCyHvVd
Vhf2/lRZTacAUXETQhUThvgo8ilx0w86QJiTvXDjmsunM3nKmNDh7T6mpQ6rcvEd
qe5ykk5dIRwFbLkWGqgbOUF7+9vYgysbDsW4GSg6cWKNR26w9Ih1w4tOVqmwQz3L
ky0RuqD4CInAE/RgTxuQYf9aFEZpxYMFI59BEInBiSGnLqs18CKwOwYseGrTJ2JB
TKpO/p90X34SJjtKbHb1DJPCwbTTY2QCfCyeSudD/V2/ag==
-----END CERTIFICATE-----