Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/0O_fTiNocb97YUEUYcobjF5zjCA.roa
File:                     0O_fTiNocb97YUEUYcobjF5zjCA.roa (raw, json)
Hash identifier:          zpnx3nWpuxHNyac8yOKwP4jim/AjHHpNqXOJxT7XrRQ=
Subject key identifier:   D0:EF:DF:4E:23:68:71:BF:7B:61:41:14:61:CA:1B:8C:5E:73:8C:20
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       0191B22741F437019BE543F9B65CAFB8A7D4
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/0O_fTiNocb97YUEUYcobjF5zjCA.roa
Signing time:             Mon 02 Sep 2024 09:53:22 +0000
ROA not before:           Mon 02 Sep 2024 09:53:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209294
IP address blocks:        2a0c:b641:310::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:b2:27:41:f4:37:01:9b:e5:43:f9:b6:5c:af:b8:a7:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Sep  2 09:53:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d0efdf4e236871bf7b61411461ca1b8c5e738c20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:8a:40:2c:5a:49:39:fd:5b:eb:cc:98:70:dd:
                    0e:1a:f2:f2:11:40:d7:9b:19:ea:48:72:b8:cb:bb:
                    10:01:0c:c7:55:af:db:86:1a:87:df:50:f8:01:b9:
                    36:9a:07:f5:c7:4f:ac:a5:df:2c:31:07:55:2f:9d:
                    12:e0:2c:4d:b9:90:69:63:cb:be:9f:f9:58:b2:f6:
                    9d:13:d0:23:f2:93:58:bd:30:51:ca:88:0b:6f:c7:
                    cd:68:1b:80:a2:34:6c:93:3f:71:b1:51:39:71:a2:
                    c8:08:c6:ca:dc:0c:48:06:88:33:09:02:07:3e:2d:
                    1b:02:31:55:2e:fd:c0:c4:6f:ce:f5:1d:0e:71:14:
                    8f:36:b8:2e:c8:67:ac:f1:cf:67:82:69:31:37:10:
                    ab:44:ab:fe:4f:bd:0f:18:dd:98:5b:30:73:10:f2:
                    63:ed:8a:16:aa:77:1d:96:bf:87:70:95:da:2a:00:
                    6b:0c:13:a1:fa:b9:40:d2:d8:e5:b8:d9:8e:c2:48:
                    c5:90:cd:12:7f:43:dc:50:ca:7f:f2:09:c8:55:24:
                    3a:37:9d:ce:58:30:57:d5:bc:f2:99:92:1c:f9:6b:
                    52:a9:7b:9e:43:8c:59:5b:a1:be:cd:6d:9c:d3:c0:
                    1c:e4:27:18:1f:25:b5:8e:27:34:75:c1:4e:da:f7:
                    8d:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:EF:DF:4E:23:68:71:BF:7B:61:41:14:61:CA:1B:8C:5E:73:8C:20
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/0O_fTiNocb97YUEUYcobjF5zjCA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:310::/44

    Signature Algorithm: sha256WithRSAEncryption
         9e:66:cd:55:bc:f9:21:68:74:83:b6:00:90:3a:aa:84:62:9d:
         d0:b0:0b:88:39:a5:d7:22:53:59:7e:26:c3:88:cf:25:81:d1:
         ff:48:e1:4e:90:3e:7e:7f:bd:a8:03:a6:49:2a:72:11:ed:7e:
         7e:1f:4c:6b:0b:e7:7d:5c:31:38:1f:df:ce:3b:42:57:63:4c:
         3b:3f:d7:fd:94:d2:05:da:ee:8c:29:05:fd:5d:32:2d:7d:a9:
         af:95:fa:0b:31:45:06:6f:c1:0e:84:d8:ab:e6:78:56:4b:fd:
         eb:e7:c7:53:67:6e:5c:90:72:b1:cb:41:a1:fa:fd:78:b9:d5:
         21:24:06:12:72:00:38:fd:03:f5:17:52:61:5a:7b:5d:6e:90:
         40:0c:f7:ea:db:89:7f:4d:f8:58:2c:de:b2:ed:76:24:fe:d8:
         2a:87:39:bf:56:fa:8e:4f:7b:51:44:19:ad:20:72:f3:ad:c3:
         86:4e:4a:9e:5c:26:98:6f:5d:a7:1e:8e:c1:1c:67:67:93:05:
         1c:c9:30:b0:ed:2a:36:92:d4:00:82:3c:73:fd:63:c5:42:a9:
         1d:2e:d0:c9:2b:f7:62:4f:e6:84:8c:21:4f:1b:90:8b:0d:e5:
         e5:ed:49:89:28:56:85:ce:35:36:35:9c:43:63:c0:9e:14:cf:
         28:89:5d:4b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZGyJ0H0NwGb5UP5tlyvuKfUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwOTAyMDk1MzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGVmZGY0ZTIzNjg3MWJmN2I2MTQxMTQ2MWNhMWI4YzVlNzM4YzIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnopALFpJOf1b68yYcN0OGvLyEUDX
mxnqSHK4y7sQAQzHVa/bhhqH31D4Abk2mgf1x0+spd8sMQdVL50S4CxNuZBpY8u+
n/lYsvadE9Aj8pNYvTBRyogLb8fNaBuAojRskz9xsVE5caLICMbK3AxIBogzCQIH
Pi0bAjFVLv3AxG/O9R0OcRSPNrguyGes8c9ngmkxNxCrRKv+T70PGN2YWzBzEPJj
7YoWqncdlr+HcJXaKgBrDBOh+rlA0tjluNmOwkjFkM0Sf0PcUMp/8gnIVSQ6N53O
WDBX1bzymZIc+WtSqXueQ4xZW6G+zW2c08Ac5CcYHyW1jic0dcFO2veNCQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNDv304jaHG/e2FBFGHKG4xec4wgMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvME9fZlRpTm9jYjk3WVVFVVljb2JqRjV6akNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQMQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCeZs1VvPkhaHSDtgCQOqqEYp3QsAuIOaXXIlNZ
fibDiM8lgdH/SOFOkD5+f72oA6ZJKnIR7X5+H0xrC+d9XDE4H9/OO0JXY0w7P9f9
lNIF2u6MKQX9XTItfamvlfoLMUUGb8EOhNir5nhWS/3r58dTZ25ckHKxy0Gh+v14
udUhJAYScgA4/QP1F1JhWntdbpBADPfq24l/TfhYLN6y7XYk/tgqhzm/VvqOT3tR
RBmtIHLzrcOGTkqeXCaYb12nHo7BHGdnkwUcyTCw7So2ktQAgjxz/WPFQqkdLtDJ
K/diT+aEjCFPG5CLDeXl7UmJKFaFzjU2NZxDY8CeFM8oiV1L
-----END CERTIFICATE-----