Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/1-FXG3UOP4yqONAULdI7nkry42JY.roa
File:                     1-FXG3UOP4yqONAULdI7nkry42JY.roa (raw, json)
Hash identifier:          12UpgMyglpeCaI7HjVjZ3ObK4QjsQBeQKvCiPZBl1nI=
Subject key identifier:   F8:55:C6:DD:43:8F:E3:2A:8E:34:05:0B:74:8E:E7:92:BC:B8:D8:96
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018FECE47C663E02B33F8C9ACB4CDC436C48
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/1-FXG3UOP4yqONAULdI7nkry42JY.roa
Signing time:             Thu 06 Jun 2024 09:32:28 +0000
ROA not before:           Thu 06 Jun 2024 09:32:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214753
IP address blocks:        2a0c:b641:c80::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:ec:e4:7c:66:3e:02:b3:3f:8c:9a:cb:4c:dc:43:6c:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jun  6 09:32:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f855c6dd438fe32a8e34050b748ee792bcb8d896
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:e7:ed:be:7b:6e:bb:f3:2a:ad:be:d4:a6:d2:
                    e0:c2:06:9b:25:be:99:b4:76:36:3d:5b:c0:49:7e:
                    36:49:01:ab:fe:8c:12:c7:33:6a:5f:77:d2:0b:c3:
                    60:39:f6:7e:a8:23:79:45:69:b8:ef:2d:61:70:50:
                    db:bb:0a:1f:8b:e6:0a:26:1a:d5:ec:98:4a:d8:61:
                    32:0d:77:d3:d2:b5:59:bf:9a:dc:b2:c6:c1:f9:37:
                    41:75:80:f3:50:34:0d:0f:4b:76:35:11:53:28:5f:
                    9b:dd:c4:4d:79:1a:dc:b9:1d:2b:9b:d7:fb:b6:ad:
                    63:e5:a9:a3:c1:b5:b9:0b:d6:13:f0:17:e4:e5:f3:
                    5d:8e:c4:fb:81:2f:0b:ac:b2:a0:75:0e:07:85:0e:
                    bd:89:a6:d4:59:da:b1:3a:bc:9b:ed:57:18:94:53:
                    70:98:c7:79:6d:3f:28:51:51:67:19:99:18:18:c4:
                    4e:e2:6e:24:88:c7:1b:05:e2:f2:0c:0d:7a:97:16:
                    38:66:a1:d1:a9:81:a0:27:cc:89:d5:68:d0:c4:b6:
                    49:c9:5e:c6:26:ee:25:5f:a1:96:f1:d7:20:f1:50:
                    dc:67:c3:54:f3:d8:81:47:a8:2e:b6:bc:97:d3:ea:
                    85:38:c7:3c:84:f3:ef:c0:32:6d:81:76:98:a2:fc:
                    be:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:55:C6:DD:43:8F:E3:2A:8E:34:05:0B:74:8E:E7:92:BC:B8:D8:96
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/1-FXG3UOP4yqONAULdI7nkry42JY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:c80::/44

    Signature Algorithm: sha256WithRSAEncryption
         18:aa:dd:22:bc:23:6b:78:66:f7:eb:98:57:73:ec:78:54:6b:
         e2:df:90:60:8c:60:00:93:d3:cd:3e:26:00:4f:23:57:19:7d:
         a5:96:0e:9b:bb:43:4b:7f:bc:4b:b6:fd:b5:5e:f9:ef:cb:e7:
         19:2f:51:31:9e:74:df:96:6e:9d:05:8e:2f:2a:1a:d4:05:42:
         00:96:04:de:76:71:06:dd:95:97:b2:86:59:e1:81:6f:52:fc:
         cb:71:ca:95:d3:5d:85:a3:e3:ec:f9:6f:86:05:38:94:69:29:
         ed:ab:05:f3:78:fc:75:28:a2:c1:f5:84:02:0d:cc:46:ae:74:
         96:74:42:74:33:88:eb:a6:ea:86:48:72:f3:29:69:29:4e:99:
         96:5d:eb:84:4b:87:dc:47:38:e2:27:a9:4f:db:8c:85:fd:5e:
         56:36:45:af:8f:1a:e9:e6:21:91:ff:c5:f7:e2:b3:fd:8c:24:
         c6:85:3d:bd:a7:38:53:6e:ac:9c:d8:af:4e:d6:1b:36:f0:0b:
         a4:eb:99:39:20:0c:34:36:24:f4:31:06:cf:91:0b:c6:11:d8:
         57:80:de:0a:6e:b7:2d:fa:38:71:7f:a2:94:5d:36:5c:3b:9a:
         d4:dc:e8:c9:56:26:78:15:6b:94:a3:26:b7:19:b8:32:5f:4b:
         0a:c2:12:cd
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAY/s5HxmPgKzP4yay0zcQ2xIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwNjA2MDkzMjI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODU1YzZkZDQzOGZlMzJhOGUzNDA1MGI3NDhlZTc5MmJjYjhkODk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyuftvntuu/Mqrb7UptLgwgabJb6Z
tHY2PVvASX42SQGr/owSxzNqX3fSC8NgOfZ+qCN5RWm47y1hcFDbuwofi+YKJhrV
7JhK2GEyDXfT0rVZv5rcssbB+TdBdYDzUDQND0t2NRFTKF+b3cRNeRrcuR0rm9f7
tq1j5amjwbW5C9YT8Bfk5fNdjsT7gS8LrLKgdQ4HhQ69iabUWdqxOryb7VcYlFNw
mMd5bT8oUVFnGZkYGMRO4m4kiMcbBeLyDA16lxY4ZqHRqYGgJ8yJ1WjQxLZJyV7G
Ju4lX6GW8dcg8VDcZ8NU89iBR6gutryX0+qFOMc8hPPvwDJtgXaYovy+2QIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFPhVxt1Dj+MqjjQFC3SO55K8uNiWMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvMS1GWEczVU9QNHlxT05BVUxkSTdua3J5NDJKWS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjkvMmJhYWRjLTJiN2EtNGVjMC05NWNhLTVlYzhjOGVkNjBm
ZC8xL0JaZG9BVFk5TjFlR0ZTNU5CaDUxeUw2elVGZy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHBCoMtkEM
gDANBgkqhkiG9w0BAQsFAAOCAQEAGKrdIrwja3hm9+uYV3PseFRr4t+QYIxgAJPT
zT4mAE8jVxl9pZYOm7tDS3+8S7b9tV7578vnGS9RMZ5035ZunQWOLyoa1AVCAJYE
3nZxBt2Vl7KGWeGBb1L8y3HKldNdhaPj7PlvhgU4lGkp7asF83j8dSiiwfWEAg3M
Rq50lnRCdDOI66bqhkhy8ylpKU6Zll3rhEuH3Ec44iepT9uMhf1eVjZFr48a6eYh
kf/F9+Kz/YwkxoU9vac4U26snNivTtYbNvALpOuZOSAMNDYk9DEGz5ELxhHYV4De
Cm63Lfo4cX+ilF02XDua1NzoyVYmeBVrlKMmtxm4Ml9LCsISzQ==
-----END CERTIFICATE-----