Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/1-oviYZUyjL_qSEyC-mUTmddRbSM.roa
File:                     1-oviYZUyjL_qSEyC-mUTmddRbSM.roa (raw, json)
Hash identifier:          lPeiSai3npYqro2xsh+oNlK1rQMAjy+EpZ6DGinQJE8=
Subject key identifier:   FA:8B:E2:61:95:32:8C:BF:EA:48:4C:82:FA:65:13:99:D7:51:6D:23
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018E67C7B6E7774BDC4091D431783088A682
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/1-oviYZUyjL_qSEyC-mUTmddRbSM.roa
Signing time:             Fri 22 Mar 2024 20:08:45 +0000
ROA not before:           Fri 22 Mar 2024 20:08:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204765
IP address blocks:        2a0c:b641:8b0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:67:c7:b6:e7:77:4b:dc:40:91:d4:31:78:30:88:a6:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Mar 22 20:08:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fa8be26195328cbfea484c82fa651399d7516d23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:20:f8:f1:2f:b7:f3:1c:8a:42:13:74:ff:fa:
                    1c:b3:82:8f:b8:9b:9c:d3:5a:ac:1b:00:d5:b7:5a:
                    59:ea:3d:d0:69:51:33:ba:87:17:2d:60:87:58:3a:
                    b2:fd:06:d3:12:1a:5a:8b:a9:af:f5:1a:11:1c:36:
                    eb:f8:35:df:d1:58:45:f4:9b:d4:2a:7d:b4:db:16:
                    0b:0a:93:f7:7d:c7:22:56:2c:c8:ed:90:43:2e:ec:
                    63:2f:10:2b:4b:e9:08:d8:6d:9a:27:8a:7a:cb:08:
                    ec:b5:ad:66:62:33:a8:5c:34:3f:0d:6b:fc:25:f9:
                    dc:a3:ad:cc:8c:ad:dd:c7:f2:b1:a4:ce:7e:5b:97:
                    d5:a4:b8:11:13:29:53:6b:42:bb:1b:cd:a6:e2:0e:
                    9a:f9:70:83:dd:44:76:7c:8d:00:69:b9:89:d9:4d:
                    fe:ab:0d:24:03:c7:0c:6d:64:48:2c:2a:4a:a1:31:
                    9b:a6:a4:1b:ce:a9:b8:ba:f2:47:a2:9d:51:c3:68:
                    d4:82:8e:0e:7e:80:9d:e8:72:ca:ac:a6:1a:2d:33:
                    95:07:4b:a8:ba:0b:1c:d6:43:8e:8f:f4:da:1c:61:
                    39:99:22:0b:9e:9b:ca:00:3f:8d:33:4f:91:e9:d5:
                    1a:b6:d5:c9:d5:27:86:3f:21:5e:f8:2b:cd:73:47:
                    a4:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:8B:E2:61:95:32:8C:BF:EA:48:4C:82:FA:65:13:99:D7:51:6D:23
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/1-oviYZUyjL_qSEyC-mUTmddRbSM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:8b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         0a:d5:20:09:ad:4b:4b:ad:5d:0e:48:9d:75:6a:21:87:f1:ff:
         37:80:30:05:28:61:a6:ca:b7:cf:2b:2c:23:c9:db:0b:11:a5:
         83:54:1c:87:ec:3d:1f:ea:d8:8e:82:fd:1e:5a:6d:ba:9c:e3:
         12:c8:7d:d8:65:e9:ae:8f:5b:b0:f9:93:90:4a:bb:25:75:8d:
         52:77:9b:3e:ab:60:a5:f9:4f:ff:13:55:31:40:7e:28:76:fb:
         2b:f3:cb:54:ce:f9:f2:cb:b0:d9:77:51:57:2b:d4:37:18:d5:
         32:70:b4:be:ff:5f:a6:e2:cc:bc:03:be:1e:9c:98:43:e9:b8:
         53:5e:0d:39:6c:aa:1d:5f:a3:8e:08:34:0b:71:52:55:6b:0a:
         dc:d3:a9:3e:c0:78:34:9a:90:ff:75:e7:90:24:03:94:06:c5:
         6f:85:79:dc:48:b3:37:55:74:29:49:31:46:41:67:bc:65:a0:
         a4:fb:ac:2a:f4:78:d5:1b:09:af:dc:7c:65:9b:f8:a3:fe:96:
         44:50:3c:16:5c:9d:8d:fd:5a:ec:11:66:df:a3:9f:ae:ee:4b:
         3d:8d:65:20:d6:1a:c1:8d:51:a8:fe:74:d8:0a:30:8c:c6:dd:
         1b:78:0b:f4:81:03:c6:37:20:50:ec:1c:7c:66:cb:1d:79:d3:
         96:67:b1:0c
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAY5nx7bnd0vcQJHUMXgwiKaCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMzIyMjAwODQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYThiZTI2MTk1MzI4Y2JmZWE0ODRjODJmYTY1MTM5OWQ3NTE2ZDIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqyD48S+38xyKQhN0//ocs4KPuJuc
01qsGwDVt1pZ6j3QaVEzuocXLWCHWDqy/QbTEhpai6mv9RoRHDbr+DXf0VhF9JvU
Kn202xYLCpP3fcciVizI7ZBDLuxjLxArS+kI2G2aJ4p6ywjsta1mYjOoXDQ/DWv8
Jfnco63MjK3dx/KxpM5+W5fVpLgREylTa0K7G82m4g6a+XCD3UR2fI0AabmJ2U3+
qw0kA8cMbWRILCpKoTGbpqQbzqm4uvJHop1Rw2jUgo4OfoCd6HLKrKYaLTOVB0uo
ugsc1kOOj/TaHGE5mSILnpvKAD+NM0+R6dUattXJ1SeGPyFe+CvNc0ekvQIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFPqL4mGVMoy/6khMgvplE5nXUW0jMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvMS1vdmlZWlV5akxfcVNFeUMtbVVUbWRkUmJTTS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjkvMmJhYWRjLTJiN2EtNGVjMC05NWNhLTVlYzhjOGVkNjBm
ZC8xL0JaZG9BVFk5TjFlR0ZTNU5CaDUxeUw2elVGZy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHBCoMtkEI
sDANBgkqhkiG9w0BAQsFAAOCAQEACtUgCa1LS61dDkiddWohh/H/N4AwBShhpsq3
zyssI8nbCxGlg1Qch+w9H+rYjoL9HlptupzjEsh92GXpro9bsPmTkEq7JXWNUneb
PqtgpflP/xNVMUB+KHb7K/PLVM758suw2XdRVyvUNxjVMnC0vv9fpuLMvAO+HpyY
Q+m4U14NOWyqHV+jjgg0C3FSVWsK3NOpPsB4NJqQ/3XnkCQDlAbFb4V53EizN1V0
KUkxRkFnvGWgpPusKvR41RsJr9x8ZZv4o/6WRFA8Flydjf1a7BFm36Ofru5LPY1l
INYawY1RqP502AowjMbdG3gL9IEDxjcgUOwcfGbLHXnTlmexDA==
-----END CERTIFICATE-----