Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/1OrusTnjKx2SErxIUUPJjZAcieo.roa
File:                     1OrusTnjKx2SErxIUUPJjZAcieo.roa (raw, json)
Hash identifier:          7cWrBY2oHD0MLX5A8Y7piCUsX/Eehs4urcMlhMZQFpk=
Subject key identifier:   D4:EA:EE:B1:39:E3:2B:1D:92:12:BC:48:51:43:C9:8D:90:1C:89:EA
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8014E322D4F390BB856AB5CE35A14C8
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/1OrusTnjKx2SErxIUUPJjZAcieo.roa
Signing time:             Tue 02 Jan 2024 02:29:37 +0000
ROA not before:           Tue 02 Jan 2024 02:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57470
IP address blocks:        2a0c:b641:1a0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:4e:32:2d:4f:39:0b:b8:56:ab:5c:e3:5a:14:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d4eaeeb139e32b1d9212bc485143c98d901c89ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:f5:de:d0:6b:2c:5f:b7:58:04:c3:7f:a6:80:
                    7b:6d:4a:42:f4:ab:3e:b9:67:57:f2:7c:96:d3:67:
                    ce:31:fe:36:e6:f7:d0:b2:15:d8:69:56:0f:8d:6e:
                    aa:94:65:2a:ae:f2:04:49:8a:1d:44:38:37:70:0e:
                    9d:0c:df:c4:06:5c:38:f3:81:f1:38:a1:61:c8:1a:
                    1c:8b:12:83:aa:59:c8:12:4d:c9:f4:da:70:2d:23:
                    4f:5e:23:22:71:ae:40:b1:ac:18:65:cc:cc:13:6d:
                    34:2a:dd:18:1a:e7:44:97:89:5b:4a:cc:84:e5:f2:
                    fd:2d:ec:9a:cb:8b:9e:34:dd:0a:a7:ca:98:bd:c0:
                    1d:74:7e:16:16:c2:35:d2:66:ac:03:3f:10:a0:da:
                    26:2d:20:f5:e7:d7:5e:3d:f1:68:fb:a3:e1:f0:83:
                    85:02:0f:5a:7f:1a:57:0f:9d:bc:15:3f:0f:2d:ac:
                    7e:b7:98:02:1c:c3:d8:96:85:9b:31:e9:0b:c5:8e:
                    89:fc:2b:98:5a:b1:22:5b:8c:e9:76:73:8b:3f:70:
                    c0:b1:7b:c1:da:7b:31:77:e5:08:57:28:18:d6:ac:
                    bd:87:59:69:0c:a1:9f:59:b7:eb:75:2f:f6:a7:0c:
                    df:08:a8:d6:8c:22:ae:11:a8:e0:fa:73:1e:87:39:
                    d7:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:EA:EE:B1:39:E3:2B:1D:92:12:BC:48:51:43:C9:8D:90:1C:89:EA
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/1OrusTnjKx2SErxIUUPJjZAcieo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:1a0::/44

    Signature Algorithm: sha256WithRSAEncryption
         7b:a5:0a:24:5e:d0:47:d9:81:32:f9:9d:5e:b2:b6:90:9c:42:
         d7:a4:3c:ea:ad:da:8a:75:23:98:06:fc:36:e2:ec:96:cb:5d:
         1a:34:91:fb:49:d1:22:31:fe:7e:32:7c:f1:6f:da:91:bf:f1:
         f6:08:8e:6f:68:bb:30:b5:d5:fb:be:e8:7e:40:13:84:04:d8:
         e1:05:ff:c7:c3:19:f9:17:2e:97:21:32:3e:4e:9a:3a:5d:3c:
         6e:d1:18:49:e6:70:04:d8:13:c8:af:8e:e5:96:24:29:32:35:
         8a:dc:00:6a:d3:03:d2:2b:db:c8:3a:67:f8:35:73:7c:e2:45:
         5f:bd:0c:7c:12:67:52:3d:49:d6:54:ef:a9:63:f3:d7:fa:3e:
         c6:96:de:3a:38:8d:08:0b:88:08:65:9f:63:47:d7:5e:eb:44:
         79:55:d6:a7:77:05:87:d7:05:76:ac:20:3c:08:75:04:7e:d8:
         8f:61:49:4a:6e:7f:e5:4d:bc:19:98:13:fd:84:f2:ae:1e:1e:
         88:5b:af:59:9b:ef:a8:81:69:31:20:aa:47:d4:e8:63:90:a2:
         ae:77:94:2b:31:fb:b5:02:84:de:cb:48:3d:4d:97:d3:6e:ce:
         49:80:ba:bd:39:a6:73:e7:8b:e1:d3:b0:17:de:87:98:44:72:
         a0:d2:67:eb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAU4yLU85C7hWq1zjWhTIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGVhZWViMTM5ZTMyYjFkOTIxMmJjNDg1MTQzYzk4ZDkwMWM4OWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiPXe0GssX7dYBMN/poB7bUpC9Ks+
uWdX8nyW02fOMf425vfQshXYaVYPjW6qlGUqrvIESYodRDg3cA6dDN/EBlw484Hx
OKFhyBocixKDqlnIEk3J9NpwLSNPXiMica5AsawYZczME200Kt0YGudEl4lbSsyE
5fL9Leyay4ueNN0Kp8qYvcAddH4WFsI10masAz8QoNomLSD159dePfFo+6Ph8IOF
Ag9afxpXD528FT8PLax+t5gCHMPYloWbMekLxY6J/CuYWrEiW4zpdnOLP3DAsXvB
2nsxd+UIVygY1qy9h1lpDKGfWbfrdS/2pwzfCKjWjCKuEajg+nMehznXVwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNTq7rE54ysdkhK8SFFDyY2QHInqMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvMU9ydXNUbmpLeDJTRXJ4SVVVUEpqWkFjaWVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQGg
MA0GCSqGSIb3DQEBCwUAA4IBAQB7pQokXtBH2YEy+Z1esraQnELXpDzqrdqKdSOY
Bvw24uyWy10aNJH7SdEiMf5+Mnzxb9qRv/H2CI5vaLswtdX7vuh+QBOEBNjhBf/H
wxn5Fy6XITI+Tpo6XTxu0RhJ5nAE2BPIr47lliQpMjWK3ABq0wPSK9vIOmf4NXN8
4kVfvQx8EmdSPUnWVO+pY/PX+j7Glt46OI0IC4gIZZ9jR9de60R5VdandwWH1wV2
rCA8CHUEftiPYUlKbn/lTbwZmBP9hPKuHh6IW69Zm++ogWkxIKpH1OhjkKKud5Qr
Mfu1AoTey0g9TZfTbs5JgLq9OaZz54vh07AX3oeYRHKg0mfr
-----END CERTIFICATE-----