Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/1Y0doTLRoLqcdyVuIvkmPfknesQ.roa
File:                     1Y0doTLRoLqcdyVuIvkmPfknesQ.roa (raw, json)
Hash identifier:          PSWiREW5d+Xmu+JUYOs+eCRkNUzcfAltzdlDkACRCC0=
Subject key identifier:   D5:8D:1D:A1:32:D1:A0:BA:9C:77:25:6E:22:F9:26:3D:F9:27:7A:C4
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8017B3245B1F5DE59D0D67DE8D7917B
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/1Y0doTLRoLqcdyVuIvkmPfknesQ.roa
Signing time:             Tue 02 Jan 2024 02:29:49 +0000
ROA not before:           Tue 02 Jan 2024 02:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212500
IP address blocks:        2a0d:ef01::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:7b:32:45:b1:f5:de:59:d0:d6:7d:e8:d7:91:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d58d1da132d1a0ba9c77256e22f9263df9277ac4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:5b:b4:7a:4c:d9:ee:57:e9:af:b4:67:c6:cc:
                    e3:09:a5:bf:72:a6:3c:6e:fd:ce:47:b4:9e:f0:52:
                    2e:76:ee:72:a3:95:b8:8e:51:70:45:ed:ed:67:33:
                    c1:39:ba:bf:75:e4:f8:d5:d5:38:ac:56:64:db:0c:
                    03:20:2d:2b:d7:bb:e0:45:26:c2:69:25:a3:2c:43:
                    d4:11:a2:19:ce:2a:09:a5:64:fb:c0:c9:0a:76:78:
                    b1:6e:b3:7a:a6:78:4b:e8:ec:49:1e:91:48:de:7f:
                    ca:82:41:bd:50:e8:87:ed:b9:81:a1:a4:a1:e9:b5:
                    4a:c2:75:ea:7c:61:dd:c9:e3:3a:cf:8b:37:95:cc:
                    6c:43:0e:ee:1c:d6:59:99:52:0f:53:6c:49:e0:c4:
                    b0:01:de:7c:db:91:f2:34:89:c9:08:e4:17:96:35:
                    e0:6b:5a:8c:14:1e:c9:ca:3b:d1:4d:a6:d1:88:37:
                    df:66:80:68:3e:72:e4:bd:76:c0:a5:6b:a5:2b:a2:
                    42:1b:23:ea:c2:bd:e5:6f:61:74:f3:fe:96:b0:c8:
                    c1:59:77:b8:f1:ad:fe:4c:86:3c:fd:4a:e4:53:53:
                    e0:81:19:13:ee:4d:7e:74:05:88:ef:a1:f2:86:f0:
                    4e:f6:ac:86:72:42:82:19:e2:93:84:32:a0:a3:2c:
                    dd:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:8D:1D:A1:32:D1:A0:BA:9C:77:25:6E:22:F9:26:3D:F9:27:7A:C4
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/1Y0doTLRoLqcdyVuIvkmPfknesQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:ef01::/44

    Signature Algorithm: sha256WithRSAEncryption
         5a:e4:30:24:ce:8e:b6:a6:d4:7f:1a:bc:16:30:32:1c:8d:55:
         0a:53:76:e7:84:eb:cb:06:b6:3a:33:a4:b2:2b:41:de:22:9a:
         ec:50:a7:6c:49:42:f8:cd:0f:53:12:39:ee:eb:c1:2d:54:3c:
         04:5e:11:5b:59:2d:b3:28:a8:7b:71:26:9d:1f:4b:73:f6:72:
         0f:87:30:1f:7a:28:a8:21:2b:69:b9:77:cd:7c:84:95:c2:fa:
         93:a0:27:b7:4e:d3:26:ae:e2:e7:97:e3:0b:e9:b1:11:01:05:
         66:10:e5:94:2e:97:c3:06:e8:50:00:82:41:a7:b0:69:be:59:
         ab:64:43:be:30:97:e9:8f:04:25:d7:5e:f2:e1:18:04:c9:3d:
         e0:97:5e:a9:38:0f:be:ac:3a:02:77:60:2f:4c:99:9d:90:99:
         3f:81:9c:02:d6:8f:58:52:ca:1b:c4:51:ce:81:2b:a4:db:12:
         24:13:2e:8d:dc:b3:62:ef:5c:cc:cb:fe:8f:c5:47:c1:7b:9a:
         a8:33:e1:fa:22:d7:9f:f4:cf:e0:13:78:bd:e5:2f:e6:c5:dc:
         a9:3a:13:5c:f5:13:09:da:74:48:30:7d:5f:df:fa:65:88:74:
         70:0f:64:1b:f5:ff:5b:cb:bf:7d:5b:26:8e:cb:af:3d:15:5f:
         be:d6:94:b2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAXsyRbH13lnQ1n3o15F7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNThkMWRhMTMyZDFhMGJhOWM3NzI1NmUyMmY5MjYzZGY5Mjc3YWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg1u0ekzZ7lfpr7RnxszjCaW/cqY8
bv3OR7Se8FIudu5yo5W4jlFwRe3tZzPBObq/deT41dU4rFZk2wwDIC0r17vgRSbC
aSWjLEPUEaIZzioJpWT7wMkKdnixbrN6pnhL6OxJHpFI3n/KgkG9UOiH7bmBoaSh
6bVKwnXqfGHdyeM6z4s3lcxsQw7uHNZZmVIPU2xJ4MSwAd5825HyNInJCOQXljXg
a1qMFB7JyjvRTabRiDffZoBoPnLkvXbApWulK6JCGyPqwr3lb2F08/6WsMjBWXe4
8a3+TIY8/UrkU1PggRkT7k1+dAWI76HyhvBO9qyGckKCGeKThDKgoyzddwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNWNHaEy0aC6nHclbiL5Jj35J3rEMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvMVkwZG9UTFJvTHFjZHlWdUl2a21QZmtuZXNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg3vAQAA
MA0GCSqGSIb3DQEBCwUAA4IBAQBa5DAkzo62ptR/GrwWMDIcjVUKU3bnhOvLBrY6
M6SyK0HeIprsUKdsSUL4zQ9TEjnu68EtVDwEXhFbWS2zKKh7cSadH0tz9nIPhzAf
eiioIStpuXfNfISVwvqToCe3TtMmruLnl+ML6bERAQVmEOWULpfDBuhQAIJBp7Bp
vlmrZEO+MJfpjwQl117y4RgEyT3gl16pOA++rDoCd2AvTJmdkJk/gZwC1o9YUsob
xFHOgSuk2xIkEy6N3LNi71zMy/6PxUfBe5qoM+H6Itef9M/gE3i95S/mxdypOhNc
9RMJ2nRIMH1f3/pliHRwD2Qb9f9by799WyaOy689FV++1pSy
-----END CERTIFICATE-----