Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/1x9WHLMtZvtIfl7AsKCITw8ZFaY.roa
File:                     1x9WHLMtZvtIfl7AsKCITw8ZFaY.roa (raw, json)
Hash identifier:          rtVt6dhlKYbfceVPpIVFsPefYJldyU2WqB+f9cACUzQ=
Subject key identifier:   D7:1F:56:1C:B3:2D:66:FB:48:7E:5E:C0:B0:A0:88:4F:0F:19:15:A6
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       0191465444F401A13C50A7A6E882E4DC3060
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/1x9WHLMtZvtIfl7AsKCITw8ZFaY.roa
Signing time:             Mon 12 Aug 2024 11:23:33 +0000
ROA not before:           Mon 12 Aug 2024 11:23:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216301
IP address blocks:        2a0c:b641:cc0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:46:54:44:f4:01:a1:3c:50:a7:a6:e8:82:e4:dc:30:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Aug 12 11:23:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d71f561cb32d66fb487e5ec0b0a0884f0f1915a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:56:5b:74:00:64:72:ce:7a:ba:5d:87:c1:3a:
                    b1:be:e6:91:79:ad:9f:73:19:42:19:c8:75:28:8a:
                    97:26:fa:b2:50:7b:38:57:2d:9f:30:cc:6f:53:e8:
                    7a:5f:5c:db:93:da:5d:f1:88:66:bf:12:19:b8:af:
                    80:04:b0:53:ec:a4:77:e3:bd:9f:1a:0c:f5:5f:9c:
                    6c:87:4c:34:e7:99:c1:d8:ba:b9:ed:84:7a:e9:c9:
                    de:39:f4:a3:8e:b9:8c:14:fe:cb:3c:05:f1:b6:cf:
                    c5:f6:ab:83:66:46:dc:f5:f8:21:74:c6:84:da:0e:
                    53:a2:91:66:92:08:0f:f5:51:9d:cd:d9:e6:ca:83:
                    01:5c:98:d3:0a:40:44:1a:60:03:14:7b:d3:fb:01:
                    16:37:ef:63:38:da:d0:77:72:49:dc:41:7d:57:2a:
                    4f:c3:11:27:b4:b1:a9:56:de:61:f4:06:20:a2:00:
                    96:eb:2d:c0:1d:57:0b:d7:96:d1:8b:8f:e2:ba:c9:
                    41:c0:f3:46:93:05:16:45:89:26:2f:1e:ae:55:62:
                    ca:0b:fb:7f:38:1d:22:8a:bf:a9:23:d6:59:58:a2:
                    e3:a2:ce:36:72:ff:7a:13:72:85:e1:30:ac:f7:d0:
                    87:e7:10:6c:1d:11:25:33:a7:93:91:1d:f5:eb:ff:
                    65:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:1F:56:1C:B3:2D:66:FB:48:7E:5E:C0:B0:A0:88:4F:0F:19:15:A6
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/1x9WHLMtZvtIfl7AsKCITw8ZFaY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:cc0::/44

    Signature Algorithm: sha256WithRSAEncryption
         a0:1f:cb:ab:e5:e2:6f:0f:b2:c7:2a:86:08:33:97:02:1b:43:
         b3:9c:79:e5:04:32:15:f1:3c:e1:58:d0:68:2f:47:8f:cb:4e:
         b6:f8:7b:89:5c:9d:d2:c1:f5:cb:ed:ae:76:de:4f:76:94:7f:
         58:52:43:96:9c:1b:2b:d1:ca:98:da:8c:b2:2f:2d:38:41:3a:
         66:db:e4:31:94:cc:8a:37:23:b4:09:f8:02:a6:8f:f5:b5:e1:
         5d:6c:12:fa:d2:6a:0b:14:d1:9e:a5:5f:6b:36:4f:ad:70:71:
         ed:fa:23:05:2d:f3:19:46:26:7a:72:90:74:f8:f2:19:eb:ff:
         92:a9:47:6e:9e:4b:da:41:31:e6:93:c2:95:1f:ce:e2:5d:9d:
         b7:58:90:42:d2:61:92:26:0c:c0:6d:31:be:2b:ae:55:59:50:
         be:de:1f:21:91:51:89:50:43:69:e6:7a:f2:6a:e7:e7:64:9d:
         c8:77:d9:b5:55:d4:92:ed:74:f0:3f:0c:3d:6b:35:a4:4d:79:
         1e:3a:8f:31:f4:89:fa:ec:22:d2:d4:15:3a:92:d8:6f:b8:59:
         32:e8:d1:86:93:fc:98:d3:e4:4d:04:7f:33:9a:6e:d9:11:24:
         a4:16:76:36:11:76:a9:8e:13:2f:24:51:b7:55:76:61:60:4f:
         16:50:bd:63
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZFGVET0AaE8UKem6ILk3DBgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwODEyMTEyMzMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzFmNTYxY2IzMmQ2NmZiNDg3ZTVlYzBiMGEwODg0ZjBmMTkxNWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArlZbdABkcs56ul2HwTqxvuaRea2f
cxlCGch1KIqXJvqyUHs4Vy2fMMxvU+h6X1zbk9pd8YhmvxIZuK+ABLBT7KR3472f
Ggz1X5xsh0w055nB2Lq57YR66cneOfSjjrmMFP7LPAXxts/F9quDZkbc9fghdMaE
2g5TopFmkggP9VGdzdnmyoMBXJjTCkBEGmADFHvT+wEWN+9jONrQd3JJ3EF9VypP
wxEntLGpVt5h9AYgogCW6y3AHVcL15bRi4/iuslBwPNGkwUWRYkmLx6uVWLKC/t/
OB0iir+pI9ZZWKLjos42cv96E3KF4TCs99CH5xBsHRElM6eTkR316/9lqQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNcfVhyzLWb7SH5ewLCgiE8PGRWmMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvMXg5V0hMTXRadnRJZmw3QXNLQ0lUdzhaRmFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQzA
MA0GCSqGSIb3DQEBCwUAA4IBAQCgH8ur5eJvD7LHKoYIM5cCG0OznHnlBDIV8Tzh
WNBoL0ePy062+HuJXJ3SwfXL7a523k92lH9YUkOWnBsr0cqY2oyyLy04QTpm2+Qx
lMyKNyO0CfgCpo/1teFdbBL60moLFNGepV9rNk+tcHHt+iMFLfMZRiZ6cpB0+PIZ
6/+SqUdunkvaQTHmk8KVH87iXZ23WJBC0mGSJgzAbTG+K65VWVC+3h8hkVGJUENp
5nryaufnZJ3Id9m1VdSS7XTwPww9azWkTXkeOo8x9In67CLS1BU6kthvuFky6NGG
k/yY0+RNBH8zmm7ZESSkFnY2EXapjhMvJFG3VXZhYE8WUL1j
-----END CERTIFICATE-----