Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/2Ogx1ODn7HS8T9lompj-8PZGQsE.roa
File:                     2Ogx1ODn7HS8T9lompj-8PZGQsE.roa (raw, json)
Hash identifier:          99dYUWjttpt0h/XwiPXS4+23p0G0c5Hrm4SiCPZRwbQ=
Subject key identifier:   D8:E8:31:D4:E0:E7:EC:74:BC:4F:D9:68:9A:98:FE:F0:F6:46:42:C1
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8014C60E3AEF514460D7DDC58E72E54
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/2Ogx1ODn7HS8T9lompj-8PZGQsE.roa
Signing time:             Tue 02 Jan 2024 02:29:37 +0000
ROA not before:           Tue 02 Jan 2024 02:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49519
IP address blocks:        2a0c:b642:5000::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:4c:60:e3:ae:f5:14:46:0d:7d:dc:58:e7:2e:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d8e831d4e0e7ec74bc4fd9689a98fef0f64642c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:a3:f8:88:a8:8b:54:ad:6a:e1:41:d1:0d:77:
                    8f:0b:20:d4:18:c3:fa:f0:8e:c4:67:b8:a0:d8:c7:
                    47:af:e5:61:b4:8a:a7:2e:a0:cd:36:54:a9:ae:5e:
                    46:b0:ba:32:eb:66:dc:92:49:48:03:7f:cd:27:82:
                    8b:dd:64:01:43:2f:69:54:d0:11:a4:47:e2:44:78:
                    5d:b1:a6:b4:1e:03:c0:87:3a:9d:c6:b0:4e:2d:67:
                    20:28:43:5c:b5:50:a0:4b:5d:48:77:a9:69:b6:c3:
                    8d:eb:56:e4:ae:ac:06:27:d1:f3:da:2a:49:ae:99:
                    9b:85:23:2e:fc:5d:29:1f:b4:79:1b:08:2b:ac:94:
                    68:24:72:e8:78:2a:b6:8a:ff:0f:08:46:c7:d0:39:
                    89:c1:e1:ec:2e:a5:bd:86:99:31:19:46:a7:cf:27:
                    99:21:ae:fd:c8:ae:5f:9c:98:45:9a:a9:f0:05:4e:
                    43:f5:95:fd:56:f0:a7:64:70:bb:47:75:d5:d7:5a:
                    d2:1d:25:d4:e8:b3:4f:23:d8:40:1f:6f:54:1b:7e:
                    0d:18:75:24:9e:1f:b5:96:7c:2a:0f:14:8b:2b:dd:
                    60:73:6d:d8:fd:48:e9:8c:f9:62:fa:61:97:df:c3:
                    15:a2:09:3f:09:e2:bb:6b:4d:e3:7d:e3:98:d3:c4:
                    23:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:E8:31:D4:E0:E7:EC:74:BC:4F:D9:68:9A:98:FE:F0:F6:46:42:C1
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/2Ogx1ODn7HS8T9lompj-8PZGQsE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b642:5000::/36

    Signature Algorithm: sha256WithRSAEncryption
         50:c3:4b:02:8a:be:98:de:aa:42:25:85:63:d5:f7:ea:b9:d7:
         7d:f5:18:e1:54:72:e7:c0:ac:46:1b:42:91:40:5f:b3:67:9d:
         8f:13:f7:8a:65:f8:c0:43:e6:de:a0:e4:95:bd:65:20:14:cd:
         3c:a0:20:ff:62:18:f4:59:99:b8:81:63:7b:13:60:85:57:94:
         9b:66:21:07:89:48:d2:72:3f:0b:eb:33:64:aa:82:68:be:b1:
         38:f9:ec:8b:d0:c4:2e:77:31:c3:18:80:cd:a4:08:6e:c4:a4:
         63:9c:71:07:c7:54:a4:66:1a:5d:0b:ab:74:ec:81:16:d9:94:
         77:23:b6:71:44:46:19:e8:cd:57:36:a4:ed:65:32:d8:bb:85:
         dd:c3:64:a4:dd:c9:46:67:8b:10:1f:b4:92:f2:a1:98:a3:77:
         b3:5b:03:e5:ba:84:56:2e:87:95:9f:66:6d:b1:ea:3d:30:f5:
         7f:e4:a2:9f:1c:05:53:f3:f6:98:70:19:27:d4:f0:1a:fc:93:
         c4:a2:8c:2c:4f:08:0e:dc:bc:11:59:e9:5a:68:4d:ae:de:a0:
         1e:36:92:99:4f:3e:32:7e:bf:ed:90:19:ca:5c:9d:73:fe:80:
         87:f1:ba:23:3f:d2:57:38:96:03:37:05:d8:d2:69:27:88:9c:
         e9:a6:ae:e2
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzIAUxg4671FEYNfdxY5y5UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGU4MzFkNGUwZTdlYzc0YmM0ZmQ5Njg5YTk4ZmVmMGY2NDY0MmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhqP4iKiLVK1q4UHRDXePCyDUGMP6
8I7EZ7ig2MdHr+VhtIqnLqDNNlSprl5GsLoy62bckklIA3/NJ4KL3WQBQy9pVNAR
pEfiRHhdsaa0HgPAhzqdxrBOLWcgKENctVCgS11Id6lptsON61bkrqwGJ9Hz2ipJ
rpmbhSMu/F0pH7R5GwgrrJRoJHLoeCq2iv8PCEbH0DmJweHsLqW9hpkxGUanzyeZ
Ia79yK5fnJhFmqnwBU5D9ZX9VvCnZHC7R3XV11rSHSXU6LNPI9hAH29UG34NGHUk
nh+1lnwqDxSLK91gc23Y/UjpjPli+mGX38MVogk/CeK7a03jfeOY08Qj4QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFNjoMdTg5+x0vE/ZaJqY/vD2RkLBMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvMk9neDFPRG43SFM4VDlsb21wai04UFpHUXNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKgy2QlAw
DQYJKoZIhvcNAQELBQADggEBAFDDSwKKvpjeqkIlhWPV9+q51331GOFUcufArEYb
QpFAX7NnnY8T94pl+MBD5t6g5JW9ZSAUzTygIP9iGPRZmbiBY3sTYIVXlJtmIQeJ
SNJyPwvrM2Sqgmi+sTj57IvQxC53McMYgM2kCG7EpGOccQfHVKRmGl0Lq3TsgRbZ
lHcjtnFERhnozVc2pO1lMti7hd3DZKTdyUZnixAftJLyoZijd7NbA+W6hFYuh5Wf
Zm2x6j0w9X/kop8cBVPz9phwGSfU8Br8k8SijCxPCA7cvBFZ6VpoTa7eoB42kplP
PjJ+v+2QGcpcnXP+gIfxuiM/0lc4lgM3BdjSaSeInOmmruI=
-----END CERTIFICATE-----