Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/4Bk3_UFcOhmqJpTtbSBB7fKlIK8.roa
File:                     4Bk3_UFcOhmqJpTtbSBB7fKlIK8.roa (raw, json)
Hash identifier:          5Fz4qbVJkhOzmjuI675Tua6TON0AuOmB3J9lk/9cXxs=
Subject key identifier:   E0:19:37:FD:41:5C:3A:19:AA:26:94:ED:6D:20:41:ED:F2:A5:20:AF
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8015A4A3CEC438627CE9C2F159AB5DB
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/4Bk3_UFcOhmqJpTtbSBB7fKlIK8.roa
Signing time:             Tue 02 Jan 2024 02:29:40 +0000
ROA not before:           Tue 02 Jan 2024 02:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202973
IP address blocks:        2a0c:b641:820::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:5a:4a:3c:ec:43:86:27:ce:9c:2f:15:9a:b5:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e01937fd415c3a19aa2694ed6d2041edf2a520af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:94:a3:9d:fc:81:7d:f8:35:ca:87:81:61:9a:
                    33:21:84:58:39:16:77:6d:21:1a:af:c5:be:bb:76:
                    8c:20:7f:9c:cd:aa:ae:46:b4:bd:b4:7f:a1:00:9c:
                    82:1e:45:f7:e1:4d:5d:5a:f8:46:33:3c:a5:60:20:
                    0b:55:26:d5:a6:bd:a6:13:72:4b:f3:89:2d:8d:ac:
                    51:60:28:b3:72:06:9c:7b:ad:0c:94:4d:25:6a:01:
                    04:f6:81:97:a8:7c:68:ab:13:81:58:10:61:6a:25:
                    3c:5d:7d:ed:7e:68:ce:e8:fb:41:b0:8d:f9:59:84:
                    17:5e:85:aa:66:af:c8:44:d5:21:72:2d:50:d9:8e:
                    50:4c:b4:19:35:ef:ed:03:ab:34:cc:c9:90:fa:90:
                    01:bd:62:97:8a:06:aa:57:44:a8:5b:2c:8a:a6:76:
                    d4:6b:68:25:c3:62:ef:2a:a7:e0:b0:ab:3c:cb:95:
                    24:27:cd:d9:10:3f:86:d4:31:9a:c9:78:bb:85:d6:
                    77:9d:cf:d6:63:8d:bd:fb:18:42:b0:6e:d1:ef:96:
                    e1:35:8e:bb:40:fe:d0:4a:4b:25:e9:67:4c:01:82:
                    00:4d:ff:b2:d1:ee:f6:b6:3d:ed:6c:66:62:88:1b:
                    9f:10:96:bc:aa:6a:fa:82:94:26:41:04:41:50:b1:
                    49:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:19:37:FD:41:5C:3A:19:AA:26:94:ED:6D:20:41:ED:F2:A5:20:AF
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/4Bk3_UFcOhmqJpTtbSBB7fKlIK8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:820::/44

    Signature Algorithm: sha256WithRSAEncryption
         11:30:92:63:d0:ab:68:7b:ce:6a:fa:69:3c:f3:11:29:98:ee:
         72:86:d1:1b:4a:aa:85:19:a4:0e:5b:df:3e:97:d1:98:dd:71:
         60:b7:9a:b7:a0:d5:3a:6f:8c:7c:b9:1e:9e:65:e7:4a:75:72:
         27:6d:68:a1:e0:e4:00:f6:7a:b0:2f:4c:a6:fe:ff:90:a2:bb:
         16:d4:cd:e2:f8:54:7b:bc:f2:06:86:6a:75:f5:3e:05:b7:94:
         bc:20:f1:db:1e:1e:a1:0f:50:18:73:60:0a:03:e0:53:a8:6d:
         a1:cc:84:4d:4d:b2:c7:65:93:b7:ba:3e:90:7f:e9:70:ba:88:
         7a:3e:b8:01:66:b0:4a:a8:9f:f5:56:24:42:60:2e:be:2a:c2:
         8f:48:f4:bd:ce:5b:bf:04:d0:67:29:d9:06:69:c7:fe:bd:64:
         b4:9d:57:16:0d:05:70:f3:98:e8:2e:f1:0f:1f:f3:17:bc:a9:
         57:ed:d1:7b:94:df:9c:46:67:14:e2:f8:b2:44:fe:36:82:b7:
         6a:81:7e:4c:e1:eb:c7:bc:be:eb:ad:8f:31:6c:ad:1a:b5:f6:
         36:50:47:28:7f:9e:47:5a:4e:5e:5a:a9:5a:a4:94:e2:40:7f:
         31:a1:e9:8f:7d:44:22:0c:ea:2f:e9:f4:73:c5:c5:9f:5d:f9:
         1a:69:97:64
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAVpKPOxDhifOnC8VmrXbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDE5MzdmZDQxNWMzYTE5YWEyNjk0ZWQ2ZDIwNDFlZGYyYTUyMGFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvpSjnfyBffg1yoeBYZozIYRYORZ3
bSEar8W+u3aMIH+czaquRrS9tH+hAJyCHkX34U1dWvhGMzylYCALVSbVpr2mE3JL
84ktjaxRYCizcgace60MlE0lagEE9oGXqHxoqxOBWBBhaiU8XX3tfmjO6PtBsI35
WYQXXoWqZq/IRNUhci1Q2Y5QTLQZNe/tA6s0zMmQ+pABvWKXigaqV0SoWyyKpnbU
a2glw2LvKqfgsKs8y5UkJ83ZED+G1DGayXi7hdZ3nc/WY429+xhCsG7R75bhNY67
QP7QSksl6WdMAYIATf+y0e72tj3tbGZiiBufEJa8qmr6gpQmQQRBULFJmwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOAZN/1BXDoZqiaU7W0gQe3ypSCvMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvNEJrM19VRmNPaG1xSnBUdGJTQkI3ZktsSUs4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQgg
MA0GCSqGSIb3DQEBCwUAA4IBAQARMJJj0Ktoe85q+mk88xEpmO5yhtEbSqqFGaQO
W98+l9GY3XFgt5q3oNU6b4x8uR6eZedKdXInbWih4OQA9nqwL0ym/v+QorsW1M3i
+FR7vPIGhmp19T4Ft5S8IPHbHh6hD1AYc2AKA+BTqG2hzIRNTbLHZZO3uj6Qf+lw
uoh6PrgBZrBKqJ/1ViRCYC6+KsKPSPS9zlu/BNBnKdkGacf+vWS0nVcWDQVw85jo
LvEPH/MXvKlX7dF7lN+cRmcU4viyRP42grdqgX5M4evHvL7rrY8xbK0atfY2UEco
f55HWk5eWqlapJTiQH8xoemPfUQiDOov6fRzxcWfXfkaaZdk
-----END CERTIFICATE-----