Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/4KdBOa2PQkyGrrnIg3oK_Iqb3V4.roa
File:                     4KdBOa2PQkyGrrnIg3oK_Iqb3V4.roa (raw, json)
Hash identifier:          JspPg9XG8PHfjKfYsFw+bG4DJTDC/B0p3dpSrVC0dPc=
Subject key identifier:   E0:A7:41:39:AD:8F:42:4C:86:AE:B9:C8:83:7A:0A:FC:8A:9B:DD:5E
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8014DACBD58630A6F33A6952BC5A540
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/4KdBOa2PQkyGrrnIg3oK_Iqb3V4.roa
Signing time:             Tue 02 Jan 2024 02:29:37 +0000
ROA not before:           Tue 02 Jan 2024 02:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56738
IP address blocks:        2a0c:b641:3e0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:4d:ac:bd:58:63:0a:6f:33:a6:95:2b:c5:a5:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e0a74139ad8f424c86aeb9c8837a0afc8a9bdd5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:b3:7b:62:e1:71:56:10:36:2d:6f:43:a7:21:
                    8b:b4:3e:ae:b0:02:4a:16:41:55:d1:a5:0b:29:25:
                    07:f3:ae:8e:bd:2f:3a:57:80:a6:8f:70:e8:1e:86:
                    42:d2:ef:01:66:27:af:24:46:61:f3:e1:fb:50:e1:
                    0e:e3:70:8f:03:29:ca:da:4a:19:0a:96:7a:b5:9e:
                    e2:a0:94:2f:d4:85:51:0c:b6:dd:05:26:30:f2:4d:
                    1d:67:de:72:57:90:c4:29:8a:e7:30:b0:6a:e3:28:
                    14:9b:e7:16:9c:05:f1:18:ec:d5:13:98:f4:9d:15:
                    52:0c:dd:45:a5:25:aa:93:b3:0a:37:3b:f9:1e:23:
                    a1:df:c0:11:47:14:72:66:c0:ba:bc:4f:80:3c:bf:
                    c5:03:59:12:07:99:7b:24:a2:6f:76:c2:1a:af:27:
                    4d:8c:4a:43:71:c9:6a:f2:5f:ba:d7:7b:47:78:74:
                    01:57:2b:9d:84:bc:21:ec:cb:16:d4:3f:a0:48:09:
                    b5:d1:61:c9:a5:f0:f3:ee:88:41:80:01:30:8c:f3:
                    32:fc:0c:61:16:6c:46:b2:c7:5c:60:e8:02:e7:e4:
                    16:7c:10:90:17:12:4a:0f:2f:57:95:34:9f:fb:a0:
                    75:19:7c:94:31:60:3a:83:04:66:ee:69:46:19:e8:
                    6d:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:A7:41:39:AD:8F:42:4C:86:AE:B9:C8:83:7A:0A:FC:8A:9B:DD:5E
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/4KdBOa2PQkyGrrnIg3oK_Iqb3V4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:3e0::/44

    Signature Algorithm: sha256WithRSAEncryption
         55:66:7d:91:dc:bb:3c:48:64:5c:6f:a6:be:7f:ef:4a:fa:e2:
         ce:0f:6a:18:38:0b:27:6a:18:6f:da:f7:f9:d1:8c:1a:66:6a:
         5c:35:2f:3e:5a:e8:ad:9e:7d:62:25:95:fa:87:07:bb:a6:40:
         fe:d9:32:c9:05:1e:d9:bd:20:5c:26:a1:97:c0:e9:66:03:da:
         ee:99:87:79:b8:ee:62:40:f7:2c:97:5d:ad:f0:62:c1:0d:87:
         09:59:9b:49:0f:eb:88:50:f1:0c:d3:8b:3c:5e:d2:19:54:77:
         2c:14:58:3a:99:36:33:8d:13:df:2f:24:40:fb:d9:e6:c0:40:
         f6:cb:02:20:cd:ea:6c:b5:a9:cd:3b:87:74:b8:de:d5:41:55:
         eb:13:c4:a3:44:a6:74:06:46:ab:c8:4e:23:2e:c3:fd:2e:a6:
         43:ab:1a:e1:3d:6c:55:cd:b0:6a:2e:40:40:61:f1:66:c5:41:
         fa:13:d6:47:00:66:5f:3a:6a:7a:ff:ea:e5:0e:f4:83:4b:5b:
         77:73:f8:f5:12:91:6b:32:3d:8b:ee:c2:71:52:2d:67:0d:54:
         ff:57:9d:45:13:85:36:2b:f5:48:15:0f:dc:97:ee:37:5a:2c:
         95:e1:4b:4e:b8:15:dd:fe:fb:4c:84:c5:94:f2:0f:03:7a:89:
         6e:63:10:84
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAU2svVhjCm8zppUrxaVAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGE3NDEzOWFkOGY0MjRjODZhZWI5Yzg4MzdhMGFmYzhhOWJkZDVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlbN7YuFxVhA2LW9DpyGLtD6usAJK
FkFV0aULKSUH866OvS86V4Cmj3DoHoZC0u8BZievJEZh8+H7UOEO43CPAynK2koZ
CpZ6tZ7ioJQv1IVRDLbdBSYw8k0dZ95yV5DEKYrnMLBq4ygUm+cWnAXxGOzVE5j0
nRVSDN1FpSWqk7MKNzv5HiOh38ARRxRyZsC6vE+APL/FA1kSB5l7JKJvdsIarydN
jEpDcclq8l+613tHeHQBVyudhLwh7MsW1D+gSAm10WHJpfDz7ohBgAEwjPMy/Axh
FmxGssdcYOgC5+QWfBCQFxJKDy9XlTSf+6B1GXyUMWA6gwRm7mlGGehtyQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOCnQTmtj0JMhq65yIN6CvyKm91eMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvNEtkQk9hMlBRa3lHcnJuSWczb0tfSXFiM1Y0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQPg
MA0GCSqGSIb3DQEBCwUAA4IBAQBVZn2R3Ls8SGRcb6a+f+9K+uLOD2oYOAsnahhv
2vf50YwaZmpcNS8+Wuitnn1iJZX6hwe7pkD+2TLJBR7ZvSBcJqGXwOlmA9rumYd5
uO5iQPcsl12t8GLBDYcJWZtJD+uIUPEM04s8XtIZVHcsFFg6mTYzjRPfLyRA+9nm
wED2ywIgzepstanNO4d0uN7VQVXrE8SjRKZ0BkaryE4jLsP9LqZDqxrhPWxVzbBq
LkBAYfFmxUH6E9ZHAGZfOmp6/+rlDvSDS1t3c/j1EpFrMj2L7sJxUi1nDVT/V51F
E4U2K/VIFQ/cl+43WiyV4UtOuBXd/vtMhMWU8g8DeoluYxCE
-----END CERTIFICATE-----