Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/5-YundaTBPWM5lCAplv1YQW6Zlg.roa
File:                     5-YundaTBPWM5lCAplv1YQW6Zlg.roa (raw, json)
Hash identifier:          lTH+06/uQAe3YRZBaWJOPyLXnmZJOmLbxafVZOQfdPE=
Subject key identifier:   E7:E6:2E:9D:D6:93:04:F5:8C:E6:50:80:A6:5B:F5:61:05:BA:66:58
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC801784F4540607600BF2278FE8CBC67
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/5-YundaTBPWM5lCAplv1YQW6Zlg.roa
Signing time:             Tue 02 Jan 2024 02:29:48 +0000
ROA not before:           Tue 02 Jan 2024 02:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211449
IP address blocks:        2a0c:b641:150::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:78:4f:45:40:60:76:00:bf:22:78:fe:8c:bc:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e7e62e9dd69304f58ce65080a65bf56105ba6658
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:55:a3:85:58:39:14:4f:42:13:65:94:cd:4e:
                    d7:ca:e4:aa:87:1c:ea:6a:82:bb:f1:bc:64:ba:af:
                    fb:21:0d:9c:10:2b:ba:80:4a:e7:7b:3a:fc:08:e2:
                    ca:c8:57:74:6f:ea:b9:e8:ae:ec:e0:87:49:a6:5a:
                    83:ab:2b:3c:7d:e1:03:87:ac:d1:89:54:25:64:07:
                    61:8f:5e:55:f2:f4:bb:e9:af:09:f4:f7:5f:34:cc:
                    4f:0c:f9:a6:fb:23:57:a9:7d:b4:5f:64:60:45:78:
                    cd:f5:4b:45:d4:39:00:bf:70:07:19:10:02:78:81:
                    04:c5:47:40:ef:da:49:6f:8b:73:69:de:6e:84:1d:
                    b4:29:d6:71:3f:6b:ba:d3:03:37:3a:95:3a:ff:ad:
                    81:e0:65:a3:ee:d9:04:7e:38:23:ac:b8:78:bf:05:
                    6f:8d:e3:8b:e3:5f:3e:db:08:08:32:4a:84:b2:78:
                    54:23:8a:2a:51:6f:fb:09:d8:c6:53:6b:5a:1b:00:
                    34:99:07:64:bb:98:21:13:37:92:ac:5d:6f:a9:9f:
                    71:72:d4:90:10:9f:77:b9:d2:be:72:fe:e1:09:8d:
                    8f:90:94:da:c9:eb:b6:8f:91:95:e4:6c:cf:9c:2a:
                    33:f8:c2:92:1f:bf:d1:03:fd:f8:b8:f0:0b:95:89:
                    b0:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:E6:2E:9D:D6:93:04:F5:8C:E6:50:80:A6:5B:F5:61:05:BA:66:58
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/5-YundaTBPWM5lCAplv1YQW6Zlg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:150::/44

    Signature Algorithm: sha256WithRSAEncryption
         08:f3:3c:01:c6:97:40:96:79:14:b8:9a:70:5d:19:16:19:c4:
         6c:8c:0f:7d:d9:4e:0f:b4:3d:15:7e:7b:d1:c8:aa:88:45:12:
         b2:6b:52:44:20:2c:90:6c:58:96:d4:34:24:65:88:ea:e0:9d:
         12:da:bc:29:58:92:70:2b:bd:db:be:5d:73:86:d3:79:f0:12:
         c3:13:78:a1:3f:f8:97:f9:91:d5:0e:b2:13:91:4b:7c:74:31:
         48:87:0f:ca:d8:df:72:dc:15:f1:c4:07:2a:00:e9:1f:00:91:
         1b:1b:e2:56:1e:21:fa:36:ca:18:66:a7:9b:aa:a9:31:57:8e:
         62:d0:d6:64:e9:0e:68:52:46:02:d9:bf:64:3d:38:50:9f:d0:
         e2:27:bc:2d:21:e3:c5:a6:02:1e:81:cd:20:f0:fb:50:a4:90:
         67:19:3f:ee:b9:7b:c0:1b:c7:e4:64:99:eb:fc:6f:fa:0b:12:
         49:ff:fb:17:fd:89:27:eb:d9:3c:73:30:51:9e:de:b5:46:74:
         f1:02:94:bd:fe:87:94:29:29:af:d6:05:e8:ba:13:c3:2e:85:
         de:8a:9f:f6:2f:6a:6b:a1:fd:71:8f:12:b1:e9:bf:30:5b:ea:
         f6:02:ac:52:95:68:29:be:20:fc:85:f0:7d:fe:dd:8b:13:96:
         47:ce:05:4c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAXhPRUBgdgC/Inj+jLxnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2U2MmU5ZGQ2OTMwNGY1OGNlNjUwODBhNjViZjU2MTA1YmE2NjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1WjhVg5FE9CE2WUzU7XyuSqhxzq
aoK78bxkuq/7IQ2cECu6gErnezr8COLKyFd0b+q56K7s4IdJplqDqys8feEDh6zR
iVQlZAdhj15V8vS76a8J9PdfNMxPDPmm+yNXqX20X2RgRXjN9UtF1DkAv3AHGRAC
eIEExUdA79pJb4tzad5uhB20KdZxP2u60wM3OpU6/62B4GWj7tkEfjgjrLh4vwVv
jeOL418+2wgIMkqEsnhUI4oqUW/7CdjGU2taGwA0mQdku5ghEzeSrF1vqZ9xctSQ
EJ93udK+cv7hCY2PkJTayeu2j5GV5GzPnCoz+MKSH7/RA/34uPALlYmw9QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOfmLp3WkwT1jOZQgKZb9WEFumZYMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvNS1ZdW5kYVRCUFdNNWxDQXBsdjFZUVc2WmxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQFQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAI8zwBxpdAlnkUuJpwXRkWGcRsjA992U4PtD0V
fnvRyKqIRRKya1JEICyQbFiW1DQkZYjq4J0S2rwpWJJwK73bvl1zhtN58BLDE3ih
P/iX+ZHVDrITkUt8dDFIhw/K2N9y3BXxxAcqAOkfAJEbG+JWHiH6NsoYZqebqqkx
V45i0NZk6Q5oUkYC2b9kPThQn9DiJ7wtIePFpgIegc0g8PtQpJBnGT/uuXvAG8fk
ZJnr/G/6CxJJ//sX/Ykn69k8czBRnt61RnTxApS9/oeUKSmv1gXouhPDLoXeip/2
L2prof1xjxKx6b8wW+r2AqxSlWgpviD8hfB9/t2LE5ZHzgVM
-----END CERTIFICATE-----