Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/5UOkly7RbUBm1VVQnLzOGFOexqM.roa
File:                     5UOkly7RbUBm1VVQnLzOGFOexqM.roa (raw, json)
Hash identifier:          cVMUDFkCe1FCQGzwpjhmEkZqWCf6WqO3Op6KGqIIaUI=
Subject key identifier:   E5:43:A4:97:2E:D1:6D:40:66:D5:55:50:9C:BC:CE:18:53:9E:C6:A3
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018D68E025077BAC1B1DC5C2303EE933DBF5
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/5UOkly7RbUBm1VVQnLzOGFOexqM.roa
Signing time:             Fri 02 Feb 2024 08:12:16 +0000
ROA not before:           Fri 02 Feb 2024 08:12:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215743
IP address blocks:        2a0c:b641:bc0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:68:e0:25:07:7b:ac:1b:1d:c5:c2:30:3e:e9:33:db:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Feb  2 08:12:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e543a4972ed16d4066d555509cbcce18539ec6a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:5a:76:77:22:3a:36:fd:e9:db:95:6b:1a:27:
                    76:f4:6a:f4:2f:7e:2d:2f:10:40:9b:c4:ca:15:e5:
                    df:ee:3c:31:ca:35:f8:c0:89:95:c2:c7:23:c0:c2:
                    1e:cb:e6:ed:61:6b:fc:cd:50:19:bb:45:31:d7:65:
                    56:15:42:01:33:5f:3c:f3:d8:ab:2d:a6:4d:b7:df:
                    52:c7:2d:a1:68:d6:ad:9b:15:3c:cd:3e:46:aa:16:
                    ee:ef:8f:1c:13:7f:48:fc:82:61:48:fe:f7:0f:27:
                    84:00:bf:9c:a6:9e:af:a4:29:ee:2f:7f:3d:3e:46:
                    16:09:19:9b:7c:cb:60:2c:17:d1:6a:8d:d3:86:e8:
                    60:47:51:22:35:60:93:5d:2b:b2:9e:cc:d3:76:df:
                    a9:b1:03:a1:8d:18:47:88:09:12:73:e5:d3:46:53:
                    dd:ba:ab:0e:4b:6c:87:b1:6a:9e:61:25:f9:c7:9f:
                    68:3e:15:b1:e9:67:76:39:80:78:a9:46:58:37:c5:
                    ad:84:b0:06:4b:37:fb:8a:66:6d:54:cc:3e:8b:32:
                    17:b8:18:db:83:79:63:57:cd:b0:31:39:43:48:f1:
                    12:47:36:4b:f1:e7:d4:56:44:b4:63:d3:8f:8c:4d:
                    ff:de:fc:73:9d:50:83:73:97:b2:cc:ad:80:90:3e:
                    2a:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:43:A4:97:2E:D1:6D:40:66:D5:55:50:9C:BC:CE:18:53:9E:C6:A3
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/5UOkly7RbUBm1VVQnLzOGFOexqM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:bc0::/44

    Signature Algorithm: sha256WithRSAEncryption
         13:1d:4a:cb:68:af:0e:14:52:2c:b5:bd:72:cd:5a:f8:a4:95:
         fa:32:c9:91:2b:c4:8b:57:fb:a3:53:5e:ef:59:2e:1c:ee:67:
         03:e6:c8:b0:46:79:e5:6c:df:ea:35:c2:9e:ea:35:b2:9c:2a:
         cc:e4:f8:c9:0d:f4:3e:67:2b:39:a2:74:d1:9b:9b:32:df:d5:
         8d:fd:08:e9:98:f5:72:f1:2b:ea:00:f9:41:88:40:90:cb:8e:
         e8:42:4a:b5:a2:b2:b4:61:eb:ae:25:1b:f5:c0:18:ef:58:ff:
         3e:8a:08:2a:3e:63:05:cc:23:48:7b:63:f3:4f:f0:ee:1d:9d:
         b2:90:1b:e1:15:12:9f:b6:f8:c9:f5:8d:16:d4:17:a0:53:a9:
         2e:ea:cf:92:22:2c:29:04:1f:38:e8:50:0c:46:99:54:2c:44:
         ea:74:94:09:53:27:9f:61:15:1e:40:a2:6e:4b:e7:a0:99:27:
         0b:2b:ee:46:a0:d5:53:58:63:63:66:da:97:51:d7:9c:ea:cd:
         0b:0b:32:c7:f5:99:46:47:13:4c:5a:5b:79:24:35:a6:65:d5:
         8f:34:d0:df:6a:1c:a3:c2:88:8d:8b:cb:47:91:4a:5c:c2:84:
         8a:96:c4:fa:28:d9:68:29:8e:8a:3e:0c:2e:3e:69:4c:67:b9:
         b2:c1:e7:9e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY1o4CUHe6wbHcXCMD7pM9v1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMjAyMDgxMjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTQzYTQ5NzJlZDE2ZDQwNjZkNTU1NTA5Y2JjY2UxODUzOWVjNmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhlp2dyI6Nv3p25VrGid29Gr0L34t
LxBAm8TKFeXf7jwxyjX4wImVwscjwMIey+btYWv8zVAZu0Ux12VWFUIBM18889ir
LaZNt99Sxy2haNatmxU8zT5Gqhbu748cE39I/IJhSP73DyeEAL+cpp6vpCnuL389
PkYWCRmbfMtgLBfRao3ThuhgR1EiNWCTXSuynszTdt+psQOhjRhHiAkSc+XTRlPd
uqsOS2yHsWqeYSX5x59oPhWx6Wd2OYB4qUZYN8WthLAGSzf7imZtVMw+izIXuBjb
g3ljV82wMTlDSPESRzZL8efUVkS0Y9OPjE3/3vxznVCDc5eyzK2AkD4qjwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOVDpJcu0W1AZtVVUJy8zhhTnsajMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvNVVPa2x5N1JiVUJtMVZWUW5Mek9HRk9leHFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQvA
MA0GCSqGSIb3DQEBCwUAA4IBAQATHUrLaK8OFFIstb1yzVr4pJX6MsmRK8SLV/uj
U17vWS4c7mcD5siwRnnlbN/qNcKe6jWynCrM5PjJDfQ+Zys5onTRm5sy39WN/Qjp
mPVy8SvqAPlBiECQy47oQkq1orK0YeuuJRv1wBjvWP8+iggqPmMFzCNIe2PzT/Du
HZ2ykBvhFRKftvjJ9Y0W1BegU6ku6s+SIiwpBB846FAMRplULETqdJQJUyefYRUe
QKJuS+egmScLK+5GoNVTWGNjZtqXUdec6s0LCzLH9ZlGRxNMWlt5JDWmZdWPNNDf
ahyjwoiNi8tHkUpcwoSKlsT6KNloKY6KPgwuPmlMZ7myweee
-----END CERTIFICATE-----