Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/5mKts2OvZ2pNodljqNV_YCDqJqY.roa
File:                     5mKts2OvZ2pNodljqNV_YCDqJqY.roa (raw, json)
Hash identifier:          kkiDK0OO8GBm+8ZT7OAHGIVfHv2PZ+GmlipuJWi8svA=
Subject key identifier:   E6:62:AD:B3:63:AF:67:6A:4D:A1:D9:63:A8:D5:7F:60:20:EA:26:A6
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC80164E4F8E7A19AB57C194DD9CFD2A2
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/5mKts2OvZ2pNodljqNV_YCDqJqY.roa
Signing time:             Tue 02 Jan 2024 02:29:43 +0000
ROA not before:           Tue 02 Jan 2024 02:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207338
IP address blocks:        2a0c:b641:730::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:64:e4:f8:e7:a1:9a:b5:7c:19:4d:d9:cf:d2:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e662adb363af676a4da1d963a8d57f6020ea26a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:19:5c:db:92:78:42:92:8a:c7:59:98:46:2a:
                    90:3e:f9:fc:f5:23:a9:81:69:56:f8:b6:fe:f5:87:
                    07:ab:3a:e0:5c:b8:40:13:63:4a:fd:f0:55:8b:c1:
                    00:00:31:0a:5d:ef:77:ec:61:81:cf:dd:10:45:2c:
                    f0:10:b4:4a:87:75:ea:b6:42:39:99:69:18:3f:b3:
                    84:af:78:e6:6b:2d:bc:9c:19:12:66:8f:f3:2e:00:
                    b1:0d:39:aa:c1:6b:4d:11:99:99:54:b9:65:60:fe:
                    98:a1:e5:0f:48:0f:fd:0c:34:26:db:45:bb:a3:fa:
                    b5:4a:ca:6c:7c:0b:cd:28:ee:40:59:51:10:b7:e6:
                    6e:f9:3c:39:e0:d5:57:87:f4:ba:36:5c:33:f6:5e:
                    8e:c3:8a:3b:4e:a2:6d:83:14:e6:11:ec:a7:e3:45:
                    9d:34:3f:44:3c:20:92:07:ba:56:1d:ea:0f:42:36:
                    61:b7:20:6d:43:31:20:d4:be:27:41:fc:53:37:35:
                    5a:e1:0b:71:fd:4a:2a:2d:94:fe:a7:0f:c4:9c:9d:
                    ef:9f:ec:cb:b6:7b:75:28:ea:2b:cc:d5:db:f1:dd:
                    6f:eb:3a:f9:57:cf:1f:72:f4:5a:43:0e:22:9c:01:
                    c8:19:c8:95:e0:8d:df:0b:e0:f1:39:6b:77:af:9b:
                    1f:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:62:AD:B3:63:AF:67:6A:4D:A1:D9:63:A8:D5:7F:60:20:EA:26:A6
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/5mKts2OvZ2pNodljqNV_YCDqJqY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:730::/44

    Signature Algorithm: sha256WithRSAEncryption
         0d:0c:f1:5a:0c:70:1a:4b:df:a6:29:5b:69:d3:6d:51:0d:2f:
         ac:0d:9f:33:5c:de:33:70:f9:b0:0e:83:00:6d:d3:e1:23:46:
         0f:9f:96:92:4b:e2:ad:1c:25:08:b5:6c:5e:a1:36:d6:de:ad:
         ae:36:35:84:0c:c8:37:a7:1d:e7:f7:7f:5d:94:ae:f8:20:f0:
         f9:74:61:ea:c1:1c:80:5d:11:09:c0:99:ba:51:05:fe:d9:bf:
         5c:48:51:df:00:41:4f:28:31:43:0b:42:d1:2c:06:93:24:af:
         7b:a7:51:c4:b6:ab:be:3e:00:9d:4a:7c:68:c2:79:c8:c1:1c:
         40:7a:84:19:10:c8:57:9e:18:df:61:a8:36:eb:87:79:a4:ca:
         8c:63:1d:96:66:fb:86:3f:22:b6:df:eb:ad:83:d9:f0:d8:be:
         75:e0:95:e9:29:32:07:af:0a:87:19:7b:2b:73:45:7d:16:d8:
         32:81:bc:ce:90:a5:00:20:22:10:f5:a5:74:07:6b:e1:ed:18:
         f8:9b:d2:4d:1c:fc:5b:df:fe:26:ca:5d:d9:57:31:ca:73:67:
         60:eb:da:ca:a1:12:4b:9e:4c:54:9e:37:2d:64:53:29:2c:48:
         8d:ea:79:f1:67:45:81:4e:d3:17:9a:4a:1b:b3:aa:99:03:bf:
         1b:aa:82:14
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAWTk+OehmrV8GU3Zz9KiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjYyYWRiMzYzYWY2NzZhNGRhMWQ5NjNhOGQ1N2Y2MDIwZWEyNmE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyhlc25J4QpKKx1mYRiqQPvn89SOp
gWlW+Lb+9YcHqzrgXLhAE2NK/fBVi8EAADEKXe937GGBz90QRSzwELRKh3XqtkI5
mWkYP7OEr3jmay28nBkSZo/zLgCxDTmqwWtNEZmZVLllYP6YoeUPSA/9DDQm20W7
o/q1SspsfAvNKO5AWVEQt+Zu+Tw54NVXh/S6Nlwz9l6Ow4o7TqJtgxTmEeyn40Wd
ND9EPCCSB7pWHeoPQjZhtyBtQzEg1L4nQfxTNzVa4Qtx/UoqLZT+pw/EnJ3vn+zL
tnt1KOorzNXb8d1v6zr5V88fcvRaQw4inAHIGciV4I3fC+DxOWt3r5sfqwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOZirbNjr2dqTaHZY6jVf2Ag6iamMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvNW1LdHMyT3ZaMnBOb2RsanFOVl9ZQ0RxSnFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQcw
MA0GCSqGSIb3DQEBCwUAA4IBAQANDPFaDHAaS9+mKVtp021RDS+sDZ8zXN4zcPmw
DoMAbdPhI0YPn5aSS+KtHCUItWxeoTbW3q2uNjWEDMg3px3n939dlK74IPD5dGHq
wRyAXREJwJm6UQX+2b9cSFHfAEFPKDFDC0LRLAaTJK97p1HEtqu+PgCdSnxownnI
wRxAeoQZEMhXnhjfYag264d5pMqMYx2WZvuGPyK23+utg9nw2L514JXpKTIHrwqH
GXsrc0V9FtgygbzOkKUAICIQ9aV0B2vh7Rj4m9JNHPxb3/4myl3ZVzHKc2dg69rK
oRJLnkxUnjctZFMpLEiN6nnxZ0WBTtMXmkobs6qZA78bqoIU
-----END CERTIFICATE-----