Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/5rj5bpxmeDJBaqOBN_GQuCrqPqo.roa
File:                     5rj5bpxmeDJBaqOBN_GQuCrqPqo.roa (raw, json)
Hash identifier:          sytO2pxpsH43DvV63CwN7QhRb+MwvRCy/pLQ7vc6F1s=
Subject key identifier:   E6:B8:F9:6E:9C:66:78:32:41:6A:A3:81:37:F1:90:B8:2A:EA:3E:AA
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8016B2C8A60B945BAFC1F7C3E971CD3
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/5rj5bpxmeDJBaqOBN_GQuCrqPqo.roa
Signing time:             Tue 02 Jan 2024 02:29:45 +0000
ROA not before:           Tue 02 Jan 2024 02:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209586
IP address blocks:        2a0c:b641:510::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:6b:2c:8a:60:b9:45:ba:fc:1f:7c:3e:97:1c:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e6b8f96e9c667832416aa38137f190b82aea3eaa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:e2:15:f9:8a:87:fa:df:b2:5c:49:47:b1:bf:
                    da:08:0b:07:b2:bb:62:03:0a:37:3d:27:79:44:41:
                    a2:24:b3:7a:9e:07:7c:ab:45:fe:ae:29:0e:42:41:
                    d9:a3:3e:1e:37:16:3f:d6:44:97:af:d9:2b:8e:e3:
                    bd:ee:f8:0b:40:69:4b:7f:40:53:71:01:ae:72:dd:
                    77:99:36:62:a3:2e:e0:9d:ce:0e:5d:d2:1c:70:01:
                    e7:ed:77:c8:b1:2d:06:0d:44:95:ed:21:0d:5b:c9:
                    f5:18:5f:bd:41:03:ae:1a:0f:4e:87:9b:02:ac:16:
                    b8:d1:f2:ce:99:d6:95:93:1c:aa:ed:1f:84:ce:ad:
                    c9:6e:e5:64:21:42:2e:be:af:6a:09:f6:f4:ce:62:
                    74:7b:4f:d1:2a:4b:24:5e:08:df:0d:0d:f9:84:99:
                    43:7d:70:d8:12:6a:8d:49:fd:a8:ca:a8:e5:c0:da:
                    69:2d:98:88:b7:bc:72:5a:9e:89:07:66:4e:39:11:
                    a8:57:73:d1:04:19:83:33:f1:a5:9e:53:0d:d1:a0:
                    9b:cc:e9:63:2f:10:1c:21:6e:c4:20:42:f6:eb:6f:
                    62:b8:6c:f9:70:04:c2:cc:ab:81:71:ff:bd:be:2d:
                    fb:2a:0d:26:91:ae:b7:1f:3e:77:f3:8d:27:e3:10:
                    9f:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:B8:F9:6E:9C:66:78:32:41:6A:A3:81:37:F1:90:B8:2A:EA:3E:AA
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/5rj5bpxmeDJBaqOBN_GQuCrqPqo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:510::/44

    Signature Algorithm: sha256WithRSAEncryption
         18:a4:72:52:49:da:3c:50:64:f0:08:f5:5c:46:69:90:47:24:
         1f:33:d6:b4:da:67:58:d5:e5:fe:de:06:c6:de:56:75:f1:a8:
         d2:1b:88:79:be:6c:de:67:e8:0e:b8:6d:94:fb:0e:1e:56:15:
         0f:f6:58:f9:02:ae:dc:9e:b6:57:51:2e:2b:ee:ed:d6:9d:05:
         5b:28:72:6e:cb:c4:34:79:5b:b2:4e:dc:5f:39:0f:5b:4e:09:
         26:94:b1:9a:5e:6f:8c:2d:c7:73:00:80:18:c4:aa:07:5a:9a:
         ea:b6:f0:c5:fd:4b:f8:03:59:1e:84:1f:86:7b:78:25:e7:d6:
         70:27:d4:58:66:03:4d:c4:b7:b6:ea:77:d7:12:54:0d:19:29:
         e0:38:d4:b0:00:46:cb:69:7c:67:8a:03:8b:8d:e2:ac:f1:6a:
         fd:fe:af:32:fe:b3:dd:7a:1f:6f:db:42:c7:eb:01:45:76:67:
         ed:f8:0b:0a:fa:56:52:22:3a:a0:af:46:a8:22:f2:09:81:76:
         c2:98:9c:d9:e4:41:f5:4e:b4:8d:eb:7b:30:17:a8:a8:33:94:
         0b:4d:91:fb:f9:69:88:7f:c0:3a:cb:04:de:84:1b:a2:ef:c2:
         a3:0b:e6:fa:4e:08:21:d7:37:1a:21:ea:88:d6:ce:75:75:50:
         18:e4:fb:a1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAWssimC5Rbr8H3w+lxzTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmI4Zjk2ZTljNjY3ODMyNDE2YWEzODEzN2YxOTBiODJhZWEzZWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAueIV+YqH+t+yXElHsb/aCAsHsrti
Awo3PSd5REGiJLN6ngd8q0X+rikOQkHZoz4eNxY/1kSXr9krjuO97vgLQGlLf0BT
cQGuct13mTZioy7gnc4OXdIccAHn7XfIsS0GDUSV7SENW8n1GF+9QQOuGg9Oh5sC
rBa40fLOmdaVkxyq7R+Ezq3JbuVkIUIuvq9qCfb0zmJ0e0/RKkskXgjfDQ35hJlD
fXDYEmqNSf2oyqjlwNppLZiIt7xyWp6JB2ZOORGoV3PRBBmDM/GlnlMN0aCbzOlj
LxAcIW7EIEL2629iuGz5cATCzKuBcf+9vi37Kg0mka63Hz53840n4xCfQQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOa4+W6cZngyQWqjgTfxkLgq6j6qMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvNXJqNWJweG1lREpCYXFPQk5fR1F1Q3JxUHFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQUQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAYpHJSSdo8UGTwCPVcRmmQRyQfM9a02mdY1eX+
3gbG3lZ18ajSG4h5vmzeZ+gOuG2U+w4eVhUP9lj5Aq7cnrZXUS4r7u3WnQVbKHJu
y8Q0eVuyTtxfOQ9bTgkmlLGaXm+MLcdzAIAYxKoHWprqtvDF/Uv4A1kehB+Ge3gl
59ZwJ9RYZgNNxLe26nfXElQNGSngONSwAEbLaXxnigOLjeKs8Wr9/q8y/rPdeh9v
20LH6wFFdmft+AsK+lZSIjqgr0aoIvIJgXbCmJzZ5EH1TrSN63swF6ioM5QLTZH7
+WmIf8A6ywTehBui78KjC+b6Tggh1zcaIeqI1s51dVAY5Puh
-----END CERTIFICATE-----