Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/6I6pA8416WB06FI92t6BDm5IYcw.roa
File:                     6I6pA8416WB06FI92t6BDm5IYcw.roa (raw, json)
Hash identifier:          +iifmlO9gOScY1teKQEj+UsFG817ERyajAmCDupDlYQ=
Subject key identifier:   E8:8E:A9:03:CE:35:E9:60:74:E8:52:3D:DA:DE:81:0E:6E:48:61:CC
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC801807EBE27ADDEC72A59F7138BE957
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/6I6pA8416WB06FI92t6BDm5IYcw.roa
Signing time:             Tue 02 Jan 2024 02:29:50 +0000
ROA not before:           Tue 02 Jan 2024 02:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213154
IP address blocks:        2a0c:b641:100::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:80:7e:be:27:ad:de:c7:2a:59:f7:13:8b:e9:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e88ea903ce35e96074e8523ddade810e6e4861cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:6b:36:d1:3f:86:cb:ec:78:73:8e:48:c1:4c:
                    4c:02:47:09:8e:b7:f4:7d:d8:42:6d:56:6a:0e:91:
                    6a:b1:4a:74:13:07:fd:be:c2:4f:9d:65:6f:6a:9a:
                    af:6b:ef:cf:83:41:2c:c1:97:6a:66:fd:7d:eb:3b:
                    79:ca:89:8e:7f:0a:18:27:c1:b1:ea:bb:42:a8:9a:
                    f0:a7:07:0f:a5:ea:ef:e6:8c:47:c6:49:2e:fa:b0:
                    61:0b:9e:18:92:1f:34:05:a9:44:db:24:6f:8d:59:
                    e4:90:f5:42:dc:97:15:4c:13:9e:3c:30:7e:77:aa:
                    8a:cf:84:e2:3e:de:e0:dd:28:f7:7f:9f:08:34:66:
                    0b:1e:43:12:87:7b:20:83:ad:56:7e:ef:59:ab:d4:
                    4a:35:47:dd:fd:2f:a8:56:69:00:65:98:47:f9:98:
                    63:45:8e:87:bb:3d:5b:8f:48:03:54:a6:f7:84:71:
                    ec:22:f2:47:dc:c6:9a:94:c0:3f:41:be:ac:b1:28:
                    70:33:3a:f1:03:8e:61:1c:62:93:7a:5f:26:19:63:
                    f2:cd:92:b9:7f:73:2c:75:1b:ec:7f:13:a6:bf:5d:
                    f2:55:e9:f0:45:a9:e6:99:bd:5a:02:95:07:69:ff:
                    d7:33:88:03:f4:8a:5a:cc:02:b2:15:c6:06:26:b9:
                    99:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:8E:A9:03:CE:35:E9:60:74:E8:52:3D:DA:DE:81:0E:6E:48:61:CC
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/6I6pA8416WB06FI92t6BDm5IYcw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:100::/44

    Signature Algorithm: sha256WithRSAEncryption
         72:49:28:7f:b8:83:bd:96:85:c8:89:70:4c:4c:e2:b1:02:ab:
         94:84:73:63:c9:95:8d:00:26:6b:eb:af:a3:cd:86:69:61:99:
         e7:3b:0b:26:e0:44:21:e5:3d:13:b7:ac:6a:ea:8b:88:79:69:
         1d:77:03:08:40:16:12:bd:f7:a3:a3:8c:ed:a0:09:ab:9b:86:
         a1:58:35:a3:c6:61:ce:49:0a:ac:35:43:70:99:99:4b:e3:db:
         f3:01:38:42:8d:60:57:1b:13:d0:49:60:d5:c1:95:24:38:d6:
         81:ee:89:e1:b7:bb:75:94:a2:f1:05:cc:49:75:83:b9:17:48:
         b8:9c:3f:78:76:0d:91:a4:a1:4f:a6:6e:dd:39:12:6f:56:47:
         e6:32:06:62:5f:2a:d4:88:71:5d:a9:f5:9d:84:a1:fe:f7:67:
         da:ec:9f:3c:b5:45:e9:1e:e3:8b:e5:b8:4b:fa:df:f8:bd:ac:
         c0:99:92:1e:d4:96:81:8c:06:80:6d:4a:72:98:80:1d:04:d6:
         1a:0b:d4:ec:e0:24:3e:8e:f3:7c:1c:11:9d:c3:f3:2e:4d:d2:
         97:0d:05:2e:fb:a1:14:4e:9b:32:52:a6:9f:4e:07:e2:21:83:
         65:d2:f5:ed:67:fe:4c:db:73:0e:24:a9:f6:73:d0:79:30:c9:
         f9:92:d3:7b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAYB+viet3scqWfcTi+lXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODhlYTkwM2NlMzVlOTYwNzRlODUyM2RkYWRlODEwZTZlNDg2MWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmGs20T+Gy+x4c45IwUxMAkcJjrf0
fdhCbVZqDpFqsUp0Ewf9vsJPnWVvapqva+/Pg0EswZdqZv196zt5yomOfwoYJ8Gx
6rtCqJrwpwcPperv5oxHxkku+rBhC54Ykh80BalE2yRvjVnkkPVC3JcVTBOePDB+
d6qKz4TiPt7g3Sj3f58INGYLHkMSh3sgg61Wfu9Zq9RKNUfd/S+oVmkAZZhH+Zhj
RY6Huz1bj0gDVKb3hHHsIvJH3MaalMA/Qb6ssShwMzrxA45hHGKTel8mGWPyzZK5
f3MsdRvsfxOmv13yVenwRanmmb1aApUHaf/XM4gD9IpazAKyFcYGJrmZhwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOiOqQPONelgdOhSPdregQ5uSGHMMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvNkk2cEE4NDE2V0IwNkZJOTJ0NkJEbTVJWWN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQEA
MA0GCSqGSIb3DQEBCwUAA4IBAQBySSh/uIO9loXIiXBMTOKxAquUhHNjyZWNACZr
66+jzYZpYZnnOwsm4EQh5T0Tt6xq6ouIeWkddwMIQBYSvfejo4ztoAmrm4ahWDWj
xmHOSQqsNUNwmZlL49vzAThCjWBXGxPQSWDVwZUkONaB7onht7t1lKLxBcxJdYO5
F0i4nD94dg2RpKFPpm7dORJvVkfmMgZiXyrUiHFdqfWdhKH+92fa7J88tUXpHuOL
5bhL+t/4vazAmZIe1JaBjAaAbUpymIAdBNYaC9Ts4CQ+jvN8HBGdw/MuTdKXDQUu
+6EUTpsyUqafTgfiIYNl0vXtZ/5M23MOJKn2c9B5MMn5ktN7
-----END CERTIFICATE-----