Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/6UVMqt6vbZtUpRherTObL5q2Vi0.roa
File:                     6UVMqt6vbZtUpRherTObL5q2Vi0.roa (raw, json)
Hash identifier:          udOywlyxbfjlZaNxNrIG+BS3aZHLaRHa6ZLLKcMDisw=
Subject key identifier:   E9:45:4C:AA:DE:AF:6D:9B:54:A5:18:5E:AD:33:9B:2F:9A:B6:56:2D
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8015B8FFC5156E812CEBB279CD2AB1D
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/6UVMqt6vbZtUpRherTObL5q2Vi0.roa
Signing time:             Tue 02 Jan 2024 02:29:41 +0000
ROA not before:           Tue 02 Jan 2024 02:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203511
IP address blocks:        2a0c:b641:6d0::/48 maxlen: 48
                          2a0c:b641:6d0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:5b:8f:fc:51:56:e8:12:ce:bb:27:9c:d2:ab:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e9454caadeaf6d9b54a5185ead339b2f9ab6562d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:e0:c4:92:c2:47:fd:d1:9c:fc:57:45:a0:b2:
                    2a:70:1b:c8:a1:2d:dd:bf:48:42:21:4b:f7:ef:7a:
                    db:bd:05:34:8f:1f:7c:67:56:80:51:e2:4f:c1:3a:
                    66:1d:ed:f7:cc:fe:9a:2e:2d:19:26:02:20:40:78:
                    0e:2f:4c:99:5f:6e:f6:94:02:40:db:e6:54:37:78:
                    63:4b:28:d2:77:60:98:1f:f3:70:18:a5:e5:5c:61:
                    d9:46:de:c8:e5:d4:bb:02:59:75:8e:8e:7b:8c:10:
                    41:4c:8c:86:c7:c8:39:6c:74:66:5c:7f:cb:ed:18:
                    43:97:e3:86:38:61:88:3b:52:e2:d7:43:de:f7:12:
                    42:72:c9:b8:ac:b9:78:67:c8:77:7b:15:2f:fe:fc:
                    55:07:3d:5b:f2:19:56:95:58:96:88:d7:ce:0d:20:
                    69:0f:40:51:b5:53:37:8f:51:35:2b:f5:d6:ff:64:
                    0f:22:df:e6:61:b6:8d:1a:79:dc:d7:d1:ed:b9:fd:
                    a9:13:e6:63:a6:ff:cf:4d:5b:cb:a5:b8:43:6a:b2:
                    c4:8b:17:a7:4f:b0:04:0d:4d:d4:6f:6d:96:c4:55:
                    3f:9b:4e:24:74:56:00:3c:e3:2e:87:c3:4f:59:75:
                    93:f9:44:e5:f3:c9:d5:d1:37:aa:a7:37:9c:21:29:
                    58:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:45:4C:AA:DE:AF:6D:9B:54:A5:18:5E:AD:33:9B:2F:9A:B6:56:2D
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/6UVMqt6vbZtUpRherTObL5q2Vi0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:6d0::/44

    Signature Algorithm: sha256WithRSAEncryption
         3e:34:3d:39:48:60:a0:d1:03:47:22:0a:25:b1:b9:8c:d5:41:
         c3:f7:4c:98:0f:43:9b:25:79:15:8a:23:c0:db:3b:79:80:85:
         98:d6:29:ff:87:14:0c:c4:71:09:73:32:45:3e:c7:08:b8:ff:
         2c:a7:ad:31:fb:0c:49:11:9c:fd:5d:b7:f2:39:f6:74:cb:bf:
         25:d7:67:16:f7:5f:c8:31:21:1e:5f:c8:32:95:ac:59:f7:f4:
         60:93:2a:4a:a5:dd:2e:f2:48:e0:a2:0b:73:34:68:f2:d9:ae:
         2d:09:a9:f8:bf:a0:33:85:fe:08:3c:d6:fe:5a:a6:a1:f6:6f:
         5b:cf:f3:f0:f5:e0:93:48:d3:b8:cf:9e:e9:52:cb:da:7b:5b:
         05:16:60:cb:28:bd:1d:07:48:17:85:03:75:12:b3:c6:f7:d3:
         9a:ef:b2:44:cc:d7:e6:bc:73:2c:ca:5f:d7:bd:e9:e9:42:ac:
         e6:ed:98:33:c5:67:e1:d1:f7:1a:c6:82:dc:ef:59:5b:23:ca:
         ab:9f:3b:69:09:46:15:e7:6d:a8:b3:c1:b5:6d:dd:93:ae:d6:
         35:72:63:aa:1b:28:a6:7f:45:65:73:d5:96:e7:40:4a:a9:6e:
         86:c0:fd:6b:07:ff:ec:83:f7:c6:ee:46:37:2f:41:37:6e:a8:
         09:3e:19:a0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAVuP/FFW6BLOuyec0qsdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTQ1NGNhYWRlYWY2ZDliNTRhNTE4NWVhZDMzOWIyZjlhYjY1NjJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkeDEksJH/dGc/FdFoLIqcBvIoS3d
v0hCIUv373rbvQU0jx98Z1aAUeJPwTpmHe33zP6aLi0ZJgIgQHgOL0yZX272lAJA
2+ZUN3hjSyjSd2CYH/NwGKXlXGHZRt7I5dS7All1jo57jBBBTIyGx8g5bHRmXH/L
7RhDl+OGOGGIO1Li10Pe9xJCcsm4rLl4Z8h3exUv/vxVBz1b8hlWlViWiNfODSBp
D0BRtVM3j1E1K/XW/2QPIt/mYbaNGnnc19Htuf2pE+Zjpv/PTVvLpbhDarLEixen
T7AEDU3Ub22WxFU/m04kdFYAPOMuh8NPWXWT+UTl88nV0TeqpzecISlYQwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOlFTKrer22bVKUYXq0zmy+atlYtMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvNlVWTXF0NnZiWnRVcFJoZXJUT2JMNXEyVmkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQbQ
MA0GCSqGSIb3DQEBCwUAA4IBAQA+ND05SGCg0QNHIgolsbmM1UHD90yYD0ObJXkV
iiPA2zt5gIWY1in/hxQMxHEJczJFPscIuP8sp60x+wxJEZz9XbfyOfZ0y78l12cW
91/IMSEeX8gylaxZ9/RgkypKpd0u8kjgogtzNGjy2a4tCan4v6Azhf4IPNb+Wqah
9m9bz/Pw9eCTSNO4z57pUsvae1sFFmDLKL0dB0gXhQN1ErPG99Oa77JEzNfmvHMs
yl/XvenpQqzm7ZgzxWfh0fcaxoLc71lbI8qrnztpCUYV522os8G1bd2TrtY1cmOq
Gyimf0Vlc9WW50BKqW6GwP1rB//sg/fG7kY3L0E3bqgJPhmg
-----END CERTIFICATE-----