Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/6jBXCEtyJnZvk9hJynzhO_PRfXM.roa
File:                     6jBXCEtyJnZvk9hJynzhO_PRfXM.roa (raw, json)
Hash identifier:          5jyUR0Hxvk3+8ghSlmC4GOCkvl4sX5xKn2RD1U0Tj+Q=
Subject key identifier:   EA:30:57:08:4B:72:26:76:6F:93:D8:49:CA:7C:E1:3B:F3:D1:7D:73
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC801693D541348D33C1210450AC6219C
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/6jBXCEtyJnZvk9hJynzhO_PRfXM.roa
Signing time:             Tue 02 Jan 2024 02:29:44 +0000
ROA not before:           Tue 02 Jan 2024 02:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208885
IP address blocks:        2a0c:b641:a90::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:69:3d:54:13:48:d3:3c:12:10:45:0a:c6:21:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ea3057084b7226766f93d849ca7ce13bf3d17d73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:4e:cf:62:2e:2e:d8:19:ff:de:09:b7:39:ee:
                    b0:f9:4b:b3:43:b1:19:37:01:c2:fe:70:cd:db:e9:
                    bf:d1:82:99:aa:00:14:84:d5:7e:6e:61:f6:a2:f5:
                    34:61:2c:47:08:db:ee:16:99:d9:76:73:db:a9:f6:
                    4e:b1:4e:72:e0:7e:ff:5f:61:12:a4:0d:12:d6:29:
                    2f:f6:d8:8a:0c:19:06:1b:da:4e:e6:17:b8:50:8c:
                    91:58:6c:4d:e2:b3:e1:23:29:41:01:57:4d:5e:5d:
                    54:35:95:32:74:e7:d1:7c:7f:d8:cf:87:45:6d:f0:
                    c0:92:2f:65:63:5d:dd:50:63:d2:f3:af:77:1e:51:
                    89:30:23:45:88:84:5c:44:6a:b1:24:16:41:fd:4b:
                    fb:cb:0a:eb:7d:55:75:ce:e2:84:00:41:f9:ba:cf:
                    5c:f0:b2:e6:d5:d9:f7:6a:de:e8:e8:01:c0:c2:10:
                    a4:98:bb:e8:f6:29:5c:1d:79:26:f0:35:9d:fa:31:
                    5e:81:fa:c1:28:84:41:76:d2:f1:eb:24:5d:c9:9c:
                    ed:8f:9e:79:e1:a2:58:d4:47:b8:79:b4:ef:78:73:
                    95:b1:23:eb:4d:08:84:45:46:f9:99:12:be:0f:4d:
                    4a:2d:86:09:b2:d8:5a:61:34:9d:20:44:65:df:7c:
                    43:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:30:57:08:4B:72:26:76:6F:93:D8:49:CA:7C:E1:3B:F3:D1:7D:73
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/6jBXCEtyJnZvk9hJynzhO_PRfXM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:a90::/44

    Signature Algorithm: sha256WithRSAEncryption
         65:a8:89:bd:ff:78:9f:28:f7:9f:b9:66:f6:02:f4:df:fe:29:
         9b:27:52:1b:2d:a1:b4:76:a9:57:d5:f9:e6:dc:85:02:8f:94:
         21:64:eb:d6:71:19:53:3a:09:ef:4f:5c:9f:d3:6b:8a:ee:34:
         36:c4:6b:b0:c8:a5:7b:b8:16:06:ce:6c:86:98:91:f5:4b:bb:
         0c:69:70:4e:43:c0:3e:bf:b0:7f:76:89:c2:d7:8e:9a:22:a5:
         04:bf:54:02:ac:4d:c3:96:84:42:a7:c6:7e:72:0e:22:b9:6c:
         0c:41:66:55:c5:10:be:21:3d:a1:a5:50:c2:e7:cd:d0:75:e2:
         77:10:8a:2c:17:a4:7d:e7:ed:30:1a:84:ba:36:19:5f:90:f0:
         fb:88:8c:97:94:62:2c:f5:a6:06:71:b1:18:05:a5:fa:a0:69:
         1f:81:0f:1c:51:65:2e:84:b7:16:b0:31:dd:8d:8f:f1:f8:0f:
         94:d1:ea:22:27:e1:b3:4c:13:24:60:48:02:d4:e4:87:e1:ca:
         3b:ed:13:5d:95:74:ad:a9:37:5e:a3:04:d1:ce:5a:9b:f8:04:
         d2:69:83:c0:79:bf:c3:3c:bf:60:90:b6:45:b1:f0:78:b6:06:
         ad:20:06:a3:bd:d6:80:aa:10:50:ed:33:11:cb:e8:18:9e:69:
         9b:30:88:84
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAWk9VBNI0zwSEEUKxiGcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTMwNTcwODRiNzIyNjc2NmY5M2Q4NDljYTdjZTEzYmYzZDE3ZDczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkE7PYi4u2Bn/3gm3Oe6w+UuzQ7EZ
NwHC/nDN2+m/0YKZqgAUhNV+bmH2ovU0YSxHCNvuFpnZdnPbqfZOsU5y4H7/X2ES
pA0S1ikv9tiKDBkGG9pO5he4UIyRWGxN4rPhIylBAVdNXl1UNZUydOfRfH/Yz4dF
bfDAki9lY13dUGPS8693HlGJMCNFiIRcRGqxJBZB/Uv7ywrrfVV1zuKEAEH5us9c
8LLm1dn3at7o6AHAwhCkmLvo9ilcHXkm8DWd+jFegfrBKIRBdtLx6yRdyZztj555
4aJY1Ee4ebTveHOVsSPrTQiERUb5mRK+D01KLYYJsthaYTSdIERl33xDcQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOowVwhLciZ2b5PYScp84Tvz0X1zMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvNmpCWENFdHlKblp2azloSnluemhPX1BSZlhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQqQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBlqIm9/3ifKPefuWb2AvTf/imbJ1IbLaG0dqlX
1fnm3IUCj5QhZOvWcRlTOgnvT1yf02uK7jQ2xGuwyKV7uBYGzmyGmJH1S7sMaXBO
Q8A+v7B/donC146aIqUEv1QCrE3DloRCp8Z+cg4iuWwMQWZVxRC+IT2hpVDC583Q
deJ3EIosF6R95+0wGoS6NhlfkPD7iIyXlGIs9aYGcbEYBaX6oGkfgQ8cUWUuhLcW
sDHdjY/x+A+U0eoiJ+GzTBMkYEgC1OSH4co77RNdlXStqTdeowTRzlqb+ATSaYPA
eb/DPL9gkLZFsfB4tgatIAajvdaAqhBQ7TMRy+gYnmmbMIiE
-----END CERTIFICATE-----