Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/6jce2jp94PATHCR66l7iHV3Byog.roa
File:                     6jce2jp94PATHCR66l7iHV3Byog.roa (raw, json)
Hash identifier:          E1LPExV00xm7EN4zRHZB8PeBIqO/plk9SPUJXJEpx60=
Subject key identifier:   EA:37:1E:DA:3A:7D:E0:F0:13:1C:24:7A:EA:5E:E2:1D:5D:C1:CA:88
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC80171D0FE40B5B8B00A7E6A77836E6A
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/6jce2jp94PATHCR66l7iHV3Byog.roa
Signing time:             Tue 02 Jan 2024 02:29:47 +0000
ROA not before:           Tue 02 Jan 2024 02:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210546
IP address blocks:        2a0c:b641:540::/44 maxlen: 48
                          2a0c:b641:750::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:71:d0:fe:40:b5:b8:b0:0a:7e:6a:77:83:6e:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ea371eda3a7de0f0131c247aea5ee21d5dc1ca88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:9b:bf:3c:06:9e:63:1c:0b:5e:2b:ca:e4:cc:
                    90:4d:86:35:2e:ef:36:67:0c:42:79:94:f2:47:74:
                    cb:dd:85:a2:44:3f:a1:95:7b:8d:a3:03:50:e2:45:
                    64:59:23:db:04:eb:28:72:58:26:4f:2f:c6:0c:d6:
                    96:f0:02:c7:03:d9:ee:57:03:3a:75:e7:24:94:a5:
                    9c:16:63:80:41:f7:ab:68:d3:87:22:3d:ed:26:03:
                    e0:46:b9:ac:53:66:34:07:c3:f0:55:d1:c8:df:8c:
                    3f:58:2a:aa:09:81:1d:d4:ef:8b:e6:18:56:05:c7:
                    eb:a9:c0:b3:2e:0e:54:73:f0:de:15:0f:0f:c7:ba:
                    39:a9:a5:05:4d:da:d9:c1:d1:1b:07:3a:a8:7b:88:
                    82:15:3c:28:aa:7b:10:9f:c5:4e:39:27:95:93:fd:
                    20:72:ba:57:13:57:9f:b4:ea:96:5e:e0:57:27:82:
                    4f:c9:27:8b:61:7a:8e:54:aa:d1:82:2d:8b:46:0a:
                    0e:9f:af:6a:77:3a:c0:81:be:85:05:89:73:2e:59:
                    2b:b6:ee:3a:50:53:65:3e:ce:f3:1c:b5:a5:bb:3b:
                    ff:23:4c:16:0a:43:de:3e:ba:25:99:27:53:ab:fc:
                    03:07:4c:19:07:02:8f:dc:b4:ef:57:ec:22:11:ba:
                    1c:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:37:1E:DA:3A:7D:E0:F0:13:1C:24:7A:EA:5E:E2:1D:5D:C1:CA:88
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/6jce2jp94PATHCR66l7iHV3Byog.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:540::/44
                  2a0c:b641:750::/44

    Signature Algorithm: sha256WithRSAEncryption
         88:56:c4:71:40:3f:aa:6b:5d:1f:28:a8:d4:aa:c9:fb:f3:92:
         dd:5f:d6:f6:61:02:00:82:0a:d5:31:37:be:57:93:85:13:99:
         a1:01:b8:82:cb:18:cb:d1:9a:7b:ff:b1:61:c1:c4:21:2c:ea:
         37:8c:8d:0f:8e:5c:b9:c5:9d:a9:b9:c5:06:e8:fe:31:f5:68:
         32:1b:85:4f:d3:eb:8c:39:3c:93:79:60:38:d3:8c:6f:8a:df:
         0c:90:cf:d7:aa:48:ea:a2:d4:71:34:bd:45:19:27:9b:80:8c:
         15:3c:03:20:6b:0f:45:b8:a8:ae:a8:2f:25:85:16:ea:af:e8:
         68:2b:00:d2:05:8f:57:ba:87:e1:32:56:0d:01:c5:67:af:ee:
         3c:71:19:48:33:1d:26:c6:46:71:85:ca:43:90:09:a9:ca:dc:
         2c:8f:07:89:03:ef:9f:79:6b:58:87:78:5a:49:08:9a:14:e3:
         c0:b3:de:14:41:65:39:12:d4:00:86:c7:8e:a5:6d:de:52:6e:
         cb:71:93:39:0c:1d:b3:e1:27:d1:12:af:da:b8:ac:21:2c:bc:
         3e:c0:39:0d:e1:38:e8:19:e8:ec:f9:b7:8d:4b:c7:7d:f4:b8:
         2c:5c:02:cc:d8:3d:81:0c:88:dc:9b:a6:7e:fd:95:d9:2e:08:
         a2:e9:3f:72
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzIAXHQ/kC1uLAKfmp3g25qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTM3MWVkYTNhN2RlMGYwMTMxYzI0N2FlYTVlZTIxZDVkYzFjYTg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjZu/PAaeYxwLXivK5MyQTYY1Lu82
ZwxCeZTyR3TL3YWiRD+hlXuNowNQ4kVkWSPbBOsoclgmTy/GDNaW8ALHA9nuVwM6
decklKWcFmOAQferaNOHIj3tJgPgRrmsU2Y0B8PwVdHI34w/WCqqCYEd1O+L5hhW
BcfrqcCzLg5Uc/DeFQ8Px7o5qaUFTdrZwdEbBzqoe4iCFTwoqnsQn8VOOSeVk/0g
crpXE1eftOqWXuBXJ4JPySeLYXqOVKrRgi2LRgoOn69qdzrAgb6FBYlzLlkrtu46
UFNlPs7zHLWluzv/I0wWCkPeProlmSdTq/wDB0wZBwKP3LTvV+wiEbocEQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOo3Hto6feDwExwkeupe4h1dwcqIMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvNmpjZTJqcDk0UEFUSENSNjZsN2lIVjNCeW9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKgy2QQVA
AwcEKgy2QQdQMA0GCSqGSIb3DQEBCwUAA4IBAQCIVsRxQD+qa10fKKjUqsn785Ld
X9b2YQIAggrVMTe+V5OFE5mhAbiCyxjL0Zp7/7FhwcQhLOo3jI0Pjly5xZ2pucUG
6P4x9WgyG4VP0+uMOTyTeWA404xvit8MkM/XqkjqotRxNL1FGSebgIwVPAMgaw9F
uKiuqC8lhRbqr+hoKwDSBY9XuofhMlYNAcVnr+48cRlIMx0mxkZxhcpDkAmpytws
jweJA++feWtYh3haSQiaFOPAs94UQWU5EtQAhseOpW3eUm7LcZM5DB2z4SfREq/a
uKwhLLw+wDkN4TjoGejs+beNS8d99LgsXALM2D2BDIjcm6Z+/ZXZLgii6T9y
-----END CERTIFICATE-----