Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/8SAmguUAnHUXSklKqHWMmpAurTY.roa
File:                     8SAmguUAnHUXSklKqHWMmpAurTY.roa (raw, json)
Hash identifier:          fGEwsKrBEav298gERnpUKO35Uemfa8hA7RtqzCLuI3o=
Subject key identifier:   F1:20:26:82:E5:00:9C:75:17:4A:49:4A:A8:75:8C:9A:90:2E:AD:36
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC80185FC73C811B7FBBAA7DBDE931281
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/8SAmguUAnHUXSklKqHWMmpAurTY.roa
Signing time:             Tue 02 Jan 2024 02:29:52 +0000
ROA not before:           Tue 02 Jan 2024 02:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216150
IP address blocks:        2a0c:b641:ae0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:85:fc:73:c8:11:b7:fb:ba:a7:db:de:93:12:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f1202682e5009c75174a494aa8758c9a902ead36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:0b:e2:dc:3c:09:a1:e2:7c:20:57:c4:3b:5c:
                    a2:a1:72:49:23:7f:85:e7:ff:4f:46:74:64:93:b3:
                    87:14:ab:b0:14:e3:c2:4b:51:5d:66:1a:14:6a:6c:
                    b5:6c:fc:92:ad:f2:98:a5:63:d1:42:da:61:c9:f5:
                    48:ce:84:42:8f:5d:8e:31:79:3f:86:bc:c3:c4:61:
                    91:83:e3:f8:2e:37:d0:29:e6:4c:6d:cb:7a:bc:40:
                    a4:be:c7:a4:0d:81:1c:4d:5f:36:7c:97:80:d7:6e:
                    76:9d:74:47:81:0d:48:c7:06:65:67:0d:cf:0a:9c:
                    0e:f3:b1:e9:e6:9c:77:8f:81:16:f1:90:b9:82:cc:
                    5b:ef:52:f1:67:10:54:06:89:ab:6b:61:93:01:8d:
                    1f:f8:31:70:97:cb:1e:5c:3e:3d:95:e3:c1:e6:4a:
                    33:16:f5:55:b2:43:09:3d:d5:94:27:f0:bb:76:b4:
                    e5:b5:c3:92:0e:ad:41:9d:f1:90:c5:9d:24:3d:56:
                    d1:d6:a2:06:3d:f5:9b:0d:b8:03:87:2c:a6:6f:47:
                    5d:55:6a:6c:65:91:aa:5c:fe:d9:ac:f8:35:46:ab:
                    f1:58:d3:1c:90:41:9c:a6:a4:a0:20:dd:31:24:2a:
                    f7:6c:04:c1:a0:7e:1e:87:23:78:10:c9:1a:27:10:
                    8d:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:20:26:82:E5:00:9C:75:17:4A:49:4A:A8:75:8C:9A:90:2E:AD:36
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/8SAmguUAnHUXSklKqHWMmpAurTY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:ae0::/44

    Signature Algorithm: sha256WithRSAEncryption
         50:27:f1:a4:49:0f:fc:42:9c:27:0c:0f:0d:70:8d:ef:8d:b2:
         2a:21:7a:d4:52:17:0d:89:bf:f9:83:5d:ce:45:03:87:25:b0:
         e3:46:56:45:03:09:2d:6b:84:46:51:a8:97:3d:6d:8c:12:b7:
         9e:9e:96:50:49:5e:15:bf:19:b8:24:c8:08:fe:17:9a:05:fe:
         30:e2:c7:91:1b:d4:3b:8d:57:bd:01:f7:9d:aa:a4:57:55:48:
         35:28:9c:e1:ff:15:ed:9d:cd:85:b9:41:ad:d8:9d:a1:e9:52:
         fa:65:f9:60:e7:dd:d4:97:30:9e:18:2c:98:04:a6:d0:66:62:
         28:6a:70:d6:22:9f:87:34:7c:80:0d:67:7a:3a:71:54:ed:c6:
         48:1a:d2:5f:6c:17:d1:91:15:e1:07:67:46:dc:e5:6f:36:53:
         56:7b:7d:4a:0e:ef:2f:10:3a:3b:47:95:4e:d1:2a:53:43:f4:
         de:64:06:6d:d4:ce:2a:57:91:33:8e:fc:30:14:3f:ac:31:0d:
         c6:30:90:91:9f:ec:1b:96:47:2c:07:63:c5:48:40:c6:fe:c3:
         d2:37:f2:1f:54:3c:6f:39:2b:dd:6a:54:66:78:bd:ad:cb:cc:
         70:1b:18:3f:8b:49:4c:de:5b:0e:da:b5:9e:db:7e:38:67:41:
         44:11:c0:52
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAYX8c8gRt/u6p9vekxKBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTIwMjY4MmU1MDA5Yzc1MTc0YTQ5NGFhODc1OGM5YTkwMmVhZDM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwvi3DwJoeJ8IFfEO1yioXJJI3+F
5/9PRnRkk7OHFKuwFOPCS1FdZhoUamy1bPySrfKYpWPRQtphyfVIzoRCj12OMXk/
hrzDxGGRg+P4LjfQKeZMbct6vECkvsekDYEcTV82fJeA1252nXRHgQ1IxwZlZw3P
CpwO87Hp5px3j4EW8ZC5gsxb71LxZxBUBomra2GTAY0f+DFwl8seXD49lePB5koz
FvVVskMJPdWUJ/C7drTltcOSDq1BnfGQxZ0kPVbR1qIGPfWbDbgDhyymb0ddVWps
ZZGqXP7ZrPg1RqvxWNMckEGcpqSgIN0xJCr3bATBoH4ehyN4EMkaJxCNnwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPEgJoLlAJx1F0pJSqh1jJqQLq02MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvOFNBbWd1VUFuSFVYU2tsS3FIV01tcEF1clRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQrg
MA0GCSqGSIb3DQEBCwUAA4IBAQBQJ/GkSQ/8QpwnDA8NcI3vjbIqIXrUUhcNib/5
g13ORQOHJbDjRlZFAwkta4RGUaiXPW2MEreenpZQSV4Vvxm4JMgI/heaBf4w4seR
G9Q7jVe9AfedqqRXVUg1KJzh/xXtnc2FuUGt2J2h6VL6Zflg593UlzCeGCyYBKbQ
ZmIoanDWIp+HNHyADWd6OnFU7cZIGtJfbBfRkRXhB2dG3OVvNlNWe31KDu8vEDo7
R5VO0SpTQ/TeZAZt1M4qV5EzjvwwFD+sMQ3GMJCRn+wblkcsB2PFSEDG/sPSN/If
VDxvOSvdalRmeL2ty8xwGxg/i0lM3lsO2rWe2344Z0FEEcBS
-----END CERTIFICATE-----