Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/AVwX7SiG9APVrAERap0IW-LDUzI.roa
File:                     AVwX7SiG9APVrAERap0IW-LDUzI.roa (raw, json)
Hash identifier:          szO110t5QJm/Grf9qQ22FM7o3wGaz5Rv07+2zpyXnC0=
Subject key identifier:   01:5C:17:ED:28:86:F4:03:D5:AC:01:11:6A:9D:08:5B:E2:C3:53:32
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018E19874CC3591F362903B9BF047C6BF1F7
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/AVwX7SiG9APVrAERap0IW-LDUzI.roa
Signing time:             Thu 07 Mar 2024 15:28:01 +0000
ROA not before:           Thu 07 Mar 2024 15:28:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215355
IP address blocks:        2a0c:b641:c00::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:19:87:4c:c3:59:1f:36:29:03:b9:bf:04:7c:6b:f1:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Mar  7 15:28:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=015c17ed2886f403d5ac01116a9d085be2c35332
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:9b:40:fe:46:2c:82:ce:ac:44:82:41:db:fe:
                    76:d6:a7:04:ac:92:d4:b1:06:4e:be:e2:26:14:74:
                    68:f2:23:19:8c:e8:0b:de:83:26:80:b3:02:5c:4e:
                    cd:65:e5:37:79:4f:f5:65:74:83:e4:d1:b9:4b:85:
                    03:45:2f:96:c2:03:40:4b:ab:e7:2a:7f:3f:a5:e6:
                    8b:8e:20:1d:73:59:65:b5:3d:fa:cd:41:a5:52:66:
                    3b:51:27:7e:3f:b1:24:b6:b0:3f:09:2f:b4:0a:e0:
                    02:47:59:18:c7:dd:78:e5:53:8c:39:ff:9b:75:82:
                    33:78:27:27:1a:4c:f3:07:81:7a:62:17:37:23:da:
                    55:f1:d8:12:00:89:c1:ee:66:d6:a9:be:69:f9:c5:
                    c2:15:ab:ca:35:7a:7f:7b:0f:49:ba:5c:9f:a7:39:
                    0e:cf:26:ea:07:10:26:3b:59:9c:41:d5:47:0d:f2:
                    e9:35:34:a8:a9:a4:e8:80:73:e1:f2:5f:c4:48:22:
                    50:34:32:a0:52:f0:4c:23:11:33:03:42:a4:2b:94:
                    41:45:e0:4e:d9:bd:47:30:56:6c:be:53:3e:b7:2c:
                    70:24:19:23:07:b3:b4:93:5a:a3:f6:79:60:95:58:
                    cb:aa:91:20:a4:cc:74:99:23:e1:4b:c6:18:93:64:
                    12:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:5C:17:ED:28:86:F4:03:D5:AC:01:11:6A:9D:08:5B:E2:C3:53:32
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/AVwX7SiG9APVrAERap0IW-LDUzI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:c00::/44

    Signature Algorithm: sha256WithRSAEncryption
         50:18:64:3f:18:c1:a2:c2:1a:c9:77:79:d4:f0:b7:6c:9c:53:
         74:20:21:1e:06:0c:16:36:fc:72:d7:af:13:65:04:68:d3:2c:
         23:51:62:31:c3:e2:26:32:7a:d8:a9:44:4c:82:d9:cf:73:8e:
         37:0a:c4:72:c1:e4:64:48:f0:99:da:62:77:38:f5:2d:95:25:
         18:cc:96:81:43:28:c1:6e:f7:de:5b:22:c1:cd:3b:4c:dc:79:
         04:40:86:12:17:49:19:d9:df:79:db:5d:5f:96:c4:cb:25:5b:
         88:ba:6a:c6:b7:5c:c8:d6:6f:89:b4:c1:57:5b:d9:f3:9c:7f:
         e7:be:25:57:55:18:b6:73:ec:c4:f9:1c:7f:e6:7a:d6:5c:7d:
         a2:6c:28:1c:45:01:ec:ee:94:7e:bb:c0:dd:1a:f4:8a:0e:36:
         e4:3a:a4:6b:2c:0d:d5:c6:83:b8:f1:72:ce:b7:11:13:6b:e5:
         4e:ee:6b:03:c3:39:8a:ee:47:de:b9:dc:7d:c2:c6:2d:b2:22:
         c9:4f:80:c1:45:55:ce:ac:71:52:8a:df:bb:36:70:5c:39:2f:
         74:35:66:61:d1:fe:54:cd:0a:0c:7d:1f:8d:5b:1f:a1:1c:7b:
         1a:a8:52:d5:f8:7a:0e:10:de:6a:b7:b0:8c:6e:8a:4f:6d:75:
         cc:49:f0:56
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY4Zh0zDWR82KQO5vwR8a/H3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMzA3MTUyODAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTVjMTdlZDI4ODZmNDAzZDVhYzAxMTE2YTlkMDg1YmUyYzM1MzMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmptA/kYsgs6sRIJB2/521qcErJLU
sQZOvuImFHRo8iMZjOgL3oMmgLMCXE7NZeU3eU/1ZXSD5NG5S4UDRS+WwgNAS6vn
Kn8/peaLjiAdc1lltT36zUGlUmY7USd+P7EktrA/CS+0CuACR1kYx9145VOMOf+b
dYIzeCcnGkzzB4F6Yhc3I9pV8dgSAInB7mbWqb5p+cXCFavKNXp/ew9JulyfpzkO
zybqBxAmO1mcQdVHDfLpNTSoqaTogHPh8l/ESCJQNDKgUvBMIxEzA0KkK5RBReBO
2b1HMFZsvlM+tyxwJBkjB7O0k1qj9nlglVjLqpEgpMx0mSPhS8YYk2QSKQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAFcF+0ohvQD1awBEWqdCFviw1MyMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvQVZ3WDdTaUc5QVBWckFFUmFwMElXLUxEVXpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQwA
MA0GCSqGSIb3DQEBCwUAA4IBAQBQGGQ/GMGiwhrJd3nU8LdsnFN0ICEeBgwWNvxy
168TZQRo0ywjUWIxw+ImMnrYqURMgtnPc443CsRyweRkSPCZ2mJ3OPUtlSUYzJaB
QyjBbvfeWyLBzTtM3HkEQIYSF0kZ2d95211flsTLJVuIumrGt1zI1m+JtMFXW9nz
nH/nviVXVRi2c+zE+Rx/5nrWXH2ibCgcRQHs7pR+u8DdGvSKDjbkOqRrLA3VxoO4
8XLOtxETa+VO7msDwzmK7kfeudx9wsYtsiLJT4DBRVXOrHFSit+7NnBcOS90NWZh
0f5UzQoMfR+NWx+hHHsaqFLV+HoOEN5qt7CMbopPbXXMSfBW
-----END CERTIFICATE-----