Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Aq3tItZn8d14n5SAUifjxxy7URg.roa
File:                     Aq3tItZn8d14n5SAUifjxxy7URg.roa (raw, json)
Hash identifier:          S2KyDrLrh6kKxnpkDko/1pbRHH5c679+cPkEMQD8Mgo=
Subject key identifier:   02:AD:ED:22:D6:67:F1:DD:78:9F:94:80:52:27:E3:C7:1C:BB:51:18
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC801458C5D09BEAB87F9FED681CC3D88
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Aq3tItZn8d14n5SAUifjxxy7URg.roa
Signing time:             Tue 02 Jan 2024 02:29:35 +0000
ROA not before:           Tue 02 Jan 2024 02:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7489
IP address blocks:        2a0c:b642:1a07::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:45:8c:5d:09:be:ab:87:f9:fe:d6:81:cc:3d:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=02aded22d667f1dd789f94805227e3c71cbb5118
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:23:54:a6:15:b2:7a:3f:2e:57:52:3f:4a:05:
                    47:6d:88:9b:12:ff:35:17:30:ab:99:cb:97:3e:97:
                    c2:25:fe:0f:de:72:bf:2a:48:d8:19:e2:10:da:92:
                    46:3a:bf:be:e5:8d:ff:ed:01:d5:b3:1e:2f:b5:26:
                    31:11:87:a1:3d:18:0a:e2:d6:b0:fd:78:07:46:bb:
                    a6:b1:10:1f:c5:b4:77:62:48:16:30:aa:6b:92:7a:
                    ba:92:b9:2c:b1:fd:de:34:05:4d:65:ab:d2:b0:ba:
                    ff:99:28:fb:53:b6:4f:5b:bd:18:db:83:57:20:f5:
                    6f:2f:30:97:42:94:e9:6e:a4:73:2c:2f:c3:71:b2:
                    8f:92:88:c7:30:68:31:b9:66:61:59:88:2c:f2:4e:
                    65:31:79:80:7a:b4:68:34:69:60:73:70:19:13:f1:
                    94:e6:f3:06:27:e1:52:34:2a:b1:7b:60:88:1d:10:
                    fa:f2:a5:ac:a8:1d:71:6c:68:79:56:9c:ef:3e:8b:
                    61:88:5c:d4:18:03:1b:a5:ee:c4:f4:87:8e:4d:ae:
                    aa:3c:85:ac:4e:50:c4:cc:a1:d0:92:9b:81:91:ac:
                    73:61:7b:b8:52:99:1f:40:bd:2b:f4:d4:14:ce:e4:
                    d7:c1:9a:fb:a9:73:57:d7:3e:4f:54:79:23:83:b6:
                    df:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:AD:ED:22:D6:67:F1:DD:78:9F:94:80:52:27:E3:C7:1C:BB:51:18
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Aq3tItZn8d14n5SAUifjxxy7URg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b642:1a07::/48

    Signature Algorithm: sha256WithRSAEncryption
         a0:50:e8:19:1b:3e:9f:69:d4:97:74:94:65:a3:1e:44:c7:b8:
         8a:a5:2f:35:ab:42:64:49:67:de:4b:c0:68:1d:f3:95:76:90:
         d6:9b:96:46:7a:aa:8a:02:48:7d:11:08:96:72:dc:de:99:1d:
         aa:ca:6c:42:74:86:dd:06:1a:9b:aa:a6:38:14:cd:85:3c:74:
         24:03:c7:dc:e0:77:eb:bb:ac:71:21:d2:26:37:19:ce:94:97:
         71:43:d7:c4:43:bb:f1:80:a0:77:fa:e6:44:61:b7:a7:ff:f7:
         44:61:b9:65:ee:c1:a5:6e:39:21:6e:fe:9c:d2:39:62:f0:43:
         ae:2d:60:65:7b:45:8b:61:8c:d4:c3:34:a4:2b:4f:5b:59:da:
         ac:69:45:da:57:3e:94:27:b2:d0:20:c7:56:b3:17:c9:2d:c2:
         7e:b7:af:a7:bf:b2:19:96:a4:a6:27:00:a6:36:86:98:0c:19:
         3c:7b:c3:81:95:ac:3f:7a:68:a7:1d:a7:1a:a5:18:53:5a:c2:
         b9:e8:87:88:b7:4e:b7:c1:b7:58:35:83:7e:72:31:b3:3a:19:
         a7:14:43:07:7b:88:5a:de:2e:4f:4d:61:f6:d7:23:c3:1e:84:
         c3:b4:a5:75:8e:58:7b:2a:52:85:3b:c6:4c:5b:25:65:3d:16:
         7c:8b:51:22
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAUWMXQm+q4f5/taBzD2IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmFkZWQyMmQ2NjdmMWRkNzg5Zjk0ODA1MjI3ZTNjNzFjYmI1MTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjSNUphWyej8uV1I/SgVHbYibEv81
FzCrmcuXPpfCJf4P3nK/KkjYGeIQ2pJGOr++5Y3/7QHVsx4vtSYxEYehPRgK4taw
/XgHRrumsRAfxbR3YkgWMKprknq6krkssf3eNAVNZavSsLr/mSj7U7ZPW70Y24NX
IPVvLzCXQpTpbqRzLC/DcbKPkojHMGgxuWZhWYgs8k5lMXmAerRoNGlgc3AZE/GU
5vMGJ+FSNCqxe2CIHRD68qWsqB1xbGh5VpzvPothiFzUGAMbpe7E9IeOTa6qPIWs
TlDEzKHQkpuBkaxzYXu4UpkfQL0r9NQUzuTXwZr7qXNX1z5PVHkjg7bfoQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAKt7SLWZ/HdeJ+UgFIn48ccu1EYMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvQXEzdEl0Wm44ZDE0bjVTQVVpZmp4eHk3VVJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgy2QhoH
MA0GCSqGSIb3DQEBCwUAA4IBAQCgUOgZGz6fadSXdJRlox5Ex7iKpS81q0JkSWfe
S8BoHfOVdpDWm5ZGeqqKAkh9EQiWctzemR2qymxCdIbdBhqbqqY4FM2FPHQkA8fc
4Hfru6xxIdImNxnOlJdxQ9fEQ7vxgKB3+uZEYben//dEYbll7sGlbjkhbv6c0jli
8EOuLWBle0WLYYzUwzSkK09bWdqsaUXaVz6UJ7LQIMdWsxfJLcJ+t6+nv7IZlqSm
JwCmNoaYDBk8e8OBlaw/eminHacapRhTWsK56IeIt063wbdYNYN+cjGzOhmnFEMH
e4ha3i5PTWH21yPDHoTDtKV1jlh7KlKFO8ZMWyVlPRZ8i1Ei
-----END CERTIFICATE-----