Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/B5bg6Rtwql1Q7x-EyrHH8KHwYGU.roa
File:                     B5bg6Rtwql1Q7x-EyrHH8KHwYGU.roa (raw, json)
Hash identifier:          y2IJJZNC47HOFT5lVnvTVDjah+ATlqpQQi5NZ/imuX4=
Subject key identifier:   07:96:E0:E9:1B:70:AA:5D:50:EF:1F:84:CA:B1:C7:F0:A1:F0:60:65
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC80177D34BF2CF800E332110A422D317
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/B5bg6Rtwql1Q7x-EyrHH8KHwYGU.roa
Signing time:             Tue 02 Jan 2024 02:29:48 +0000
ROA not before:           Tue 02 Jan 2024 02:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211367
IP address blocks:        2a0c:b641:180::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:77:d3:4b:f2:cf:80:0e:33:21:10:a4:22:d3:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0796e0e91b70aa5d50ef1f84cab1c7f0a1f06065
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:c7:a7:3e:83:ca:f4:17:47:ba:fe:86:f9:35:
                    51:8f:c0:c2:4a:0d:3c:67:9f:6f:94:9a:91:b7:d0:
                    90:a2:a4:78:32:ae:b2:5b:4d:b1:24:e4:87:3b:8d:
                    55:49:98:80:d8:c5:6a:74:ca:30:0d:60:d1:ac:e8:
                    6d:1d:0b:30:05:ed:bb:0e:97:6b:c3:42:09:00:c4:
                    e3:5e:dd:c2:88:55:dc:e9:c5:e3:69:e2:26:1a:23:
                    c1:47:83:63:82:e8:dc:e2:ba:90:62:b1:82:b8:58:
                    a9:0f:73:22:84:87:6a:83:21:5f:8f:4d:92:3a:73:
                    c8:6a:be:ee:10:74:5c:4a:94:13:07:1d:62:d7:a1:
                    da:3f:11:05:33:29:2d:fb:2b:49:77:a3:1d:9a:a8:
                    eb:b4:f7:8f:ee:57:c5:cb:2f:82:3c:a4:b2:b1:32:
                    ef:76:8d:28:a7:3b:00:f9:dd:a9:44:03:b1:fd:88:
                    9c:b8:98:d7:b4:3d:e2:22:63:75:cf:bf:cd:3a:68:
                    27:6a:85:5c:b7:38:c3:fd:c9:13:88:18:0b:f6:92:
                    69:de:68:ec:87:ec:35:a3:40:48:09:c2:e8:1c:66:
                    b3:ac:92:33:8d:3d:68:7b:e9:20:f7:e1:2d:e7:fe:
                    59:d7:f5:17:4b:c9:dc:78:41:a6:ab:a7:4b:38:d7:
                    27:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:96:E0:E9:1B:70:AA:5D:50:EF:1F:84:CA:B1:C7:F0:A1:F0:60:65
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/B5bg6Rtwql1Q7x-EyrHH8KHwYGU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:180::/44

    Signature Algorithm: sha256WithRSAEncryption
         24:5d:76:96:8c:63:1b:03:03:0f:09:03:b2:12:66:33:45:11:
         88:cc:25:8b:91:a2:87:7c:45:04:1f:c0:9a:38:9d:5e:e0:68:
         93:4f:5e:2f:8c:d9:2e:90:01:07:c6:53:96:3a:7e:79:4f:39:
         65:60:84:5f:90:fc:a3:80:c3:c2:c5:1a:75:a9:3d:e7:e8:21:
         d8:4b:21:f1:12:54:12:95:26:2c:76:55:46:3a:13:1e:5b:54:
         7f:cb:7b:06:4e:45:8e:12:21:46:71:d0:ef:ba:8a:7f:2c:a9:
         74:c1:a0:34:00:a3:4c:a2:85:35:d3:f3:23:3a:80:80:d7:cb:
         f3:58:32:2a:56:4a:df:d0:44:51:d7:89:63:30:92:f6:c9:7d:
         82:04:43:4c:2c:22:31:c3:bc:5a:bc:37:dd:1f:90:9d:af:bb:
         31:99:77:b7:fd:62:27:3e:bb:37:e0:f9:12:bc:71:52:1b:26:
         ff:45:6c:7b:1e:4a:c9:03:a2:7f:93:09:6b:71:f3:13:57:53:
         d7:90:4f:ab:18:ef:0d:c1:ab:00:26:b0:ba:1a:da:07:7e:0b:
         ff:23:9b:39:26:b0:6c:da:45:53:74:d2:9b:53:4d:19:db:cc:
         e1:e3:34:78:c5:23:a3:10:5e:4f:c2:7b:85:87:38:4e:fd:df:
         15:93:56:c7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAXfTS/LPgA4zIRCkItMXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzk2ZTBlOTFiNzBhYTVkNTBlZjFmODRjYWIxYzdmMGExZjA2MDY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtcenPoPK9BdHuv6G+TVRj8DCSg08
Z59vlJqRt9CQoqR4Mq6yW02xJOSHO41VSZiA2MVqdMowDWDRrOhtHQswBe27Dpdr
w0IJAMTjXt3CiFXc6cXjaeImGiPBR4Njgujc4rqQYrGCuFipD3MihIdqgyFfj02S
OnPIar7uEHRcSpQTBx1i16HaPxEFMykt+ytJd6MdmqjrtPeP7lfFyy+CPKSysTLv
do0opzsA+d2pRAOx/YicuJjXtD3iImN1z7/NOmgnaoVctzjD/ckTiBgL9pJp3mjs
h+w1o0BICcLoHGazrJIzjT1oe+kg9+Et5/5Z1/UXS8nceEGmq6dLONcnQQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAeW4OkbcKpdUO8fhMqxx/Ch8GBlMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvQjViZzZSdHdxbDFRN3gtRXlySEg4S0h3WUdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQGA
MA0GCSqGSIb3DQEBCwUAA4IBAQAkXXaWjGMbAwMPCQOyEmYzRRGIzCWLkaKHfEUE
H8CaOJ1e4GiTT14vjNkukAEHxlOWOn55TzllYIRfkPyjgMPCxRp1qT3n6CHYSyHx
ElQSlSYsdlVGOhMeW1R/y3sGTkWOEiFGcdDvuop/LKl0waA0AKNMooU10/MjOoCA
18vzWDIqVkrf0ERR14ljMJL2yX2CBENMLCIxw7xavDfdH5Cdr7sxmXe3/WInPrs3
4PkSvHFSGyb/RWx7HkrJA6J/kwlrcfMTV1PXkE+rGO8NwasAJrC6GtoHfgv/I5s5
JrBs2kVTdNKbU00Z28zh4zR4xSOjEF5PwnuFhzhO/d8Vk1bH
-----END CERTIFICATE-----