Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BJ7BY5TEEL7l8-PWEyEHUuH0srw.roa
File:                     BJ7BY5TEEL7l8-PWEyEHUuH0srw.roa (raw, json)
Hash identifier:          PQ6Cu16ZHeyZi6IIyPcrI4LJk/6pF6CLFPgBg6tSeAk=
Subject key identifier:   04:9E:C1:63:94:C4:10:BE:E5:F3:E3:D6:13:21:07:52:E1:F4:B2:BC
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8014C3A04DD495F1B00A83B935A9724
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BJ7BY5TEEL7l8-PWEyEHUuH0srw.roa
Signing time:             Tue 02 Jan 2024 02:29:37 +0000
ROA not before:           Tue 02 Jan 2024 02:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49367
IP address blocks:        2a0c:b642:1a05::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:4c:3a:04:dd:49:5f:1b:00:a8:3b:93:5a:97:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=049ec16394c410bee5f3e3d613210752e1f4b2bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:0f:7b:14:2a:65:e4:91:c8:f2:7a:97:37:68:
                    07:ba:77:61:36:63:7d:db:7e:06:ef:be:ec:7a:00:
                    2a:9b:1d:ba:c2:09:9a:e0:7b:a7:ae:26:b2:0f:49:
                    c0:b9:b3:5e:e9:e9:27:c4:3f:16:4c:6a:57:51:71:
                    dd:90:cf:e7:05:0a:c2:91:11:e8:8f:63:01:9c:8c:
                    63:17:fc:b4:91:db:db:2a:6c:c3:d5:24:97:44:8f:
                    bb:04:c0:b3:70:27:07:96:0b:ba:7b:f3:78:4d:4e:
                    4b:20:91:e4:83:7e:b4:78:20:22:35:fe:6e:9c:58:
                    8e:32:93:5a:ae:78:b7:5d:20:f4:a9:10:1b:24:80:
                    41:81:1c:34:cb:68:23:9e:77:47:01:45:e1:85:0f:
                    05:86:de:b4:2f:5d:e2:fb:cb:ad:43:47:b6:24:3e:
                    73:97:4e:3e:ee:7e:df:37:d6:33:d5:ea:43:01:17:
                    88:b7:08:ca:3c:31:a3:50:27:01:6e:d0:79:cf:51:
                    76:e9:44:1b:18:e0:05:eb:d8:91:df:d1:d0:4f:0c:
                    93:51:98:ff:6e:1a:bc:74:8a:e9:86:52:4d:ec:40:
                    0d:b9:cf:c3:fc:9a:4c:d1:c1:1c:9b:37:21:f9:68:
                    43:a3:bf:87:9d:bf:57:63:61:db:d9:2f:e0:cc:09:
                    cf:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:9E:C1:63:94:C4:10:BE:E5:F3:E3:D6:13:21:07:52:E1:F4:B2:BC
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BJ7BY5TEEL7l8-PWEyEHUuH0srw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b642:1a05::/48

    Signature Algorithm: sha256WithRSAEncryption
         78:4f:00:90:ec:fe:06:dc:5e:f8:a6:ee:b2:35:29:b0:d8:51:
         96:13:c0:80:1c:85:f5:25:b6:b6:ba:1b:72:07:ad:05:a2:bf:
         a7:0e:b4:65:e7:3e:eb:62:5d:cb:ef:46:82:82:fc:3e:88:fc:
         89:69:6f:0c:fe:c8:42:90:5a:c7:40:bc:35:7b:c0:cc:f3:aa:
         ed:c7:1d:26:66:af:23:31:f8:d2:d4:1f:d3:4f:11:d4:87:84:
         6e:bd:84:ef:8f:67:e5:b0:06:aa:37:f1:0e:85:03:71:61:2d:
         92:44:d3:85:e9:63:23:fe:71:ce:d1:e2:94:98:78:a2:0d:65:
         a6:4d:80:f0:81:b8:40:b0:0c:10:e3:1a:53:0a:c4:0f:7d:ab:
         f7:89:f2:3e:dd:d6:c2:2c:72:59:64:bb:47:28:40:e2:6e:e4:
         21:b3:80:76:6f:5a:b1:c4:fc:0b:0c:c0:75:ae:67:ac:eb:88:
         29:ff:f3:d1:74:f6:f4:f5:92:e4:a9:87:ec:fc:c6:d7:2e:8f:
         35:d4:c9:fb:17:a9:ff:84:64:aa:bb:df:7d:87:44:c6:b7:43:
         7d:a9:fe:cc:97:b2:96:33:e1:89:c7:b9:00:04:f7:b0:9f:a8:
         ec:2c:f9:65:b3:ed:34:56:0d:fb:93:cd:cc:a9:3e:b6:04:af:
         6a:3c:af:5e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAUw6BN1JXxsAqDuTWpckMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDllYzE2Mzk0YzQxMGJlZTVmM2UzZDYxMzIxMDc1MmUxZjRiMmJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtQ97FCpl5JHI8nqXN2gHundhNmN9
234G777segAqmx26wgma4HunriayD0nAubNe6eknxD8WTGpXUXHdkM/nBQrCkRHo
j2MBnIxjF/y0kdvbKmzD1SSXRI+7BMCzcCcHlgu6e/N4TU5LIJHkg360eCAiNf5u
nFiOMpNarni3XSD0qRAbJIBBgRw0y2gjnndHAUXhhQ8Fht60L13i+8utQ0e2JD5z
l04+7n7fN9Yz1epDAReItwjKPDGjUCcBbtB5z1F26UQbGOAF69iR39HQTwyTUZj/
bhq8dIrphlJN7EANuc/D/JpM0cEcmzch+WhDo7+Hnb9XY2Hb2S/gzAnPXQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFASewWOUxBC+5fPj1hMhB1Lh9LK8MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvQko3Qlk1VEVFTDdsOC1QV0V5RUhVdUgwc3J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgy2QhoF
MA0GCSqGSIb3DQEBCwUAA4IBAQB4TwCQ7P4G3F74pu6yNSmw2FGWE8CAHIX1Jba2
uhtyB60For+nDrRl5z7rYl3L70aCgvw+iPyJaW8M/shCkFrHQLw1e8DM86rtxx0m
Zq8jMfjS1B/TTxHUh4RuvYTvj2flsAaqN/EOhQNxYS2SRNOF6WMj/nHO0eKUmHii
DWWmTYDwgbhAsAwQ4xpTCsQPfav3ifI+3dbCLHJZZLtHKEDibuQhs4B2b1qxxPwL
DMB1rmes64gp//PRdPb09ZLkqYfs/MbXLo811Mn7F6n/hGSqu999h0TGt0N9qf7M
l7KWM+GJx7kABPewn6jsLPlls+00Vg37k83MqT62BK9qPK9e
-----END CERTIFICATE-----