Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BmO5qB-FR8NApx16BbjFQP7LXAA.roa
File:                     BmO5qB-FR8NApx16BbjFQP7LXAA.roa (raw, json)
Hash identifier:          r7tfwx0F1I5viXar5qgP9mkz1IEPlxSBQ7tGDCL2jBY=
Subject key identifier:   06:63:B9:A8:1F:85:47:C3:40:A7:1D:7A:05:B8:C5:40:FE:CB:5C:00
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC801759C2AD75A790CDECF77F3AED48A
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BmO5qB-FR8NApx16BbjFQP7LXAA.roa
Signing time:             Tue 02 Jan 2024 02:29:47 +0000
ROA not before:           Tue 02 Jan 2024 02:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211139
IP address blocks:        2a0c:b641:160::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:75:9c:2a:d7:5a:79:0c:de:cf:77:f3:ae:d4:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0663b9a81f8547c340a71d7a05b8c540fecb5c00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:7a:06:b8:c0:e2:93:1e:4f:23:74:f1:0d:c3:
                    56:67:e3:86:2b:6b:c2:42:8b:32:6d:89:14:df:94:
                    3f:8e:3f:25:04:d7:89:fd:45:72:c9:63:b6:48:aa:
                    05:a6:5f:d9:99:68:e7:7d:09:25:63:d4:2b:8e:ac:
                    e5:cb:9a:a9:a5:76:af:3c:cc:0e:4b:b6:fa:97:86:
                    28:fe:be:52:89:05:cf:b0:42:29:e7:86:22:1d:5a:
                    f5:30:8c:05:18:e6:5f:b0:1e:40:5b:80:92:6c:ec:
                    b6:9e:61:6e:1c:51:5e:2c:48:c5:6f:50:51:0c:8f:
                    ea:a8:f8:60:41:27:dc:9b:9d:1e:12:d9:17:ee:2c:
                    5a:e8:91:b6:50:f1:5d:f2:01:9e:39:ff:a5:f3:31:
                    51:c8:4e:8a:1e:71:f3:82:89:bf:3e:e7:b6:60:7a:
                    7c:83:f8:a0:50:88:5d:07:e0:f3:ee:9b:cc:da:71:
                    c4:a8:55:bc:98:bb:f5:9b:4e:a2:68:2a:be:a0:4e:
                    d7:fb:c2:d8:a6:54:0a:32:19:51:db:a2:b7:6b:da:
                    88:3d:88:fe:7a:4a:a1:a1:71:c9:4c:ed:9f:4d:ac:
                    3b:f5:84:02:87:65:5e:1e:cd:df:9b:ca:66:83:99:
                    ec:72:53:ec:67:2b:30:62:ab:1f:3f:2c:22:6c:98:
                    06:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:63:B9:A8:1F:85:47:C3:40:A7:1D:7A:05:B8:C5:40:FE:CB:5C:00
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BmO5qB-FR8NApx16BbjFQP7LXAA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:160::/44

    Signature Algorithm: sha256WithRSAEncryption
         67:0f:55:b2:12:26:e4:1d:ba:f5:e4:d9:d5:59:6b:f6:9c:16:
         6f:83:65:27:ec:87:27:88:00:16:44:7d:3c:3e:cf:4e:8b:b7:
         b0:b4:6b:3d:f7:ad:ba:8f:cc:d4:fb:45:15:0f:9c:07:0d:b8:
         c9:12:62:b1:4b:ac:c5:a1:4a:df:7b:fc:95:af:4d:1f:ed:61:
         16:75:d3:54:5a:e5:6c:e0:4a:4e:3b:b4:b7:41:66:45:77:6b:
         28:d0:60:b5:7c:9a:60:b5:ef:ce:a3:8a:50:ec:c4:c0:0d:fd:
         a5:34:20:c6:5f:b1:df:2c:54:e9:11:83:af:8d:d0:43:91:9f:
         37:d4:2c:28:67:46:de:f5:3d:84:a4:cf:2b:6b:07:ef:83:91:
         9f:98:26:73:54:4f:d2:97:3a:13:48:ca:77:a4:4a:20:af:c8:
         9f:08:41:54:b1:a9:3b:ab:84:59:59:b3:bf:0b:f6:c0:cd:97:
         82:cf:99:e2:bf:02:08:47:a7:ed:99:41:9d:3b:c4:2d:4e:ce:
         92:5a:2f:9e:37:32:2e:7f:16:48:54:0c:e7:05:7e:e1:81:9d:
         3c:4d:b4:54:7b:44:af:f6:c5:36:7f:c9:57:02:9e:f5:4d:21:
         40:da:9a:88:bb:52:ac:b7:e7:13:37:f0:5c:64:3d:dd:50:f8:
         ed:34:fd:b2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAXWcKtdaeQzez3fzrtSKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjYzYjlhODFmODU0N2MzNDBhNzFkN2EwNWI4YzU0MGZlY2I1YzAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjHoGuMDikx5PI3TxDcNWZ+OGK2vC
QosybYkU35Q/jj8lBNeJ/UVyyWO2SKoFpl/ZmWjnfQklY9Qrjqzly5qppXavPMwO
S7b6l4Yo/r5SiQXPsEIp54YiHVr1MIwFGOZfsB5AW4CSbOy2nmFuHFFeLEjFb1BR
DI/qqPhgQSfcm50eEtkX7ixa6JG2UPFd8gGeOf+l8zFRyE6KHnHzgom/Pue2YHp8
g/igUIhdB+Dz7pvM2nHEqFW8mLv1m06iaCq+oE7X+8LYplQKMhlR26K3a9qIPYj+
ekqhoXHJTO2fTaw79YQCh2VeHs3fm8pmg5nsclPsZyswYqsfPywibJgGcQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAZjuagfhUfDQKcdegW4xUD+y1wAMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvQm1PNXFCLUZSOE5BcHgxNkJiakZRUDdMWEFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQFg
MA0GCSqGSIb3DQEBCwUAA4IBAQBnD1WyEibkHbr15NnVWWv2nBZvg2Un7IcniAAW
RH08Ps9Oi7ewtGs99626j8zU+0UVD5wHDbjJEmKxS6zFoUrfe/yVr00f7WEWddNU
WuVs4EpOO7S3QWZFd2so0GC1fJpgte/Oo4pQ7MTADf2lNCDGX7HfLFTpEYOvjdBD
kZ831CwoZ0be9T2EpM8rawfvg5GfmCZzVE/SlzoTSMp3pEogr8ifCEFUsak7q4RZ
WbO/C/bAzZeCz5nivwIIR6ftmUGdO8QtTs6SWi+eNzIufxZIVAznBX7hgZ08TbRU
e0Sv9sU2f8lXAp71TSFA2pqIu1Kst+cTN/BcZD3dUPjtNP2y
-----END CERTIFICATE-----