Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/C9w9NbCE31Jg93Q9qk4Lb3Svppg.roa
File:                     C9w9NbCE31Jg93Q9qk4Lb3Svppg.roa (raw, json)
Hash identifier:          s+EHSnu7RrYJXSswQ38OFFgEOHJ3HHsp+npXUsXHLlU=
Subject key identifier:   0B:DC:3D:35:B0:84:DF:52:60:F7:74:3D:AA:4E:0B:6F:74:AF:A6:98
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC80182514974050871AB4584BC2091C5
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/C9w9NbCE31Jg93Q9qk4Lb3Svppg.roa
Signing time:             Tue 02 Jan 2024 02:29:51 +0000
ROA not before:           Tue 02 Jan 2024 02:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213344
IP address blocks:        2a0c:b641:7d0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:82:51:49:74:05:08:71:ab:45:84:bc:20:91:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0bdc3d35b084df5260f7743daa4e0b6f74afa698
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:a5:4e:96:ed:7a:ff:84:24:d1:49:33:a7:53:
                    52:9a:ed:aa:8f:77:59:db:15:78:9d:a3:68:e0:a7:
                    ed:16:c6:81:a8:3b:4e:5d:54:fc:5c:e1:c3:e2:fb:
                    f1:ad:f8:d3:91:d4:fa:24:15:46:23:32:30:12:0b:
                    0c:52:45:c7:f3:7f:0c:d5:42:82:9a:16:fe:27:de:
                    68:36:27:66:57:0c:08:0c:e3:35:86:8f:49:38:17:
                    b9:57:c9:dd:df:8d:b8:3a:4d:61:ea:51:71:38:ba:
                    d9:00:26:9a:bd:b5:c5:d7:93:05:dd:3a:1a:3a:a0:
                    e2:40:a8:45:c0:7a:47:1b:a3:47:92:8b:2b:b0:e3:
                    1d:73:e2:fe:ea:8b:77:4b:87:43:ed:23:c2:e1:50:
                    46:52:ed:c3:9e:eb:62:27:4e:02:47:66:fb:0e:ea:
                    13:ef:92:1c:03:87:e7:b4:73:8d:a7:af:1a:82:ca:
                    77:f7:d5:c6:00:34:e2:fd:fa:7f:c0:dc:47:ae:64:
                    21:b6:60:77:6a:5b:56:b6:20:35:f4:90:8a:a7:53:
                    ef:2c:5c:c7:51:da:13:4d:a1:af:a7:f0:54:be:76:
                    bf:1b:c5:9b:35:42:17:b1:83:45:49:a4:77:6d:db:
                    7b:4d:df:07:01:6c:26:74:36:4f:1c:58:89:0c:36:
                    64:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:DC:3D:35:B0:84:DF:52:60:F7:74:3D:AA:4E:0B:6F:74:AF:A6:98
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/C9w9NbCE31Jg93Q9qk4Lb3Svppg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:7d0::/44

    Signature Algorithm: sha256WithRSAEncryption
         18:f7:e2:1b:91:08:b3:f6:ca:d2:ba:52:12:e5:ee:58:ef:05:
         44:c5:ff:83:71:59:44:a4:b1:9c:96:fb:28:ba:f7:22:30:2a:
         71:3d:32:43:61:54:ab:f5:95:7e:c5:ed:27:66:69:86:53:7a:
         81:e2:d6:6e:bf:8b:03:50:49:94:75:54:9e:fe:a7:be:2a:3f:
         dc:51:90:0c:e1:e0:e9:58:c5:36:eb:b1:10:cd:b7:a0:60:24:
         8b:db:1d:e6:41:fc:39:b0:81:6f:35:d0:45:a5:2f:41:f0:62:
         9d:2c:aa:3d:22:ed:58:f0:2d:ac:0b:10:aa:e1:58:b4:22:34:
         54:49:21:1d:aa:44:70:94:80:0d:3b:94:ae:a3:a3:ad:0d:eb:
         9f:ba:82:38:75:a8:5a:4b:b3:63:11:72:45:3f:a4:2b:e2:1c:
         8a:81:2e:93:b1:75:c0:4d:c7:d1:98:65:58:97:b0:9e:15:48:
         a5:d2:41:e6:59:39:a9:22:45:5c:e2:7b:88:83:54:c0:7c:44:
         56:d8:8f:11:9f:a1:7e:d3:39:ed:8b:be:d2:1c:b8:71:f1:a8:
         5f:c5:3e:ab:14:c1:f7:27:6b:03:47:80:f4:5a:84:d8:70:c3:
         bb:ec:92:6c:19:ec:1b:aa:4e:b4:c2:2b:81:a6:79:f5:ba:bb:
         14:79:db:f3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAYJRSXQFCHGrRYS8IJHFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmRjM2QzNWIwODRkZjUyNjBmNzc0M2RhYTRlMGI2Zjc0YWZhNjk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA26VOlu16/4Qk0Ukzp1NSmu2qj3dZ
2xV4naNo4KftFsaBqDtOXVT8XOHD4vvxrfjTkdT6JBVGIzIwEgsMUkXH838M1UKC
mhb+J95oNidmVwwIDOM1ho9JOBe5V8nd3424Ok1h6lFxOLrZACaavbXF15MF3Toa
OqDiQKhFwHpHG6NHkosrsOMdc+L+6ot3S4dD7SPC4VBGUu3DnutiJ04CR2b7DuoT
75IcA4fntHONp68agsp399XGADTi/fp/wNxHrmQhtmB3altWtiA19JCKp1PvLFzH
UdoTTaGvp/BUvna/G8WbNUIXsYNFSaR3bdt7Td8HAWwmdDZPHFiJDDZkhwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAvcPTWwhN9SYPd0PapOC290r6aYMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvQzl3OU5iQ0UzMUpnOTNROXFrNExiM1N2cHBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQfQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAY9+IbkQiz9srSulIS5e5Y7wVExf+DcVlEpLGc
lvsouvciMCpxPTJDYVSr9ZV+xe0nZmmGU3qB4tZuv4sDUEmUdVSe/qe+Kj/cUZAM
4eDpWMU267EQzbegYCSL2x3mQfw5sIFvNdBFpS9B8GKdLKo9Iu1Y8C2sCxCq4Vi0
IjRUSSEdqkRwlIANO5Suo6OtDeufuoI4dahaS7NjEXJFP6Qr4hyKgS6TsXXATcfR
mGVYl7CeFUil0kHmWTmpIkVc4nuIg1TAfERW2I8Rn6F+0znti77SHLhx8ahfxT6r
FMH3J2sDR4D0WoTYcMO77JJsGewbqk60wiuBpnn1ursUedvz
-----END CERTIFICATE-----