Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/DJxgjZ9xdCybNcSnH3Gil1MX8so.roa
File:                     DJxgjZ9xdCybNcSnH3Gil1MX8so.roa (raw, json)
Hash identifier:          730h3zJDRl22i38+gCHHp35LCiHH9TBPd5K5W1J9Dpk=
Subject key identifier:   0C:9C:60:8D:9F:71:74:2C:9B:35:C4:A7:1F:71:A2:97:53:17:F2:CA
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8014BE7A2580D883D3DAF4A225C8B8D
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/DJxgjZ9xdCybNcSnH3Gil1MX8so.roa
Signing time:             Tue 02 Jan 2024 02:29:37 +0000
ROA not before:           Tue 02 Jan 2024 02:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48646
IP address blocks:        2a0c:b642:1a09::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:4b:e7:a2:58:0d:88:3d:3d:af:4a:22:5c:8b:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c9c608d9f71742c9b35c4a71f71a2975317f2ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:b3:03:76:00:70:7d:35:6b:57:bd:19:23:00:
                    5f:4d:bc:c1:fd:51:b4:90:33:bd:ed:9f:02:3f:e3:
                    9b:cb:2e:db:0e:70:ad:63:d0:9a:6e:94:9d:a6:c2:
                    4c:6d:8d:5f:11:de:87:53:7f:97:b0:79:a5:c0:73:
                    98:86:f3:67:5a:d8:d2:60:19:ec:39:d4:a6:d0:63:
                    63:37:9a:65:cf:99:ab:12:93:4e:e9:51:22:9f:38:
                    3e:ee:04:f3:b9:d5:e8:3f:89:00:a6:8a:b1:ca:46:
                    74:71:57:3d:4c:63:e5:c7:96:ff:56:91:a3:49:29:
                    a4:59:50:a6:f6:65:1b:b1:98:3f:df:23:0d:55:d5:
                    76:69:e1:f6:c1:ae:45:6f:4d:54:34:8e:5b:06:68:
                    42:80:ee:8e:8e:24:81:5e:c3:d0:b3:59:23:90:97:
                    b1:1c:30:1e:cf:89:e6:78:18:a3:07:ff:4f:13:d2:
                    fa:a9:58:f5:fc:8d:55:8c:2e:45:76:e2:3f:a1:75:
                    6a:0a:02:be:7a:30:c3:28:fd:d2:e5:0c:22:32:ae:
                    6a:19:a7:6c:d8:36:ee:08:be:13:a5:ab:21:59:84:
                    67:5b:03:97:f0:6f:a1:86:b1:ed:65:12:e0:21:ef:
                    f7:9f:81:c1:e6:d7:b4:8f:df:45:67:12:10:62:74:
                    d0:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:9C:60:8D:9F:71:74:2C:9B:35:C4:A7:1F:71:A2:97:53:17:F2:CA
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/DJxgjZ9xdCybNcSnH3Gil1MX8so.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b642:1a09::/48

    Signature Algorithm: sha256WithRSAEncryption
         57:0b:02:78:2c:af:69:27:34:cc:31:37:c1:f1:7c:97:b2:87:
         f9:7f:de:e5:b5:c9:d7:0d:cb:32:6c:41:2d:c5:b1:b4:b6:7e:
         cc:f9:21:09:cc:d8:20:b2:89:26:bb:e8:5d:33:25:9f:f7:e4:
         6a:50:fb:dc:bf:f1:1c:8e:67:7e:24:62:62:f1:f5:11:73:da:
         44:92:38:a2:33:02:02:28:54:7f:a6:9e:6d:1c:43:aa:91:3a:
         fc:87:a4:54:1b:38:37:dc:6e:b9:a0:3f:c3:d3:8e:2c:ee:6e:
         fa:a6:e8:e8:39:e3:f7:22:98:07:bf:28:74:d6:67:8c:0e:80:
         b5:21:c6:cf:93:93:9b:66:76:e7:15:bb:4e:d1:76:5a:1c:fd:
         ca:3b:8e:1e:9d:ea:21:88:61:54:a8:0b:7f:92:b3:a0:0b:b4:
         cc:32:06:f4:b8:c7:14:ab:43:83:9a:54:7a:d8:b8:4e:75:96:
         75:ff:02:ef:60:b5:2e:1a:66:3d:3e:a0:43:4a:fb:d1:52:b7:
         eb:9d:68:6f:36:9c:c7:2a:7c:8f:df:dd:6d:e6:ab:da:9e:e4:
         32:68:20:b8:ae:52:c4:06:4c:b2:12:27:ba:c7:04:a9:4d:ca:
         78:a1:4a:32:0a:83:39:7c:bf:8e:b6:bb:79:7b:2a:6b:25:73:
         b4:29:74:db
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAUvnolgNiD09r0oiXIuNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzljNjA4ZDlmNzE3NDJjOWIzNWM0YTcxZjcxYTI5NzUzMTdmMmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAirMDdgBwfTVrV70ZIwBfTbzB/VG0
kDO97Z8CP+Obyy7bDnCtY9CabpSdpsJMbY1fEd6HU3+XsHmlwHOYhvNnWtjSYBns
OdSm0GNjN5plz5mrEpNO6VEinzg+7gTzudXoP4kApoqxykZ0cVc9TGPlx5b/VpGj
SSmkWVCm9mUbsZg/3yMNVdV2aeH2wa5Fb01UNI5bBmhCgO6OjiSBXsPQs1kjkJex
HDAez4nmeBijB/9PE9L6qVj1/I1VjC5FduI/oXVqCgK+ejDDKP3S5QwiMq5qGads
2DbuCL4TpashWYRnWwOX8G+hhrHtZRLgIe/3n4HB5te0j99FZxIQYnTQWwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAycYI2fcXQsmzXEpx9xopdTF/LKMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvREp4Z2paOXhkQ3liTmNTbkgzR2lsMU1YOHNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgy2QhoJ
MA0GCSqGSIb3DQEBCwUAA4IBAQBXCwJ4LK9pJzTMMTfB8XyXsof5f97ltcnXDcsy
bEEtxbG0tn7M+SEJzNggsokmu+hdMyWf9+RqUPvcv/Ecjmd+JGJi8fURc9pEkjii
MwICKFR/pp5tHEOqkTr8h6RUGzg33G65oD/D044s7m76pujoOeP3IpgHvyh01meM
DoC1IcbPk5ObZnbnFbtO0XZaHP3KO44eneohiGFUqAt/krOgC7TMMgb0uMcUq0OD
mlR62LhOdZZ1/wLvYLUuGmY9PqBDSvvRUrfrnWhvNpzHKnyP391t5qvanuQyaCC4
rlLEBkyyEie6xwSpTcp4oUoyCoM5fL+Otrt5eyprJXO0KXTb
-----END CERTIFICATE-----