Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/DhRgBtaPi-lzHFpUJdB07FC18sQ.roa
File:                     DhRgBtaPi-lzHFpUJdB07FC18sQ.roa (raw, json)
Hash identifier:          erMgVI054KXOFdmC6RsgX4QO+EaYqExxavvEb/+e9Mo=
Subject key identifier:   0E:14:60:06:D6:8F:8B:E9:73:1C:5A:54:25:D0:74:EC:50:B5:F2:C4
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC801638A400DCC5FE3C12BD467C1C4B4
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/DhRgBtaPi-lzHFpUJdB07FC18sQ.roa
Signing time:             Tue 02 Jan 2024 02:29:43 +0000
ROA not before:           Tue 02 Jan 2024 02:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207299
IP address blocks:        2a0c:b641:770::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:63:8a:40:0d:cc:5f:e3:c1:2b:d4:67:c1:c4:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e146006d68f8be9731c5a5425d074ec50b5f2c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:82:5f:53:a7:5c:bb:d1:40:bb:82:60:e7:d3:
                    61:0a:f9:a8:3e:b2:68:c2:fe:4c:b8:d8:14:72:2e:
                    3d:d8:1b:7d:89:84:f1:d4:61:5b:73:74:4d:73:23:
                    bc:a9:3d:35:1e:dc:bb:a7:f6:e8:7e:63:ba:43:2f:
                    6f:fa:75:8c:a7:04:83:71:73:e2:10:ca:de:cc:c2:
                    a6:11:d0:e8:5d:94:f6:b4:42:e3:81:72:ed:12:32:
                    e9:3e:ac:a9:5a:9d:e5:4f:9d:40:ed:a2:f1:4a:cf:
                    c5:27:95:c8:bf:a1:ba:47:e9:6e:8e:bc:ca:42:44:
                    be:61:d6:a4:c7:e6:13:c6:ef:dd:ef:1c:6d:ef:8f:
                    49:1e:5d:d7:39:fb:91:ba:22:8d:73:a7:5c:95:f1:
                    76:87:82:9e:3c:0b:18:5a:ea:f7:76:78:41:10:44:
                    7d:3f:ba:48:48:ef:c1:0c:54:f7:12:85:62:e8:78:
                    4b:37:36:df:61:4b:c4:4f:dc:c9:b6:08:69:c1:8e:
                    92:e2:dd:91:46:dc:3d:e4:c9:86:39:ef:20:ba:97:
                    d3:ea:c2:49:8e:59:e3:4b:66:18:c1:06:9d:4b:23:
                    8c:ff:e2:1f:81:3b:16:28:76:3c:98:05:33:0b:7e:
                    0e:1d:ed:ae:00:cd:65:69:54:f1:41:fd:ae:07:06:
                    34:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:14:60:06:D6:8F:8B:E9:73:1C:5A:54:25:D0:74:EC:50:B5:F2:C4
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/DhRgBtaPi-lzHFpUJdB07FC18sQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:770::/44

    Signature Algorithm: sha256WithRSAEncryption
         65:bd:12:4f:c1:e8:a5:c3:65:07:b8:1b:e1:66:37:ba:2e:22:
         b1:36:70:50:44:bd:06:ae:ec:f9:7f:19:6f:c9:06:50:6d:e5:
         78:6c:69:8e:47:5c:ff:f2:50:0e:e1:95:f0:cb:66:44:0a:e6:
         d3:aa:10:69:49:a7:e7:43:18:2b:e6:7a:92:fa:84:89:7e:5f:
         72:81:2d:46:7e:e3:fe:09:53:7a:f9:52:f7:1d:9d:f1:75:8d:
         ea:78:0c:4d:11:15:98:55:e2:e4:a2:0b:85:a0:ce:6b:f8:41:
         4f:1e:b6:81:e2:24:65:c8:87:10:3f:19:e5:6a:05:08:24:8f:
         b6:8d:fc:f1:80:2c:21:6d:82:89:0c:96:d2:67:f0:49:0f:3e:
         ef:be:e8:0d:61:d4:05:ef:ae:fa:38:4a:8d:21:28:ca:8a:fa:
         f4:e7:a4:c7:50:22:83:98:14:9f:5d:2b:f6:d3:c5:24:af:0e:
         a8:65:ea:c1:1b:98:d3:cf:e1:03:c3:4f:2a:33:4c:26:26:2c:
         46:e5:f4:57:9f:b6:5f:cb:08:95:6f:bc:7d:38:e1:68:c5:be:
         ae:ad:6b:c4:80:2c:d1:b8:48:c2:2d:79:04:73:5c:85:66:f3:
         dd:f5:f1:55:ce:19:ae:98:c6:c7:00:b9:97:64:37:10:1a:9c:
         b5:d4:28:a1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAWOKQA3MX+PBK9RnwcS0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTE0NjAwNmQ2OGY4YmU5NzMxYzVhNTQyNWQwNzRlYzUwYjVmMmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjIJfU6dcu9FAu4Jg59NhCvmoPrJo
wv5MuNgUci492Bt9iYTx1GFbc3RNcyO8qT01Hty7p/bofmO6Qy9v+nWMpwSDcXPi
EMrezMKmEdDoXZT2tELjgXLtEjLpPqypWp3lT51A7aLxSs/FJ5XIv6G6R+lujrzK
QkS+Ydakx+YTxu/d7xxt749JHl3XOfuRuiKNc6dclfF2h4KePAsYWur3dnhBEER9
P7pISO/BDFT3EoVi6HhLNzbfYUvET9zJtghpwY6S4t2RRtw95MmGOe8gupfT6sJJ
jlnjS2YYwQadSyOM/+IfgTsWKHY8mAUzC34OHe2uAM1laVTxQf2uBwY0GwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFA4UYAbWj4vpcxxaVCXQdOxQtfLEMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvRGhSZ0J0YVBpLWx6SEZwVUpkQjA3RkMxOHNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQdw
MA0GCSqGSIb3DQEBCwUAA4IBAQBlvRJPweilw2UHuBvhZje6LiKxNnBQRL0Gruz5
fxlvyQZQbeV4bGmOR1z/8lAO4ZXwy2ZECubTqhBpSafnQxgr5nqS+oSJfl9ygS1G
fuP+CVN6+VL3HZ3xdY3qeAxNERWYVeLkoguFoM5r+EFPHraB4iRlyIcQPxnlagUI
JI+2jfzxgCwhbYKJDJbSZ/BJDz7vvugNYdQF7676OEqNISjKivr056THUCKDmBSf
XSv208Ukrw6oZerBG5jTz+EDw08qM0wmJixG5fRXn7ZfywiVb7x9OOFoxb6urWvE
gCzRuEjCLXkEc1yFZvPd9fFVzhmumMbHALmXZDcQGpy11Cih
-----END CERTIFICATE-----