Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/EXy8gAmBm1oJkinS9j51r2GwgE0.roa
File:                     EXy8gAmBm1oJkinS9j51r2GwgE0.roa (raw, json)
Hash identifier:          vqbp9aGAZNAM1GBmuWBAv2FJ6HiZxabKfJm7shS2boo=
Subject key identifier:   11:7C:BC:80:09:81:9B:5A:09:92:29:D2:F6:3E:75:AF:61:B0:80:4D
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8016B9E56B13538BBAFD3798D17F9EA
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/EXy8gAmBm1oJkinS9j51r2GwgE0.roa
Signing time:             Tue 02 Jan 2024 02:29:45 +0000
ROA not before:           Tue 02 Jan 2024 02:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209642
IP address blocks:        2a0c:b641:740::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:6b:9e:56:b1:35:38:bb:af:d3:79:8d:17:f9:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=117cbc8009819b5a099229d2f63e75af61b0804d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:0f:e6:18:0b:4c:b9:62:f4:6a:c7:d5:ea:e7:
                    d1:ee:0e:fa:9d:d0:3e:f0:59:45:36:9f:f8:47:ea:
                    b0:d2:9b:c7:1e:85:c7:78:51:e1:06:21:d3:f4:23:
                    6a:33:8f:4d:3a:dc:f0:94:23:7b:c2:1b:09:02:3e:
                    44:0d:11:79:80:cf:2b:61:60:d4:6b:96:2f:5a:bb:
                    25:67:85:a0:46:e6:0d:0e:a1:a8:d8:55:6e:61:32:
                    bc:2c:63:68:1d:0b:1f:ba:91:80:25:d3:47:b3:49:
                    d3:c3:34:ab:72:3c:aa:40:58:19:6a:eb:41:7f:9f:
                    63:06:b5:25:a8:cc:7c:f9:44:91:bd:d0:05:81:6f:
                    77:5b:3f:aa:13:fb:74:ec:d9:54:0a:86:f4:51:85:
                    41:0a:ec:ad:6d:53:fb:85:1d:d4:13:54:95:81:d9:
                    46:2c:46:e0:e5:97:6f:7a:8e:bc:05:cb:82:c1:65:
                    82:64:1f:00:eb:e6:2c:fa:b3:12:8e:bb:49:05:c0:
                    b5:25:46:23:ec:2f:14:4b:b6:b5:12:9e:57:75:e7:
                    80:31:da:8a:5e:0d:f2:1b:73:cd:0e:6e:5e:dc:6a:
                    77:3e:59:0a:61:01:96:1f:67:df:78:8f:17:fa:20:
                    07:33:82:97:50:37:06:f0:7e:5f:0d:1a:e0:65:60:
                    02:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:7C:BC:80:09:81:9B:5A:09:92:29:D2:F6:3E:75:AF:61:B0:80:4D
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/EXy8gAmBm1oJkinS9j51r2GwgE0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:740::/44

    Signature Algorithm: sha256WithRSAEncryption
         3d:79:a5:d2:48:44:60:c3:72:ed:33:6f:32:93:91:92:ff:a4:
         85:5c:e5:3b:59:b9:fb:3d:3d:3a:bb:aa:8d:a1:f0:37:2e:fe:
         35:41:fa:8d:51:08:a3:2e:4a:93:c5:cd:52:15:08:02:fa:5c:
         5d:31:4d:48:05:6b:2a:5f:5b:e6:33:b0:dd:fd:24:fc:00:a8:
         33:7a:d7:ae:65:9e:29:cc:28:44:05:6e:bc:a9:ab:f3:56:f4:
         0c:99:47:7c:55:96:34:37:66:63:47:aa:33:47:f6:aa:d1:fb:
         f6:81:15:0f:77:d4:04:62:48:80:ef:51:c0:63:fc:6c:10:94:
         a6:a6:55:7f:66:9a:3a:ea:98:7f:ae:00:07:7e:cf:ab:79:b6:
         1c:a3:c9:1f:3a:64:d8:71:61:d2:92:2a:95:eb:b8:fb:19:66:
         1a:19:dd:a9:61:36:6c:ae:41:9f:5c:0b:9b:e8:46:e5:2f:d6:
         29:d2:0a:50:a1:0a:ef:e3:04:6a:d2:b0:9f:82:fc:56:76:55:
         4c:c0:8f:ee:15:4a:e4:1d:bc:d3:98:4b:e9:0c:57:8a:53:18:
         09:a1:9f:fa:16:3c:db:99:b0:58:92:a2:b3:e7:cc:e5:d8:6b:
         d5:2d:97:43:92:83:f5:59:1e:fc:98:6f:4f:40:99:4e:ee:14:
         e3:db:07:f4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAWueVrE1OLuv03mNF/nqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTdjYmM4MDA5ODE5YjVhMDk5MjI5ZDJmNjNlNzVhZjYxYjA4MDRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApw/mGAtMuWL0asfV6ufR7g76ndA+
8FlFNp/4R+qw0pvHHoXHeFHhBiHT9CNqM49NOtzwlCN7whsJAj5EDRF5gM8rYWDU
a5YvWrslZ4WgRuYNDqGo2FVuYTK8LGNoHQsfupGAJdNHs0nTwzSrcjyqQFgZautB
f59jBrUlqMx8+USRvdAFgW93Wz+qE/t07NlUCob0UYVBCuytbVP7hR3UE1SVgdlG
LEbg5Zdveo68BcuCwWWCZB8A6+Ys+rMSjrtJBcC1JUYj7C8US7a1Ep5XdeeAMdqK
Xg3yG3PNDm5e3Gp3PlkKYQGWH2ffeI8X+iAHM4KXUDcG8H5fDRrgZWACiwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBF8vIAJgZtaCZIp0vY+da9hsIBNMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvRVh5OGdBbUJtMW9Ka2luUzlqNTFyMkd3Z0UwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQdA
MA0GCSqGSIb3DQEBCwUAA4IBAQA9eaXSSERgw3LtM28yk5GS/6SFXOU7Wbn7PT06
u6qNofA3Lv41QfqNUQijLkqTxc1SFQgC+lxdMU1IBWsqX1vmM7Dd/ST8AKgzeteu
ZZ4pzChEBW68qavzVvQMmUd8VZY0N2ZjR6ozR/aq0fv2gRUPd9QEYkiA71HAY/xs
EJSmplV/Zpo66ph/rgAHfs+rebYco8kfOmTYcWHSkiqV67j7GWYaGd2pYTZsrkGf
XAub6EblL9Yp0gpQoQrv4wRq0rCfgvxWdlVMwI/uFUrkHbzTmEvpDFeKUxgJoZ/6
FjzbmbBYkqKz58zl2GvVLZdDkoP1WR78mG9PQJlO7hTj2wf0
-----END CERTIFICATE-----