Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/FAxyunYjOg2H_NhPPAL4pRGLrvE.roa
File:                     FAxyunYjOg2H_NhPPAL4pRGLrvE.roa (raw, json)
Hash identifier:          Im8a881iOnPXoDFgGBnHJeFX6G5DnApLwm7dL8I1BIg=
Subject key identifier:   14:0C:72:BA:76:23:3A:0D:87:FC:D8:4F:3C:02:F8:A5:11:8B:AE:F1
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8016F81A6C243CC714CBAA8E8B81AA1
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/FAxyunYjOg2H_NhPPAL4pRGLrvE.roa
Signing time:             Tue 02 Jan 2024 02:29:46 +0000
ROA not before:           Tue 02 Jan 2024 02:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210234
IP address blocks:        2a0c:b641:60::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:6f:81:a6:c2:43:cc:71:4c:ba:a8:e8:b8:1a:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=140c72ba76233a0d87fcd84f3c02f8a5118baef1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:0a:e9:d9:50:6c:86:3c:1e:fc:09:00:9d:40:
                    bd:75:9c:7f:6f:45:22:9f:da:a4:75:8d:ca:77:55:
                    42:eb:bc:e7:82:8d:0f:ad:24:41:9a:19:f4:e8:0a:
                    3d:5d:6c:b0:ac:66:79:09:0f:97:ce:ef:8d:d6:89:
                    ab:6b:5e:3f:b9:47:24:6f:b0:a3:61:68:72:3d:a8:
                    c6:d9:9a:1d:da:7b:8f:d1:89:eb:b8:09:e3:d7:77:
                    73:c9:d6:62:01:d7:b2:83:17:b9:46:3b:38:de:19:
                    9d:5f:38:bb:4c:97:3d:5b:56:95:08:8a:13:a9:1c:
                    43:06:78:9e:b6:ec:b9:0f:4a:1d:3e:6a:b0:d5:34:
                    3c:03:aa:80:54:48:8f:3c:94:23:2c:b3:fa:f2:2f:
                    23:7e:0f:58:2a:da:29:28:51:b5:80:d2:95:02:be:
                    8e:4e:8b:a4:69:6c:95:6e:ce:55:59:2e:0d:12:33:
                    e4:9c:a6:55:7d:28:1a:8d:0f:42:3a:1a:e6:3f:c5:
                    28:88:27:ac:4b:03:05:ff:db:40:85:11:15:62:11:
                    28:a7:a4:43:cf:fb:8a:c9:07:9f:db:cb:11:f3:50:
                    f4:b5:50:d7:96:3f:87:e0:c5:80:2d:08:18:9f:25:
                    cb:f4:c0:41:12:c4:9a:13:b2:56:6e:a3:3d:fb:63:
                    91:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:0C:72:BA:76:23:3A:0D:87:FC:D8:4F:3C:02:F8:A5:11:8B:AE:F1
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/FAxyunYjOg2H_NhPPAL4pRGLrvE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:60::/44

    Signature Algorithm: sha256WithRSAEncryption
         71:26:13:47:59:3f:65:31:89:03:8b:55:56:a0:c7:91:a8:37:
         af:73:b1:1c:0b:49:42:18:84:f3:35:9e:bb:cd:42:c7:17:2c:
         81:96:7d:99:72:84:fa:34:a4:79:40:79:67:b0:54:6d:2b:d9:
         9a:5f:7e:66:10:ad:c1:2d:7b:14:29:0d:15:f3:d7:90:3c:08:
         4f:5e:2f:14:cf:03:4f:7b:c3:10:41:80:c2:6e:68:42:ad:9f:
         00:b7:1f:6b:6a:3d:e2:49:7e:f3:21:36:3a:98:e8:d4:cd:1e:
         41:b1:45:73:03:9e:89:91:96:69:18:7b:b8:7b:74:34:a9:b8:
         5d:b8:bd:0d:78:ff:dc:82:78:27:21:ab:65:2a:3f:2b:63:d0:
         db:73:00:07:c0:55:2b:94:15:d2:a9:90:30:18:06:56:39:cd:
         71:92:85:be:ca:e0:27:83:6b:3b:20:46:37:b7:ab:28:b8:41:
         7c:ed:3e:70:95:bb:0e:55:cf:2e:90:41:41:9f:62:39:ee:a4:
         67:70:e8:8a:48:fd:6a:41:8f:f5:f1:53:22:de:34:b4:dc:a1:
         8b:3b:cc:7d:ac:0a:a0:6e:92:0a:ee:c2:b2:44:36:e2:ed:8c:
         2e:62:67:af:6c:7c:5d:22:91:37:21:1a:86:38:74:ad:0e:51:
         ca:be:14:d1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAW+BpsJDzHFMuqjouBqhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDBjNzJiYTc2MjMzYTBkODdmY2Q4NGYzYzAyZjhhNTExOGJhZWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQrp2VBshjwe/AkAnUC9dZx/b0Ui
n9qkdY3Kd1VC67zngo0PrSRBmhn06Ao9XWywrGZ5CQ+Xzu+N1omra14/uUckb7Cj
YWhyPajG2Zod2nuP0YnruAnj13dzydZiAdeygxe5Rjs43hmdXzi7TJc9W1aVCIoT
qRxDBnietuy5D0odPmqw1TQ8A6qAVEiPPJQjLLP68i8jfg9YKtopKFG1gNKVAr6O
ToukaWyVbs5VWS4NEjPknKZVfSgajQ9COhrmP8UoiCesSwMF/9tAhREVYhEop6RD
z/uKyQef28sR81D0tVDXlj+H4MWALQgYnyXL9MBBEsSaE7JWbqM9+2OROQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBQMcrp2IzoNh/zYTzwC+KURi67xMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvRkF4eXVuWWpPZzJIX05oUFBBTDRwUkdMcnZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQBg
MA0GCSqGSIb3DQEBCwUAA4IBAQBxJhNHWT9lMYkDi1VWoMeRqDevc7EcC0lCGITz
NZ67zULHFyyBln2ZcoT6NKR5QHlnsFRtK9maX35mEK3BLXsUKQ0V89eQPAhPXi8U
zwNPe8MQQYDCbmhCrZ8Atx9raj3iSX7zITY6mOjUzR5BsUVzA56JkZZpGHu4e3Q0
qbhduL0NeP/cgngnIatlKj8rY9DbcwAHwFUrlBXSqZAwGAZWOc1xkoW+yuAng2s7
IEY3t6souEF87T5wlbsOVc8ukEFBn2I57qRncOiKSP1qQY/18VMi3jS03KGLO8x9
rAqgbpIK7sKyRDbi7YwuYmevbHxdIpE3IRqGOHStDlHKvhTR
-----END CERTIFICATE-----