Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/FBUQqxlF2XJiGBC1kGc9wMmTFwE.roa
File:                     FBUQqxlF2XJiGBC1kGc9wMmTFwE.roa (raw, json)
Hash identifier:          qC6IXQutJ16AglZJDauCm4MIsJn2mCNC9Pf9Gr+FcWM=
Subject key identifier:   14:15:10:AB:19:45:D9:72:62:18:10:B5:90:67:3D:C0:C9:93:17:01
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8017068888C3AB26F40C9906FE294A6
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/FBUQqxlF2XJiGBC1kGc9wMmTFwE.roa
Signing time:             Tue 02 Jan 2024 02:29:46 +0000
ROA not before:           Tue 02 Jan 2024 02:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210339
IP address blocks:        2a0c:b641:630::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:70:68:88:8c:3a:b2:6f:40:c9:90:6f:e2:94:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=141510ab1945d972621810b590673dc0c9931701
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:e7:70:18:ff:08:c7:22:45:66:15:7c:e5:53:
                    cc:63:39:0d:22:31:a6:8b:e1:f9:7b:be:4d:4b:49:
                    59:17:a0:51:80:08:24:d9:ce:22:04:bc:34:39:ea:
                    72:eb:0d:54:06:98:54:ef:10:39:15:ba:d8:ac:81:
                    f1:92:d5:65:a1:9c:5a:ba:30:fb:d8:2b:91:16:26:
                    e1:0d:8c:60:89:53:75:3f:fa:40:9c:80:bb:0b:31:
                    e0:84:7d:f1:0b:72:e5:1e:b7:f5:37:66:59:53:14:
                    be:a2:ae:7d:e9:9b:c2:c6:40:c8:09:14:51:77:8b:
                    4a:02:ff:b0:e3:5a:da:70:91:76:33:c8:a3:05:4d:
                    77:aa:3e:07:1d:70:d7:e3:7e:62:3e:e5:0a:4b:a9:
                    5e:68:35:11:05:0d:1c:b6:c0:27:b5:11:e9:68:1b:
                    f0:c6:d0:de:75:98:cf:47:4c:3e:12:50:b9:a1:ee:
                    c2:c0:fb:4e:e9:d9:a9:b1:5f:b8:5b:e6:ff:45:b4:
                    c4:1d:8c:10:2c:2b:7b:b8:81:2f:d5:aa:a7:df:7d:
                    9d:53:3a:13:02:b5:9c:65:37:c6:3a:da:e2:b0:c6:
                    33:6c:04:f5:2a:41:d7:4c:4d:df:a5:d7:db:b1:7e:
                    27:03:d0:01:eb:1f:57:5c:a7:66:44:bf:63:5f:ef:
                    4d:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:15:10:AB:19:45:D9:72:62:18:10:B5:90:67:3D:C0:C9:93:17:01
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/FBUQqxlF2XJiGBC1kGc9wMmTFwE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:630::/44

    Signature Algorithm: sha256WithRSAEncryption
         25:d2:a2:c3:78:6a:e0:5b:02:9f:7b:74:6a:31:cd:5a:1e:c6:
         dc:a0:75:87:6b:5c:92:5c:09:30:75:51:7f:22:0b:5e:d1:3d:
         c0:7d:47:fd:4f:da:fc:f5:49:1e:2f:6e:57:eb:93:d6:c9:ce:
         1e:ff:84:f7:73:6f:74:54:01:7f:4a:40:41:dd:91:af:99:af:
         66:4e:05:26:c5:82:b1:21:de:bf:1f:2c:06:4a:34:59:33:83:
         59:6d:26:fa:c4:c3:e2:26:8c:79:1a:67:92:69:f5:6b:90:0e:
         b6:25:8f:7b:57:2f:22:5c:4f:19:e1:22:ca:07:9e:f7:10:ed:
         1b:0d:9e:67:33:e4:c1:6e:8f:b8:7b:fb:8f:bb:62:c0:6d:8c:
         42:3b:2d:d2:24:9a:b5:03:e6:02:32:8e:5b:6c:09:69:21:f2:
         4c:1e:1b:c6:6b:00:3d:e5:9e:8d:80:49:ae:24:b1:32:85:25:
         64:3e:bf:50:4d:5b:91:5a:2f:af:57:45:1d:fc:05:4e:63:ee:
         c2:72:94:b6:73:be:ac:84:21:cd:56:53:e7:e5:79:c2:26:a7:
         b5:b7:e5:60:9d:64:db:5e:c0:b7:b7:7d:ac:99:e6:9b:8b:bb:
         43:67:e2:43:25:d1:54:00:1f:ef:59:3d:43:c6:c2:35:73:7e:
         c9:6f:6b:50
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAXBoiIw6sm9AyZBv4pSmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDE1MTBhYjE5NDVkOTcyNjIxODEwYjU5MDY3M2RjMGM5OTMxNzAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnedwGP8IxyJFZhV85VPMYzkNIjGm
i+H5e75NS0lZF6BRgAgk2c4iBLw0Oepy6w1UBphU7xA5FbrYrIHxktVloZxaujD7
2CuRFibhDYxgiVN1P/pAnIC7CzHghH3xC3LlHrf1N2ZZUxS+oq596ZvCxkDICRRR
d4tKAv+w41racJF2M8ijBU13qj4HHXDX435iPuUKS6leaDURBQ0ctsAntRHpaBvw
xtDedZjPR0w+ElC5oe7CwPtO6dmpsV+4W+b/RbTEHYwQLCt7uIEv1aqn332dUzoT
ArWcZTfGOtrisMYzbAT1KkHXTE3fpdfbsX4nA9AB6x9XXKdmRL9jX+9NdwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBQVEKsZRdlyYhgQtZBnPcDJkxcBMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvRkJVUXF4bEYyWEppR0JDMWtHYzl3TW1URndFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQYw
MA0GCSqGSIb3DQEBCwUAA4IBAQAl0qLDeGrgWwKfe3RqMc1aHsbcoHWHa1ySXAkw
dVF/Igte0T3AfUf9T9r89UkeL25X65PWyc4e/4T3c290VAF/SkBB3ZGvma9mTgUm
xYKxId6/HywGSjRZM4NZbSb6xMPiJox5GmeSafVrkA62JY97Vy8iXE8Z4SLKB573
EO0bDZ5nM+TBbo+4e/uPu2LAbYxCOy3SJJq1A+YCMo5bbAlpIfJMHhvGawA95Z6N
gEmuJLEyhSVkPr9QTVuRWi+vV0Ud/AVOY+7CcpS2c76shCHNVlPn5XnCJqe1t+Vg
nWTbXsC3t32smeabi7tDZ+JDJdFUAB/vWT1DxsI1c37Jb2tQ
-----END CERTIFICATE-----