Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/FyhMZCf6H2KJiXGzsh6B-W7MqSc.roa
File:                     FyhMZCf6H2KJiXGzsh6B-W7MqSc.roa (raw, json)
Hash identifier:          Vn+jRu5Z8NE04RLmut019qzI4TGBnN9q+OPyIjRDoCI=
Subject key identifier:   17:28:4C:64:27:FA:1F:62:89:89:71:B3:B2:1E:81:F9:6E:CC:A9:27
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8016D7B07952CAA33270B4F98FFCB80
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/FyhMZCf6H2KJiXGzsh6B-W7MqSc.roa
Signing time:             Tue 02 Jan 2024 02:29:45 +0000
ROA not before:           Tue 02 Jan 2024 02:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209978
IP address blocks:        2a0c:b641:6b0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:6d:7b:07:95:2c:aa:33:27:0b:4f:98:ff:cb:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=17284c6427fa1f62898971b3b21e81f96ecca927
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:c5:3c:69:9f:51:8a:6a:d4:0d:4c:46:c5:4b:
                    29:30:d2:f6:e9:ab:46:6a:be:aa:66:a6:dd:2d:3a:
                    a6:15:01:59:f1:f1:54:da:dd:a2:12:35:76:78:2c:
                    e4:93:1f:5f:3a:f5:66:a8:a2:95:82:ff:70:a6:99:
                    03:b9:ae:87:47:63:99:7a:79:c1:7a:ef:57:05:31:
                    c0:b1:44:28:05:e5:af:b8:f7:1a:3e:26:e2:9f:0a:
                    41:ce:40:de:3b:f9:c4:2c:44:3c:7b:0a:fb:9e:3a:
                    54:c7:70:92:c8:8b:f5:58:63:09:1a:5e:70:f5:ae:
                    79:0c:49:66:ec:7e:4c:36:91:95:0c:d9:a5:6f:aa:
                    79:b9:a6:03:4c:f7:fc:35:6d:b7:81:1e:57:07:7a:
                    74:53:8e:8d:c0:33:70:a3:5f:5f:4a:5f:69:6d:c6:
                    88:ec:b4:f5:53:96:9a:fc:12:dc:56:e5:30:13:64:
                    d0:8d:c8:e4:8e:7a:ef:ce:b8:99:c5:6a:bf:5d:ae:
                    20:6b:c7:55:93:06:b8:2f:44:b2:be:ce:9c:7d:78:
                    1b:7c:23:ab:34:5e:1b:21:a2:aa:99:6b:69:91:1d:
                    1f:bc:a0:e7:50:27:1b:ba:1e:e8:72:0f:4d:a0:a4:
                    26:50:92:07:3a:ea:54:0f:06:b5:68:aa:71:aa:44:
                    30:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:28:4C:64:27:FA:1F:62:89:89:71:B3:B2:1E:81:F9:6E:CC:A9:27
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/FyhMZCf6H2KJiXGzsh6B-W7MqSc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:6b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         34:c4:da:97:d4:f6:8a:b6:01:02:cc:6b:04:ea:5d:be:32:34:
         20:a5:21:fd:f6:25:9e:7b:98:72:80:6f:d0:fa:55:74:39:40:
         5d:2f:c4:91:55:da:69:b5:70:c2:8a:c8:91:e8:34:81:d1:c9:
         cd:b1:77:30:78:a3:fb:b0:2c:80:a5:fb:c9:30:a9:f7:5c:32:
         e4:70:23:bc:91:26:d2:62:87:3e:8e:bd:8f:5c:cc:03:a8:d7:
         07:54:44:86:65:29:95:d4:ab:b9:53:9c:64:89:49:d1:ab:7e:
         e2:37:05:92:f6:3f:0e:5c:75:f1:0b:e9:4b:1f:03:04:b6:fa:
         c2:9c:9c:bf:4b:90:f8:cc:a1:98:55:e0:96:7c:99:98:a6:ae:
         33:f5:5e:65:be:3a:82:f1:c5:cd:a1:c2:86:70:c3:2e:06:db:
         17:12:c6:df:75:5e:fe:c6:7f:4d:10:f8:61:1a:d7:74:7a:10:
         b7:45:11:a2:95:2f:9b:87:98:e0:33:6d:84:32:28:48:03:01:
         5d:75:5d:ad:82:38:e8:67:fe:5f:1d:f4:76:34:38:7d:30:6d:
         51:7e:d8:c0:74:cb:9b:f0:32:fb:88:e5:fe:77:84:fa:7e:cc:
         5b:fe:bf:af:de:a5:90:72:fb:b7:0e:65:89:82:78:23:8b:60:
         c8:41:83:9b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAW17B5UsqjMnC0+Y/8uAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzI4NGM2NDI3ZmExZjYyODk4OTcxYjNiMjFlODFmOTZlY2NhOTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiMU8aZ9RimrUDUxGxUspMNL26atG
ar6qZqbdLTqmFQFZ8fFU2t2iEjV2eCzkkx9fOvVmqKKVgv9wppkDua6HR2OZennB
eu9XBTHAsUQoBeWvuPcaPibinwpBzkDeO/nELEQ8ewr7njpUx3CSyIv1WGMJGl5w
9a55DElm7H5MNpGVDNmlb6p5uaYDTPf8NW23gR5XB3p0U46NwDNwo19fSl9pbcaI
7LT1U5aa/BLcVuUwE2TQjcjkjnrvzriZxWq/Xa4ga8dVkwa4L0Syvs6cfXgbfCOr
NF4bIaKqmWtpkR0fvKDnUCcbuh7ocg9NoKQmUJIHOupUDwa1aKpxqkQwxQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBcoTGQn+h9iiYlxs7IegfluzKknMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvRnloTVpDZjZIMktKaVhHenNoNkItVzdNcVNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQaw
MA0GCSqGSIb3DQEBCwUAA4IBAQA0xNqX1PaKtgECzGsE6l2+MjQgpSH99iWee5hy
gG/Q+lV0OUBdL8SRVdpptXDCisiR6DSB0cnNsXcweKP7sCyApfvJMKn3XDLkcCO8
kSbSYoc+jr2PXMwDqNcHVESGZSmV1Ku5U5xkiUnRq37iNwWS9j8OXHXxC+lLHwME
tvrCnJy/S5D4zKGYVeCWfJmYpq4z9V5lvjqC8cXNocKGcMMuBtsXEsbfdV7+xn9N
EPhhGtd0ehC3RRGilS+bh5jgM22EMihIAwFddV2tgjjoZ/5fHfR2NDh9MG1RftjA
dMub8DL7iOX+d4T6fsxb/r+v3qWQcvu3DmWJgngji2DIQYOb
-----END CERTIFICATE-----