Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/GwzHQQFlWNT0AiUnrip83CdaZbc.roa
File:                     GwzHQQFlWNT0AiUnrip83CdaZbc.roa (raw, json)
Hash identifier:          DU6U0DdFalXHqxeWH2oeYJgMNVOrSKzUbPd5Dho3UTU=
Subject key identifier:   1B:0C:C7:41:01:65:58:D4:F4:02:25:27:AE:2A:7C:DC:27:5A:65:B7
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018D70ADD376E79E87A75A25FD6E95F60ABD
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/GwzHQQFlWNT0AiUnrip83CdaZbc.roa
Signing time:             Sat 03 Feb 2024 20:34:16 +0000
ROA not before:           Sat 03 Feb 2024 20:34:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215764
IP address blocks:        2a0c:b641:a70::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:70:ad:d3:76:e7:9e:87:a7:5a:25:fd:6e:95:f6:0a:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Feb  3 20:34:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1b0cc741016558d4f4022527ae2a7cdc275a65b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:28:5a:6b:c5:a3:ce:e8:67:ee:73:e0:91:fb:
                    ed:04:c2:f7:da:93:37:a1:78:0a:be:90:54:db:cb:
                    68:e0:52:24:46:f2:85:8a:b1:e2:ca:20:58:52:c0:
                    9e:4f:01:62:8d:73:91:bf:0d:6e:69:8c:0b:c5:62:
                    a2:e8:4d:aa:82:00:50:df:59:6c:00:c6:df:4a:d6:
                    a3:74:20:31:01:e7:21:9f:bc:af:4d:c3:7b:db:66:
                    06:90:c5:db:dc:5d:67:88:bb:fa:0b:2f:af:b5:b5:
                    08:d9:15:0d:95:16:fe:91:b2:b1:33:27:8c:63:7f:
                    d2:39:95:6d:d6:25:10:d9:09:b2:ed:cf:71:fd:aa:
                    58:18:7a:80:8b:c4:ed:eb:de:fc:51:6b:5f:40:de:
                    3c:8f:06:0d:08:30:32:de:c8:f2:26:21:5d:a9:74:
                    31:46:99:4d:63:24:b1:7e:b6:f0:ae:2c:2c:a4:a2:
                    63:9f:82:9b:25:0d:86:3c:e2:56:71:4d:47:9c:2e:
                    ce:6c:57:2b:09:13:22:18:a7:88:9f:71:e7:2e:75:
                    77:c9:60:aa:7e:bb:4e:96:77:15:b4:21:e4:df:f3:
                    23:b5:39:8e:a4:f2:1d:4b:14:1e:c2:d8:7e:1c:9a:
                    fc:9c:ff:f0:98:68:96:70:b0:fe:b8:39:9b:a1:11:
                    19:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:0C:C7:41:01:65:58:D4:F4:02:25:27:AE:2A:7C:DC:27:5A:65:B7
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/GwzHQQFlWNT0AiUnrip83CdaZbc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:a70::/44

    Signature Algorithm: sha256WithRSAEncryption
         2d:dd:ff:cb:b9:a2:0d:0c:99:05:ee:5e:4d:df:9a:ec:4d:60:
         79:2c:78:d9:53:5a:23:21:a3:9f:47:7c:cf:44:a4:1c:3d:25:
         4f:61:69:ce:65:7d:14:c4:ce:f8:51:61:92:20:8c:20:e6:79:
         f5:62:c3:cd:34:9d:ac:ec:2d:9b:06:5c:0e:4c:4e:62:60:f4:
         1a:53:49:d1:82:b5:d7:77:59:52:f4:30:d0:77:4e:5e:4e:ed:
         bc:c5:6a:73:42:ce:5d:65:d6:e2:5a:02:d3:a2:59:87:1a:45:
         1b:80:15:b8:b4:19:d3:a2:47:bb:18:5e:4f:e4:99:09:cd:e5:
         5c:24:df:04:69:86:5c:33:00:70:65:68:ff:20:c3:9c:a1:df:
         4e:5c:b3:ef:4d:66:47:20:fd:ee:38:16:45:47:c9:e0:fe:39:
         15:89:f2:22:37:66:b5:d5:02:e5:86:cf:8f:ad:30:6a:f4:65:
         51:ba:ab:97:0e:d3:5c:8d:18:47:33:c1:57:c0:17:56:93:32:
         5e:7b:9e:7c:2f:cd:ae:07:f6:c7:66:c4:c6:d2:12:47:02:fa:
         22:e0:16:1b:b8:dc:45:66:d2:c6:35:5c:c5:78:cd:07:2c:70:
         bf:b8:a6:9d:db:e6:eb:ff:bb:75:bf:c4:b9:7f:9b:37:c6:c7:
         74:c5:7d:3d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY1wrdN2556Hp1ol/W6V9gq9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMjAzMjAzNDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjBjYzc0MTAxNjU1OGQ0ZjQwMjI1MjdhZTJhN2NkYzI3NWE2NWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiyhaa8Wjzuhn7nPgkfvtBML32pM3
oXgKvpBU28to4FIkRvKFirHiyiBYUsCeTwFijXORvw1uaYwLxWKi6E2qggBQ31ls
AMbfStajdCAxAechn7yvTcN722YGkMXb3F1niLv6Cy+vtbUI2RUNlRb+kbKxMyeM
Y3/SOZVt1iUQ2Qmy7c9x/apYGHqAi8Tt6978UWtfQN48jwYNCDAy3sjyJiFdqXQx
RplNYySxfrbwriwspKJjn4KbJQ2GPOJWcU1HnC7ObFcrCRMiGKeIn3HnLnV3yWCq
frtOlncVtCHk3/MjtTmOpPIdSxQewth+HJr8nP/wmGiWcLD+uDmboREZ7wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBsMx0EBZVjU9AIlJ64qfNwnWmW3MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvR3d6SFFRRmxXTlQwQWlVbnJpcDgzQ2RhWmJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQpw
MA0GCSqGSIb3DQEBCwUAA4IBAQAt3f/LuaINDJkF7l5N35rsTWB5LHjZU1ojIaOf
R3zPRKQcPSVPYWnOZX0UxM74UWGSIIwg5nn1YsPNNJ2s7C2bBlwOTE5iYPQaU0nR
grXXd1lS9DDQd05eTu28xWpzQs5dZdbiWgLTolmHGkUbgBW4tBnToke7GF5P5JkJ
zeVcJN8EaYZcMwBwZWj/IMOcod9OXLPvTWZHIP3uOBZFR8ng/jkVifIiN2a11QLl
hs+PrTBq9GVRuquXDtNcjRhHM8FXwBdWkzJee558L82uB/bHZsTG0hJHAvoi4BYb
uNxFZtLGNVzFeM0HLHC/uKad2+br/7t1v8S5f5s3xsd0xX09
-----END CERTIFICATE-----