Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Hd0KS5Uau0GvgpCT6vbzy0rVoB8.roa
File:                     Hd0KS5Uau0GvgpCT6vbzy0rVoB8.roa (raw, json)
Hash identifier:          usnlUZ/qltWtkg/Oyeuyx5GSgIdl6Ms5ifA7tALgbIc=
Subject key identifier:   1D:DD:0A:4B:95:1A:BB:41:AF:82:90:93:EA:F6:F3:CB:4A:D5:A0:1F
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC801574668510F806A1345B5F88F992C
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Hd0KS5Uau0GvgpCT6vbzy0rVoB8.roa
Signing time:             Tue 02 Jan 2024 02:29:40 +0000
ROA not before:           Tue 02 Jan 2024 02:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200143
IP address blocks:        2a0c:b641:950::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:57:46:68:51:0f:80:6a:13:45:b5:f8:8f:99:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1ddd0a4b951abb41af829093eaf6f3cb4ad5a01f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:8f:4a:92:7f:97:0c:8d:4f:75:1e:68:35:4e:
                    3b:da:94:10:2a:77:77:7c:5d:12:41:78:bb:19:68:
                    3b:32:7f:c2:32:6a:e3:ee:bb:34:43:76:7c:25:c2:
                    94:3f:48:79:ab:57:95:4d:35:b8:ce:f8:cc:ef:60:
                    71:fa:9f:a0:8e:94:47:f4:9f:f3:c1:4d:a3:af:c4:
                    16:ed:92:80:f1:a2:0a:47:a9:d4:38:3e:e6:1f:e7:
                    20:fc:0c:50:40:c5:82:d4:cf:f8:86:00:66:b0:11:
                    65:5f:88:7e:76:04:29:90:a0:62:96:af:1d:2f:94:
                    be:1b:ae:4e:ca:85:09:84:08:a6:80:82:0e:ae:55:
                    a0:38:e6:1f:c6:de:b7:76:84:38:b8:64:b9:3f:23:
                    39:1a:1b:79:04:2c:69:94:f1:48:d9:98:cf:0b:6e:
                    5c:69:ed:f3:ea:d9:dd:b8:7c:2f:fb:de:50:ae:a1:
                    23:86:ff:a9:ae:78:ed:39:89:1e:df:b4:08:5e:7f:
                    fb:57:fe:33:bc:aa:ae:80:ba:b9:46:78:b7:72:b1:
                    b9:1d:e9:a8:e4:9e:e1:13:eb:c4:46:19:11:1f:b8:
                    53:fb:08:e2:93:77:00:c6:19:16:08:ee:a6:7e:7e:
                    1c:db:2e:9a:c4:66:f5:36:de:18:bf:da:ab:b7:c0:
                    0d:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:DD:0A:4B:95:1A:BB:41:AF:82:90:93:EA:F6:F3:CB:4A:D5:A0:1F
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Hd0KS5Uau0GvgpCT6vbzy0rVoB8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:950::/44

    Signature Algorithm: sha256WithRSAEncryption
         5c:8c:38:64:16:b4:ea:51:e5:87:ac:01:0e:aa:61:e3:99:cc:
         67:f1:12:c4:55:94:d5:a7:0b:f5:87:06:6f:b8:a1:cd:fe:33:
         5d:c8:fc:27:7f:b4:47:a0:ab:97:68:be:e8:c2:96:aa:18:a4:
         11:d3:35:6a:a5:8f:7a:00:ac:0c:77:f5:8f:6b:8b:90:f2:b8:
         3f:75:17:cb:83:66:81:c9:cb:cb:b7:f0:d8:7e:d9:64:3c:ef:
         be:31:69:e2:94:6b:ea:13:c3:87:54:1d:a7:00:a8:3f:03:78:
         28:fb:4e:f0:4a:38:82:ac:e7:64:55:0a:0a:01:3b:d3:4e:bd:
         de:97:40:26:fb:ed:7f:45:11:d6:47:87:b1:9c:8e:8a:b7:23:
         95:54:f6:f8:3e:3d:e1:5c:31:10:ca:82:94:2a:20:fc:17:1d:
         4b:3c:c0:38:30:0f:96:42:27:38:93:08:d9:2e:4c:ad:6a:df:
         05:5c:1d:4e:96:fd:86:79:84:c2:d6:08:ed:4e:c8:56:2c:2e:
         0c:aa:4c:75:ef:ac:62:ce:f0:9b:da:71:fa:15:f5:94:f2:3c:
         e4:6a:90:8b:5e:8c:b3:df:1f:7c:5d:30:51:8f:fa:3b:12:9b:
         d7:e5:2d:36:63:46:31:8e:7d:78:de:22:ad:f6:21:35:aa:9f:
         03:c1:10:00
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAVdGaFEPgGoTRbX4j5ksMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGRkMGE0Yjk1MWFiYjQxYWY4MjkwOTNlYWY2ZjNjYjRhZDVhMDFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7I9Kkn+XDI1PdR5oNU472pQQKnd3
fF0SQXi7GWg7Mn/CMmrj7rs0Q3Z8JcKUP0h5q1eVTTW4zvjM72Bx+p+gjpRH9J/z
wU2jr8QW7ZKA8aIKR6nUOD7mH+cg/AxQQMWC1M/4hgBmsBFlX4h+dgQpkKBilq8d
L5S+G65OyoUJhAimgIIOrlWgOOYfxt63doQ4uGS5PyM5Ght5BCxplPFI2ZjPC25c
ae3z6tnduHwv+95QrqEjhv+prnjtOYke37QIXn/7V/4zvKqugLq5Rni3crG5Hemo
5J7hE+vERhkRH7hT+wjik3cAxhkWCO6mfn4c2y6axGb1Nt4Yv9qrt8ANXQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFB3dCkuVGrtBr4KQk+r288tK1aAfMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvSGQwS1M1VWF1MEd2Z3BDVDZ2Ynp5MHJWb0I4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQlQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBcjDhkFrTqUeWHrAEOqmHjmcxn8RLEVZTVpwv1
hwZvuKHN/jNdyPwnf7RHoKuXaL7owpaqGKQR0zVqpY96AKwMd/WPa4uQ8rg/dRfL
g2aBycvLt/DYftlkPO++MWnilGvqE8OHVB2nAKg/A3go+07wSjiCrOdkVQoKATvT
Tr3el0Am++1/RRHWR4exnI6KtyOVVPb4Pj3hXDEQyoKUKiD8Fx1LPMA4MA+WQic4
kwjZLkytat8FXB1Olv2GeYTC1gjtTshWLC4Mqkx176xizvCb2nH6FfWU8jzkapCL
Xoyz3x98XTBRj/o7EpvX5S02Y0Yxjn143iKt9iE1qp8DwRAA
-----END CERTIFICATE-----