Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/HgAqbtzt4MYeBBDs7MZMFU9WFgs.roa
File:                     HgAqbtzt4MYeBBDs7MZMFU9WFgs.roa (raw, json)
Hash identifier:          QMqc7qpTYQi2Q2imp4Im1QwkzngRHsM5qAl9J/KXO9E=
Subject key identifier:   1E:00:2A:6E:DC:ED:E0:C6:1E:04:10:EC:EC:C6:4C:15:4F:56:16:0B
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC80170D7A559664845CA1B1C1FA1F334
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/HgAqbtzt4MYeBBDs7MZMFU9WFgs.roa
Signing time:             Tue 02 Jan 2024 02:29:46 +0000
ROA not before:           Tue 02 Jan 2024 02:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210356
IP address blocks:        2a0c:b641:600::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:70:d7:a5:59:66:48:45:ca:1b:1c:1f:a1:f3:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1e002a6edcede0c61e0410ececc64c154f56160b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:bd:88:f4:5c:34:9a:2e:12:15:99:3b:a6:f0:
                    c8:b8:0c:84:ef:36:49:00:93:ab:c1:24:37:a2:7b:
                    70:cf:e9:f9:8a:5d:1e:ef:fa:36:ab:31:9a:3f:43:
                    f5:ef:ca:15:43:da:fc:f0:3a:31:f1:f5:99:ac:09:
                    6c:96:0b:1c:59:56:e5:12:b0:88:55:c3:4c:08:c0:
                    ab:3a:5d:49:69:ad:04:2c:88:42:94:ff:cb:37:b3:
                    cb:73:bb:ab:75:04:9a:fb:3d:b5:82:3b:ad:d4:29:
                    64:7b:d9:39:6d:aa:de:f3:dc:5a:24:12:51:9e:6a:
                    89:a8:01:f0:47:3d:67:f1:ed:54:dd:29:1b:20:03:
                    47:b3:88:59:34:bd:26:5e:d9:50:ff:b5:d3:f2:c5:
                    d8:d8:df:c2:df:ca:74:dd:b6:2b:53:f7:ba:d3:38:
                    5a:57:08:be:d5:68:09:ef:c0:d2:b0:05:96:3e:8c:
                    bf:3d:eb:13:4c:78:01:1a:b7:62:67:dc:e7:7e:91:
                    6e:52:57:f6:26:b9:bf:fd:6c:aa:d5:d1:be:e3:71:
                    2b:f7:4a:b7:1e:34:37:6d:b8:3c:dd:68:cb:27:e9:
                    07:a4:c7:34:66:86:75:6b:df:94:64:82:b8:27:57:
                    6f:7a:ae:aa:0d:df:14:2f:d7:d3:16:fc:d9:27:f4:
                    c5:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:00:2A:6E:DC:ED:E0:C6:1E:04:10:EC:EC:C6:4C:15:4F:56:16:0B
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/HgAqbtzt4MYeBBDs7MZMFU9WFgs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:600::/44

    Signature Algorithm: sha256WithRSAEncryption
         47:b3:d3:ca:ed:0e:58:ed:e4:50:5a:3b:ef:e8:b8:95:d7:73:
         97:15:53:ab:82:81:aa:bc:be:4e:c9:7f:e9:6f:6a:9e:9f:3a:
         de:fb:6e:2e:82:40:9f:cb:d4:05:ea:d2:93:ea:58:84:bf:08:
         0e:84:f2:4e:c7:c5:39:e8:e1:b1:aa:b6:d8:4b:93:a7:96:9e:
         e6:f6:de:5c:55:30:11:b5:ac:b7:bf:39:24:3e:ac:4e:4d:1b:
         e6:cc:e2:a1:8f:cb:22:55:b4:ea:7e:02:9d:ed:4c:8c:71:8c:
         f6:52:47:93:e8:7d:1b:81:21:4e:0f:08:fd:89:9c:be:ee:7a:
         6f:85:ae:26:c0:bd:3a:f6:a3:9f:05:46:1c:7b:aa:2b:bd:7c:
         13:67:46:e2:69:b0:f4:d2:bf:06:d6:29:af:13:e4:ec:e3:fb:
         7f:7a:a1:20:5a:e4:bf:db:8a:1d:85:ab:79:dc:e3:22:2d:04:
         6b:ae:2a:85:8b:5e:f8:d9:21:f8:49:75:74:70:b1:06:a7:bc:
         6e:0b:ed:4b:96:9c:d9:2e:34:48:f5:9a:d1:2b:0a:73:71:48:
         a5:7a:3b:5a:9e:4f:51:8a:88:3c:17:ad:2e:e5:8f:83:9e:ec:
         29:e1:b3:da:b1:88:80:a7:4a:3c:58:63:88:2f:63:ac:f8:0a:
         62:2d:6f:c6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAXDXpVlmSEXKGxwfofM0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTAwMmE2ZWRjZWRlMGM2MWUwNDEwZWNlY2M2NGMxNTRmNTYxNjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhL2I9Fw0mi4SFZk7pvDIuAyE7zZJ
AJOrwSQ3ontwz+n5il0e7/o2qzGaP0P178oVQ9r88Dox8fWZrAlslgscWVblErCI
VcNMCMCrOl1Jaa0ELIhClP/LN7PLc7urdQSa+z21gjut1Clke9k5bare89xaJBJR
nmqJqAHwRz1n8e1U3SkbIANHs4hZNL0mXtlQ/7XT8sXY2N/C38p03bYrU/e60zha
Vwi+1WgJ78DSsAWWPoy/PesTTHgBGrdiZ9znfpFuUlf2Jrm//Wyq1dG+43Er90q3
HjQ3bbg83WjLJ+kHpMc0ZoZ1a9+UZIK4J1dveq6qDd8UL9fTFvzZJ/TFswIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFB4AKm7c7eDGHgQQ7OzGTBVPVhYLMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvSGdBcWJ0enQ0TVllQkJEczdNWk1GVTlXRmdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQYA
MA0GCSqGSIb3DQEBCwUAA4IBAQBHs9PK7Q5Y7eRQWjvv6LiV13OXFVOrgoGqvL5O
yX/pb2qenzre+24ugkCfy9QF6tKT6liEvwgOhPJOx8U56OGxqrbYS5Onlp7m9t5c
VTARtay3vzkkPqxOTRvmzOKhj8siVbTqfgKd7UyMcYz2UkeT6H0bgSFODwj9iZy+
7npvha4mwL069qOfBUYce6orvXwTZ0biabD00r8G1imvE+Ts4/t/eqEgWuS/24od
hat53OMiLQRrriqFi1742SH4SXV0cLEGp7xuC+1LlpzZLjRI9ZrRKwpzcUilejta
nk9Riog8F60u5Y+Dnuwp4bPasYiAp0o8WGOIL2Os+ApiLW/G
-----END CERTIFICATE-----