Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/IBPcLHbvaN1u08Zb_g-TjZTU-fk.roa
File:                     IBPcLHbvaN1u08Zb_g-TjZTU-fk.roa (raw, json)
Hash identifier:          4ba6LjuECFa6cTnyMf55r/q1h+jAeAQdSyxtf2JmDGY=
Subject key identifier:   20:13:DC:2C:76:EF:68:DD:6E:D3:C6:5B:FE:0F:93:8D:94:D4:F9:F9
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC80160AD9E3F714E543CE437651645D2
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/IBPcLHbvaN1u08Zb_g-TjZTU-fk.roa
Signing time:             Tue 02 Jan 2024 02:29:42 +0000
ROA not before:           Tue 02 Jan 2024 02:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206368
IP address blocks:        2a0c:b641:710::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:60:ad:9e:3f:71:4e:54:3c:e4:37:65:16:45:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2013dc2c76ef68dd6ed3c65bfe0f938d94d4f9f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:38:86:15:bd:5f:b4:2f:52:fb:dc:42:d8:e7:
                    49:1f:37:a7:9f:e5:e5:99:0f:33:f7:22:12:b4:e1:
                    d2:30:5a:df:a4:87:10:5b:bf:2e:ec:84:c7:09:2a:
                    c3:07:da:08:ed:2b:af:a6:74:53:96:80:fc:d2:f0:
                    b7:5b:c8:5d:76:73:fa:48:9c:f3:48:42:39:91:e7:
                    ea:8b:ec:44:40:7b:d2:50:9f:84:ef:49:60:8a:da:
                    26:1f:26:31:e9:4a:b3:15:01:7a:1a:6e:b8:01:ae:
                    16:e3:ad:b8:c2:b9:dd:36:18:5a:d8:d2:2e:3e:fc:
                    9a:18:0f:a6:fa:3b:de:07:bf:76:a2:9c:38:dd:59:
                    e1:a5:f7:8f:9e:a0:f9:6a:d1:28:5a:1b:05:77:94:
                    d0:69:c5:3e:6f:29:3a:0b:e6:86:ed:b4:d0:52:70:
                    df:0c:33:28:ea:f5:3c:ff:0b:c6:35:b7:5e:3a:49:
                    79:f3:6c:19:71:24:79:70:1e:49:98:f5:45:a2:a9:
                    df:7b:5f:18:b9:4a:b4:fc:a5:9e:19:fd:07:7d:35:
                    30:fb:0e:84:0d:72:39:28:23:37:90:35:3e:a0:82:
                    c9:6e:58:91:0d:06:ee:1d:93:12:30:a8:9e:0c:2a:
                    ce:54:7e:49:45:93:0d:85:f1:96:3f:ac:a3:7e:86:
                    36:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:13:DC:2C:76:EF:68:DD:6E:D3:C6:5B:FE:0F:93:8D:94:D4:F9:F9
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/IBPcLHbvaN1u08Zb_g-TjZTU-fk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:710::/44

    Signature Algorithm: sha256WithRSAEncryption
         70:e0:a1:a5:3a:41:59:9e:38:d2:77:6e:a7:30:b3:5a:6f:ad:
         37:c8:6c:69:68:a1:ba:ed:27:02:18:0c:ae:ca:04:e3:34:48:
         ba:ab:9a:bd:a4:0e:ea:9d:1d:f9:09:9b:47:32:47:4b:bc:ef:
         a1:40:de:73:f2:55:96:76:90:d0:a3:96:4a:dc:9b:30:48:89:
         e2:97:78:b1:e9:93:e6:06:52:28:05:04:d8:8c:10:51:4d:c2:
         90:70:2f:ca:05:41:cc:88:a7:49:ea:2c:a1:a7:a9:35:c0:0c:
         ec:1b:c5:54:ba:4b:4a:ea:56:85:fd:f9:b1:44:2d:ee:6f:8d:
         8b:cd:ed:34:96:8f:1d:aa:ff:ec:7a:78:6f:de:4a:50:8e:1f:
         05:b7:38:4f:05:27:0b:63:f7:a9:2d:c7:e5:33:26:33:96:6a:
         c6:2b:1b:10:7a:45:c2:3d:09:63:f4:a3:77:da:21:c8:c8:a6:
         03:3c:98:10:e2:05:72:95:7c:68:de:f7:39:97:4d:90:c5:e9:
         ed:fb:05:36:b2:18:94:f1:d7:d7:71:05:70:89:04:0a:a1:65:
         d8:5b:66:c9:ee:55:18:ae:85:8c:39:b9:7e:fb:49:f6:c4:95:
         f8:5e:c6:c2:cb:12:0e:e9:61:71:a1:f3:90:5d:9f:0e:b1:cf:
         69:24:8d:00
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAWCtnj9xTlQ85DdlFkXSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDEzZGMyYzc2ZWY2OGRkNmVkM2M2NWJmZTBmOTM4ZDk0ZDRmOWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnziGFb1ftC9S+9xC2OdJHzenn+Xl
mQ8z9yIStOHSMFrfpIcQW78u7ITHCSrDB9oI7SuvpnRTloD80vC3W8hddnP6SJzz
SEI5kefqi+xEQHvSUJ+E70lgitomHyYx6UqzFQF6Gm64Aa4W4624wrndNhha2NIu
PvyaGA+m+jveB792opw43VnhpfePnqD5atEoWhsFd5TQacU+byk6C+aG7bTQUnDf
DDMo6vU8/wvGNbdeOkl582wZcSR5cB5JmPVFoqnfe18YuUq0/KWeGf0HfTUw+w6E
DXI5KCM3kDU+oILJbliRDQbuHZMSMKieDCrOVH5JRZMNhfGWP6yjfoY2eQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCAT3Cx272jdbtPGW/4Pk42U1Pn5MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvSUJQY0xIYnZhTjF1MDhaYl9nLVRqWlRVLWZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQcQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBw4KGlOkFZnjjSd26nMLNab603yGxpaKG67ScC
GAyuygTjNEi6q5q9pA7qnR35CZtHMkdLvO+hQN5z8lWWdpDQo5ZK3JswSInil3ix
6ZPmBlIoBQTYjBBRTcKQcC/KBUHMiKdJ6iyhp6k1wAzsG8VUuktK6laF/fmxRC3u
b42Lze00lo8dqv/senhv3kpQjh8FtzhPBScLY/epLcflMyYzlmrGKxsQekXCPQlj
9KN32iHIyKYDPJgQ4gVylXxo3vc5l02Qxent+wU2shiU8dfXcQVwiQQKoWXYW2bJ
7lUYroWMObl++0n2xJX4XsbCyxIO6WFxofOQXZ8Osc9pJI0A
-----END CERTIFICATE-----