Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Im9qHBA-gHJHx2NHGvzQtixWFwU.roa
File:                     Im9qHBA-gHJHx2NHGvzQtixWFwU.roa (raw, json)
Hash identifier:          8SX/GptbO4aYYPQWpQrnpYGypFDbo6f45+0ndC3PlsI=
Subject key identifier:   22:6F:6A:1C:10:3E:80:72:47:C7:63:47:1A:FC:D0:B6:2C:56:17:05
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8014AED071AC3ACDC72C6EE3AD8A613
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Im9qHBA-gHJHx2NHGvzQtixWFwU.roa
Signing time:             Tue 02 Jan 2024 02:29:37 +0000
ROA not before:           Tue 02 Jan 2024 02:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41108
IP address blocks:        2a0c:b642:1a0f::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:4a:ed:07:1a:c3:ac:dc:72:c6:ee:3a:d8:a6:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=226f6a1c103e807247c763471afcd0b62c561705
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:fd:f0:64:1c:8c:08:84:96:87:64:b6:4e:0b:
                    47:80:92:9e:bc:4d:bb:95:8d:c6:d4:7c:7f:5c:93:
                    3a:ee:f3:ff:df:c3:36:fd:ae:4b:f6:5a:39:2e:13:
                    a0:0b:e2:8e:d7:45:38:f0:d3:81:c1:d6:5f:2b:24:
                    f7:6c:2e:d6:b5:2d:68:ef:d2:ac:50:ce:5e:80:42:
                    45:d4:e0:ca:24:a3:56:1f:f5:6c:58:b7:33:3b:7a:
                    73:e1:83:87:c1:80:65:68:90:8b:d6:34:80:7c:57:
                    fa:51:ff:4d:65:9b:de:68:9d:c8:84:21:86:1f:10:
                    04:fa:ea:70:ab:f8:a6:50:d1:9f:62:2d:b4:ee:6a:
                    ef:16:9c:1a:40:83:34:b8:c3:11:cb:b4:d6:41:2d:
                    f9:06:6c:e6:36:43:2a:5e:cb:0e:03:e9:ca:28:3f:
                    3e:98:34:95:36:c7:df:9e:bb:2a:5a:de:56:7e:a6:
                    3a:b8:50:f4:3f:1a:b1:33:ba:75:f4:37:cd:91:d4:
                    35:e0:06:ac:ee:d9:53:8b:52:a0:6a:6b:e3:e8:a6:
                    0d:5e:06:f2:6d:6c:42:df:74:19:b4:9e:fd:86:50:
                    6a:48:1d:71:f1:28:7f:bf:96:bc:85:e5:a4:c3:4f:
                    fa:c9:8e:f0:d9:23:d9:36:9a:d2:f1:1b:ed:f1:21:
                    a8:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:6F:6A:1C:10:3E:80:72:47:C7:63:47:1A:FC:D0:B6:2C:56:17:05
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Im9qHBA-gHJHx2NHGvzQtixWFwU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b642:1a0f::/48

    Signature Algorithm: sha256WithRSAEncryption
         3d:7d:57:b8:b0:15:9c:df:60:9f:74:b9:d7:c3:30:8c:a1:42:
         6c:73:4d:dd:97:c2:4d:b5:7e:64:a4:9a:17:2f:91:22:9e:1a:
         f8:59:5c:ca:15:cf:42:0e:94:2a:7e:d7:96:76:85:ef:94:9a:
         18:9f:83:09:6c:47:4c:3a:bf:7f:4f:3c:be:30:b3:bf:66:66:
         f4:f5:3b:1f:69:4b:e4:0d:1f:1f:09:23:58:3d:eb:62:88:10:
         65:bb:45:e1:7b:19:6c:f1:39:21:7e:8e:cf:d9:3e:8a:a6:ce:
         49:50:5e:c9:40:8a:5e:fb:00:63:d4:e5:59:e0:d1:1f:32:fb:
         00:9a:1a:d4:e4:d6:4a:21:2c:d7:3e:24:8e:df:b5:b8:7d:97:
         7e:60:46:d2:61:bb:8c:a8:ff:e1:ed:c8:ff:c9:0c:64:cf:6c:
         a6:c7:57:52:53:bd:a6:16:16:0c:ba:17:c2:38:72:4e:00:07:
         c0:ab:d9:0e:72:90:81:dd:ba:9a:2a:d7:cb:44:8a:43:26:15:
         4f:27:09:4e:e7:44:67:55:10:d8:39:7f:51:fe:17:5f:cf:29:
         ca:d7:ee:c0:bf:72:20:69:43:94:5f:24:44:cb:ce:08:33:8d:
         d1:ab:60:e6:d5:17:c6:9f:09:cf:61:01:67:43:f5:da:2f:4a:
         44:d9:5d:eb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAUrtBxrDrNxyxu462KYTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjZmNmExYzEwM2U4MDcyNDdjNzYzNDcxYWZjZDBiNjJjNTYxNzA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmf3wZByMCISWh2S2TgtHgJKevE27
lY3G1Hx/XJM67vP/38M2/a5L9lo5LhOgC+KO10U48NOBwdZfKyT3bC7WtS1o79Ks
UM5egEJF1ODKJKNWH/VsWLczO3pz4YOHwYBlaJCL1jSAfFf6Uf9NZZveaJ3IhCGG
HxAE+upwq/imUNGfYi207mrvFpwaQIM0uMMRy7TWQS35BmzmNkMqXssOA+nKKD8+
mDSVNsffnrsqWt5WfqY6uFD0PxqxM7p19DfNkdQ14Aas7tlTi1Kgamvj6KYNXgby
bWxC33QZtJ79hlBqSB1x8Sh/v5a8heWkw0/6yY7w2SPZNprS8Rvt8SGozwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCJvahwQPoByR8djRxr80LYsVhcFMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvSW05cUhCQS1nSEpIeDJOSEd2elF0aXhXRndVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgy2QhoP
MA0GCSqGSIb3DQEBCwUAA4IBAQA9fVe4sBWc32CfdLnXwzCMoUJsc03dl8JNtX5k
pJoXL5Einhr4WVzKFc9CDpQqfteWdoXvlJoYn4MJbEdMOr9/Tzy+MLO/Zmb09Tsf
aUvkDR8fCSNYPetiiBBlu0Xhexls8Tkhfo7P2T6Kps5JUF7JQIpe+wBj1OVZ4NEf
MvsAmhrU5NZKISzXPiSO37W4fZd+YEbSYbuMqP/h7cj/yQxkz2ymx1dSU72mFhYM
uhfCOHJOAAfAq9kOcpCB3bqaKtfLRIpDJhVPJwlO50RnVRDYOX9R/hdfzynK1+7A
v3IgaUOUXyREy84IM43Rq2Dm1RfGnwnPYQFnQ/XaL0pE2V3r
-----END CERTIFICATE-----