Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/J-i-ElCHnjdlh-SA86Bd9fZ5Oug.roa
File:                     J-i-ElCHnjdlh-SA86Bd9fZ5Oug.roa (raw, json)
Hash identifier:          7iX3dbtj1LAanyUfeJAJtnheVr6xdpL0abr0BZsKuCw=
Subject key identifier:   27:E8:BE:12:50:87:9E:37:65:87:E4:80:F3:A0:5D:F5:F6:79:3A:E8
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC80165BB4002A982224CC344055620C0
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/J-i-ElCHnjdlh-SA86Bd9fZ5Oug.roa
Signing time:             Tue 02 Jan 2024 02:29:43 +0000
ROA not before:           Tue 02 Jan 2024 02:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207759
IP address blocks:        2a0c:b641:20::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:65:bb:40:02:a9:82:22:4c:c3:44:05:56:20:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=27e8be1250879e376587e480f3a05df5f6793ae8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:76:bc:08:a1:e9:08:3c:94:8c:65:b7:a1:25:
                    69:5b:74:ea:23:e3:f0:26:07:99:22:6f:23:22:ec:
                    9f:2d:cf:af:6e:eb:b2:20:62:f2:de:63:30:b2:85:
                    fe:e3:d6:e4:b4:e9:e2:53:ec:35:15:53:96:34:86:
                    f9:0f:d8:a2:b5:e2:0a:33:55:7d:9a:20:c2:06:67:
                    ca:e6:61:59:a4:e4:20:9d:37:95:ce:77:64:83:57:
                    fe:0e:e1:e1:99:86:25:10:7a:9b:ad:3e:d3:2e:75:
                    e3:89:b6:27:b8:4e:4b:01:68:ad:62:61:9b:0a:f1:
                    a7:c1:22:71:08:43:56:2f:14:39:54:59:e7:eb:5f:
                    91:22:68:81:28:ee:dc:05:18:d9:b0:2f:6f:31:fc:
                    63:f5:80:ef:83:6b:19:a4:f2:cf:4f:f0:e7:ee:aa:
                    ab:d3:e8:7d:b6:ad:2e:97:af:c3:84:d1:53:37:66:
                    7e:38:04:2a:c3:1b:30:db:f0:e7:ef:09:7e:66:5b:
                    b1:56:f6:64:df:5d:26:6e:72:0d:5a:b8:50:ff:ab:
                    d9:2a:b4:1a:65:0f:a5:6a:30:5e:31:f5:1c:0c:12:
                    7e:3d:cb:a1:81:7e:f6:a2:f1:69:dc:0e:a5:92:39:
                    67:1a:43:c2:65:3c:18:c9:2f:22:15:a0:c1:00:c6:
                    19:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:E8:BE:12:50:87:9E:37:65:87:E4:80:F3:A0:5D:F5:F6:79:3A:E8
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/J-i-ElCHnjdlh-SA86Bd9fZ5Oug.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:20::/44

    Signature Algorithm: sha256WithRSAEncryption
         76:f0:8a:56:e3:40:73:5a:21:45:e5:52:fb:c0:1e:61:73:17:
         3b:be:f0:35:00:16:7b:ec:e0:cb:d6:5a:99:40:bd:b4:3b:7c:
         11:6e:cf:fa:3d:1a:29:18:df:85:f3:0a:10:6a:78:12:f2:0d:
         fc:c0:b8:4e:69:84:31:23:ed:97:11:05:d7:db:6a:64:e8:a7:
         e1:37:9c:d7:6b:d4:8e:ca:de:70:fe:ac:a1:d2:d7:6a:c8:94:
         5a:76:63:41:53:d9:ea:49:e5:e8:a4:8e:83:a7:0c:05:96:aa:
         a5:78:e4:ec:8e:ab:73:3f:d6:0c:95:d9:ad:55:bd:cc:d2:cc:
         f7:59:a2:4f:25:a3:72:e8:a7:7d:22:dd:5f:ad:88:50:a7:a8:
         3b:bd:61:0e:03:96:7a:34:9c:87:5f:e2:d2:cc:48:bd:c2:62:
         63:5f:78:1c:51:a1:77:f2:60:33:c4:ef:02:31:59:a5:f5:24:
         ba:8f:93:d9:f5:b2:19:ab:d8:8d:65:06:a1:8f:b0:c2:d9:92:
         73:bc:1d:e0:98:1c:d7:ab:36:5b:0b:43:2a:26:7d:60:da:61:
         f6:d1:07:bc:ab:be:6b:9e:5f:6d:02:e2:78:3e:30:c5:b8:bd:
         45:c8:ff:63:41:72:4f:b3:99:2d:b4:df:9b:b2:e9:b1:9b:21:
         dd:eb:f9:6b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAWW7QAKpgiJMw0QFViDAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2U4YmUxMjUwODc5ZTM3NjU4N2U0ODBmM2EwNWRmNWY2NzkzYWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhna8CKHpCDyUjGW3oSVpW3TqI+Pw
JgeZIm8jIuyfLc+vbuuyIGLy3mMwsoX+49bktOniU+w1FVOWNIb5D9iiteIKM1V9
miDCBmfK5mFZpOQgnTeVzndkg1f+DuHhmYYlEHqbrT7TLnXjibYnuE5LAWitYmGb
CvGnwSJxCENWLxQ5VFnn61+RImiBKO7cBRjZsC9vMfxj9YDvg2sZpPLPT/Dn7qqr
0+h9tq0ul6/DhNFTN2Z+OAQqwxsw2/Dn7wl+ZluxVvZk310mbnINWrhQ/6vZKrQa
ZQ+lajBeMfUcDBJ+PcuhgX72ovFp3A6lkjlnGkPCZTwYyS8iFaDBAMYZmwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCfovhJQh543ZYfkgPOgXfX2eTroMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvSi1pLUVsQ0huamRsaC1TQTg2QmQ5Zlo1T3VnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQAg
MA0GCSqGSIb3DQEBCwUAA4IBAQB28IpW40BzWiFF5VL7wB5hcxc7vvA1ABZ77ODL
1lqZQL20O3wRbs/6PRopGN+F8woQangS8g38wLhOaYQxI+2XEQXX22pk6KfhN5zX
a9SOyt5w/qyh0tdqyJRadmNBU9nqSeXopI6DpwwFlqqleOTsjqtzP9YMldmtVb3M
0sz3WaJPJaNy6Kd9It1frYhQp6g7vWEOA5Z6NJyHX+LSzEi9wmJjX3gcUaF38mAz
xO8CMVml9SS6j5PZ9bIZq9iNZQahj7DC2ZJzvB3gmBzXqzZbC0MqJn1g2mH20Qe8
q75rnl9tAuJ4PjDFuL1FyP9jQXJPs5kttN+bsumxmyHd6/lr
-----END CERTIFICATE-----