Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/J3YPExy-YAdlpZYBuwfJAWiEuuU.roa
File:                     J3YPExy-YAdlpZYBuwfJAWiEuuU.roa (raw, json)
Hash identifier:          ubyavQcyQzbbloTv3SwCmDwGs5aE63r6Tot1Wkpsgmw=
Subject key identifier:   27:76:0F:13:1C:BE:60:07:65:A5:96:01:BB:07:C9:01:68:84:BA:E5
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018F29ADA874EB50DE1331E8FD39482BE417
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/J3YPExy-YAdlpZYBuwfJAWiEuuU.roa
Signing time:             Mon 29 Apr 2024 11:46:37 +0000
ROA not before:           Mon 29 Apr 2024 11:46:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215016
IP address blocks:        2a0c:b641:c40::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 03:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:29:ad:a8:74:eb:50:de:13:31:e8:fd:39:48:2b:e4:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Apr 29 11:46:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=27760f131cbe600765a59601bb07c9016884bae5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:dd:5d:74:98:88:5d:a2:c4:ba:67:a1:b3:b6:
                    b6:67:8b:fe:88:23:69:b2:15:46:75:ba:a6:83:5e:
                    26:d6:19:11:7a:30:b7:50:d0:25:e3:aa:8d:86:0e:
                    d8:ca:d5:4b:27:e4:51:84:8b:47:e1:e0:3b:cb:d7:
                    52:3b:24:64:ad:f6:6d:a5:26:e6:a1:f5:ec:f2:c1:
                    6b:e0:da:dc:bd:46:92:ec:b9:dd:93:ae:ef:e9:6b:
                    74:43:08:32:bc:ec:d8:d9:e3:12:76:b3:03:3f:f4:
                    6d:b0:fb:b5:94:4c:4d:69:63:c2:ae:0b:2d:7a:1f:
                    4b:44:30:80:2d:b9:cc:c7:2f:71:96:d2:03:1c:c4:
                    6f:2d:47:46:ed:7d:25:30:f0:ba:3f:9f:c6:08:f8:
                    55:e7:a7:12:34:99:3a:fa:a3:1c:17:c1:7e:6c:c0:
                    66:6f:62:00:44:45:7c:9e:93:7b:7a:fe:de:6d:ca:
                    f2:f1:00:66:07:48:6f:91:cd:75:99:b1:d0:78:3d:
                    4c:cd:c2:2c:0a:4c:61:70:b4:51:4d:8d:22:4d:c4:
                    f3:8b:6b:e4:67:b0:00:73:a1:a8:f9:85:a3:1d:5d:
                    87:8b:9c:be:7d:df:18:9e:8b:f9:64:e9:ad:62:05:
                    c3:7b:ee:9b:f4:89:7d:72:71:bb:fe:01:22:8b:67:
                    ef:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:76:0F:13:1C:BE:60:07:65:A5:96:01:BB:07:C9:01:68:84:BA:E5
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/J3YPExy-YAdlpZYBuwfJAWiEuuU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:c40::/44

    Signature Algorithm: sha256WithRSAEncryption
         84:a6:ce:13:2c:c7:ec:b1:aa:1a:13:87:ab:ef:53:cf:d4:88:
         ac:a4:08:0b:7e:13:e9:dd:3a:fb:e7:eb:05:6c:57:ec:21:50:
         16:38:d8:73:d3:b8:8a:74:ff:79:87:ae:10:f5:44:19:4d:11:
         d8:7a:fd:29:bd:72:ba:ff:7c:25:7d:d4:41:77:ad:58:d2:da:
         53:3c:69:4d:a7:49:3e:e2:6f:f9:4c:79:d0:3b:55:b1:db:6c:
         8d:1b:41:48:08:5b:2d:b6:45:fc:aa:e2:3f:9f:d5:7a:9c:04:
         69:f9:b4:63:ac:47:b1:4f:b2:e8:31:23:87:c9:0a:87:aa:ec:
         63:ae:20:2d:ae:f8:e5:55:b5:39:b6:4a:50:29:5b:6a:06:90:
         2a:77:6b:fb:41:b5:01:a8:db:53:de:8c:a7:73:27:c6:c6:43:
         78:98:e6:ed:b6:4e:9b:c5:95:06:07:33:87:40:50:99:5a:f2:
         9a:e5:99:47:d4:23:5a:7c:c7:ca:45:a3:0a:03:ec:48:da:a4:
         c1:79:98:6f:ab:f2:9b:22:5a:cd:58:42:73:22:d0:4f:58:28:
         16:d6:d7:37:d3:4d:47:c9:6a:8f:97:80:95:48:4c:0c:d0:dd:
         62:27:3d:42:f6:fb:66:69:c0:cb:f2:47:c6:b4:f5:ad:d5:ef:
         f9:26:29:3a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY8prah061DeEzHo/TlIK+QXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwNDI5MTE0NjM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzc2MGYxMzFjYmU2MDA3NjVhNTk2MDFiYjA3YzkwMTY4ODRiYWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtN1ddJiIXaLEumehs7a2Z4v+iCNp
shVGdbqmg14m1hkRejC3UNAl46qNhg7YytVLJ+RRhItH4eA7y9dSOyRkrfZtpSbm
ofXs8sFr4NrcvUaS7Lndk67v6Wt0QwgyvOzY2eMSdrMDP/RtsPu1lExNaWPCrgst
eh9LRDCALbnMxy9xltIDHMRvLUdG7X0lMPC6P5/GCPhV56cSNJk6+qMcF8F+bMBm
b2IAREV8npN7ev7ebcry8QBmB0hvkc11mbHQeD1MzcIsCkxhcLRRTY0iTcTzi2vk
Z7AAc6Go+YWjHV2Hi5y+fd8Ynov5ZOmtYgXDe+6b9Il9cnG7/gEii2fvpQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCd2DxMcvmAHZaWWAbsHyQFohLrlMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvSjNZUEV4eS1ZQWRscFpZQnV3ZkpBV2lFdXVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQxA
MA0GCSqGSIb3DQEBCwUAA4IBAQCEps4TLMfssaoaE4er71PP1IispAgLfhPp3Tr7
5+sFbFfsIVAWONhz07iKdP95h64Q9UQZTRHYev0pvXK6/3wlfdRBd61Y0tpTPGlN
p0k+4m/5THnQO1Wx22yNG0FICFsttkX8quI/n9V6nARp+bRjrEexT7LoMSOHyQqH
quxjriAtrvjlVbU5tkpQKVtqBpAqd2v7QbUBqNtT3oyncyfGxkN4mObttk6bxZUG
BzOHQFCZWvKa5ZlH1CNafMfKRaMKA+xI2qTBeZhvq/KbIlrNWEJzItBPWCgW1tc3
001HyWqPl4CVSEwM0N1iJz1C9vtmacDL8kfGtPWt1e/5Jik6
-----END CERTIFICATE-----