Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Kh__Ke0lUvSBp8rSKMaLkfj6ElI.roa
File:                     Kh__Ke0lUvSBp8rSKMaLkfj6ElI.roa (raw, json)
Hash identifier:          EnUAAW9wk1DkmswpHNoFqZdEyVqstSttvJuXtPQVEcg=
Subject key identifier:   2A:1F:FF:29:ED:25:52:F4:81:A7:CA:D2:28:C6:8B:91:F8:FA:12:52
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8015F4DE3B30C15BEB5EEA6A3E3648B
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Kh__Ke0lUvSBp8rSKMaLkfj6ElI.roa
Signing time:             Tue 02 Jan 2024 02:29:42 +0000
ROA not before:           Tue 02 Jan 2024 02:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205591
IP address blocks:        2a0c:b642:1a09::/48 maxlen: 48
                          2a0c:b642::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:5f:4d:e3:b3:0c:15:be:b5:ee:a6:a3:e3:64:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a1fff29ed2552f481a7cad228c68b91f8fa1252
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:dc:ae:68:d4:3e:e6:f7:29:a1:f9:e1:c5:e6:
                    1f:d5:a2:bc:ca:5e:9d:32:dc:72:8a:80:f0:3c:64:
                    12:62:e5:92:bf:97:ef:04:4d:99:56:da:7a:45:c6:
                    ab:54:64:c6:11:29:c7:fe:aa:9b:f7:44:68:9b:1e:
                    c6:8d:d2:c8:22:49:a1:e9:28:6e:a7:ed:5e:3f:25:
                    f8:e0:da:fa:aa:37:bd:7b:92:27:90:3d:83:cc:0d:
                    a8:5c:c0:b2:4d:8c:04:bd:6b:65:d7:37:32:8f:49:
                    11:67:8c:4a:07:b2:83:54:7c:f5:fd:0a:a3:a6:a4:
                    5a:f7:8d:9b:4d:a2:86:69:58:64:4c:5d:87:9e:82:
                    30:b9:4f:45:50:0c:1b:37:a1:19:83:67:8a:42:31:
                    67:98:1c:0b:24:2a:45:b6:4d:dc:fe:82:06:3a:a2:
                    f9:38:2a:7f:b1:f2:90:e9:d3:08:e1:7d:b4:4d:91:
                    f9:c9:32:e8:98:f2:ff:ca:03:80:c0:cb:17:34:12:
                    a5:36:1c:c8:dc:5c:e5:e3:53:f0:79:c1:19:47:9d:
                    64:8a:29:80:ef:55:16:f3:ec:6c:3b:89:b6:99:b5:
                    7b:c7:3a:6c:5c:26:b8:7b:90:71:4f:5b:a6:27:ff:
                    7b:2e:fc:3a:03:5e:f9:30:f0:de:c9:28:e9:32:e5:
                    6b:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:1F:FF:29:ED:25:52:F4:81:A7:CA:D2:28:C6:8B:91:F8:FA:12:52
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Kh__Ke0lUvSBp8rSKMaLkfj6ElI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b642::/36
                  2a0c:b642:1a09::/48

    Signature Algorithm: sha256WithRSAEncryption
         54:fc:63:dc:c7:47:27:f8:f3:f1:f8:f3:c3:e3:83:01:be:ce:
         35:87:4a:da:c2:bb:89:d6:9d:5a:db:2a:5f:e7:96:cc:ff:fa:
         8c:3a:d4:05:b5:50:57:9a:3b:a5:14:55:fd:13:8f:07:50:ba:
         28:0b:f9:4b:64:7a:1e:4c:f3:41:b4:48:c4:a4:ae:a3:1e:de:
         1f:6b:6c:17:9d:93:84:30:fb:65:fe:4d:8b:d5:77:a5:0c:f5:
         6c:2b:05:dd:ca:dd:37:22:23:20:62:25:63:37:19:e7:d3:d9:
         dc:3c:12:48:92:52:a1:d5:9a:c2:cb:eb:40:54:b6:66:ab:26:
         98:de:4e:9d:49:bc:79:77:cb:83:b4:6c:65:84:42:e7:bc:1a:
         8a:5c:c6:69:a2:5a:e9:aa:9b:23:2f:c2:dd:59:e4:69:f2:88:
         86:2c:53:3a:f4:94:fd:79:ef:ef:d2:c7:c9:0a:76:28:67:bb:
         d5:58:6e:f2:8b:17:8c:2e:a9:46:93:fa:81:ae:78:87:bb:9a:
         bf:5a:5a:69:a3:d7:e0:35:be:c8:f5:f0:66:c9:c6:fb:2b:56:
         2a:71:30:4d:b2:27:4f:c4:5a:40:07:1d:8f:c4:72:bf:f9:a8:
         34:59:22:f0:d4:9d:4f:9a:66:9a:c7:62:5e:86:94:2b:a9:6b:
         d0:b6:ad:56
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAYzIAV9N47MMFb617qaj42SLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTFmZmYyOWVkMjU1MmY0ODFhN2NhZDIyOGM2OGI5MWY4ZmExMjUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqdyuaNQ+5vcpofnhxeYf1aK8yl6d
MtxyioDwPGQSYuWSv5fvBE2ZVtp6RcarVGTGESnH/qqb90Romx7GjdLIIkmh6Shu
p+1ePyX44Nr6qje9e5InkD2DzA2oXMCyTYwEvWtl1zcyj0kRZ4xKB7KDVHz1/Qqj
pqRa942bTaKGaVhkTF2HnoIwuU9FUAwbN6EZg2eKQjFnmBwLJCpFtk3c/oIGOqL5
OCp/sfKQ6dMI4X20TZH5yTLomPL/ygOAwMsXNBKlNhzI3Fzl41PwecEZR51kiimA
71UW8+xsO4m2mbV7xzpsXCa4e5BxT1umJ/97Lvw6A175MPDeySjpMuVrhwIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFCof/yntJVL0gafK0ijGi5H4+hJSMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvS2hfX0tlMGxVdlNCcDhyU0tNYUxrZmo2RWxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwYEKgy2QgAD
BwAqDLZCGgkwDQYJKoZIhvcNAQELBQADggEBAFT8Y9zHRyf48/H488PjgwG+zjWH
StrCu4nWnVrbKl/nlsz/+ow61AW1UFeaO6UUVf0TjwdQuigL+Utkeh5M80G0SMSk
rqMe3h9rbBedk4Qw+2X+TYvVd6UM9WwrBd3K3TciIyBiJWM3GefT2dw8EkiSUqHV
msLL60BUtmarJpjeTp1JvHl3y4O0bGWEQue8GopcxmmiWumqmyMvwt1Z5GnyiIYs
Uzr0lP157+/Sx8kKdihnu9VYbvKLF4wuqUaT+oGueIe7mr9aWmmj1+A1vsj18GbJ
xvsrVipxME2yJ0/EWkAHHY/Ecr/5qDRZIvDUnU+aZprHYl6GlCupa9C2rVY=
-----END CERTIFICATE-----