Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/L9G0M0qZZQ_vAWgIG5Evr58h2ow.roa
File:                     L9G0M0qZZQ_vAWgIG5Evr58h2ow.roa (raw, json)
Hash identifier:          LxdGlxoBz2YWMT+Dp0WXURszkIhrKEogRWIGQE0ORZU=
Subject key identifier:   2F:D1:B4:33:4A:99:65:0F:EF:01:68:08:1B:91:2F:AF:9F:21:DA:8C
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8017F0071754F2E0ACCA5DEE5F5208C
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/L9G0M0qZZQ_vAWgIG5Evr58h2ow.roa
Signing time:             Tue 02 Jan 2024 02:29:50 +0000
ROA not before:           Tue 02 Jan 2024 02:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212980
IP address blocks:        2a0c:b641:5a0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:7f:00:71:75:4f:2e:0a:cc:a5:de:e5:f5:20:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2fd1b4334a99650fef0168081b912faf9f21da8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:05:9f:23:0d:7f:30:08:51:9c:0b:6a:60:84:
                    83:79:84:6c:92:ed:b6:46:c7:c3:9b:bd:ca:fb:8e:
                    a6:e5:83:49:7a:a5:2c:67:15:e8:75:9d:fb:bf:83:
                    94:82:8a:9c:e0:b8:85:03:94:7b:2e:92:9c:f7:0e:
                    c0:d9:39:24:be:e6:8c:68:3a:d9:a8:43:8e:9f:6b:
                    e4:f9:78:65:36:37:1d:88:fa:5b:d1:a4:11:17:a2:
                    f6:84:9c:6e:b2:cd:d0:d6:33:d2:19:a2:b5:c5:37:
                    f9:e3:63:81:ce:36:d8:e6:d5:03:e5:17:48:16:0e:
                    5d:1c:0c:3c:24:fb:3c:80:b9:07:8b:54:6f:c9:31:
                    c7:1e:a3:08:fe:86:9c:4a:46:76:19:33:cb:86:43:
                    22:61:61:53:78:0e:d2:b9:ca:9a:a1:67:48:ed:c9:
                    21:97:26:16:53:e8:e9:ed:04:f1:25:36:f4:d3:96:
                    55:09:fb:7a:58:35:6c:5a:b0:33:ae:0e:82:e3:77:
                    3f:54:05:51:d5:0d:46:9b:39:19:59:ea:17:89:b4:
                    6f:d8:42:ea:7e:e6:e0:48:2a:8f:a5:e3:cc:a0:79:
                    79:10:a5:5b:13:58:63:1e:72:bc:af:13:b8:32:95:
                    a1:9e:c8:71:2f:ba:9c:f7:14:2a:61:2e:74:77:aa:
                    36:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:D1:B4:33:4A:99:65:0F:EF:01:68:08:1B:91:2F:AF:9F:21:DA:8C
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/L9G0M0qZZQ_vAWgIG5Evr58h2ow.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:5a0::/44

    Signature Algorithm: sha256WithRSAEncryption
         27:7f:3b:31:14:8e:ba:aa:f0:ac:5e:a6:a7:d4:a7:11:b0:27:
         ba:d0:3e:09:d6:8a:76:b2:9d:ba:06:fc:49:c3:32:82:e0:16:
         c7:9f:39:67:52:84:3e:8e:15:48:e8:88:a9:69:4c:85:d1:01:
         61:3f:5e:23:8f:79:af:5a:5e:d7:d8:0f:3d:24:7c:40:b8:0e:
         25:2a:0d:e9:a7:f9:79:1c:7e:61:97:e7:f0:dc:09:33:51:a2:
         ef:08:16:11:3b:16:37:51:7a:b0:99:18:78:b3:97:96:f8:6b:
         af:c2:d4:73:51:a9:84:2f:84:78:59:39:e4:66:da:14:18:e5:
         0d:1c:fd:c4:c2:a4:85:05:f6:79:e0:0a:47:5a:8d:f9:83:a6:
         fa:1e:bb:92:91:e7:88:0f:8e:c8:3f:11:90:6c:bc:03:a8:65:
         c4:74:18:0a:12:16:08:bf:cb:97:82:19:4a:bc:d4:db:5e:f4:
         e6:11:28:6b:5b:9d:b2:21:73:e2:e4:3d:10:07:f1:e1:bc:7c:
         f1:1d:60:c4:34:94:d2:74:c1:01:7d:7a:0e:e8:a5:c5:36:b5:
         d8:a2:d0:1d:36:3b:9b:91:33:36:d2:be:78:2b:10:66:b6:6d:
         64:a5:f8:37:0d:9d:b0:0a:51:ed:fc:86:10:4a:db:97:bd:a4:
         38:20:28:72
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAX8AcXVPLgrMpd7l9SCMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmQxYjQzMzRhOTk2NTBmZWYwMTY4MDgxYjkxMmZhZjlmMjFkYThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4wWfIw1/MAhRnAtqYISDeYRsku22
RsfDm73K+46m5YNJeqUsZxXodZ37v4OUgoqc4LiFA5R7LpKc9w7A2TkkvuaMaDrZ
qEOOn2vk+XhlNjcdiPpb0aQRF6L2hJxuss3Q1jPSGaK1xTf542OBzjbY5tUD5RdI
Fg5dHAw8JPs8gLkHi1RvyTHHHqMI/oacSkZ2GTPLhkMiYWFTeA7SucqaoWdI7ckh
lyYWU+jp7QTxJTb005ZVCft6WDVsWrAzrg6C43c/VAVR1Q1GmzkZWeoXibRv2ELq
fubgSCqPpePMoHl5EKVbE1hjHnK8rxO4MpWhnshxL7qc9xQqYS50d6o2UwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFC/RtDNKmWUP7wFoCBuRL6+fIdqMMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvTDlHME0wcVpaUV92QVdnSUc1RXZyNThoMm93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQWg
MA0GCSqGSIb3DQEBCwUAA4IBAQAnfzsxFI66qvCsXqan1KcRsCe60D4J1op2sp26
BvxJwzKC4BbHnzlnUoQ+jhVI6IipaUyF0QFhP14jj3mvWl7X2A89JHxAuA4lKg3p
p/l5HH5hl+fw3AkzUaLvCBYROxY3UXqwmRh4s5eW+GuvwtRzUamEL4R4WTnkZtoU
GOUNHP3EwqSFBfZ54ApHWo35g6b6HruSkeeID47IPxGQbLwDqGXEdBgKEhYIv8uX
ghlKvNTbXvTmEShrW52yIXPi5D0QB/HhvHzxHWDENJTSdMEBfXoO6KXFNrXYotAd
NjubkTM20r54KxBmtm1kpfg3DZ2wClHt/IYQStuXvaQ4IChy
-----END CERTIFICATE-----