Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/LVawacKg4E2DyHmFevfNcPUzrfA.roa
File:                     LVawacKg4E2DyHmFevfNcPUzrfA.roa (raw, json)
Hash identifier:          WfKuHDZoWCSyln3velpapUk69MNAe7+k2ea6IMkedaE=
Subject key identifier:   2D:56:B0:69:C2:A0:E0:4D:83:C8:79:85:7A:F7:CD:70:F5:33:AD:F0
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8016BFD2C4E0254626D0466C26AEDB5
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/LVawacKg4E2DyHmFevfNcPUzrfA.roa
Signing time:             Tue 02 Jan 2024 02:29:45 +0000
ROA not before:           Tue 02 Jan 2024 02:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209645
IP address blocks:        2a0c:b641:230::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:6b:fd:2c:4e:02:54:62:6d:04:66:c2:6a:ed:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2d56b069c2a0e04d83c879857af7cd70f533adf0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:30:f3:89:84:ef:ba:9c:71:bf:00:eb:45:d6:
                    30:a5:7d:79:6c:a6:9e:4c:52:2e:13:35:26:21:6a:
                    39:af:e3:80:a5:e0:5c:d8:31:82:a1:1f:3e:fa:d8:
                    00:5e:68:87:cd:f4:59:f7:11:6c:85:cb:97:73:fb:
                    e1:52:4c:7b:2f:0e:f3:6b:a4:68:ce:85:29:02:20:
                    47:01:70:58:47:69:be:27:60:ee:63:f3:f8:1a:ca:
                    6f:01:c7:9a:00:ae:5b:00:43:68:2e:ad:25:9b:0c:
                    2e:d3:dc:5b:c8:5a:79:49:13:bb:68:77:04:e5:ab:
                    91:f5:c4:63:93:64:a8:52:28:bc:28:73:2c:b1:14:
                    ee:e2:60:4d:c3:cc:87:aa:c3:e6:e3:0e:b6:3b:77:
                    71:f6:9c:df:61:ce:79:3e:8f:98:c3:fa:1c:b2:4d:
                    ec:96:38:e3:e6:8e:e2:25:69:40:03:02:3b:65:c2:
                    6b:fd:8e:70:99:1a:ef:c2:14:d8:28:d0:d3:86:ef:
                    d3:fa:54:19:8e:d0:fc:cf:a5:b9:4d:ed:f6:70:f4:
                    5f:8a:74:f4:db:ec:66:41:bf:48:37:37:84:4b:6c:
                    c9:8f:6b:12:28:2b:51:71:5a:bb:11:f1:80:be:97:
                    1c:46:c0:dc:00:0b:a0:74:86:82:28:08:a8:2f:12:
                    2e:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:56:B0:69:C2:A0:E0:4D:83:C8:79:85:7A:F7:CD:70:F5:33:AD:F0
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/LVawacKg4E2DyHmFevfNcPUzrfA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:230::/44

    Signature Algorithm: sha256WithRSAEncryption
         5b:61:b9:9d:3e:53:9f:cc:6c:21:d7:79:32:cc:8b:74:12:91:
         f9:ac:16:b0:6d:13:10:bb:f4:fb:07:20:1d:12:41:3a:5f:c8:
         99:b5:61:df:b5:35:19:b3:a5:2a:98:b5:c7:70:7c:12:71:6d:
         11:11:e4:86:21:a8:d7:2e:c3:50:54:fd:b3:5c:e2:1b:a4:d7:
         e2:4f:bc:8a:06:a2:a4:7a:6f:56:a3:f7:ee:5b:f5:55:f3:95:
         68:4e:45:e7:17:f0:78:87:1a:09:53:10:91:ca:cd:4c:00:9a:
         23:7e:7c:ba:55:6f:54:95:f0:ba:ef:14:2c:1f:42:68:fc:b4:
         19:ad:91:5b:5d:2d:64:e5:18:31:23:8e:6e:55:b4:65:09:a4:
         e6:1f:77:ab:1f:32:e4:25:8e:4c:d3:e0:ae:de:c1:66:ed:d7:
         1f:8e:26:d0:c3:a8:99:5c:fc:d2:68:d6:f8:16:9b:53:25:bc:
         52:76:0f:77:a2:6b:5b:18:cb:a5:fb:38:5d:d3:fb:c0:02:76:
         19:bf:0f:04:72:f6:11:58:9f:ac:0a:85:a5:62:a1:90:77:a0:
         f1:53:cb:f2:98:01:16:90:d4:9c:e4:4d:cb:2f:54:7e:97:8a:
         35:b0:86:85:b2:12:ca:93:70:83:75:0d:40:a7:f5:1e:91:b8:
         c9:c0:68:72
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAWv9LE4CVGJtBGbCau21MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDU2YjA2OWMyYTBlMDRkODNjODc5ODU3YWY3Y2Q3MGY1MzNhZGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgzDziYTvupxxvwDrRdYwpX15bKae
TFIuEzUmIWo5r+OApeBc2DGCoR8++tgAXmiHzfRZ9xFshcuXc/vhUkx7Lw7za6Ro
zoUpAiBHAXBYR2m+J2DuY/P4GspvAceaAK5bAENoLq0lmwwu09xbyFp5SRO7aHcE
5auR9cRjk2SoUii8KHMssRTu4mBNw8yHqsPm4w62O3dx9pzfYc55Po+Yw/ocsk3s
ljjj5o7iJWlAAwI7ZcJr/Y5wmRrvwhTYKNDThu/T+lQZjtD8z6W5Te32cPRfinT0
2+xmQb9INzeES2zJj2sSKCtRcVq7EfGAvpccRsDcAAugdIaCKAioLxIucQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFC1WsGnCoOBNg8h5hXr3zXD1M63wMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvTFZhd2FjS2c0RTJEeUhtRmV2Zk5jUFV6cmZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQIw
MA0GCSqGSIb3DQEBCwUAA4IBAQBbYbmdPlOfzGwh13kyzIt0EpH5rBawbRMQu/T7
ByAdEkE6X8iZtWHftTUZs6UqmLXHcHwScW0REeSGIajXLsNQVP2zXOIbpNfiT7yK
BqKkem9Wo/fuW/VV85VoTkXnF/B4hxoJUxCRys1MAJojfny6VW9UlfC67xQsH0Jo
/LQZrZFbXS1k5RgxI45uVbRlCaTmH3erHzLkJY5M0+Cu3sFm7dcfjibQw6iZXPzS
aNb4FptTJbxSdg93omtbGMul+zhd0/vAAnYZvw8EcvYRWJ+sCoWlYqGQd6DxU8vy
mAEWkNSc5E3LL1R+l4o1sIaFshLKk3CDdQ1Ap/UekbjJwGhy
-----END CERTIFICATE-----