Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/LnXWHxCejhFwM9-fyJHChsFmm_Q.roa
File:                     LnXWHxCejhFwM9-fyJHChsFmm_Q.roa (raw, json)
Hash identifier:          mWSJbSIMmcUhJGlntALOK5IiOrn+PsRA5IEBXWt3ph8=
Subject key identifier:   2E:75:D6:1F:10:9E:8E:11:70:33:DF:9F:C8:91:C2:86:C1:66:9B:F4
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8016DCA5CCE8F9101C09A143EB76311
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/LnXWHxCejhFwM9-fyJHChsFmm_Q.roa
Signing time:             Tue 02 Jan 2024 02:29:45 +0000
ROA not before:           Tue 02 Jan 2024 02:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210020
IP address blocks:        2a0c:b642:1030::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:6d:ca:5c:ce:8f:91:01:c0:9a:14:3e:b7:63:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e75d61f109e8e117033df9fc891c286c1669bf4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:87:8f:3e:62:ce:5d:15:b2:d3:71:8a:77:09:
                    9e:c6:60:d8:d9:2c:a3:1f:8d:ec:b6:53:05:ef:81:
                    a7:99:d2:d3:3b:43:bf:aa:45:9e:2d:f6:5d:c9:c3:
                    b4:b0:7a:4a:0c:df:f4:54:7f:77:38:d1:40:5e:86:
                    70:38:e2:9d:2f:0e:a0:63:69:c4:ce:28:4d:03:18:
                    1d:d6:d5:da:bc:b9:32:87:cb:95:d3:01:51:f9:3c:
                    25:b0:25:0e:95:28:b0:54:0b:1f:35:5f:1f:19:fc:
                    35:7c:f1:55:a5:f0:46:1d:2b:30:03:5d:39:0e:93:
                    a1:02:ef:2a:8c:37:85:ed:34:19:12:36:3f:78:08:
                    c5:c2:42:db:2a:a5:25:06:b3:87:71:a6:e7:31:f4:
                    f5:63:03:5e:86:6a:5d:e1:ed:74:bc:37:a7:97:44:
                    8c:af:34:40:a9:9a:bb:aa:3e:7e:87:6d:ba:83:27:
                    61:e2:1d:af:4c:7b:2f:51:f4:6e:01:f0:37:b3:cf:
                    63:93:14:77:4d:99:88:86:26:5b:58:9e:a7:de:5d:
                    ba:0c:7f:1c:2e:06:1e:b7:b9:1f:b7:f7:55:49:56:
                    06:28:48:cb:0f:14:63:4f:d9:fc:fc:db:c5:8c:37:
                    d6:79:1b:2e:4b:a2:83:68:39:50:cb:c8:44:d4:06:
                    6e:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:75:D6:1F:10:9E:8E:11:70:33:DF:9F:C8:91:C2:86:C1:66:9B:F4
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/LnXWHxCejhFwM9-fyJHChsFmm_Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b642:1030::/44

    Signature Algorithm: sha256WithRSAEncryption
         22:44:4c:a1:83:ae:d3:df:1a:26:bf:b1:f7:87:30:a6:0d:05:
         9b:27:ac:f9:61:43:be:25:50:71:10:77:74:35:2c:5f:9b:dc:
         d3:64:42:96:30:02:f3:fb:40:ad:7d:5a:8a:0e:41:85:30:a6:
         1d:91:af:5f:84:a9:82:f7:60:c9:a5:f3:08:e8:99:e4:02:99:
         6c:5c:63:b1:18:a4:55:0d:36:ca:62:58:4e:c9:2a:e4:7f:ac:
         bd:ff:8e:d5:a8:c9:ff:97:85:37:d9:a0:c6:f0:24:60:1f:05:
         1e:27:8b:8e:e9:8c:d6:e9:36:db:91:0c:77:8b:f0:59:69:2e:
         a6:c8:58:3b:c3:c7:90:49:9a:02:5c:07:81:19:5c:f1:9c:c4:
         4a:f1:c3:bf:ea:94:c2:ac:ae:92:d1:ce:56:09:10:0b:64:2b:
         08:5f:6a:dc:be:b6:f1:3b:27:79:f9:79:8b:d0:14:b7:38:2b:
         bc:dd:9a:3b:7b:81:f6:29:a3:ca:f0:a2:3b:27:f9:1f:d6:49:
         8b:1b:91:a5:1a:6f:64:02:93:03:30:73:f4:83:3b:d7:77:c9:
         c6:25:bc:e5:f6:7f:ec:fc:4b:f7:fa:55:3d:cf:6a:fb:c6:8b:
         4d:de:b9:c3:68:6a:2d:74:da:ea:f6:e9:fa:5d:ce:d9:4a:39:
         94:e2:a5:20
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAW3KXM6PkQHAmhQ+t2MRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTc1ZDYxZjEwOWU4ZTExNzAzM2RmOWZjODkxYzI4NmMxNjY5YmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyIePPmLOXRWy03GKdwmexmDY2Syj
H43stlMF74GnmdLTO0O/qkWeLfZdycO0sHpKDN/0VH93ONFAXoZwOOKdLw6gY2nE
zihNAxgd1tXavLkyh8uV0wFR+TwlsCUOlSiwVAsfNV8fGfw1fPFVpfBGHSswA105
DpOhAu8qjDeF7TQZEjY/eAjFwkLbKqUlBrOHcabnMfT1YwNehmpd4e10vDenl0SM
rzRAqZq7qj5+h226gydh4h2vTHsvUfRuAfA3s89jkxR3TZmIhiZbWJ6n3l26DH8c
LgYet7kft/dVSVYGKEjLDxRjT9n8/NvFjDfWeRsuS6KDaDlQy8hE1AZuVwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFC511h8Qno4RcDPfn8iRwobBZpv0MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvTG5YV0h4Q2VqaEZ3TTktZnlKSENoc0ZtbV9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QhAw
MA0GCSqGSIb3DQEBCwUAA4IBAQAiREyhg67T3xomv7H3hzCmDQWbJ6z5YUO+JVBx
EHd0NSxfm9zTZEKWMALz+0CtfVqKDkGFMKYdka9fhKmC92DJpfMI6JnkAplsXGOx
GKRVDTbKYlhOySrkf6y9/47VqMn/l4U32aDG8CRgHwUeJ4uO6YzW6TbbkQx3i/BZ
aS6myFg7w8eQSZoCXAeBGVzxnMRK8cO/6pTCrK6S0c5WCRALZCsIX2rcvrbxOyd5
+XmL0BS3OCu83Zo7e4H2KaPK8KI7J/kf1kmLG5GlGm9kApMDMHP0gzvXd8nGJbzl
9n/s/Ev3+lU9z2r7xotN3rnDaGotdNrq9un6Xc7ZSjmU4qUg
-----END CERTIFICATE-----