Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Lw2-RGOfmyzfZwqPo6bIyCE9ZuQ.roa
File:                     Lw2-RGOfmyzfZwqPo6bIyCE9ZuQ.roa (raw, json)
Hash identifier:          mfJvm0tH95W2ZBVy22VmuKBGj+uu1MyrGKjNmelKkno=
Subject key identifier:   2F:0D:BE:44:63:9F:9B:2C:DF:67:0A:8F:A3:A6:C8:C8:21:3D:66:E4
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC80162ADF9E33DA1DE4C2B0100C59DA6
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Lw2-RGOfmyzfZwqPo6bIyCE9ZuQ.roa
Signing time:             Tue 02 Jan 2024 02:29:43 +0000
ROA not before:           Tue 02 Jan 2024 02:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207149
IP address blocks:        2a0c:b641:270::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:62:ad:f9:e3:3d:a1:de:4c:2b:01:00:c5:9d:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2f0dbe44639f9b2cdf670a8fa3a6c8c8213d66e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:fa:0e:54:2e:4f:3d:a8:65:7a:01:1b:db:1a:
                    c9:5e:4e:09:14:e1:29:c6:54:65:21:d7:1e:f5:55:
                    48:e6:24:0a:f3:e1:f7:72:dd:c3:b4:b3:20:e1:31:
                    4c:a5:84:77:47:b7:a5:8b:37:69:49:8c:33:4f:96:
                    a9:ca:e5:56:a8:8b:c7:a4:21:a8:43:0a:78:74:af:
                    58:70:9c:b6:9b:a8:c0:3e:ca:e1:3c:bd:57:ec:cd:
                    06:22:ed:37:6f:93:05:ab:24:68:5f:8a:86:37:cd:
                    6e:c7:12:ae:af:5a:39:86:81:a5:02:cb:77:4f:a3:
                    8c:5d:46:48:35:0e:8b:9e:45:67:d5:e6:d6:04:bf:
                    5d:3e:ef:6a:49:78:64:f2:7a:93:24:b9:67:54:d2:
                    cd:28:4a:f2:62:71:af:f5:c7:28:f4:ea:d0:37:5f:
                    51:33:67:20:c0:fe:45:40:9a:ce:65:84:99:ef:0c:
                    e9:e0:f5:94:36:d0:47:2a:70:7e:9a:67:f7:58:81:
                    b8:eb:2b:57:87:38:48:0c:85:f0:31:7c:77:62:69:
                    c8:b1:30:36:24:25:cc:23:82:da:fc:59:25:e9:4a:
                    af:03:35:a1:9e:a0:c8:3f:ea:c8:0f:bc:62:51:47:
                    6b:8f:1d:25:db:2b:79:2b:f8:9e:ed:b3:31:e1:8b:
                    1e:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:0D:BE:44:63:9F:9B:2C:DF:67:0A:8F:A3:A6:C8:C8:21:3D:66:E4
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Lw2-RGOfmyzfZwqPo6bIyCE9ZuQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:270::/44

    Signature Algorithm: sha256WithRSAEncryption
         47:20:a5:2a:a9:26:5d:0b:97:b6:34:54:ee:b3:79:34:cc:68:
         a3:ef:b6:40:0c:98:b4:e3:1c:3d:11:19:c2:03:d6:99:54:59:
         65:73:8c:e8:18:ab:46:06:59:c5:7e:3c:75:3e:f3:77:0c:af:
         57:f0:ec:1c:59:fe:ee:f9:a3:37:4e:95:87:78:8c:88:61:40:
         88:be:05:a1:ba:38:30:bd:16:2a:0d:5f:94:b4:07:e5:d5:40:
         7d:0b:5c:e3:c7:be:51:fc:f7:a2:50:e0:72:ef:dd:b9:88:08:
         3b:c1:1b:b0:e5:c5:d6:ce:8d:9c:12:40:48:38:a0:69:1c:c0:
         b6:a7:f6:ee:98:26:07:c1:ba:00:a3:f8:6c:54:a1:39:50:28:
         6a:57:37:ab:72:e8:3a:13:f9:ef:5c:c9:bf:75:12:03:4d:36:
         e4:d4:eb:18:2b:3f:6a:55:f3:39:a9:58:a4:ff:14:bb:19:ea:
         25:a3:be:40:11:83:c4:b4:5b:d1:eb:73:50:95:66:e8:f9:1e:
         8d:5c:bd:67:43:cc:84:16:eb:ff:82:34:72:1c:c5:da:22:cf:
         72:4c:65:dc:60:e1:af:99:a1:5c:57:2a:df:32:29:3f:72:62:
         0a:e8:da:bc:ff:7e:17:d0:1e:28:c3:f3:93:ad:16:e4:03:78:
         8d:02:e7:92
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAWKt+eM9od5MKwEAxZ2mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjBkYmU0NDYzOWY5YjJjZGY2NzBhOGZhM2E2YzhjODIxM2Q2NmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnfoOVC5PPahlegEb2xrJXk4JFOEp
xlRlIdce9VVI5iQK8+H3ct3DtLMg4TFMpYR3R7elizdpSYwzT5apyuVWqIvHpCGo
Qwp4dK9YcJy2m6jAPsrhPL1X7M0GIu03b5MFqyRoX4qGN81uxxKur1o5hoGlAst3
T6OMXUZINQ6LnkVn1ebWBL9dPu9qSXhk8nqTJLlnVNLNKEryYnGv9cco9OrQN19R
M2cgwP5FQJrOZYSZ7wzp4PWUNtBHKnB+mmf3WIG46ytXhzhIDIXwMXx3YmnIsTA2
JCXMI4La/Fkl6UqvAzWhnqDIP+rID7xiUUdrjx0l2yt5K/ie7bMx4YseUQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFC8NvkRjn5ss32cKj6OmyMghPWbkMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvTHcyLVJHT2ZteXpmWndxUG82Ykl5Q0U5WnVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQJw
MA0GCSqGSIb3DQEBCwUAA4IBAQBHIKUqqSZdC5e2NFTus3k0zGij77ZADJi04xw9
ERnCA9aZVFllc4zoGKtGBlnFfjx1PvN3DK9X8OwcWf7u+aM3TpWHeIyIYUCIvgWh
ujgwvRYqDV+UtAfl1UB9C1zjx75R/PeiUOBy7925iAg7wRuw5cXWzo2cEkBIOKBp
HMC2p/bumCYHwboAo/hsVKE5UChqVzercug6E/nvXMm/dRIDTTbk1OsYKz9qVfM5
qVik/xS7Geolo75AEYPEtFvR63NQlWbo+R6NXL1nQ8yEFuv/gjRyHMXaIs9yTGXc
YOGvmaFcVyrfMik/cmIK6Nq8/34X0B4ow/OTrRbkA3iNAueS
-----END CERTIFICATE-----