Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/MBuvNWODGvTek1otADjEECrPGp4.roa
File:                     MBuvNWODGvTek1otADjEECrPGp4.roa (raw, json)
Hash identifier:          wd99TS24NhODT9j66scWHhMK1RxnAsLXwLSs3FpVBH4=
Subject key identifier:   30:1B:AF:35:63:83:1A:F4:DE:93:5A:2D:00:38:C4:10:2A:CF:1A:9E
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8017C03A291BD05605590FEA917300A
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/MBuvNWODGvTek1otADjEECrPGp4.roa
Signing time:             Tue 02 Jan 2024 02:29:49 +0000
ROA not before:           Tue 02 Jan 2024 02:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212510
IP address blocks:        2a0c:b641:2c0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:7c:03:a2:91:bd:05:60:55:90:fe:a9:17:30:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=301baf3563831af4de935a2d0038c4102acf1a9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:5b:5a:0f:e3:7b:f4:74:96:e0:a0:54:e9:23:
                    36:9b:da:79:c9:08:d5:b1:31:a4:c3:56:7d:20:28:
                    f5:9f:52:d3:be:d4:69:5c:f7:2e:c4:8e:ea:21:d3:
                    28:c9:12:1f:b9:81:4c:f9:ac:03:75:a4:25:14:83:
                    96:7e:33:b2:e7:b2:24:89:01:01:5a:48:91:c8:ec:
                    2d:8f:48:40:72:16:9c:2d:d7:6d:94:34:b3:d3:78:
                    e7:2d:1d:2b:8e:01:d9:d2:a2:8d:c5:4c:a6:5f:07:
                    d2:ff:b6:29:51:1e:ea:b7:e4:75:72:94:7f:bd:b7:
                    a5:a3:b4:32:a6:69:52:90:e0:2c:48:5b:63:f9:56:
                    7b:de:c6:62:e3:f1:32:43:33:de:fe:4e:f1:bf:21:
                    24:08:40:50:1c:01:c2:0e:8e:65:28:d2:99:57:82:
                    a8:d6:25:30:0e:29:bb:d0:5d:da:3c:86:35:4f:49:
                    c7:61:0c:c3:4a:99:c0:cb:c2:57:89:79:74:70:a2:
                    06:6b:b6:17:ec:ed:ce:bb:6c:db:05:03:13:9d:e1:
                    d0:5f:13:09:c5:dc:51:32:03:6c:7c:52:c5:3e:7c:
                    07:93:1c:da:2b:9c:3e:ac:55:dc:65:47:dd:2c:ea:
                    c4:60:66:03:8a:2e:7f:ac:97:2c:eb:6d:19:d2:25:
                    8d:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:1B:AF:35:63:83:1A:F4:DE:93:5A:2D:00:38:C4:10:2A:CF:1A:9E
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/MBuvNWODGvTek1otADjEECrPGp4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:2c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         87:59:06:d4:01:6a:ef:e9:69:71:38:80:36:2a:d8:3e:11:69:
         c5:f8:a8:2f:c4:57:1f:83:dc:7a:75:ec:6d:32:a8:16:cb:0c:
         2e:05:57:0d:40:83:73:13:a5:22:49:3e:93:80:5f:6b:b6:1d:
         ae:15:de:b6:c4:72:c1:b1:c2:94:bc:85:b1:b3:0b:3d:09:d6:
         fd:4a:42:5d:9b:06:9e:2a:ed:20:62:21:e1:7b:80:12:2a:ff:
         cc:83:8f:84:a2:46:39:2c:13:35:a5:d2:b2:6c:41:3f:a4:c1:
         6c:10:91:84:91:64:d6:f0:6d:cb:ca:cb:65:3b:da:52:cd:41:
         27:c3:8e:35:81:f5:57:2c:a6:61:3e:75:3e:d1:ee:4f:7d:d1:
         79:24:b4:1f:28:7c:8f:93:60:98:1e:e7:b0:58:da:22:a0:5c:
         63:91:e8:46:94:21:be:b7:00:12:d1:cb:46:6d:f2:ae:27:2e:
         b5:8f:1e:bf:fc:5f:09:e1:da:26:43:cb:f2:37:65:ec:af:34:
         34:8a:c7:0b:28:f6:44:77:3c:be:17:88:f0:c9:1a:7d:53:e8:
         85:60:8a:f0:ef:be:00:f9:d6:28:88:c6:5b:39:58:77:d0:cd:
         e2:07:1d:a3:c1:aa:c5:cd:a6:17:bc:b0:1c:3e:96:79:db:15:
         e2:3e:b9:71
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAXwDopG9BWBVkP6pFzAKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDFiYWYzNTYzODMxYWY0ZGU5MzVhMmQwMDM4YzQxMDJhY2YxYTllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVtaD+N79HSW4KBU6SM2m9p5yQjV
sTGkw1Z9ICj1n1LTvtRpXPcuxI7qIdMoyRIfuYFM+awDdaQlFIOWfjOy57IkiQEB
WkiRyOwtj0hAchacLddtlDSz03jnLR0rjgHZ0qKNxUymXwfS/7YpUR7qt+R1cpR/
vbelo7QypmlSkOAsSFtj+VZ73sZi4/EyQzPe/k7xvyEkCEBQHAHCDo5lKNKZV4Ko
1iUwDim70F3aPIY1T0nHYQzDSpnAy8JXiXl0cKIGa7YX7O3Ou2zbBQMTneHQXxMJ
xdxRMgNsfFLFPnwHkxzaK5w+rFXcZUfdLOrEYGYDii5/rJcs620Z0iWN0QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDAbrzVjgxr03pNaLQA4xBAqzxqeMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvTUJ1dk5XT0RHdlRlazFvdEFEakVFQ3JQR3A0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQLA
MA0GCSqGSIb3DQEBCwUAA4IBAQCHWQbUAWrv6WlxOIA2Ktg+EWnF+KgvxFcfg9x6
dextMqgWywwuBVcNQINzE6UiST6TgF9rth2uFd62xHLBscKUvIWxsws9Cdb9SkJd
mwaeKu0gYiHhe4ASKv/Mg4+EokY5LBM1pdKybEE/pMFsEJGEkWTW8G3LystlO9pS
zUEnw441gfVXLKZhPnU+0e5PfdF5JLQfKHyPk2CYHuewWNoioFxjkehGlCG+twAS
0ctGbfKuJy61jx6//F8J4domQ8vyN2XsrzQ0iscLKPZEdzy+F4jwyRp9U+iFYIrw
774A+dYoiMZbOVh30M3iBx2jwarFzaYXvLAcPpZ52xXiPrlx
-----END CERTIFICATE-----