Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/MQiy8VUqhAbNqjobjBAwf3aEsrg.roa
File:                     MQiy8VUqhAbNqjobjBAwf3aEsrg.roa (raw, json)
Hash identifier:          I9XQDKcjgvXFE3WfFys4UO3OIaShbySEmE74Y8c0goU=
Subject key identifier:   31:08:B2:F1:55:2A:84:06:CD:AA:3A:1B:8C:10:30:7F:76:84:B2:B8
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC80169C92180D3EB414864C9EB6D52B2
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/MQiy8VUqhAbNqjobjBAwf3aEsrg.roa
Signing time:             Tue 02 Jan 2024 02:29:44 +0000
ROA not before:           Tue 02 Jan 2024 02:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209186
IP address blocks:        2a0c:b641:910::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:69:c9:21:80:d3:eb:41:48:64:c9:eb:6d:52:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3108b2f1552a8406cdaa3a1b8c10307f7684b2b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:9d:ff:10:23:71:4a:3f:40:12:fb:b9:d9:13:
                    b7:ab:93:3f:d5:f9:33:75:77:3f:37:16:79:0a:f0:
                    1c:db:bb:03:81:f4:ff:45:04:28:0e:db:57:0d:81:
                    1f:9c:84:eb:68:a6:4a:0b:1a:9b:84:5f:04:fd:7b:
                    3f:26:ba:9f:f7:73:89:3b:3d:07:48:0f:bf:9d:cf:
                    21:e2:ed:5b:56:a6:d5:d6:f0:9d:79:8b:2d:0b:61:
                    58:92:8f:a2:51:da:c6:ff:55:c6:c7:a7:08:20:41:
                    96:78:1c:12:df:6e:4c:dd:83:13:ec:2f:6a:e5:70:
                    b5:31:c3:c2:55:88:2c:5f:b1:a0:cd:8b:a1:43:9d:
                    2d:d2:a1:f7:3a:1b:4f:90:8a:97:46:a8:a1:28:e6:
                    a2:ff:c2:4d:22:f0:9d:a2:20:8b:b4:ea:74:cd:a5:
                    16:be:a0:40:14:79:a9:0e:a7:ae:d7:fa:61:8d:fa:
                    1e:34:ca:cf:e9:dc:3d:58:d1:b6:aa:15:0b:98:9b:
                    80:d3:4e:ac:50:e3:a9:9f:58:a8:0a:f9:83:df:80:
                    76:19:ef:90:d7:ac:a7:98:ef:f1:1f:dc:b1:ce:03:
                    63:29:2e:4f:00:0f:db:b2:c5:52:01:07:c1:10:2f:
                    b2:fe:6d:95:75:87:4c:ca:3f:71:cf:31:af:71:15:
                    1d:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:08:B2:F1:55:2A:84:06:CD:AA:3A:1B:8C:10:30:7F:76:84:B2:B8
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/MQiy8VUqhAbNqjobjBAwf3aEsrg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:910::/44

    Signature Algorithm: sha256WithRSAEncryption
         0a:70:91:51:d7:d9:fe:e9:94:c1:fd:10:41:9d:34:a3:52:24:
         14:a9:9a:bc:39:38:3a:12:25:44:bd:ef:03:c3:62:a3:f5:e2:
         12:71:37:a0:6a:a5:f5:05:8d:73:84:fc:17:41:0e:bc:a9:87:
         22:65:2b:34:b8:7e:33:ea:44:8c:b7:dd:b9:69:27:16:fe:40:
         0c:dc:31:c4:a8:a2:8c:b3:cd:a0:80:e1:05:20:46:4a:05:db:
         ff:67:32:54:f8:1a:a1:11:57:6f:94:65:a2:05:54:a0:bf:ee:
         c6:fe:5b:a9:d7:32:37:cd:4b:2a:e9:65:d5:ae:c8:6e:89:45:
         c1:18:cd:48:36:b3:1b:d6:da:c7:7e:62:25:7c:7d:ca:01:73:
         68:37:27:f4:84:40:a0:2e:1e:28:ae:86:62:f6:d6:0e:eb:5f:
         38:ff:ac:71:2f:48:4a:61:ae:d1:80:cd:2a:49:b1:70:cc:b6:
         28:82:78:0b:f8:da:4e:c3:76:c9:38:21:1c:14:6e:ac:97:87:
         8e:aa:e5:3f:18:b6:91:3e:8c:02:b7:fb:b5:3a:b2:b0:0d:87:
         31:5c:0a:bc:0b:ce:a6:42:f5:a7:33:e6:4c:f5:cd:4b:09:80:
         e0:60:a5:8b:b4:53:9c:1a:56:a6:f5:61:7c:6b:ee:6c:8f:13:
         ed:a4:de:18
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAWnJIYDT60FIZMnrbVKyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTA4YjJmMTU1MmE4NDA2Y2RhYTNhMWI4YzEwMzA3Zjc2ODRiMmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArJ3/ECNxSj9AEvu52RO3q5M/1fkz
dXc/NxZ5CvAc27sDgfT/RQQoDttXDYEfnITraKZKCxqbhF8E/Xs/Jrqf93OJOz0H
SA+/nc8h4u1bVqbV1vCdeYstC2FYko+iUdrG/1XGx6cIIEGWeBwS325M3YMT7C9q
5XC1McPCVYgsX7GgzYuhQ50t0qH3OhtPkIqXRqihKOai/8JNIvCdoiCLtOp0zaUW
vqBAFHmpDqeu1/phjfoeNMrP6dw9WNG2qhULmJuA006sUOOpn1ioCvmD34B2Ge+Q
16ynmO/xH9yxzgNjKS5PAA/bssVSAQfBEC+y/m2VdYdMyj9xzzGvcRUdewIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDEIsvFVKoQGzao6G4wQMH92hLK4MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvTVFpeThWVXFoQWJOcWpvYmpCQXdmM2FFc3JnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQkQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAKcJFR19n+6ZTB/RBBnTSjUiQUqZq8OTg6EiVE
ve8Dw2Kj9eIScTegaqX1BY1zhPwXQQ68qYciZSs0uH4z6kSMt925aScW/kAM3DHE
qKKMs82ggOEFIEZKBdv/ZzJU+BqhEVdvlGWiBVSgv+7G/lup1zI3zUsq6WXVrshu
iUXBGM1INrMb1trHfmIlfH3KAXNoNyf0hECgLh4oroZi9tYO6184/6xxL0hKYa7R
gM0qSbFwzLYogngL+NpOw3bJOCEcFG6sl4eOquU/GLaRPowCt/u1OrKwDYcxXAq8
C86mQvWnM+ZM9c1LCYDgYKWLtFOcGlam9WF8a+5sjxPtpN4Y
-----END CERTIFICATE-----