Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/My8W4B8jty6v0ztWA9laS-xsRZE.roa
File:                     My8W4B8jty6v0ztWA9laS-xsRZE.roa (raw, json)
Hash identifier:          CR0XBBQPHSNZwu1MA3w4gL7B+m8KYfqy/4sciS8fNKE=
Subject key identifier:   33:2F:16:E0:1F:23:B7:2E:AF:D3:3B:56:03:D9:5A:4B:EC:6C:45:91
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       0191DB716B53576367C7769796D61C880E68
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/My8W4B8jty6v0ztWA9laS-xsRZE.roa
Signing time:             Tue 10 Sep 2024 10:18:48 +0000
ROA not before:           Tue 10 Sep 2024 10:18:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214234
IP address blocks:        2a0c:b641:cf0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:db:71:6b:53:57:63:67:c7:76:97:96:d6:1c:88:0e:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Sep 10 10:18:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=332f16e01f23b72eafd33b5603d95a4bec6c4591
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:f6:48:9b:96:12:22:bd:e5:9f:c5:df:6f:6b:
                    b6:d2:e9:74:4b:36:2b:4c:96:ca:ca:98:e3:d2:f0:
                    84:9f:06:9e:9a:55:cf:34:20:ed:1e:e8:ca:d1:31:
                    24:c7:b9:cc:9d:53:48:d2:37:d7:5a:7e:b8:59:5a:
                    45:a1:b0:4c:c0:ae:74:48:3f:a6:b5:a0:19:d9:ed:
                    84:1d:39:b6:26:ee:f1:cb:36:f2:b6:f0:b5:ad:cd:
                    79:a0:4b:4b:19:9b:24:e9:70:0c:03:3c:3d:4b:51:
                    d6:e9:e2:30:f3:33:ef:c1:ea:c0:81:d4:dd:e8:6b:
                    97:a7:ea:1b:c5:05:15:1f:d1:50:d2:15:ed:6b:86:
                    40:a0:0d:53:98:7b:4a:aa:d4:d1:4e:0f:d9:9c:4e:
                    80:d1:56:bb:72:43:ac:65:97:cf:d0:23:47:cc:13:
                    09:dd:ed:34:fb:8a:22:b1:0d:df:b5:b9:1c:da:ec:
                    7f:80:2e:37:45:54:39:04:5e:d5:fd:0c:ce:f9:82:
                    a9:55:81:31:95:1b:bd:89:82:30:c0:87:82:8f:63:
                    e2:df:00:83:b4:7b:64:ee:0d:d2:b7:1a:bb:27:79:
                    60:59:bb:36:e2:67:81:1d:f7:e0:aa:cd:52:56:ff:
                    a7:64:ac:92:11:8e:34:1c:79:af:f8:8f:26:58:44:
                    84:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:2F:16:E0:1F:23:B7:2E:AF:D3:3B:56:03:D9:5A:4B:EC:6C:45:91
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/My8W4B8jty6v0ztWA9laS-xsRZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:cf0::/44

    Signature Algorithm: sha256WithRSAEncryption
         31:a4:cb:87:c5:45:ab:7d:d2:19:96:39:d2:1e:2c:17:ac:0d:
         eb:e0:51:39:e4:b1:f1:dd:97:12:4e:08:6b:73:e0:26:81:3b:
         51:de:0b:4f:e1:2c:d8:a6:67:5f:3d:b2:3d:6e:4f:af:b6:6c:
         76:63:fb:60:28:64:42:79:91:88:41:25:78:cf:3c:b7:6b:20:
         85:e6:8b:59:de:13:47:dd:e4:5f:bc:42:30:86:5d:e2:f3:5d:
         57:03:a7:d6:49:dc:81:ef:39:13:65:c2:76:84:35:8d:2d:90:
         87:22:e4:fb:23:d2:2c:9f:d7:5f:07:6b:d6:e7:d9:1a:b4:f7:
         98:56:3e:2a:3b:54:0f:b9:aa:df:14:43:d7:39:7a:8e:b6:41:
         b9:19:d1:c4:f0:3e:a0:14:4d:bc:70:3b:39:03:f5:8b:71:d1:
         43:67:aa:03:4f:40:3f:d3:1e:47:d5:1f:4c:0c:b2:18:27:95:
         82:73:89:63:9c:a2:3a:be:8e:68:f5:18:bb:7f:e3:e5:9f:a5:
         7f:96:c2:8f:56:81:ed:ff:81:ee:a9:32:0d:f4:e5:a7:42:02:
         50:26:ad:e8:4e:61:9f:4e:a7:91:d9:fe:be:5d:d0:94:96:9a:
         99:80:81:3e:5b:11:13:2d:7d:72:c2:25:57:fc:64:89:15:c0:
         f7:1e:0b:b3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZHbcWtTV2Nnx3aXltYciA5oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwOTEwMTAxODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzJmMTZlMDFmMjNiNzJlYWZkMzNiNTYwM2Q5NWE0YmVjNmM0NTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzPZIm5YSIr3ln8Xfb2u20ul0SzYr
TJbKypjj0vCEnwaemlXPNCDtHujK0TEkx7nMnVNI0jfXWn64WVpFobBMwK50SD+m
taAZ2e2EHTm2Ju7xyzbytvC1rc15oEtLGZsk6XAMAzw9S1HW6eIw8zPvwerAgdTd
6GuXp+obxQUVH9FQ0hXta4ZAoA1TmHtKqtTRTg/ZnE6A0Va7ckOsZZfP0CNHzBMJ
3e00+4oisQ3ftbkc2ux/gC43RVQ5BF7V/QzO+YKpVYExlRu9iYIwwIeCj2Pi3wCD
tHtk7g3Stxq7J3lgWbs24meBHffgqs1SVv+nZKySEY40HHmv+I8mWESEEwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDMvFuAfI7cur9M7VgPZWkvsbEWRMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvTXk4VzRCOGp0eTZ2MHp0V0E5bGFTLXhzUlpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQzw
MA0GCSqGSIb3DQEBCwUAA4IBAQAxpMuHxUWrfdIZljnSHiwXrA3r4FE55LHx3ZcS
Tghrc+AmgTtR3gtP4SzYpmdfPbI9bk+vtmx2Y/tgKGRCeZGIQSV4zzy3ayCF5otZ
3hNH3eRfvEIwhl3i811XA6fWSdyB7zkTZcJ2hDWNLZCHIuT7I9Isn9dfB2vW59ka
tPeYVj4qO1QPuarfFEPXOXqOtkG5GdHE8D6gFE28cDs5A/WLcdFDZ6oDT0A/0x5H
1R9MDLIYJ5WCc4ljnKI6vo5o9Ri7f+Pln6V/lsKPVoHt/4HuqTIN9OWnQgJQJq3o
TmGfTqeR2f6+XdCUlpqZgIE+WxETLX1ywiVX/GSJFcD3Hguz
-----END CERTIFICATE-----