Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/N0P2yusXIYseIjd28KqGWZieIcI.roa
File:                     N0P2yusXIYseIjd28KqGWZieIcI.roa (raw, json)
Hash identifier:          3ekYTsJue6VZMvShTkYySGjbJ5UMtkG6P1tQ53WNcog=
Subject key identifier:   37:43:F6:CA:EB:17:21:8B:1E:22:37:76:F0:AA:86:59:98:9E:21:C2
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       0191A2F7EE621E2A480964A94529BA991932
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/N0P2yusXIYseIjd28KqGWZieIcI.roa
Signing time:             Fri 30 Aug 2024 11:07:22 +0000
ROA not before:           Fri 30 Aug 2024 11:07:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214279
IP address blocks:        2a0c:b641:ce0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:a2:f7:ee:62:1e:2a:48:09:64:a9:45:29:ba:99:19:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Aug 30 11:07:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3743f6caeb17218b1e223776f0aa8659989e21c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:d6:f4:c3:67:99:15:d8:36:0d:02:00:13:fa:
                    35:5a:f6:96:a9:22:0e:47:80:33:33:25:d7:5f:d4:
                    5f:fc:58:36:9d:56:91:49:22:cb:9a:43:1d:28:30:
                    8a:75:8b:5f:84:21:ae:e7:e1:a9:f3:e7:d3:07:fd:
                    0d:b9:84:cd:f5:6e:c6:c2:28:04:49:b5:d4:ca:19:
                    34:f8:bf:35:05:b5:59:45:8a:1c:84:8a:4b:e1:81:
                    ac:44:6e:c7:84:17:9e:cc:29:06:9b:ee:39:d0:38:
                    7f:49:fb:2c:cf:32:df:fd:4f:ce:e9:da:e4:98:29:
                    b0:6d:79:be:9e:f5:f4:f6:c1:8d:50:17:c8:ef:cf:
                    16:75:f0:2d:73:94:c4:99:41:fe:18:70:58:5b:17:
                    38:0a:ea:f8:af:8a:02:0c:ee:22:c4:0f:9d:0a:46:
                    44:b4:5f:95:04:3d:6e:3c:22:e2:fc:9f:25:3f:7f:
                    e9:20:80:1d:fb:ab:ab:a7:bc:e8:70:46:d6:67:40:
                    14:7a:f8:a8:05:d6:9c:43:7e:7a:c5:b6:18:64:b4:
                    b9:7b:ae:73:c2:42:7c:65:2c:ad:2b:da:9d:9f:82:
                    e8:2c:08:a0:57:f7:70:fd:db:e9:25:25:c3:51:16:
                    98:ab:c2:18:dc:c7:fc:ad:1b:3d:54:a9:e1:7a:e0:
                    e5:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:43:F6:CA:EB:17:21:8B:1E:22:37:76:F0:AA:86:59:98:9E:21:C2
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/N0P2yusXIYseIjd28KqGWZieIcI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:ce0::/44

    Signature Algorithm: sha256WithRSAEncryption
         11:f6:d2:11:80:a5:47:22:92:e4:46:b5:6c:b5:0f:d6:75:cc:
         66:e0:f2:83:56:1e:ef:21:69:7b:d6:e7:10:d4:a7:c9:a5:98:
         fe:d2:68:2f:cb:41:6e:d9:3d:7e:70:5d:c1:09:eb:02:06:7e:
         e0:51:6f:0a:cf:be:5b:b8:97:1d:ad:43:a9:dd:31:f0:63:79:
         8c:77:c2:b3:8e:8d:6b:79:41:29:24:bb:04:0f:25:2c:2a:7a:
         2d:5a:96:40:d0:b6:2a:58:1a:1e:cd:ff:d3:ff:60:19:f1:3a:
         71:79:ed:3f:b7:6e:7c:3c:9d:4c:ac:80:2c:e4:fa:26:e2:f0:
         5f:00:3e:ee:ab:af:f9:a0:a1:54:a5:3f:95:09:4d:8f:06:17:
         a5:a9:12:6d:a5:b1:0d:0e:71:b2:f6:df:34:cf:94:a5:eb:b4:
         b8:68:43:4f:9c:32:77:66:a2:24:6d:0c:2c:9d:3a:b3:47:08:
         32:03:47:68:7a:91:0a:d9:b7:c4:bb:62:7f:5b:ae:3a:96:ca:
         8d:24:c7:5a:2f:40:ff:11:b1:da:2c:54:01:22:01:8f:af:7b:
         e9:4b:38:61:e0:7c:f9:7f:00:15:d9:b3:02:82:a3:60:02:88:
         fa:ab:82:fc:63:60:95:68:b2:b7:ba:07:8d:d1:33:d8:16:3e:
         84:8a:41:e2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZGi9+5iHipICWSpRSm6mRkyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwODMwMTEwNzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzQzZjZjYWViMTcyMThiMWUyMjM3NzZmMGFhODY1OTk4OWUyMWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA59b0w2eZFdg2DQIAE/o1WvaWqSIO
R4AzMyXXX9Rf/Fg2nVaRSSLLmkMdKDCKdYtfhCGu5+Gp8+fTB/0NuYTN9W7GwigE
SbXUyhk0+L81BbVZRYochIpL4YGsRG7HhBeezCkGm+450Dh/SfsszzLf/U/O6drk
mCmwbXm+nvX09sGNUBfI788WdfAtc5TEmUH+GHBYWxc4Cur4r4oCDO4ixA+dCkZE
tF+VBD1uPCLi/J8lP3/pIIAd+6urp7zocEbWZ0AUevioBdacQ356xbYYZLS5e65z
wkJ8ZSytK9qdn4LoLAigV/dw/dvpJSXDURaYq8IY3Mf8rRs9VKnheuDlRwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDdD9srrFyGLHiI3dvCqhlmYniHCMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvTjBQMnl1c1hJWXNlSWpkMjhLcUdXWmllSWNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQzg
MA0GCSqGSIb3DQEBCwUAA4IBAQAR9tIRgKVHIpLkRrVstQ/Wdcxm4PKDVh7vIWl7
1ucQ1KfJpZj+0mgvy0Fu2T1+cF3BCesCBn7gUW8Kz75buJcdrUOp3THwY3mMd8Kz
jo1reUEpJLsEDyUsKnotWpZA0LYqWBoezf/T/2AZ8Tpxee0/t258PJ1MrIAs5Pom
4vBfAD7uq6/5oKFUpT+VCU2PBhelqRJtpbENDnGy9t80z5Sl67S4aENPnDJ3ZqIk
bQwsnTqzRwgyA0doepEK2bfEu2J/W646lsqNJMdaL0D/EbHaLFQBIgGPr3vpSzhh
4Hz5fwAV2bMCgqNgAoj6q4L8Y2CVaLK3ugeN0TPYFj6EikHi
-----END CERTIFICATE-----