Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/N9sNSi9BbXJmjATNUFtPgS8d7MI.roa
File:                     N9sNSi9BbXJmjATNUFtPgS8d7MI.roa (raw, json)
Hash identifier:          ALCdlBBXLra7FfgEI7Wfs9yt/nccbAVxKx6/8BtH84E=
Subject key identifier:   37:DB:0D:4A:2F:41:6D:72:66:8C:04:CD:50:5B:4F:81:2F:1D:EC:C2
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CF950A47968FB06F038219227A1375FAE
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/N9sNSi9BbXJmjATNUFtPgS8d7MI.roa
Signing time:             Thu 11 Jan 2024 16:17:40 +0000
ROA not before:           Thu 11 Jan 2024 16:17:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215761
IP address blocks:        2a0c:b641:ba0::/44 maxlen: 48
                          2a0c:b641:6d1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f9:50:a4:79:68:fb:06:f0:38:21:92:27:a1:37:5f:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan 11 16:17:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37db0d4a2f416d72668c04cd505b4f812f1decc2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:0b:61:0b:29:60:ee:e4:89:92:c2:69:09:23:
                    c2:4c:ee:03:7c:ad:c0:dc:5a:dc:f4:3d:51:28:09:
                    da:95:81:0f:5c:f6:8d:9e:80:4b:70:d7:0e:79:a3:
                    7c:18:0f:fe:c7:7b:34:a4:6e:2d:c5:65:2c:3e:aa:
                    c6:57:84:c3:c4:04:d2:eb:dc:ae:5f:4c:c3:7a:a5:
                    ec:d8:1b:fa:ab:06:0e:56:0d:41:7b:a3:1e:3a:9a:
                    f2:30:ac:99:37:ff:e7:d0:ac:43:be:9a:74:c2:86:
                    aa:f3:05:1a:82:55:94:46:45:59:ff:58:6f:ce:61:
                    47:37:c8:87:07:68:72:1f:c1:0c:29:b1:92:9f:4b:
                    37:61:94:00:b9:b6:e3:bb:02:2a:00:aa:62:91:b9:
                    25:56:29:60:9c:3d:a5:49:67:77:1a:c5:0d:72:f5:
                    f0:ae:69:61:4f:fe:25:f8:c1:4e:85:61:09:fb:ac:
                    91:d8:c2:1c:54:60:82:89:c8:f9:78:9b:79:25:c1:
                    43:00:76:03:3a:c0:17:de:f0:b9:d2:96:9c:74:09:
                    6a:48:b4:7d:41:10:13:40:e3:e7:33:c7:f8:7c:2c:
                    54:e4:bd:68:43:d3:db:9c:8b:09:52:a9:bb:db:49:
                    91:d8:a9:23:57:f4:86:f5:e3:86:94:c6:3b:43:2e:
                    0c:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:DB:0D:4A:2F:41:6D:72:66:8C:04:CD:50:5B:4F:81:2F:1D:EC:C2
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/N9sNSi9BbXJmjATNUFtPgS8d7MI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:6d1::/48
                  2a0c:b641:ba0::/44

    Signature Algorithm: sha256WithRSAEncryption
         25:73:56:de:d5:23:01:aa:d4:47:a2:04:b2:f8:ab:33:53:26:
         55:2d:bb:46:af:f0:71:62:37:a4:3b:9d:fa:69:8f:a7:c4:c0:
         41:70:5c:84:59:81:cf:80:dc:bd:b0:d2:ef:0a:ef:6e:ff:a9:
         aa:69:7e:fe:03:15:6c:59:96:2f:8c:03:04:26:70:8f:fd:12:
         ad:e1:c3:3f:2e:d4:4a:16:c2:46:99:5a:86:b1:42:8b:8c:74:
         f7:99:6b:c8:47:57:0a:a0:f4:4b:de:c8:43:d3:27:1a:1d:be:
         d7:ea:50:b0:94:ff:fe:30:04:89:ce:e1:0e:8f:1d:6b:6f:53:
         61:c8:a1:8c:ed:3e:d4:80:38:eb:a4:80:fa:94:04:26:57:15:
         6f:53:73:1e:b6:22:4a:51:e4:de:1a:40:ed:3d:55:67:70:09:
         21:f9:ed:31:00:03:05:9b:d5:69:af:1d:9d:79:06:28:03:58:
         81:a9:e4:94:d1:30:e1:38:55:d2:b3:1b:81:a9:ca:23:35:6e:
         2c:02:d8:bc:d5:88:78:57:fc:45:e4:9b:30:80:bc:12:7f:c3:
         7b:c9:d1:9b:41:cd:f4:27:34:23:65:da:b8:29:b1:cf:98:d2:
         bf:c6:da:55:84:5f:49:ce:9b:db:b9:86:80:74:5d:01:3f:58:
         71:9b:21:52
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYz5UKR5aPsG8DghkiehN1+uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTExMTYxNzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2RiMGQ0YTJmNDE2ZDcyNjY4YzA0Y2Q1MDViNGY4MTJmMWRlY2MyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqgthCylg7uSJksJpCSPCTO4DfK3A
3Frc9D1RKAnalYEPXPaNnoBLcNcOeaN8GA/+x3s0pG4txWUsPqrGV4TDxATS69yu
X0zDeqXs2Bv6qwYOVg1Be6MeOpryMKyZN//n0KxDvpp0woaq8wUaglWURkVZ/1hv
zmFHN8iHB2hyH8EMKbGSn0s3YZQAubbjuwIqAKpikbklVilgnD2lSWd3GsUNcvXw
rmlhT/4l+MFOhWEJ+6yR2MIcVGCCicj5eJt5JcFDAHYDOsAX3vC50pacdAlqSLR9
QRATQOPnM8f4fCxU5L1oQ9PbnIsJUqm720mR2KkjV/SG9eOGlMY7Qy4MFQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDfbDUovQW1yZowEzVBbT4EvHezCMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvTjlzTlNpOUJiWEptakFUTlVGdFBnUzhkN01JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgy2QQbR
AwcEKgy2QQugMA0GCSqGSIb3DQEBCwUAA4IBAQAlc1be1SMBqtRHogSy+KszUyZV
LbtGr/BxYjekO536aY+nxMBBcFyEWYHPgNy9sNLvCu9u/6mqaX7+AxVsWZYvjAME
JnCP/RKt4cM/LtRKFsJGmVqGsUKLjHT3mWvIR1cKoPRL3shD0ycaHb7X6lCwlP/+
MASJzuEOjx1rb1NhyKGM7T7UgDjrpID6lAQmVxVvU3MetiJKUeTeGkDtPVVncAkh
+e0xAAMFm9Vprx2deQYoA1iBqeSU0TDhOFXSsxuBqcojNW4sAti81Yh4V/xF5Jsw
gLwSf8N7ydGbQc30JzQjZdq4KbHPmNK/xtpVhF9JzpvbuYaAdF0BP1hxmyFS
-----END CERTIFICATE-----