Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/NnTENOHlGJq2z5o_XX8p1KtBmbM.roa
File:                     NnTENOHlGJq2z5o_XX8p1KtBmbM.roa (raw, json)
Hash identifier:          KzbJaZitINkyRU8vZn8itSY4LyqKsVJRuy9vUdxQErQ=
Subject key identifier:   36:74:C4:34:E1:E5:18:9A:B6:CF:9A:3F:5D:7F:29:D4:AB:41:99:B3
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC80150FA282B6799D4F5928B6490FA33
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/NnTENOHlGJq2z5o_XX8p1KtBmbM.roa
Signing time:             Tue 02 Jan 2024 02:29:38 +0000
ROA not before:           Tue 02 Jan 2024 02:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61138
IP address blocks:        2a0c:b642:1a0e::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:50:fa:28:2b:67:99:d4:f5:92:8b:64:90:fa:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3674c434e1e5189ab6cf9a3f5d7f29d4ab4199b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:ee:74:30:24:ca:53:d5:7e:82:37:c0:f2:f2:
                    d4:fa:a1:4f:a1:ad:09:63:f1:0b:6d:c4:e0:7e:e5:
                    f0:83:3c:ce:a6:0b:39:8c:94:f8:20:65:13:95:8b:
                    91:3d:4d:e0:2a:29:d0:28:b7:f0:88:31:0f:77:fd:
                    e4:c0:ea:9e:9e:6a:ad:34:f6:b9:49:71:1f:71:33:
                    74:40:c1:b0:b4:1e:5f:55:eb:9e:ac:d2:c7:b6:6f:
                    fa:0f:e4:bc:5d:5a:9f:15:db:32:c8:ca:88:5d:a2:
                    38:f0:e6:6b:f9:7e:7d:e9:77:57:9d:c7:ab:19:08:
                    68:b0:76:f5:8f:8e:e5:c8:a7:15:48:07:61:2a:bf:
                    9f:9c:ba:3c:d6:7a:59:e1:45:0c:f8:76:2b:91:e5:
                    f8:3f:76:ac:64:dc:1b:32:6a:70:da:00:26:ea:50:
                    0b:45:7b:2c:7c:37:26:42:15:ae:17:34:e3:cf:f0:
                    a4:37:c3:b7:d9:bf:4f:27:a7:6f:62:05:aa:b8:03:
                    24:b2:c1:76:4d:ef:16:ea:dd:04:ab:0a:32:49:0c:
                    8e:80:27:04:1a:4e:a1:23:c0:03:7c:b4:43:1d:bf:
                    44:ee:dc:4a:73:be:98:11:c7:ab:1b:28:aa:82:5c:
                    cf:f5:8c:62:6b:e0:7a:dc:a4:c4:a7:51:7b:13:d2:
                    44:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:74:C4:34:E1:E5:18:9A:B6:CF:9A:3F:5D:7F:29:D4:AB:41:99:B3
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/NnTENOHlGJq2z5o_XX8p1KtBmbM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b642:1a0e::/48

    Signature Algorithm: sha256WithRSAEncryption
         26:77:65:91:1f:e4:47:c1:cf:b6:5d:8b:94:de:4f:fe:85:25:
         9b:76:aa:9b:5a:1a:da:b0:d5:57:0f:30:aa:c4:d5:c9:2e:a7:
         b5:b2:d8:cd:73:f1:d1:8f:27:63:ad:b6:ed:ca:a3:df:cc:30:
         b7:d2:d4:5c:a5:5c:17:0e:e6:c9:78:0f:74:6d:80:70:4b:2c:
         5d:44:6a:f4:d0:08:48:97:e0:b6:82:95:77:a0:a5:45:c8:e3:
         92:0f:fd:c6:61:c7:ee:5b:d1:52:4c:9a:4c:3f:65:c6:b2:3c:
         96:1e:31:5f:94:3b:a2:28:c9:10:bb:dd:aa:bc:09:5b:d1:88:
         e7:37:d6:4c:33:44:64:07:d8:fd:0c:7e:83:33:b6:86:5a:bd:
         f1:d7:c7:47:be:0b:54:bc:9a:de:5a:50:46:3e:fa:61:e5:ad:
         d0:a3:75:b2:49:c0:31:b5:1b:5d:d8:27:6c:48:19:6e:df:41:
         00:f0:dc:4f:1f:53:d6:f4:72:19:41:ec:63:7b:4c:69:e6:63:
         a9:fb:ab:ed:53:ba:b1:69:75:e3:37:a4:71:3c:8e:9d:9d:b0:
         01:a2:64:aa:26:80:61:7d:f8:04:3f:e9:c0:b4:74:58:9a:73:
         33:64:e4:d6:fa:b0:9f:a2:93:e5:83:68:4e:00:86:59:15:eb:
         df:2b:b1:d4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAVD6KCtnmdT1kotkkPozMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjc0YzQzNGUxZTUxODlhYjZjZjlhM2Y1ZDdmMjlkNGFiNDE5OWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtO50MCTKU9V+gjfA8vLU+qFPoa0J
Y/ELbcTgfuXwgzzOpgs5jJT4IGUTlYuRPU3gKinQKLfwiDEPd/3kwOqenmqtNPa5
SXEfcTN0QMGwtB5fVeuerNLHtm/6D+S8XVqfFdsyyMqIXaI48OZr+X596XdXncer
GQhosHb1j47lyKcVSAdhKr+fnLo81npZ4UUM+HYrkeX4P3asZNwbMmpw2gAm6lAL
RXssfDcmQhWuFzTjz/CkN8O32b9PJ6dvYgWquAMkssF2Te8W6t0EqwoySQyOgCcE
Gk6hI8ADfLRDHb9E7txKc76YEcerGyiqglzP9Yxia+B63KTEp1F7E9JEzwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDZ0xDTh5Riats+aP11/KdSrQZmzMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvTm5URU5PSGxHSnEyejVvX1hYOHAxS3RCbWJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgy2QhoO
MA0GCSqGSIb3DQEBCwUAA4IBAQAmd2WRH+RHwc+2XYuU3k/+hSWbdqqbWhrasNVX
DzCqxNXJLqe1stjNc/HRjydjrbbtyqPfzDC30tRcpVwXDubJeA90bYBwSyxdRGr0
0AhIl+C2gpV3oKVFyOOSD/3GYcfuW9FSTJpMP2XGsjyWHjFflDuiKMkQu92qvAlb
0YjnN9ZMM0RkB9j9DH6DM7aGWr3x18dHvgtUvJreWlBGPvph5a3Qo3WyScAxtRtd
2CdsSBlu30EA8NxPH1PW9HIZQexje0xp5mOp+6vtU7qxaXXjN6RxPI6dnbABomSq
JoBhffgEP+nAtHRYmnMzZOTW+rCfopPlg2hOAIZZFevfK7HU
-----END CERTIFICATE-----