Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/OzHQWMM1703TbbCYfuZilk3B3LY.roa
File:                     OzHQWMM1703TbbCYfuZilk3B3LY.roa (raw, json)
Hash identifier:          WpQaJ0VcLN+QNl6vsaBKq6ktFxt6jCsxncWljesgr8A=
Subject key identifier:   3B:31:D0:58:C3:35:EF:4D:D3:6D:B0:98:7E:E6:62:96:4D:C1:DC:B6
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC80159AA391D9A1B3F7D7C591A512116
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/OzHQWMM1703TbbCYfuZilk3B3LY.roa
Signing time:             Tue 02 Jan 2024 02:29:40 +0000
ROA not before:           Tue 02 Jan 2024 02:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202905
IP address blocks:        2a0c:b641:370::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:59:aa:39:1d:9a:1b:3f:7d:7c:59:1a:51:21:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b31d058c335ef4dd36db0987ee662964dc1dcb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:e3:fa:f9:05:55:4d:c9:a0:03:82:8c:21:e1:
                    b0:44:61:46:76:99:a0:13:21:d5:4f:65:18:8f:59:
                    91:65:58:22:46:e5:a2:d2:65:18:1b:19:b9:3c:df:
                    07:a4:1a:b0:2f:e0:a5:79:bf:7c:2d:3a:fd:72:39:
                    85:b3:30:ee:2f:e6:d0:04:9e:6b:a2:00:e9:d5:38:
                    4f:7a:b3:b2:78:e1:68:3e:da:87:e2:ab:29:fc:88:
                    8e:36:b5:28:0f:1c:d7:92:3e:4f:10:c5:1a:dd:2d:
                    22:a9:13:9e:bf:9e:1e:80:72:29:48:14:f8:30:de:
                    fd:bf:ed:fa:f3:69:de:d5:75:fb:e9:54:3c:14:be:
                    ae:42:66:19:10:d8:fd:c1:a9:bc:a7:5f:9d:e3:4e:
                    d8:17:29:53:c7:d3:9a:86:fe:49:4a:b0:f6:fc:0b:
                    e5:79:a8:93:fb:af:89:83:fd:33:81:98:d9:c4:50:
                    ed:7f:05:17:4f:f7:7a:4e:a5:e3:77:ad:91:ef:ad:
                    91:9a:81:77:93:70:4e:c9:d2:cc:0c:bc:db:40:65:
                    a5:ee:a8:91:e3:8f:95:b6:02:cc:0a:21:56:e2:61:
                    ac:5f:6b:4c:77:82:dd:1a:ad:61:ad:50:2d:c7:f0:
                    48:da:25:b9:cd:e0:2b:04:37:30:87:23:3b:ab:d8:
                    be:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:31:D0:58:C3:35:EF:4D:D3:6D:B0:98:7E:E6:62:96:4D:C1:DC:B6
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/OzHQWMM1703TbbCYfuZilk3B3LY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:370::/44

    Signature Algorithm: sha256WithRSAEncryption
         08:e7:24:92:b5:79:be:a1:68:a1:57:1b:a8:a2:72:9d:b4:71:
         1f:f1:af:34:8e:e3:e5:64:c7:11:07:22:06:e7:a5:18:42:bc:
         b0:26:50:e5:d2:ae:80:78:e9:f9:5a:5f:10:72:57:e9:5c:c5:
         ce:c0:45:84:ca:00:50:1a:4c:9a:02:8d:dd:b3:f7:ab:12:94:
         f1:51:0c:b6:66:0e:92:51:cd:e7:cb:1a:5a:f6:bc:de:c0:7c:
         8a:ea:d6:77:b3:1b:59:be:7b:55:ca:73:a9:1e:55:df:78:19:
         0a:c6:24:46:46:3c:d6:41:61:5c:92:f6:e9:37:93:83:07:df:
         d9:0f:7f:8e:db:56:86:01:98:ac:bd:a9:1d:04:aa:f1:26:19:
         27:71:3e:b8:0f:ed:16:a3:44:bf:85:81:ee:40:6d:83:f8:a5:
         68:8b:5b:0c:68:c8:57:30:73:b2:04:fd:e1:67:9c:b8:dc:68:
         f4:f9:be:c3:52:ea:6c:9d:9b:0c:ff:5b:a0:9e:9e:bc:3a:f0:
         f4:64:70:66:94:58:60:68:20:bd:56:6c:74:ce:35:e9:fa:ba:
         79:dc:49:6d:69:d0:05:e4:78:28:00:6a:f3:70:ac:20:da:c7:
         b9:5a:ed:60:9d:0d:88:85:36:af:22:a1:8c:0a:25:d5:a4:b2:
         de:a6:74:6e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAVmqOR2aGz99fFkaUSEWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjMxZDA1OGMzMzVlZjRkZDM2ZGIwOTg3ZWU2NjI5NjRkYzFkY2I2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp+P6+QVVTcmgA4KMIeGwRGFGdpmg
EyHVT2UYj1mRZVgiRuWi0mUYGxm5PN8HpBqwL+Cleb98LTr9cjmFszDuL+bQBJ5r
ogDp1ThPerOyeOFoPtqH4qsp/IiONrUoDxzXkj5PEMUa3S0iqROev54egHIpSBT4
MN79v+3682ne1XX76VQ8FL6uQmYZENj9wam8p1+d407YFylTx9Oahv5JSrD2/Avl
eaiT+6+Jg/0zgZjZxFDtfwUXT/d6TqXjd62R762RmoF3k3BOydLMDLzbQGWl7qiR
44+VtgLMCiFW4mGsX2tMd4LdGq1hrVAtx/BI2iW5zeArBDcwhyM7q9i+VwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDsx0FjDNe9N022wmH7mYpZNwdy2MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvT3pIUVdNTTE3MDNUYmJDWWZ1WmlsazNCM0xZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQNw
MA0GCSqGSIb3DQEBCwUAA4IBAQAI5ySStXm+oWihVxuoonKdtHEf8a80juPlZMcR
ByIG56UYQrywJlDl0q6AeOn5Wl8QclfpXMXOwEWEygBQGkyaAo3ds/erEpTxUQy2
Zg6SUc3nyxpa9rzewHyK6tZ3sxtZvntVynOpHlXfeBkKxiRGRjzWQWFckvbpN5OD
B9/ZD3+O21aGAZisvakdBKrxJhkncT64D+0Wo0S/hYHuQG2D+KVoi1sMaMhXMHOy
BP3hZ5y43Gj0+b7DUupsnZsM/1ugnp68OvD0ZHBmlFhgaCC9Vmx0zjXp+rp53Elt
adAF5HgoAGrzcKwg2se5Wu1gnQ2IhTavIqGMCiXVpLLepnRu
-----END CERTIFICATE-----