Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/PvL8ACzAp9fCwsZCPTvUVdC4xtk.roa
File:                     PvL8ACzAp9fCwsZCPTvUVdC4xtk.roa (raw, json)
Hash identifier:          pLCNW80aWILF8hH4SASxtt297hG82zMRMSum4EbpW0U=
Subject key identifier:   3E:F2:FC:00:2C:C0:A7:D7:C2:C2:C6:42:3D:3B:D4:55:D0:B8:C6:D9
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8017F6B5D60C1808FE6483E98404134
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/PvL8ACzAp9fCwsZCPTvUVdC4xtk.roa
Signing time:             Tue 02 Jan 2024 02:29:50 +0000
ROA not before:           Tue 02 Jan 2024 02:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213015
IP address blocks:        2a0c:b641:5b0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:7f:6b:5d:60:c1:80:8f:e6:48:3e:98:40:41:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ef2fc002cc0a7d7c2c2c6423d3bd455d0b8c6d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:14:ea:f1:76:14:56:29:af:bf:70:df:71:28:
                    ec:8e:f1:c7:7e:9d:ea:60:91:c4:10:dd:0f:55:2b:
                    2f:94:94:00:83:e9:b0:79:a6:a5:24:2c:91:d0:db:
                    4a:7f:8a:62:89:1d:04:87:7a:6c:d4:5e:74:92:61:
                    cd:e2:e2:bc:11:9c:4b:08:61:dc:80:1c:e2:e8:e3:
                    db:b3:fb:12:13:c6:c6:1c:7e:a3:fa:5d:03:df:88:
                    70:2f:cb:da:31:fd:1f:5b:9c:76:aa:e5:41:ba:16:
                    7a:5c:67:cd:52:90:f2:a9:4d:cf:cd:96:dc:29:6d:
                    34:22:93:25:45:c8:78:0f:fa:84:c3:2a:1f:73:5f:
                    ec:5b:71:ed:b1:61:8e:74:ca:3a:32:10:c4:c1:73:
                    c1:bf:49:1b:3b:f5:1c:34:23:2c:67:58:ef:92:b1:
                    60:f2:62:cf:08:b3:1f:54:8b:05:02:a4:3f:6b:bd:
                    2f:8a:4d:99:22:6d:d7:15:23:77:fd:ee:c9:f4:98:
                    fa:fa:5f:b7:99:0d:fa:c0:c2:74:3a:cd:a9:8e:4e:
                    f8:be:5a:5a:3d:ef:f9:0a:fe:b1:39:13:a5:62:e2:
                    f3:6e:be:26:7b:fa:a8:a2:6d:8b:00:41:92:1c:2a:
                    4f:86:c3:f3:39:ae:68:f8:41:b4:c8:a0:58:ac:01:
                    bd:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:F2:FC:00:2C:C0:A7:D7:C2:C2:C6:42:3D:3B:D4:55:D0:B8:C6:D9
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/PvL8ACzAp9fCwsZCPTvUVdC4xtk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:5b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         0f:6f:27:1d:02:24:37:b7:87:8c:ea:d0:19:90:12:c3:23:3e:
         16:4a:b9:c1:eb:e7:0f:c3:05:6c:ed:a6:31:41:97:fc:d0:df:
         bf:b0:8f:c8:45:a0:5e:b9:b1:56:4d:21:78:aa:8d:d6:a1:c5:
         b3:c7:bd:ad:c8:ad:e2:f3:de:2c:d5:81:85:6d:9f:7c:fe:f5:
         eb:69:c5:aa:48:04:21:78:f8:15:06:ac:62:0a:9f:2f:aa:36:
         9c:98:bf:48:95:70:57:ec:a5:4f:84:0f:03:88:0a:a3:cf:35:
         d0:05:49:9b:7b:29:30:17:5c:8c:43:3d:76:b9:09:e1:f0:55:
         d6:dc:5d:ef:a2:97:53:36:73:88:c1:fa:05:c7:17:11:9f:7e:
         41:60:ae:78:3c:0f:0b:59:b6:6d:c1:4b:e7:ac:67:7b:db:82:
         ab:6d:0c:63:a9:6f:cf:e4:8b:0f:de:c9:d8:ef:56:1c:0f:27:
         0f:db:7f:a6:4f:d3:3a:e6:1d:aa:b3:6b:db:12:23:84:c2:c9:
         ef:a6:f7:83:e2:9e:82:f1:14:3a:58:85:08:8a:1a:15:67:1a:
         0f:bf:b4:f6:9d:0e:0b:82:02:ca:bc:ff:9f:e0:dc:2c:b2:d1:
         14:ce:76:81:3b:62:7e:6c:b1:cc:ac:c1:ca:63:ef:35:b1:65:
         40:b8:a1:7b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAX9rXWDBgI/mSD6YQEE0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWYyZmMwMDJjYzBhN2Q3YzJjMmM2NDIzZDNiZDQ1NWQwYjhjNmQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmhTq8XYUVimvv3DfcSjsjvHHfp3q
YJHEEN0PVSsvlJQAg+mweaalJCyR0NtKf4piiR0Eh3ps1F50kmHN4uK8EZxLCGHc
gBzi6OPbs/sSE8bGHH6j+l0D34hwL8vaMf0fW5x2quVBuhZ6XGfNUpDyqU3PzZbc
KW00IpMlRch4D/qEwyofc1/sW3HtsWGOdMo6MhDEwXPBv0kbO/UcNCMsZ1jvkrFg
8mLPCLMfVIsFAqQ/a70vik2ZIm3XFSN3/e7J9Jj6+l+3mQ36wMJ0Os2pjk74vlpa
Pe/5Cv6xOROlYuLzbr4me/qoom2LAEGSHCpPhsPzOa5o+EG0yKBYrAG9PwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFD7y/AAswKfXwsLGQj071FXQuMbZMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvUHZMOEFDekFwOWZDd3NaQ1BUdlVWZEM0eHRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQWw
MA0GCSqGSIb3DQEBCwUAA4IBAQAPbycdAiQ3t4eM6tAZkBLDIz4WSrnB6+cPwwVs
7aYxQZf80N+/sI/IRaBeubFWTSF4qo3WocWzx72tyK3i894s1YGFbZ98/vXracWq
SAQhePgVBqxiCp8vqjacmL9IlXBX7KVPhA8DiAqjzzXQBUmbeykwF1yMQz12uQnh
8FXW3F3vopdTNnOIwfoFxxcRn35BYK54PA8LWbZtwUvnrGd724KrbQxjqW/P5IsP
3snY71YcDycP23+mT9M65h2qs2vbEiOEwsnvpveD4p6C8RQ6WIUIihoVZxoPv7T2
nQ4LggLKvP+f4NwsstEUznaBO2J+bLHMrMHKY+81sWVAuKF7
-----END CERTIFICATE-----