Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/R-jzk-WoLGS2PXYoR-HVCq-CISs.roa
File:                     R-jzk-WoLGS2PXYoR-HVCq-CISs.roa (raw, json)
Hash identifier:          xEzMw5OoHIBfiP404nZr6xA0tc+nVd9Rr4QXeN4Sj7s=
Subject key identifier:   47:E8:F3:93:E5:A8:2C:64:B6:3D:76:28:47:E1:D5:0A:AF:82:21:2B
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8014849BD8D934C662948C52A835281
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/R-jzk-WoLGS2PXYoR-HVCq-CISs.roa
Signing time:             Tue 02 Jan 2024 02:29:36 +0000
ROA not before:           Tue 02 Jan 2024 02:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34641
IP address blocks:        2a0c:b642:2000::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:48:49:bd:8d:93:4c:66:29:48:c5:2a:83:52:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47e8f393e5a82c64b63d762847e1d50aaf82212b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:c4:4d:96:6c:c5:0e:0d:37:6f:bb:61:65:22:
                    18:54:61:85:a9:b7:2c:63:05:f0:9a:53:77:35:29:
                    28:ef:e2:d3:95:c7:48:77:00:b5:d5:62:c0:44:30:
                    62:ab:e0:76:0a:73:b5:2c:c7:ec:56:85:9c:c8:ea:
                    c6:0f:b9:4f:70:3b:64:95:fa:de:35:8c:db:68:ff:
                    49:6c:64:ca:78:3d:12:77:af:2f:f0:47:d6:3c:8b:
                    ef:78:cb:76:5f:51:ea:5b:05:40:d8:ce:90:29:ec:
                    31:f4:c3:d2:ab:f3:a8:90:04:93:47:7a:33:74:01:
                    d8:b9:a0:8c:d1:45:80:76:c9:2e:e1:c2:74:55:0f:
                    54:2e:f6:88:9c:d6:55:fd:28:15:17:f2:8e:45:cc:
                    d4:ba:be:5c:ed:96:30:4c:78:aa:2c:54:cd:e3:d1:
                    8e:b1:91:8c:9c:a4:f4:eb:1a:b3:3c:2a:34:3a:c3:
                    c4:ee:21:68:c4:74:b9:62:12:1f:14:41:f5:f9:be:
                    b0:34:d0:a7:ad:44:27:f1:3f:1d:64:22:ff:2f:6b:
                    e9:a8:f1:bf:a6:fd:73:54:43:1c:70:e3:0d:4b:20:
                    aa:fb:4d:73:06:38:f1:7a:21:4b:03:2c:ac:07:93:
                    8f:90:78:ff:4b:40:6b:30:07:ec:a9:de:5f:8c:25:
                    f4:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:E8:F3:93:E5:A8:2C:64:B6:3D:76:28:47:E1:D5:0A:AF:82:21:2B
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/R-jzk-WoLGS2PXYoR-HVCq-CISs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b642:2000::/36

    Signature Algorithm: sha256WithRSAEncryption
         9b:f1:01:3f:81:1a:e8:ad:78:25:57:37:78:fd:62:40:60:e5:
         f0:cd:9d:38:0d:0b:42:b4:63:3c:ce:f7:59:b4:92:8c:f4:18:
         cd:02:d5:be:74:1a:50:aa:f6:86:46:b1:30:c6:d0:f1:81:73:
         16:31:1a:2a:5e:3c:03:4e:23:a4:0d:05:71:e4:b1:4f:29:dd:
         5a:ba:cc:99:09:cb:82:18:e5:2b:e1:6a:a6:8e:31:8b:0c:99:
         89:99:ea:7b:1a:48:70:20:78:d9:74:1a:ad:d0:81:55:ae:2e:
         7f:ee:41:9f:76:87:9e:40:ef:10:b2:be:58:51:e7:2d:e3:c5:
         74:0d:8e:c4:45:e7:aa:de:b0:60:2a:a5:2e:4d:c4:da:84:cb:
         fa:0b:fb:a3:67:37:c8:da:9e:4d:68:7a:83:c8:36:00:29:83:
         6b:ea:c7:cf:60:ae:0d:9d:46:2d:27:d3:0a:a0:b0:08:3d:0e:
         04:91:14:20:50:3d:5e:1a:1c:cc:66:95:3a:a7:cf:05:8e:51:
         53:2b:3e:a0:91:cb:d4:e1:9a:6c:8a:e0:43:50:c4:d4:c4:29:
         37:09:df:81:be:38:8c:57:20:07:7f:cf:b9:ea:9c:53:e4:e9:
         96:6d:58:5d:c4:2f:8e:c0:02:5e:55:94:5a:ff:8d:2f:63:43:
         9b:a2:9d:e6
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzIAUhJvY2TTGYpSMUqg1KBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2U4ZjM5M2U1YTgyYzY0YjYzZDc2Mjg0N2UxZDUwYWFmODIyMTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmcRNlmzFDg03b7thZSIYVGGFqbcs
YwXwmlN3NSko7+LTlcdIdwC11WLARDBiq+B2CnO1LMfsVoWcyOrGD7lPcDtklfre
NYzbaP9JbGTKeD0Sd68v8EfWPIvveMt2X1HqWwVA2M6QKewx9MPSq/OokASTR3oz
dAHYuaCM0UWAdsku4cJ0VQ9ULvaInNZV/SgVF/KORczUur5c7ZYwTHiqLFTN49GO
sZGMnKT06xqzPCo0OsPE7iFoxHS5YhIfFEH1+b6wNNCnrUQn8T8dZCL/L2vpqPG/
pv1zVEMccOMNSyCq+01zBjjxeiFLAyysB5OPkHj/S0BrMAfsqd5fjCX0LQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFEfo85PlqCxktj12KEfh1QqvgiErMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvUi1qemstV29MR1MyUFhZb1ItSFZDcS1DSVNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKgy2QiAw
DQYJKoZIhvcNAQELBQADggEBAJvxAT+BGuiteCVXN3j9YkBg5fDNnTgNC0K0YzzO
91m0koz0GM0C1b50GlCq9oZGsTDG0PGBcxYxGipePANOI6QNBXHksU8p3Vq6zJkJ
y4IY5SvhaqaOMYsMmYmZ6nsaSHAgeNl0Gq3QgVWuLn/uQZ92h55A7xCyvlhR5y3j
xXQNjsRF56resGAqpS5NxNqEy/oL+6NnN8jank1oeoPINgApg2vqx89grg2dRi0n
0wqgsAg9DgSRFCBQPV4aHMxmlTqnzwWOUVMrPqCRy9ThmmyK4ENQxNTEKTcJ34G+
OIxXIAd/z7nqnFPk6ZZtWF3EL47AAl5VlFr/jS9jQ5uineY=
-----END CERTIFICATE-----