Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/RQOcSw0393lnOBXYA8NYceATCLQ.roa
File:                     RQOcSw0393lnOBXYA8NYceATCLQ.roa (raw, json)
Hash identifier:          1+fM1sKct6cTbYGfwjh8aEN2Y0NVclM07N0dIx/zRik=
Subject key identifier:   45:03:9C:4B:0D:37:F7:79:67:38:15:D8:03:C3:58:71:E0:13:08:B4
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8016EC05F5D0B066D4000455A4E9D56
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/RQOcSw0393lnOBXYA8NYceATCLQ.roa
Signing time:             Tue 02 Jan 2024 02:29:46 +0000
ROA not before:           Tue 02 Jan 2024 02:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210189
IP address blocks:        2a0c:b641:660::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:6e:c0:5f:5d:0b:06:6d:40:00:45:5a:4e:9d:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=45039c4b0d37f779673815d803c35871e01308b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:f9:60:ef:1e:e5:e0:c1:be:af:77:b5:d2:81:
                    c0:f2:ea:a1:37:ca:93:fe:a5:b1:fc:2c:33:9d:73:
                    4e:6a:c2:0f:da:9c:23:06:f4:15:66:89:fa:79:a1:
                    17:2f:4c:33:17:c5:3e:ae:44:de:97:32:d9:25:a4:
                    4b:31:ef:30:fe:5c:64:0b:23:16:71:ee:ed:84:8e:
                    0b:35:44:57:0f:5e:13:8d:d7:b0:f3:92:5a:b8:8a:
                    1b:7a:0a:5e:96:7f:ee:dd:02:63:17:97:02:02:5d:
                    ba:8d:32:78:cc:32:3d:39:12:36:e9:bf:b5:b7:52:
                    b8:9f:34:00:fc:6b:b8:95:1a:d0:5d:2b:e5:e6:61:
                    ea:fe:47:1e:60:bd:08:7c:fe:c0:3c:ae:78:da:d2:
                    bb:8b:7e:6a:d4:b4:da:c1:e5:3a:ac:bd:f0:8e:24:
                    38:71:6f:ba:4a:37:d8:b1:ad:d8:40:b7:83:93:e5:
                    20:53:2f:3c:16:16:c3:f0:60:a0:82:d2:17:7a:bd:
                    92:50:3c:5c:c6:98:6a:5c:54:09:f2:c2:dc:03:1c:
                    a9:6b:c1:19:29:a2:bd:2d:7b:f7:dc:f2:f6:df:4a:
                    b7:ef:48:0a:1c:f8:ce:0a:3a:c2:a0:06:8d:75:11:
                    f0:53:86:d5:6c:36:3a:36:60:52:f3:c2:9b:e0:fa:
                    dd:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:03:9C:4B:0D:37:F7:79:67:38:15:D8:03:C3:58:71:E0:13:08:B4
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/RQOcSw0393lnOBXYA8NYceATCLQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:660::/44

    Signature Algorithm: sha256WithRSAEncryption
         22:ae:1a:10:2a:e8:1a:c2:9a:b6:eb:ff:c7:96:2a:1d:28:18:
         4b:2d:1a:71:8f:f7:89:22:8a:74:fd:14:1e:92:a4:0a:b2:db:
         51:c0:88:97:9e:d4:5f:36:85:ae:12:02:23:4c:8f:f9:eb:64:
         03:cb:00:18:44:19:ba:0f:28:b1:11:52:53:78:8c:06:da:43:
         0b:00:a2:84:ab:ce:43:d1:0f:e8:2c:25:d9:a9:a7:49:7e:0e:
         f7:1c:89:a5:76:6e:e4:82:3a:f3:57:4f:ee:08:b4:62:eb:ca:
         ce:1d:8a:88:be:f4:4b:e3:e4:f0:09:61:5f:0d:0e:af:ac:59:
         a5:5d:3e:ae:00:c8:d9:04:3f:6a:1a:9d:2b:6c:c8:cd:c3:ac:
         43:09:18:51:f1:95:2f:01:92:1a:f2:6e:77:18:9f:79:7f:9a:
         62:17:f9:a5:1b:0f:ee:d8:e7:09:c2:35:ed:ad:48:da:c1:f0:
         11:fd:9c:dd:d9:ac:e5:2b:16:f7:14:be:5d:bd:e9:cc:00:1e:
         c0:f5:16:b4:bf:6a:d8:d0:06:74:67:34:06:02:c3:84:44:fd:
         47:af:a1:27:88:3e:ca:cb:d4:33:d8:53:08:7e:cf:cd:a0:69:
         2f:ec:bd:d6:ab:60:11:44:21:04:90:31:5c:a1:e1:37:f6:92:
         be:63:6a:f0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAW7AX10LBm1AAEVaTp1WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTAzOWM0YjBkMzdmNzc5NjczODE1ZDgwM2MzNTg3MWUwMTMwOGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvvlg7x7l4MG+r3e10oHA8uqhN8qT
/qWx/CwznXNOasIP2pwjBvQVZon6eaEXL0wzF8U+rkTelzLZJaRLMe8w/lxkCyMW
ce7thI4LNURXD14Tjdew85JauIobegpeln/u3QJjF5cCAl26jTJ4zDI9ORI26b+1
t1K4nzQA/Gu4lRrQXSvl5mHq/kceYL0IfP7APK542tK7i35q1LTaweU6rL3wjiQ4
cW+6SjfYsa3YQLeDk+UgUy88FhbD8GCggtIXer2SUDxcxphqXFQJ8sLcAxypa8EZ
KaK9LXv33PL230q370gKHPjOCjrCoAaNdRHwU4bVbDY6NmBS88Kb4PrdvQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEUDnEsNN/d5ZzgV2APDWHHgEwi0MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvUlFPY1N3MDM5M2xuT0JYWUE4TlljZUFUQ0xRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQZg
MA0GCSqGSIb3DQEBCwUAA4IBAQAirhoQKugawpq26//HliodKBhLLRpxj/eJIop0
/RQekqQKsttRwIiXntRfNoWuEgIjTI/562QDywAYRBm6DyixEVJTeIwG2kMLAKKE
q85D0Q/oLCXZqadJfg73HImldm7kgjrzV0/uCLRi68rOHYqIvvRL4+TwCWFfDQ6v
rFmlXT6uAMjZBD9qGp0rbMjNw6xDCRhR8ZUvAZIa8m53GJ95f5piF/mlGw/u2OcJ
wjXtrUjawfAR/Zzd2azlKxb3FL5dvenMAB7A9Ra0v2rY0AZ0ZzQGAsOERP1Hr6En
iD7Ky9Qz2FMIfs/NoGkv7L3Wq2ARRCEEkDFcoeE39pK+Y2rw
-----END CERTIFICATE-----