Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/RmnovnQ-wPsb7vB3cIPPpBb3_W4.roa
File:                     RmnovnQ-wPsb7vB3cIPPpBb3_W4.roa (raw, json)
Hash identifier:          d0MGyiM5ezPbA9dIQxdBqe9rPl+nT3pvuxyl+pcZlXo=
Subject key identifier:   46:69:E8:BE:74:3E:C0:FB:1B:EE:F0:77:70:83:CF:A4:16:F7:FD:6E
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018F4F12B41F078EA70380592FD31ECFA87F
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/RmnovnQ-wPsb7vB3cIPPpBb3_W4.roa
Signing time:             Mon 06 May 2024 18:02:56 +0000
ROA not before:           Mon 06 May 2024 18:02:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214961
IP address blocks:        2a0c:b641:c50::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:4f:12:b4:1f:07:8e:a7:03:80:59:2f:d3:1e:cf:a8:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: May  6 18:02:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4669e8be743ec0fb1beef0777083cfa416f7fd6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:fa:a9:82:5d:4a:3c:e7:ce:66:e8:b9:97:19:
                    a1:7a:f9:2f:ce:a6:b2:68:13:ad:0e:8a:ef:c9:d8:
                    5f:4a:66:22:7b:03:e8:c6:ae:ed:b0:ba:bc:3c:d6:
                    dc:f3:b4:48:6a:6c:72:7d:3a:4d:d7:28:26:16:15:
                    29:02:81:29:de:7f:f8:4e:8c:2c:cd:09:5b:b0:60:
                    66:f0:ad:6e:fa:68:b3:fd:b0:ad:06:fe:c4:28:0d:
                    f7:e6:ef:71:13:2b:09:be:06:41:fa:14:13:f2:db:
                    36:b2:98:ec:4c:d1:60:9c:5a:68:df:97:0b:19:2e:
                    cf:91:26:30:6f:af:47:56:25:b4:eb:16:ee:d3:18:
                    c7:a2:45:7a:86:81:b9:4b:d1:a1:57:06:59:da:65:
                    4c:1a:9d:d6:97:ca:0c:62:6a:f3:89:ef:8e:ad:13:
                    2b:5f:63:68:fe:a5:f7:21:8b:b5:0a:94:6a:ac:d5:
                    16:2e:79:b1:9f:1b:07:f2:22:dd:54:59:46:1c:dc:
                    cc:aa:16:24:28:f6:2b:c6:ce:76:1b:c0:15:b8:57:
                    ab:a4:3a:5f:d8:ba:45:ca:dc:69:5f:76:d2:e8:3e:
                    01:b5:e1:14:b2:99:ec:cb:7c:a9:c8:4b:76:ea:c7:
                    66:ba:54:72:3c:01:22:91:c6:0b:8a:36:e6:82:91:
                    bf:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:69:E8:BE:74:3E:C0:FB:1B:EE:F0:77:70:83:CF:A4:16:F7:FD:6E
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/RmnovnQ-wPsb7vB3cIPPpBb3_W4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:c50::/44

    Signature Algorithm: sha256WithRSAEncryption
         67:e7:09:da:cd:ac:37:a5:c6:4b:78:73:ac:9e:62:df:c4:8c:
         04:18:52:f1:1e:de:b6:3e:eb:48:00:a1:80:cf:45:dd:d9:26:
         03:33:87:46:ca:0f:0c:4d:81:3a:56:f0:0d:fd:4c:28:8d:6f:
         f5:6d:a7:d8:fe:d7:d9:e1:99:bd:41:10:11:3a:e2:78:d0:f1:
         a7:e3:01:28:f7:f3:93:6e:45:33:63:04:be:b7:da:78:c0:9d:
         48:38:57:71:88:26:30:a3:17:e4:6f:08:2b:10:33:18:a6:6f:
         0c:f5:7a:1c:f3:84:16:d9:73:80:c7:0f:f5:c9:64:2e:7d:59:
         68:1f:39:e7:1d:d9:21:fb:22:7d:4a:cf:bc:0a:0f:07:76:5c:
         5e:ea:c0:cf:cc:7c:09:80:b4:06:e8:36:57:45:f5:91:17:96:
         89:28:b0:92:c2:3f:03:d3:cb:79:30:46:61:c3:ca:79:fb:8f:
         e9:d3:d0:0b:48:97:9b:24:7e:0e:80:0e:32:f8:d6:bb:cf:8f:
         7d:2e:0e:9a:ed:5c:4d:ec:53:ff:3e:b6:ea:46:bc:b8:90:ef:
         0e:25:05:c0:ad:3c:02:d8:e7:e9:88:3a:47:91:33:de:49:48:
         f5:e1:9e:90:31:ce:a1:97:36:3d:70:d2:bb:83:3d:6d:1b:6b:
         44:0e:3c:ee
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY9PErQfB46nA4BZL9Mez6h/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwNTA2MTgwMjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjY5ZThiZTc0M2VjMGZiMWJlZWYwNzc3MDgzY2ZhNDE2ZjdmZDZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Pqpgl1KPOfOZui5lxmhevkvzqay
aBOtDorvydhfSmYiewPoxq7tsLq8PNbc87RIamxyfTpN1ygmFhUpAoEp3n/4Tows
zQlbsGBm8K1u+miz/bCtBv7EKA335u9xEysJvgZB+hQT8ts2spjsTNFgnFpo35cL
GS7PkSYwb69HViW06xbu0xjHokV6hoG5S9GhVwZZ2mVMGp3Wl8oMYmrzie+OrRMr
X2No/qX3IYu1CpRqrNUWLnmxnxsH8iLdVFlGHNzMqhYkKPYrxs52G8AVuFerpDpf
2LpFytxpX3bS6D4BteEUspnsy3ypyEt26sdmulRyPAEikcYLijbmgpG/4wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEZp6L50PsD7G+7wd3CDz6QW9/1uMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvUm1ub3ZuUS13UHNiN3ZCM2NJUFBwQmIzX1c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQxQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBn5wnazaw3pcZLeHOsnmLfxIwEGFLxHt62PutI
AKGAz0Xd2SYDM4dGyg8MTYE6VvAN/UwojW/1bafY/tfZ4Zm9QRAROuJ40PGn4wEo
9/OTbkUzYwS+t9p4wJ1IOFdxiCYwoxfkbwgrEDMYpm8M9Xoc84QW2XOAxw/1yWQu
fVloHznnHdkh+yJ9Ss+8Cg8Hdlxe6sDPzHwJgLQG6DZXRfWRF5aJKLCSwj8D08t5
MEZhw8p5+4/p09ALSJebJH4OgA4y+Na7z499Lg6a7VxN7FP/PrbqRry4kO8OJQXA
rTwC2OfpiDpHkTPeSUj14Z6QMc6hlzY9cNK7gz1tG2tEDjzu
-----END CERTIFICATE-----