Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/RqizTDbuEPTcFarne65fO5dIYAs.roa
File:                     RqizTDbuEPTcFarne65fO5dIYAs.roa (raw, json)
Hash identifier:          VILIh1GVRYGun4Vbhr/EvLk2rGxsyBuEDlXR3dm4G0E=
Subject key identifier:   46:A8:B3:4C:36:EE:10:F4:DC:15:AA:E7:7B:AE:5F:3B:97:48:60:0B
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC80164AB82D02CD5C79201019AFEE6E9
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/RqizTDbuEPTcFarne65fO5dIYAs.roa
Signing time:             Tue 02 Jan 2024 02:29:43 +0000
ROA not before:           Tue 02 Jan 2024 02:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207301
IP address blocks:        2a0c:b641:780::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:64:ab:82:d0:2c:d5:c7:92:01:01:9a:fe:e6:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=46a8b34c36ee10f4dc15aae77bae5f3b9748600b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:cc:7b:7d:01:05:4e:6f:ce:db:8e:65:c2:52:
                    16:20:e7:ed:97:88:75:9c:c5:82:e8:1b:7d:b6:73:
                    4b:e4:63:59:17:31:47:a0:90:38:b0:18:b7:cd:31:
                    b8:00:5f:6e:15:59:2c:1c:03:d2:6b:fd:3f:4c:f3:
                    49:da:67:cc:aa:36:51:6b:f6:67:3f:94:0b:eb:f2:
                    38:ba:b9:ee:4d:b4:9a:8e:5f:76:02:15:b8:c1:92:
                    b9:00:7c:e8:ea:6d:12:ea:5b:d1:38:00:8b:bf:44:
                    58:e0:ee:5a:86:53:b8:68:33:50:b0:7e:0f:37:74:
                    62:01:b8:6b:c4:e5:03:c8:db:57:55:67:92:37:a8:
                    55:31:82:24:d8:e7:92:dc:b5:18:56:39:45:c6:ab:
                    ce:6b:c9:58:4a:ac:55:de:bb:30:c7:04:96:c3:98:
                    07:f4:dc:19:a0:95:43:a9:4a:fe:e2:ae:96:4a:20:
                    4e:e9:b9:23:b8:d3:ec:4a:a1:cb:c6:af:d1:4c:24:
                    ff:19:0a:85:52:5c:58:1c:3a:d6:d7:2b:47:6a:c7:
                    71:7d:9c:f3:a5:7f:ad:ae:05:8a:50:43:ae:d2:ce:
                    98:6a:45:6a:b8:e6:e7:43:82:f4:d4:09:56:cf:bb:
                    c6:9a:e9:ab:d6:8a:cc:22:7c:60:ca:cc:57:7d:8d:
                    75:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:A8:B3:4C:36:EE:10:F4:DC:15:AA:E7:7B:AE:5F:3B:97:48:60:0B
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/RqizTDbuEPTcFarne65fO5dIYAs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:780::/44

    Signature Algorithm: sha256WithRSAEncryption
         05:1c:d2:fb:6c:55:26:5e:28:88:ce:bf:54:5f:64:b5:13:92:
         b4:fc:18:81:d4:e6:02:50:38:6d:dc:09:e2:00:c2:d7:ca:5c:
         b7:c0:95:45:3f:a0:7a:92:63:80:5b:31:12:9e:c4:cd:d5:60:
         ba:e4:e5:65:71:39:46:99:41:c2:6e:aa:fd:c8:b1:64:67:f7:
         7b:b4:59:8b:38:1a:fa:42:fa:42:77:06:41:79:41:e3:19:53:
         02:2d:b6:77:e6:bc:80:9e:f2:66:3d:07:52:33:26:5c:40:31:
         9e:e8:e6:95:9b:39:70:8c:d1:61:b5:61:e5:a4:92:28:63:b0:
         6b:c8:7c:39:d0:2f:f8:84:57:1d:5a:b5:15:ab:f8:6e:78:4b:
         79:27:46:56:f9:72:01:5b:5d:14:2e:20:90:ea:b3:d7:3b:a2:
         4b:f9:29:1a:70:fa:9d:77:aa:c3:18:d2:ac:3a:5b:96:3d:27:
         a8:cc:56:2b:64:f4:8e:46:3e:33:4b:9e:65:b1:ef:4b:ff:ad:
         1f:8e:0a:f4:20:a6:cf:31:88:55:7b:ec:f0:bb:f3:77:be:48:
         4c:3f:05:92:26:cc:7d:68:0e:dd:d5:eb:01:a8:8b:dd:54:08:
         55:50:35:ac:b2:9e:77:96:2c:62:ef:c9:40:39:19:d7:08:f7:
         bc:93:cd:39
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAWSrgtAs1ceSAQGa/ubpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmE4YjM0YzM2ZWUxMGY0ZGMxNWFhZTc3YmFlNWYzYjk3NDg2MDBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAosx7fQEFTm/O245lwlIWIOftl4h1
nMWC6Bt9tnNL5GNZFzFHoJA4sBi3zTG4AF9uFVksHAPSa/0/TPNJ2mfMqjZRa/Zn
P5QL6/I4urnuTbSajl92AhW4wZK5AHzo6m0S6lvROACLv0RY4O5ahlO4aDNQsH4P
N3RiAbhrxOUDyNtXVWeSN6hVMYIk2OeS3LUYVjlFxqvOa8lYSqxV3rswxwSWw5gH
9NwZoJVDqUr+4q6WSiBO6bkjuNPsSqHLxq/RTCT/GQqFUlxYHDrW1ytHasdxfZzz
pX+trgWKUEOu0s6YakVquObnQ4L01AlWz7vGmumr1orMInxgysxXfY11lwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEaos0w27hD03BWq53uuXzuXSGALMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvUnFpelREYnVFUFRjRmFybmU2NWZPNWRJWUFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQeA
MA0GCSqGSIb3DQEBCwUAA4IBAQAFHNL7bFUmXiiIzr9UX2S1E5K0/BiB1OYCUDht
3AniAMLXyly3wJVFP6B6kmOAWzESnsTN1WC65OVlcTlGmUHCbqr9yLFkZ/d7tFmL
OBr6QvpCdwZBeUHjGVMCLbZ35ryAnvJmPQdSMyZcQDGe6OaVmzlwjNFhtWHlpJIo
Y7BryHw50C/4hFcdWrUVq/hueEt5J0ZW+XIBW10ULiCQ6rPXO6JL+SkacPqdd6rD
GNKsOluWPSeozFYrZPSORj4zS55lse9L/60fjgr0IKbPMYhVe+zwu/N3vkhMPwWS
Jsx9aA7d1esBqIvdVAhVUDWssp53lixi78lAORnXCPe8k805
-----END CERTIFICATE-----