Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/S8Qv-D7dJlrI_xBDsPD3e6Eh21c.roa
File:                     S8Qv-D7dJlrI_xBDsPD3e6Eh21c.roa (raw, json)
Hash identifier:          C6otCnUbW5pCi2PThDWPYIUQ4Fph+jiZHPkR1ADyhJI=
Subject key identifier:   4B:C4:2F:F8:3E:DD:26:5A:C8:FF:10:43:B0:F0:F7:7B:A1:21:DB:57
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8017A41CB2B2FEFBAC564CFBB451C51
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/S8Qv-D7dJlrI_xBDsPD3e6Eh21c.roa
Signing time:             Tue 02 Jan 2024 02:29:49 +0000
ROA not before:           Tue 02 Jan 2024 02:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212299
IP address blocks:        2a0c:b641:a0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:7a:41:cb:2b:2f:ef:ba:c5:64:cf:bb:45:1c:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4bc42ff83edd265ac8ff1043b0f0f77ba121db57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:45:c1:af:60:04:59:d1:ab:b4:8e:de:ce:b8:
                    9b:de:86:bf:6c:5f:34:8e:94:07:ed:13:5e:82:9e:
                    db:b3:2c:e5:2a:0d:13:a7:5d:94:18:66:da:80:68:
                    a0:14:2d:f4:ca:60:ec:a9:81:98:4b:ef:55:32:95:
                    1e:28:b2:61:33:ee:bb:f6:33:ae:15:cf:a6:67:91:
                    64:27:e8:7f:ec:c2:5f:7b:8f:49:14:27:a3:e6:79:
                    d5:b6:49:5b:04:db:2f:86:cb:00:90:d4:bb:a5:1b:
                    4f:dc:54:af:d3:68:79:8f:12:e9:6f:f9:b8:fd:3f:
                    b6:e0:eb:c7:3c:79:87:bf:b9:34:24:19:79:c3:03:
                    94:8d:a0:5f:06:f4:92:87:37:63:c6:9d:b7:47:2a:
                    db:29:5f:d9:b9:c1:bc:6e:01:14:99:25:75:7c:25:
                    d0:94:66:5a:7c:c7:9a:aa:e9:cf:18:42:c4:5f:17:
                    d7:6d:d4:1f:c9:50:c9:8b:3c:94:d9:9a:8e:29:87:
                    7a:17:c6:fc:77:8b:b4:fc:57:e0:11:65:19:a6:7b:
                    2c:de:26:48:54:2a:e3:2f:e3:b2:72:3f:08:df:56:
                    53:aa:4c:c1:e5:38:53:0f:1c:55:8a:e4:51:d3:f1:
                    e5:a0:3f:ba:38:12:eb:f0:c5:94:0c:ad:f6:7a:38:
                    08:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:C4:2F:F8:3E:DD:26:5A:C8:FF:10:43:B0:F0:F7:7B:A1:21:DB:57
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/S8Qv-D7dJlrI_xBDsPD3e6Eh21c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:a0::/44

    Signature Algorithm: sha256WithRSAEncryption
         4b:29:84:60:ce:ed:cb:26:16:1b:58:64:4c:27:64:f7:36:42:
         32:56:d8:d6:eb:a1:fd:16:ce:a9:a2:18:3c:b5:09:61:c3:c0:
         7a:64:9e:57:f0:f1:c5:e7:25:10:9d:df:16:43:5d:c3:6f:a3:
         83:84:41:68:37:23:fa:0b:36:73:c1:48:1e:ee:52:4f:54:c9:
         f5:06:10:e7:c6:23:33:07:e8:f7:52:0b:e6:eb:65:06:2c:94:
         20:1e:e1:eb:11:ef:fc:56:2c:c3:5c:ad:71:37:2a:f6:65:b5:
         e5:66:89:b4:12:6c:f5:d3:2b:b4:2a:bc:8e:3c:ab:a1:07:bd:
         ce:29:a5:9e:d9:98:9e:b7:f3:60:61:20:9a:f1:18:18:cb:28:
         8e:e9:67:64:40:32:43:4d:9e:f1:a1:3a:9a:7c:a4:ba:2e:12:
         41:41:0d:39:c5:ab:d5:a1:33:ba:1b:f4:6a:f4:07:8e:b1:93:
         12:31:66:38:2a:ca:fc:aa:d9:ba:39:a6:22:91:fa:74:b5:f7:
         72:b6:0d:58:5b:5a:ac:38:d4:de:fb:2f:91:ca:02:56:ea:1e:
         35:62:73:61:4e:83:67:27:9a:47:3f:97:f9:88:00:88:b5:17:
         20:c1:21:57:28:c5:9c:e6:d1:c9:68:3e:28:1f:19:c0:c5:d6:
         41:51:83:ac
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAXpByysv77rFZM+7RRxRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmM0MmZmODNlZGQyNjVhYzhmZjEwNDNiMGYwZjc3YmExMjFkYjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhUXBr2AEWdGrtI7ezrib3oa/bF80
jpQH7RNegp7bsyzlKg0Tp12UGGbagGigFC30ymDsqYGYS+9VMpUeKLJhM+679jOu
Fc+mZ5FkJ+h/7MJfe49JFCej5nnVtklbBNsvhssAkNS7pRtP3FSv02h5jxLpb/m4
/T+24OvHPHmHv7k0JBl5wwOUjaBfBvSShzdjxp23RyrbKV/ZucG8bgEUmSV1fCXQ
lGZafMeaqunPGELEXxfXbdQfyVDJizyU2ZqOKYd6F8b8d4u0/FfgEWUZpnss3iZI
VCrjL+Oycj8I31ZTqkzB5ThTDxxViuRR0/HloD+6OBLr8MWUDK32ejgI9wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEvEL/g+3SZayP8QQ7Dw93uhIdtXMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvUzhRdi1EN2RKbHJJX3hCRHNQRDNlNkVoMjFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQCg
MA0GCSqGSIb3DQEBCwUAA4IBAQBLKYRgzu3LJhYbWGRMJ2T3NkIyVtjW66H9Fs6p
ohg8tQlhw8B6ZJ5X8PHF5yUQnd8WQ13Db6ODhEFoNyP6CzZzwUge7lJPVMn1BhDn
xiMzB+j3Ugvm62UGLJQgHuHrEe/8VizDXK1xNyr2ZbXlZom0Emz10yu0KryOPKuh
B73OKaWe2Ziet/NgYSCa8RgYyyiO6WdkQDJDTZ7xoTqafKS6LhJBQQ05xavVoTO6
G/Rq9AeOsZMSMWY4Ksr8qtm6OaYikfp0tfdytg1YW1qsONTe+y+RygJW6h41YnNh
ToNnJ5pHP5f5iACItRcgwSFXKMWc5tHJaD4oHxnAxdZBUYOs
-----END CERTIFICATE-----