Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/ST1lfIGCV2KEs2R_12S3wwJYYYc.roa
File:                     ST1lfIGCV2KEs2R_12S3wwJYYYc.roa (raw, json)
Hash identifier:          gdYnQyHP4lVBaw+6k/IOfTd7dno54AYfNNt3i+YcpnI=
Subject key identifier:   49:3D:65:7C:81:82:57:62:84:B3:64:7F:D7:64:B7:C3:02:58:61:87
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC80175CE34BE83D1D39A4F4EE71FA4B2
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/ST1lfIGCV2KEs2R_12S3wwJYYYc.roa
Signing time:             Tue 02 Jan 2024 02:29:48 +0000
ROA not before:           Tue 02 Jan 2024 02:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211227
IP address blocks:        2a0c:b641:1d0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:75:ce:34:be:83:d1:d3:9a:4f:4e:e7:1f:a4:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=493d657c8182576284b3647fd764b7c302586187
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:7c:81:d2:ab:1d:ed:a5:51:50:49:95:23:cb:
                    d7:24:b0:bd:e4:fc:2c:77:6e:98:f5:f3:34:07:0d:
                    e6:69:a8:33:24:4e:5d:81:b2:60:64:c3:8d:55:22:
                    5e:93:89:32:13:b1:06:7d:fd:d0:b1:b2:bb:6c:cd:
                    48:35:9b:bc:7f:b4:db:bf:c4:e0:31:f1:d1:30:2c:
                    43:30:2e:c3:17:cc:0e:a8:87:1e:ed:94:ec:7c:10:
                    5f:3f:9d:e8:c0:d6:24:a2:e0:08:2c:25:ce:0f:3f:
                    f9:ce:65:1f:01:00:8d:8d:cb:07:66:02:85:52:1a:
                    03:ec:f8:a4:06:0f:9c:91:b6:18:aa:8b:48:c4:f6:
                    d7:00:81:3f:d8:61:1d:6f:71:b1:57:b4:14:8b:3d:
                    29:31:ca:e7:05:7a:25:c9:eb:e3:e3:b4:cb:a1:e8:
                    2f:d5:c4:c2:71:b3:dc:37:27:f2:e3:5e:47:f4:91:
                    64:04:a8:3c:ec:25:9b:75:30:cd:8f:5d:a8:de:90:
                    f2:6e:5c:3e:20:80:09:cb:72:6a:a5:ac:60:d8:9d:
                    7a:d5:68:15:a6:fb:09:e9:bd:3d:96:70:87:79:bc:
                    d1:b3:05:93:fc:09:c9:95:3c:23:62:73:e6:79:52:
                    7b:4b:bb:46:42:2a:74:23:c1:56:90:d5:e3:2a:6b:
                    b1:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:3D:65:7C:81:82:57:62:84:B3:64:7F:D7:64:B7:C3:02:58:61:87
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/ST1lfIGCV2KEs2R_12S3wwJYYYc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:1d0::/44

    Signature Algorithm: sha256WithRSAEncryption
         95:d7:8f:73:28:0f:a4:51:76:15:a6:e4:71:b6:79:c2:7c:47:
         26:00:db:2e:0c:27:99:d5:29:44:b7:6f:6e:33:ca:03:7b:f7:
         fc:cb:64:c5:92:c5:c3:68:9b:e5:f2:8a:54:a5:3c:97:98:14:
         6a:68:cd:17:b5:39:88:c8:40:9f:0d:ed:20:a3:bd:55:5a:35:
         7a:6f:9b:b5:81:24:12:c0:22:4e:ac:fe:e3:09:93:10:01:1c:
         c3:cb:c6:3e:13:b0:16:0b:84:aa:23:8c:cd:2f:fa:00:a1:3c:
         0c:92:ab:15:48:4e:af:d0:77:ab:bf:f7:3a:7c:ce:0f:e5:e4:
         1f:46:d8:9f:c0:87:18:d0:98:3c:e8:63:29:12:af:71:8c:2e:
         d6:46:6c:a2:aa:bb:e3:d3:f3:b4:d0:6b:76:0d:7d:2b:44:52:
         91:1a:d9:7d:2b:2f:2e:db:50:09:27:86:3c:1d:95:dd:3f:15:
         a5:d0:51:d2:95:df:a0:e9:a4:80:8b:e6:ff:5e:96:68:80:02:
         25:eb:e3:f8:a1:a5:28:de:30:77:06:ca:32:7f:a6:33:16:6c:
         a4:69:48:1c:d2:c8:86:82:65:b3:de:e0:db:b0:2d:df:dd:2e:
         71:53:d9:bd:53:25:bc:e5:a8:0b:db:87:97:b8:7a:c6:ca:b6:
         b5:f2:3b:f2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAXXONL6D0dOaT07nH6SyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTNkNjU3YzgxODI1NzYyODRiMzY0N2ZkNzY0YjdjMzAyNTg2MTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAunyB0qsd7aVRUEmVI8vXJLC95Pws
d26Y9fM0Bw3maagzJE5dgbJgZMONVSJek4kyE7EGff3QsbK7bM1INZu8f7Tbv8Tg
MfHRMCxDMC7DF8wOqIce7ZTsfBBfP53owNYkouAILCXODz/5zmUfAQCNjcsHZgKF
UhoD7PikBg+ckbYYqotIxPbXAIE/2GEdb3GxV7QUiz0pMcrnBXolyevj47TLoegv
1cTCcbPcNyfy415H9JFkBKg87CWbdTDNj12o3pDyblw+IIAJy3Jqpaxg2J161WgV
pvsJ6b09lnCHebzRswWT/AnJlTwjYnPmeVJ7S7tGQip0I8FWkNXjKmuxBQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEk9ZXyBgldihLNkf9dkt8MCWGGHMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvU1QxbGZJR0NWMktFczJSXzEyUzN3d0pZWVljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQHQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCV149zKA+kUXYVpuRxtnnCfEcmANsuDCeZ1SlE
t29uM8oDe/f8y2TFksXDaJvl8opUpTyXmBRqaM0XtTmIyECfDe0go71VWjV6b5u1
gSQSwCJOrP7jCZMQARzDy8Y+E7AWC4SqI4zNL/oAoTwMkqsVSE6v0Herv/c6fM4P
5eQfRtifwIcY0Jg86GMpEq9xjC7WRmyiqrvj0/O00Gt2DX0rRFKRGtl9Ky8u21AJ
J4Y8HZXdPxWl0FHSld+g6aSAi+b/XpZogAIl6+P4oaUo3jB3Bsoyf6YzFmykaUgc
0siGgmWz3uDbsC3f3S5xU9m9UyW85agL24eXuHrGyra18jvy
-----END CERTIFICATE-----