Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/SoVROoOihwiI0pwGTcVbGl07RMw.roa
File:                     SoVROoOihwiI0pwGTcVbGl07RMw.roa (raw, json)
Hash identifier:          yfIha0APU0qWCmPMNHHw3mWBvvhbGRFuSQkL5y+LACQ=
Subject key identifier:   4A:85:51:3A:83:A2:87:08:88:D2:9C:06:4D:C5:5B:1A:5D:3B:44:CC
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC801710D6C0EC38994524556D74B908E
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/SoVROoOihwiI0pwGTcVbGl07RMw.roa
Signing time:             Tue 02 Jan 2024 02:29:46 +0000
ROA not before:           Tue 02 Jan 2024 02:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210466
IP address blocks:        2a0c:b641:5c0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:71:0d:6c:0e:c3:89:94:52:45:56:d7:4b:90:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4a85513a83a2870888d29c064dc55b1a5d3b44cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:82:77:31:23:98:f6:45:55:9c:2c:b1:24:c6:
                    02:6f:2a:a5:92:02:7d:90:5b:fd:24:ea:53:86:1a:
                    e1:14:ba:1d:95:82:d4:3e:5b:2e:45:af:a5:f4:99:
                    aa:90:fe:d4:91:41:ee:ed:6a:ae:10:1c:c3:98:79:
                    b4:9f:ce:e5:4b:2d:37:ac:36:a7:3a:97:8e:4a:c7:
                    81:5d:67:e0:5c:8a:b8:ce:68:45:08:f3:50:47:e3:
                    a1:4b:bc:34:9e:8d:9f:0c:a7:55:45:49:36:a8:cc:
                    97:5f:08:b9:73:83:b1:d1:d5:30:1d:06:bb:2e:d7:
                    49:83:89:13:fc:16:5c:91:02:87:5a:d6:61:8e:5b:
                    83:f9:f5:7e:4e:03:8d:28:da:64:42:48:57:59:18:
                    ee:61:02:4d:0f:ca:e6:bb:48:a9:c3:f8:45:ab:4c:
                    f7:3e:d6:7e:f2:77:ad:0c:1e:66:ee:da:32:ac:03:
                    5c:30:88:f8:b8:43:1a:ee:dc:c0:87:b7:4b:bd:fa:
                    e0:79:f6:ee:06:d5:0e:ed:38:32:18:e5:6f:e3:3c:
                    5e:40:b8:2e:64:0a:bc:a9:cd:de:89:f4:97:e9:44:
                    5d:78:c5:84:52:7b:13:c4:16:9d:b9:ce:fb:1a:87:
                    72:cc:d9:43:f1:16:f5:81:0f:37:bc:3a:c6:d2:08:
                    f2:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:85:51:3A:83:A2:87:08:88:D2:9C:06:4D:C5:5B:1A:5D:3B:44:CC
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/SoVROoOihwiI0pwGTcVbGl07RMw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:5c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         9b:36:66:03:6e:e4:4e:2e:21:b2:42:2c:ff:09:09:57:dd:3e:
         ac:3c:53:0b:90:e9:d5:ff:a5:f3:2b:b4:cb:b7:4b:c0:b1:a0:
         97:9f:44:1c:87:87:e2:1a:c7:8b:61:97:e8:a6:31:8b:bf:b9:
         3f:6e:51:45:e8:07:5b:1c:6e:9e:00:43:e5:f0:d6:34:13:15:
         39:fe:5d:5d:ca:9a:d1:47:4c:5a:01:a5:74:de:c8:57:41:04:
         d2:7e:5c:6f:be:c3:07:4d:2b:3d:69:c1:8c:c5:c8:50:c7:b9:
         17:61:56:60:3d:6d:f4:04:11:78:52:4d:aa:1e:1c:ab:52:51:
         11:ec:56:ef:e6:b5:34:79:50:f3:68:08:22:52:78:35:d6:a5:
         6c:34:e0:87:12:4f:dc:b6:ee:09:09:4e:36:e5:9d:bf:22:ff:
         31:b2:30:ea:22:72:1b:03:3f:99:19:e4:b0:b5:73:df:40:b9:
         2f:ef:76:35:2f:90:d1:89:65:32:2d:f7:27:a5:d4:77:98:86:
         85:71:4e:89:aa:9d:c0:0f:ca:d7:75:9c:34:f2:a4:37:5b:34:
         4d:b5:5d:f9:58:18:57:88:f7:a6:50:91:63:14:8d:2b:ef:2a:
         e1:67:e3:0b:f9:82:5c:04:fc:1a:81:1f:54:21:fd:fd:62:9e:
         3c:1a:03:c0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAXENbA7DiZRSRVbXS5COMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTg1NTEzYTgzYTI4NzA4ODhkMjljMDY0ZGM1NWIxYTVkM2I0NGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArYJ3MSOY9kVVnCyxJMYCbyqlkgJ9
kFv9JOpThhrhFLodlYLUPlsuRa+l9JmqkP7UkUHu7WquEBzDmHm0n87lSy03rDan
OpeOSseBXWfgXIq4zmhFCPNQR+OhS7w0no2fDKdVRUk2qMyXXwi5c4Ox0dUwHQa7
LtdJg4kT/BZckQKHWtZhjluD+fV+TgONKNpkQkhXWRjuYQJND8rmu0ipw/hFq0z3
PtZ+8netDB5m7toyrANcMIj4uEMa7tzAh7dLvfrgefbuBtUO7TgyGOVv4zxeQLgu
ZAq8qc3eifSX6URdeMWEUnsTxBaduc77GodyzNlD8Rb1gQ83vDrG0gjyRwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEqFUTqDoocIiNKcBk3FWxpdO0TMMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvU29WUk9vT2lod2lJMHB3R1RjVmJHbDA3Uk13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQXA
MA0GCSqGSIb3DQEBCwUAA4IBAQCbNmYDbuROLiGyQiz/CQlX3T6sPFMLkOnV/6Xz
K7TLt0vAsaCXn0Qch4fiGseLYZfopjGLv7k/blFF6AdbHG6eAEPl8NY0ExU5/l1d
yprRR0xaAaV03shXQQTSflxvvsMHTSs9acGMxchQx7kXYVZgPW30BBF4Uk2qHhyr
UlER7Fbv5rU0eVDzaAgiUng11qVsNOCHEk/ctu4JCU425Z2/Iv8xsjDqInIbAz+Z
GeSwtXPfQLkv73Y1L5DRiWUyLfcnpdR3mIaFcU6Jqp3AD8rXdZw08qQ3WzRNtV35
WBhXiPemUJFjFI0r7yrhZ+ML+YJcBPwagR9UIf39Yp48GgPA
-----END CERTIFICATE-----