Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/T6hJgXg6kCFqfU35S-cN2m0Clg8.roa
File:                     T6hJgXg6kCFqfU35S-cN2m0Clg8.roa (raw, json)
Hash identifier:          KEhx7aUpGzgDll2Z3K+mA09QcgLvI/EYxObQHFU+0II=
Subject key identifier:   4F:A8:49:81:78:3A:90:21:6A:7D:4D:F9:4B:E7:0D:DA:6D:02:96:0F
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8017C3E130CA58904698664674987C6
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/T6hJgXg6kCFqfU35S-cN2m0Clg8.roa
Signing time:             Tue 02 Jan 2024 02:29:49 +0000
ROA not before:           Tue 02 Jan 2024 02:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212624
IP address blocks:        2a0c:b641:2a0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:7c:3e:13:0c:a5:89:04:69:86:64:67:49:87:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4fa84981783a90216a7d4df94be70dda6d02960f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:57:af:76:ad:52:ff:e1:27:d6:e4:94:e0:bc:
                    76:78:54:ad:9d:09:6a:5a:ed:c3:b7:67:54:4f:cc:
                    27:9c:63:a8:f8:03:99:5d:4d:37:f9:9f:e1:83:d7:
                    1a:11:f2:ec:e8:b7:ae:08:b7:1d:b2:ac:ce:b4:63:
                    3e:eb:e9:99:9a:f5:67:c9:8f:d1:82:31:ec:6d:c2:
                    c3:24:06:c8:99:9d:b7:03:7e:0d:b1:90:ce:23:98:
                    06:f2:65:e4:3c:47:23:22:41:e0:ba:1f:ef:69:38:
                    04:53:cd:67:cc:d7:08:4e:35:51:b0:0b:79:1f:6d:
                    0e:6c:b3:c3:29:80:fc:7f:5d:e0:06:da:e7:75:c1:
                    06:60:91:b5:01:fa:b8:0c:38:42:36:66:3f:22:73:
                    3a:6c:37:47:04:cd:f2:bd:d6:23:55:03:96:78:b1:
                    e9:a6:5f:6a:95:de:b1:15:9a:45:e5:7d:a2:de:91:
                    e3:c9:23:61:52:29:bf:6f:e0:33:09:82:66:3a:d8:
                    d3:66:4f:69:6e:e2:d5:b9:17:35:52:ce:2a:9b:0b:
                    99:d7:38:ee:e9:8e:af:d9:0e:3d:79:b9:19:21:83:
                    53:fe:8e:01:33:9b:a0:c6:70:0b:69:76:7e:77:f9:
                    73:8a:ab:66:71:a1:29:b8:aa:45:ba:52:4c:f9:74:
                    5f:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:A8:49:81:78:3A:90:21:6A:7D:4D:F9:4B:E7:0D:DA:6D:02:96:0F
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/T6hJgXg6kCFqfU35S-cN2m0Clg8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:2a0::/44

    Signature Algorithm: sha256WithRSAEncryption
         9a:30:c2:3e:52:18:f1:9c:e9:07:9b:22:9a:7c:a1:67:ba:f1:
         4c:71:07:25:2e:9c:d8:cb:22:4a:1a:c9:c3:14:7e:e3:0e:ac:
         0f:5f:6a:05:cb:6f:4f:bc:d7:fd:09:80:7e:ac:26:a0:8a:8d:
         59:3c:58:9d:c6:a9:55:18:f4:f1:96:5e:a7:72:f1:b8:62:d7:
         ae:ec:9b:59:b5:6e:e2:3b:93:71:2b:a4:d2:dc:36:54:1b:6a:
         2c:86:fd:10:f7:98:5a:2c:6f:0e:02:17:6f:6f:99:97:87:a0:
         c3:9c:ab:71:11:4b:fc:2c:b3:bc:c5:8d:6c:d8:1d:a5:61:d2:
         a9:97:f8:04:fa:e0:26:f9:3b:52:2a:53:20:ee:c4:ad:38:e7:
         91:6b:83:b8:1c:3b:92:06:16:fe:3b:8f:35:85:8a:52:ff:b3:
         50:e9:1c:eb:02:70:ff:d2:16:60:7a:6a:a3:03:8b:47:5c:fe:
         27:bb:2a:7c:95:26:f1:0a:a7:c4:77:9a:46:a8:01:ba:3d:2a:
         45:5b:c7:c6:82:f3:43:fe:48:4c:f7:0f:94:ca:09:d7:60:a6:
         6c:78:f3:a0:81:3d:a5:da:81:aa:2f:b4:c6:b5:55:db:e0:30:
         18:fc:47:52:9d:d4:26:2a:31:e3:3d:a8:96:a0:bd:d9:31:31:
         96:09:76:16
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAXw+EwyliQRphmRnSYfGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmE4NDk4MTc4M2E5MDIxNmE3ZDRkZjk0YmU3MGRkYTZkMDI5NjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApFevdq1S/+En1uSU4Lx2eFStnQlq
Wu3Dt2dUT8wnnGOo+AOZXU03+Z/hg9caEfLs6LeuCLcdsqzOtGM+6+mZmvVnyY/R
gjHsbcLDJAbImZ23A34NsZDOI5gG8mXkPEcjIkHguh/vaTgEU81nzNcITjVRsAt5
H20ObLPDKYD8f13gBtrndcEGYJG1Afq4DDhCNmY/InM6bDdHBM3yvdYjVQOWeLHp
pl9qld6xFZpF5X2i3pHjySNhUim/b+AzCYJmOtjTZk9pbuLVuRc1Us4qmwuZ1zju
6Y6v2Q49ebkZIYNT/o4BM5ugxnALaXZ+d/lziqtmcaEpuKpFulJM+XRfRQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFE+oSYF4OpAhan1N+UvnDdptApYPMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvVDZoSmdYZzZrQ0ZxZlUzNVMtY04ybTBDbGc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQKg
MA0GCSqGSIb3DQEBCwUAA4IBAQCaMMI+UhjxnOkHmyKafKFnuvFMcQclLpzYyyJK
GsnDFH7jDqwPX2oFy29PvNf9CYB+rCagio1ZPFidxqlVGPTxll6ncvG4Yteu7JtZ
tW7iO5NxK6TS3DZUG2oshv0Q95haLG8OAhdvb5mXh6DDnKtxEUv8LLO8xY1s2B2l
YdKpl/gE+uAm+TtSKlMg7sStOOeRa4O4HDuSBhb+O481hYpS/7NQ6RzrAnD/0hZg
emqjA4tHXP4nuyp8lSbxCqfEd5pGqAG6PSpFW8fGgvND/khM9w+UygnXYKZsePOg
gT2l2oGqL7TGtVXb4DAY/EdSndQmKjHjPaiWoL3ZMTGWCXYW
-----END CERTIFICATE-----