Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/TLPQB7pUp_YoWhng3jD97vtgY9w.roa
File:                     TLPQB7pUp_YoWhng3jD97vtgY9w.roa (raw, json)
Hash identifier:          qdxdq28i0tCcBWmcfYoCimgEVj67Hy19gGx7kvJWfQw=
Subject key identifier:   4C:B3:D0:07:BA:54:A7:F6:28:5A:19:E0:DE:30:FD:EE:FB:60:63:DC
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC801531C5374295A5D4F750EEBBBB6CF
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/TLPQB7pUp_YoWhng3jD97vtgY9w.roa
Signing time:             Tue 02 Jan 2024 02:29:39 +0000
ROA not before:           Tue 02 Jan 2024 02:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197606
IP address blocks:        2a0c:b641:a70::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:53:1c:53:74:29:5a:5d:4f:75:0e:eb:bb:b6:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4cb3d007ba54a7f6285a19e0de30fdeefb6063dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:bc:c2:9a:0d:fa:34:75:9a:58:e2:0f:28:02:
                    97:6c:67:20:d0:4f:8d:b2:cb:89:b5:47:11:b3:2a:
                    68:ab:51:1d:32:ba:ee:9d:65:e2:9b:b4:4c:aa:6e:
                    d6:e6:32:bf:0c:2c:62:25:73:83:8c:97:90:16:73:
                    56:20:90:f4:96:01:6c:6b:0d:eb:d6:b0:df:c3:b4:
                    d7:18:48:d2:3d:ab:02:ce:25:55:3a:1c:14:8e:27:
                    48:5f:6e:d2:7c:45:84:4d:15:20:8b:ea:68:4c:73:
                    7d:35:46:03:ee:25:a3:00:8d:06:d4:b2:21:f8:51:
                    2c:60:81:6f:d9:da:05:b3:e1:69:d5:cb:40:d7:13:
                    bd:94:3a:ee:2d:d9:79:10:b1:0f:a7:d5:9c:cc:ed:
                    69:15:05:d0:93:8e:61:d3:79:78:b7:ed:9a:32:c0:
                    d9:c2:24:4f:28:97:67:09:ad:a5:56:25:88:25:01:
                    66:27:6e:0f:7e:c3:e5:00:74:b3:00:28:e0:1b:ed:
                    1f:39:89:e4:b8:21:37:d7:08:ff:78:e6:44:87:d5:
                    c1:97:ca:72:ab:c9:6a:fb:65:e4:b0:c8:71:69:a4:
                    54:85:9a:ee:1f:ae:57:ae:80:a8:76:29:52:26:04:
                    9e:41:94:28:b4:df:f7:c9:fe:e8:b8:d2:48:fa:cb:
                    aa:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:B3:D0:07:BA:54:A7:F6:28:5A:19:E0:DE:30:FD:EE:FB:60:63:DC
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/TLPQB7pUp_YoWhng3jD97vtgY9w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:a70::/44

    Signature Algorithm: sha256WithRSAEncryption
         2c:3c:7c:bb:5c:ad:bb:7c:3c:14:6e:29:ac:db:71:60:ee:20:
         54:84:12:2a:2d:7f:df:88:b6:c4:c6:63:33:22:ed:18:a4:1f:
         47:b5:53:51:cc:7f:86:8c:f6:85:5f:81:2c:bf:61:74:3f:31:
         a6:81:5a:f3:86:63:b9:b3:78:ff:e8:16:19:ce:cd:c6:4c:15:
         a6:e1:ae:0e:f6:96:84:37:67:54:88:fe:cc:d4:16:3f:09:14:
         c3:79:13:c1:da:0f:ce:33:3c:dc:ba:34:e0:a5:fa:bc:1e:a1:
         df:8f:36:28:66:38:7b:be:b4:97:08:07:22:1c:11:d1:57:ae:
         d4:a1:40:f2:d3:63:fe:d7:f4:17:0d:3b:70:80:00:21:ab:86:
         5f:07:8a:4e:98:70:68:04:fa:9a:02:94:c0:03:23:bf:a4:45:
         c7:78:74:3e:a8:8c:be:a5:e3:2e:55:a8:3d:20:88:6b:9a:c2:
         8a:a2:82:27:cc:90:68:91:e3:d0:7e:93:aa:ed:c2:04:21:1a:
         ad:eb:7e:33:e0:80:66:e1:61:46:fc:7c:4a:0f:16:85:b7:11:
         8b:2b:09:d8:9f:03:e8:af:da:db:0f:6a:70:dc:fd:f4:f4:d6:
         10:ff:61:68:8a:2b:61:a9:52:5f:b9:ef:fc:06:61:0b:fd:0a:
         65:87:37:cf
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAVMcU3QpWl1PdQ7ru7bPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2IzZDAwN2JhNTRhN2Y2Mjg1YTE5ZTBkZTMwZmRlZWZiNjA2M2RjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyLzCmg36NHWaWOIPKAKXbGcg0E+N
ssuJtUcRsypoq1EdMrrunWXim7RMqm7W5jK/DCxiJXODjJeQFnNWIJD0lgFsaw3r
1rDfw7TXGEjSPasCziVVOhwUjidIX27SfEWETRUgi+poTHN9NUYD7iWjAI0G1LIh
+FEsYIFv2doFs+Fp1ctA1xO9lDruLdl5ELEPp9WczO1pFQXQk45h03l4t+2aMsDZ
wiRPKJdnCa2lViWIJQFmJ24PfsPlAHSzACjgG+0fOYnkuCE31wj/eOZEh9XBl8py
q8lq+2XksMhxaaRUhZruH65XroCodilSJgSeQZQotN/3yf7ouNJI+suq5wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEyz0Ae6VKf2KFoZ4N4w/e77YGPcMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvVExQUUI3cFVwX1lvV2huZzNqRDk3dnRnWTl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQpw
MA0GCSqGSIb3DQEBCwUAA4IBAQAsPHy7XK27fDwUbims23Fg7iBUhBIqLX/fiLbE
xmMzIu0YpB9HtVNRzH+GjPaFX4Esv2F0PzGmgVrzhmO5s3j/6BYZzs3GTBWm4a4O
9paEN2dUiP7M1BY/CRTDeRPB2g/OMzzcujTgpfq8HqHfjzYoZjh7vrSXCAciHBHR
V67UoUDy02P+1/QXDTtwgAAhq4ZfB4pOmHBoBPqaApTAAyO/pEXHeHQ+qIy+peMu
Vag9IIhrmsKKooInzJBokePQfpOq7cIEIRqt634z4IBm4WFG/HxKDxaFtxGLKwnY
nwPor9rbD2pw3P309NYQ/2FoiithqVJfue/8BmEL/QplhzfP
-----END CERTIFICATE-----