Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/TOinWvkcm58fzhsMFEdMbgMstMA.roa
File:                     TOinWvkcm58fzhsMFEdMbgMstMA.roa (raw, json)
Hash identifier:          lFmAWuds0mAP7rw4yA9Wi1qWSwGQ32H10vjPY9/rC7U=
Subject key identifier:   4C:E8:A7:5A:F9:1C:9B:9F:1F:CE:1B:0C:14:47:4C:6E:03:2C:B4:C0
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC80183E3131BB1BB0E535335A80F0C36
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/TOinWvkcm58fzhsMFEdMbgMstMA.roa
Signing time:             Tue 02 Jan 2024 02:29:51 +0000
ROA not before:           Tue 02 Jan 2024 02:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215931
IP address blocks:        2a0c:b641:b40::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:83:e3:13:1b:b1:bb:0e:53:53:35:a8:0f:0c:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4ce8a75af91c9b9f1fce1b0c14474c6e032cb4c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:78:6a:c6:30:9d:e2:9e:dc:01:5d:ff:a0:69:
                    02:cd:ab:14:3a:57:9a:27:9d:ef:7b:07:33:2e:e3:
                    be:73:e1:88:60:8d:29:ed:fe:de:f3:c3:55:01:a2:
                    6f:e3:83:25:9c:fd:ec:dd:55:13:78:3d:ef:da:ff:
                    b0:d2:2e:f6:17:91:c6:14:71:6a:78:9e:b3:cb:9b:
                    7b:ae:46:5c:79:04:85:e3:d9:eb:0d:b8:f1:b9:0a:
                    c0:66:76:d2:c0:dc:aa:ff:ca:8a:b0:b4:42:2f:98:
                    21:06:3b:97:2d:36:21:4e:83:48:44:db:95:db:e5:
                    33:bb:5a:a5:77:e3:c7:37:6d:19:29:95:a1:d3:3d:
                    96:c7:a8:5d:eb:7e:6b:1e:51:37:ea:47:e3:2b:40:
                    47:9a:77:e4:ab:90:62:91:08:28:55:e9:71:70:96:
                    95:97:11:dc:cc:e6:69:26:f1:d7:4d:97:00:81:c8:
                    04:9c:7c:c2:dd:78:e7:03:81:30:11:ab:69:de:2b:
                    83:ef:c8:6c:b7:08:0a:28:d0:df:82:c3:93:3d:dd:
                    e3:62:f9:b7:c1:28:f6:53:d6:a5:d4:6c:8a:b5:a4:
                    11:6c:26:1d:0a:a3:6e:84:49:9f:9e:59:a1:fa:b9:
                    5d:e8:a4:de:e4:b7:55:18:97:d8:51:30:5c:e7:1c:
                    db:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:E8:A7:5A:F9:1C:9B:9F:1F:CE:1B:0C:14:47:4C:6E:03:2C:B4:C0
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/TOinWvkcm58fzhsMFEdMbgMstMA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:b40::/44

    Signature Algorithm: sha256WithRSAEncryption
         25:cb:eb:c2:22:9c:dd:67:fa:2d:50:88:2f:78:79:dd:42:c7:
         b8:a5:0f:f0:b1:71:bd:0e:f1:5b:f0:09:ae:2a:fb:95:75:11:
         f6:4c:4f:22:37:25:c7:1e:08:88:38:77:e6:00:ce:bd:1b:35:
         2d:66:c1:67:81:b6:15:ef:40:be:69:44:c4:ae:dd:38:a6:15:
         f3:89:4d:01:83:44:10:7d:dd:cb:74:b0:e3:77:af:55:27:da:
         45:fc:d4:e9:a8:37:89:2a:76:4f:fd:25:33:e9:e8:0f:1b:68:
         45:9e:15:34:15:89:ab:e4:67:a5:d5:07:db:1e:4e:0b:bd:82:
         8b:7c:b9:86:3a:c2:6a:00:a8:46:f3:5b:cd:e0:37:31:10:1f:
         3c:91:dc:5a:56:1f:70:45:78:13:ae:29:df:a2:93:f0:2d:65:
         3c:69:f7:54:cb:ea:cf:25:76:cc:29:15:30:e5:d3:f5:14:98:
         54:7a:2a:e1:80:3a:08:d8:a4:ec:e1:ce:6d:d0:53:bc:dd:90:
         0c:c6:d7:73:44:33:a8:3c:5f:e5:4d:aa:a3:64:83:50:1a:9e:
         be:d8:9c:46:c5:7c:56:fd:d5:e5:1f:32:44:10:f5:1b:5f:83:
         6e:64:8a:5a:b4:cf:94:ef:d3:08:d3:02:db:fc:9a:26:12:7a:
         c5:91:d9:f4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAYPjExuxuw5TUzWoDww2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2U4YTc1YWY5MWM5YjlmMWZjZTFiMGMxNDQ3NGM2ZTAzMmNiNGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoHhqxjCd4p7cAV3/oGkCzasUOlea
J53vewczLuO+c+GIYI0p7f7e88NVAaJv44MlnP3s3VUTeD3v2v+w0i72F5HGFHFq
eJ6zy5t7rkZceQSF49nrDbjxuQrAZnbSwNyq/8qKsLRCL5ghBjuXLTYhToNIRNuV
2+Uzu1qld+PHN20ZKZWh0z2Wx6hd635rHlE36kfjK0BHmnfkq5BikQgoVelxcJaV
lxHczOZpJvHXTZcAgcgEnHzC3XjnA4EwEatp3iuD78hstwgKKNDfgsOTPd3jYvm3
wSj2U9al1GyKtaQRbCYdCqNuhEmfnlmh+rld6KTe5LdVGJfYUTBc5xzbtwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEzop1r5HJufH84bDBRHTG4DLLTAMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvVE9pbld2a2NtNThmemhzTUZFZE1iZ01zdE1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQtA
MA0GCSqGSIb3DQEBCwUAA4IBAQAly+vCIpzdZ/otUIgveHndQse4pQ/wsXG9DvFb
8AmuKvuVdRH2TE8iNyXHHgiIOHfmAM69GzUtZsFngbYV70C+aUTErt04phXziU0B
g0QQfd3LdLDjd69VJ9pF/NTpqDeJKnZP/SUz6egPG2hFnhU0FYmr5Gel1QfbHk4L
vYKLfLmGOsJqAKhG81vN4DcxEB88kdxaVh9wRXgTrinfopPwLWU8afdUy+rPJXbM
KRUw5dP1FJhUeirhgDoI2KTs4c5t0FO83ZAMxtdzRDOoPF/lTaqjZINQGp6+2JxG
xXxW/dXlHzJEEPUbX4NuZIpatM+U79MI0wLb/JomEnrFkdn0
-----END CERTIFICATE-----