Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/TZVyECZFfnhy0SpcOqQbF0EY46o.roa
File:                     TZVyECZFfnhy0SpcOqQbF0EY46o.roa (raw, json)
Hash identifier:          FNhhkVyr2MlOFLwgUwnYrLL6M4PiwsmPLA2MvPo0ORU=
Subject key identifier:   4D:95:72:10:26:45:7E:78:72:D1:2A:5C:3A:A4:1B:17:41:18:E3:AA
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018DD53B47DB1187129C6A0B61D9176D88F5
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/TZVyECZFfnhy0SpcOqQbF0EY46o.roa
Signing time:             Fri 23 Feb 2024 09:10:48 +0000
ROA not before:           Fri 23 Feb 2024 09:10:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215428
IP address blocks:        2a0c:b641:bf0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d5:3b:47:db:11:87:12:9c:6a:0b:61:d9:17:6d:88:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Feb 23 09:10:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d95721026457e7872d12a5c3aa41b174118e3aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:a9:49:06:9f:b3:27:68:9f:90:50:70:06:d3:
                    5b:63:59:de:4f:61:1b:0d:a0:9b:7a:bc:ad:bc:de:
                    e8:77:60:9f:fb:31:f0:d8:41:c4:64:6a:41:7c:a0:
                    d5:61:a8:01:d9:27:a5:3d:57:38:48:54:a0:53:3a:
                    a9:45:ed:19:2c:7a:e9:e3:61:6b:88:a1:f9:cc:c8:
                    22:6a:96:91:1f:a1:7b:44:28:e8:77:d6:b1:1f:44:
                    4b:23:95:fb:7e:14:7d:b7:a3:73:bf:ca:9e:69:42:
                    46:f7:67:4f:52:a9:80:da:89:b9:e3:38:a5:81:97:
                    c3:da:9a:cb:a3:8e:48:2f:7c:48:1e:6c:12:c9:93:
                    0a:65:bb:27:4d:11:a0:ef:f9:a6:a5:de:67:72:b3:
                    19:50:7f:35:fd:5b:ba:74:42:90:89:6b:47:e7:e4:
                    50:6a:aa:81:c6:57:0b:86:fb:97:c5:6e:49:9c:40:
                    76:a0:23:e2:3a:ca:87:06:d8:67:40:52:7f:57:90:
                    79:cd:23:bc:19:0b:73:f7:ab:3c:dd:95:c7:4f:0c:
                    93:58:e4:65:0c:ea:51:55:1a:94:6c:c7:38:34:39:
                    6c:43:bf:3d:63:8f:dc:e2:35:1d:73:23:67:3c:9f:
                    04:93:26:6b:b6:ce:2a:f9:ba:7a:50:23:65:92:17:
                    ed:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:95:72:10:26:45:7E:78:72:D1:2A:5C:3A:A4:1B:17:41:18:E3:AA
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/TZVyECZFfnhy0SpcOqQbF0EY46o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:bf0::/44

    Signature Algorithm: sha256WithRSAEncryption
         77:25:1c:03:55:1d:cb:ec:a2:e6:f3:66:1f:61:fb:c1:f4:a5:
         b1:e7:8c:01:7f:9a:ce:ff:7c:03:38:f1:cd:93:de:c2:49:46:
         58:32:1a:74:86:8d:2e:eb:a8:f1:dd:c3:58:ef:33:4f:d7:3d:
         60:f0:77:62:fa:f6:99:98:74:b0:62:07:ff:ab:2e:dc:65:bb:
         07:29:f8:15:95:1b:47:9b:d2:3b:90:5a:a0:2f:42:7d:04:48:
         9f:3b:64:74:da:06:6c:1b:b4:4e:a2:72:89:28:a2:8e:7f:f8:
         c6:f5:79:9c:29:17:e0:f7:b6:99:9b:eb:b1:3a:3e:48:bd:04:
         a9:e8:ca:77:71:68:e2:87:1a:bc:5f:c6:72:71:28:49:3f:b6:
         dc:9e:4d:4a:05:ea:7d:f9:d9:58:d9:06:43:5c:e3:be:08:f2:
         98:2b:34:db:69:0e:d2:bb:7c:f3:0d:e8:fa:e5:70:82:7a:91:
         10:27:7e:7c:fd:7e:89:da:65:e8:ab:21:d0:9a:ef:91:bf:d4:
         66:f8:b1:82:d1:02:95:f5:42:88:97:a0:1a:b5:0d:0e:4a:0e:
         c6:8a:de:f8:9a:18:97:1d:08:15:be:20:7c:9b:f3:7a:10:fc:
         d9:75:08:e4:4b:19:da:fb:74:14:8f:b3:1c:3e:e2:fa:c5:00:
         8a:a0:b3:f3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY3VO0fbEYcSnGoLYdkXbYj1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMjIzMDkxMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDk1NzIxMDI2NDU3ZTc4NzJkMTJhNWMzYWE0MWIxNzQxMThlM2FhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkalJBp+zJ2ifkFBwBtNbY1neT2Eb
DaCberytvN7od2Cf+zHw2EHEZGpBfKDVYagB2SelPVc4SFSgUzqpRe0ZLHrp42Fr
iKH5zMgiapaRH6F7RCjod9axH0RLI5X7fhR9t6Nzv8qeaUJG92dPUqmA2om54zil
gZfD2prLo45IL3xIHmwSyZMKZbsnTRGg7/mmpd5ncrMZUH81/Vu6dEKQiWtH5+RQ
aqqBxlcLhvuXxW5JnEB2oCPiOsqHBthnQFJ/V5B5zSO8GQtz96s83ZXHTwyTWORl
DOpRVRqUbMc4NDlsQ789Y4/c4jUdcyNnPJ8EkyZrts4q+bp6UCNlkhftJQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFE2VchAmRX54ctEqXDqkGxdBGOOqMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvVFpWeUVDWkZmbmh5MFNwY09xUWJGMEVZNDZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQvw
MA0GCSqGSIb3DQEBCwUAA4IBAQB3JRwDVR3L7KLm82YfYfvB9KWx54wBf5rO/3wD
OPHNk97CSUZYMhp0ho0u66jx3cNY7zNP1z1g8Hdi+vaZmHSwYgf/qy7cZbsHKfgV
lRtHm9I7kFqgL0J9BEifO2R02gZsG7ROonKJKKKOf/jG9XmcKRfg97aZm+uxOj5I
vQSp6Mp3cWjihxq8X8ZycShJP7bcnk1KBep9+dlY2QZDXOO+CPKYKzTbaQ7Su3zz
Dej65XCCepEQJ358/X6J2mXoqyHQmu+Rv9Rm+LGC0QKV9UKIl6AatQ0OSg7Git74
mhiXHQgVviB8m/N6EPzZdQjkSxna+3QUj7McPuL6xQCKoLPz
-----END CERTIFICATE-----