Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/TqlFvfl9YVmQuy7Ss0uqpeb9auE.roa
File:                     TqlFvfl9YVmQuy7Ss0uqpeb9auE.roa (raw, json)
Hash identifier:          m6TBXYIc2YcpwYlrzlgygn9L8Y0LsbVeovPNtLa0sqY=
Subject key identifier:   4E:A9:45:BD:F9:7D:61:59:90:BB:2E:D2:B3:4B:AA:A5:E6:FD:6A:E1
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8015D72F37A0DA0A450FFE6FC739AE8
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/TqlFvfl9YVmQuy7Ss0uqpeb9auE.roa
Signing time:             Tue 02 Jan 2024 02:29:41 +0000
ROA not before:           Tue 02 Jan 2024 02:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204655
IP address blocks:        2a0c:b641:3c0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:5d:72:f3:7a:0d:a0:a4:50:ff:e6:fc:73:9a:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4ea945bdf97d615990bb2ed2b34baaa5e6fd6ae1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:a3:0d:c8:47:5f:a3:4c:94:c8:1b:43:2f:b0:
                    3b:66:46:38:6e:3c:21:a0:ed:95:1a:3b:8d:e8:70:
                    25:68:5b:1a:91:03:fc:17:ba:45:7f:7c:40:09:71:
                    26:ac:7d:55:4c:83:2e:1f:97:0b:4a:5a:bd:c4:81:
                    27:26:58:dd:2a:7d:91:81:38:f8:a3:71:46:98:f8:
                    35:e8:85:7e:62:19:fe:3c:87:c5:f8:ef:b5:8d:98:
                    99:32:bd:e5:6b:58:3f:d9:0b:85:40:16:0d:09:cc:
                    ea:15:92:c3:f8:b8:3b:61:b9:68:05:58:52:45:d8:
                    b4:09:e6:aa:6e:8d:6e:57:61:9e:e8:8d:bc:ba:91:
                    ae:3d:e3:f8:e7:4c:7a:60:01:37:b3:cd:78:d5:63:
                    a0:9f:d3:25:69:01:cd:81:a0:01:3e:5f:d6:f9:20:
                    a6:27:7c:38:e0:20:c3:1f:f3:dc:47:ca:e4:8d:31:
                    eb:2c:ae:a9:54:07:58:24:cb:d3:d1:0a:9a:56:a8:
                    cd:ad:25:0e:1e:e7:50:f7:e3:79:97:4c:73:16:03:
                    b3:f8:b5:d6:bd:40:fe:47:f3:fb:69:41:12:01:ad:
                    10:9f:1d:9a:ea:46:69:83:e7:04:c6:54:a0:52:50:
                    62:b1:d1:87:f7:14:87:3b:eb:c5:7a:79:9c:47:5c:
                    fa:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:A9:45:BD:F9:7D:61:59:90:BB:2E:D2:B3:4B:AA:A5:E6:FD:6A:E1
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/TqlFvfl9YVmQuy7Ss0uqpeb9auE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:3c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         1f:19:0b:62:54:e7:15:62:58:a2:71:04:fc:76:ca:13:de:58:
         0b:b6:4d:7c:3d:04:18:37:92:a9:ef:b7:f6:27:41:20:97:67:
         88:47:e1:a9:06:36:87:0c:9b:58:11:8c:47:37:71:b9:94:d0:
         7d:b1:e8:21:e8:02:cd:46:1c:1a:35:fc:b0:bc:68:76:aa:22:
         0d:05:af:86:ac:1f:26:29:d0:c5:3f:29:4d:43:df:43:3e:46:
         bc:6b:99:68:6f:23:5d:b6:12:db:42:63:24:37:52:49:10:d7:
         1e:e5:d6:6e:77:94:8d:67:39:59:e9:19:b5:11:be:c6:a3:d4:
         e5:b4:93:c9:8c:30:fa:86:40:f1:14:d4:f1:f9:4a:24:f3:f4:
         34:1f:6c:70:03:68:ed:ae:cc:84:dc:6f:10:b4:4a:76:c0:2f:
         f1:74:42:e9:49:fd:45:50:7d:61:97:e7:d4:6d:f3:90:0d:a8:
         36:89:a4:52:f3:32:0d:d9:5d:97:42:44:5a:68:fa:64:77:f4:
         72:2a:c9:f5:bc:0c:6a:21:96:b0:3e:47:43:fa:ab:64:25:d8:
         3d:d9:5f:6c:cd:28:60:e2:ec:8f:05:2d:a8:c5:fa:8c:c4:dd:
         cb:a4:83:bb:dd:45:70:f7:dc:ba:ea:cb:b5:3c:8f:3c:bd:68:
         d8:6e:50:07
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAV1y83oNoKRQ/+b8c5roMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWE5NDViZGY5N2Q2MTU5OTBiYjJlZDJiMzRiYWFhNWU2ZmQ2YWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsqMNyEdfo0yUyBtDL7A7ZkY4bjwh
oO2VGjuN6HAlaFsakQP8F7pFf3xACXEmrH1VTIMuH5cLSlq9xIEnJljdKn2RgTj4
o3FGmPg16IV+Yhn+PIfF+O+1jZiZMr3la1g/2QuFQBYNCczqFZLD+Lg7YbloBVhS
Rdi0Ceaqbo1uV2Ge6I28upGuPeP450x6YAE3s8141WOgn9MlaQHNgaABPl/W+SCm
J3w44CDDH/PcR8rkjTHrLK6pVAdYJMvT0QqaVqjNrSUOHudQ9+N5l0xzFgOz+LXW
vUD+R/P7aUESAa0Qnx2a6kZpg+cExlSgUlBisdGH9xSHO+vFenmcR1z6EwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFE6pRb35fWFZkLsu0rNLqqXm/WrhMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvVHFsRnZmbDlZVm1RdXk3U3MwdXFwZWI5YXVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQPA
MA0GCSqGSIb3DQEBCwUAA4IBAQAfGQtiVOcVYliicQT8dsoT3lgLtk18PQQYN5Kp
77f2J0Egl2eIR+GpBjaHDJtYEYxHN3G5lNB9segh6ALNRhwaNfywvGh2qiINBa+G
rB8mKdDFPylNQ99DPka8a5lobyNdthLbQmMkN1JJENce5dZud5SNZzlZ6Rm1Eb7G
o9TltJPJjDD6hkDxFNTx+Uok8/Q0H2xwA2jtrsyE3G8QtEp2wC/xdELpSf1FUH1h
l+fUbfOQDag2iaRS8zIN2V2XQkRaaPpkd/RyKsn1vAxqIZawPkdD+qtkJdg92V9s
zShg4uyPBS2oxfqMxN3LpIO73UVw99y66su1PI88vWjYblAH
-----END CERTIFICATE-----