Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/VtkmkDhQc1nPKAeiaAr-WwK7yHc.roa
File:                     VtkmkDhQc1nPKAeiaAr-WwK7yHc.roa (raw, json)
Hash identifier:          8lSWvkgorcWiE4Ja/5b2G/rzQ6/OU7HSn1pKhHmOV7o=
Subject key identifier:   56:D9:26:90:38:50:73:59:CF:28:07:A2:68:0A:FE:5B:02:BB:C8:77
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8015913B09E62640AF0C8019B9E7DF3
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/VtkmkDhQc1nPKAeiaAr-WwK7yHc.roa
Signing time:             Tue 02 Jan 2024 02:29:40 +0000
ROA not before:           Tue 02 Jan 2024 02:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202297
IP address blocks:        2a0c:b642:1a08::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:59:13:b0:9e:62:64:0a:f0:c8:01:9b:9e:7d:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=56d9269038507359cf2807a2680afe5b02bbc877
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:72:b6:13:a6:b9:d8:31:4c:38:20:41:87:8b:
                    c2:8b:02:cb:91:e1:b2:08:93:e0:f6:d4:13:8a:a7:
                    71:47:b9:3d:2e:04:38:0f:58:62:4a:d8:3d:28:5a:
                    d5:69:22:e0:76:a1:8b:2b:5a:35:45:75:33:99:90:
                    88:de:2d:07:9d:01:be:69:2b:2f:85:e2:56:1d:db:
                    c3:a0:69:10:e2:4b:6f:ac:02:1e:59:99:e9:a3:cd:
                    03:de:da:93:d3:81:81:f2:7e:d9:b9:4e:b8:be:56:
                    10:1f:96:c6:b8:26:76:6d:da:21:6a:8f:a9:49:38:
                    4c:4d:3a:e4:16:09:63:73:28:7c:53:4c:77:12:5e:
                    46:b1:3c:31:09:d8:33:51:43:7d:f5:bc:b0:68:1d:
                    02:76:61:9e:a1:68:cd:90:2a:8c:b0:cc:f5:e8:8f:
                    dd:a1:1d:ef:60:3d:2c:f2:4b:d6:e4:d5:e9:56:9b:
                    7f:04:34:7d:50:d2:1a:de:2e:26:d5:bb:c3:14:a0:
                    22:a2:a2:1f:18:2f:bb:e0:e7:14:29:85:06:e9:25:
                    a0:11:5a:63:ab:6f:1e:c9:f3:1f:96:b9:0a:04:28:
                    2c:4f:ba:6f:3d:aa:07:1f:be:c7:65:90:4d:55:14:
                    a2:13:4a:6b:46:b9:66:78:87:f0:37:0e:73:f0:e9:
                    7f:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:D9:26:90:38:50:73:59:CF:28:07:A2:68:0A:FE:5B:02:BB:C8:77
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/VtkmkDhQc1nPKAeiaAr-WwK7yHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b642:1a08::/48

    Signature Algorithm: sha256WithRSAEncryption
         5a:ea:3c:59:91:54:ce:9a:82:37:32:b6:57:c4:06:91:51:9f:
         ea:64:24:76:ac:5a:9b:a6:2b:39:eb:6c:9a:d6:ab:88:20:bd:
         fa:07:ee:2a:e4:8b:41:a3:ee:3d:a2:9b:05:5f:f2:b8:46:d6:
         ee:35:ed:d0:b7:6e:2b:f0:4f:9a:19:fa:8a:e4:3d:05:14:8d:
         cb:e3:ba:e3:53:f5:9c:90:e8:14:fa:ee:b9:04:54:4b:2b:5b:
         86:d2:61:08:ba:a8:3e:a5:01:84:73:32:a4:98:e0:fd:f2:93:
         2d:a5:96:ef:93:1d:ab:30:0b:0b:46:26:c4:3f:07:19:86:a3:
         2c:af:0c:e1:24:f7:76:96:d3:1b:19:ad:c0:64:34:35:cc:63:
         07:bb:31:ea:4a:08:a6:86:4e:f8:f8:e2:5d:df:48:09:f0:9a:
         54:e2:8c:58:7b:e3:3f:6d:b1:d4:0b:01:e5:f9:18:f5:a7:4d:
         e2:a1:ab:67:d8:67:37:74:e2:d9:6f:c0:7a:42:f7:9b:6c:d5:
         3e:c7:3a:14:2c:60:44:49:5f:a9:fd:de:a5:bd:f6:b3:e2:38:
         67:86:8f:96:7c:12:0b:a2:68:c7:62:91:41:e2:cf:05:2b:ca:
         32:88:d2:33:0f:38:4e:40:be:43:04:7f:a7:a9:f4:db:9e:ef:
         f5:82:a9:86
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAVkTsJ5iZArwyAGbnn3zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmQ5MjY5MDM4NTA3MzU5Y2YyODA3YTI2ODBhZmU1YjAyYmJjODc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiXK2E6a52DFMOCBBh4vCiwLLkeGy
CJPg9tQTiqdxR7k9LgQ4D1hiStg9KFrVaSLgdqGLK1o1RXUzmZCI3i0HnQG+aSsv
heJWHdvDoGkQ4ktvrAIeWZnpo80D3tqT04GB8n7ZuU64vlYQH5bGuCZ2bdohao+p
SThMTTrkFgljcyh8U0x3El5GsTwxCdgzUUN99bywaB0CdmGeoWjNkCqMsMz16I/d
oR3vYD0s8kvW5NXpVpt/BDR9UNIa3i4m1bvDFKAioqIfGC+74OcUKYUG6SWgEVpj
q28eyfMflrkKBCgsT7pvPaoHH77HZZBNVRSiE0prRrlmeIfwNw5z8Ol/nQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFbZJpA4UHNZzygHomgK/lsCu8h3MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvVnRrbWtEaFFjMW5QS0FlaWFBci1Xd0s3eUhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgy2QhoI
MA0GCSqGSIb3DQEBCwUAA4IBAQBa6jxZkVTOmoI3MrZXxAaRUZ/qZCR2rFqbpis5
62ya1quIIL36B+4q5ItBo+49opsFX/K4RtbuNe3Qt24r8E+aGfqK5D0FFI3L47rj
U/WckOgU+u65BFRLK1uG0mEIuqg+pQGEczKkmOD98pMtpZbvkx2rMAsLRibEPwcZ
hqMsrwzhJPd2ltMbGa3AZDQ1zGMHuzHqSgimhk74+OJd30gJ8JpU4oxYe+M/bbHU
CwHl+Rj1p03ioatn2Gc3dOLZb8B6QvebbNU+xzoULGBESV+p/d6lvfaz4jhnho+W
fBILomjHYpFB4s8FK8oyiNIzDzhOQL5DBH+nqfTbnu/1gqmG
-----END CERTIFICATE-----