Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/W83Qpybqx65Ac6Y7lFhP1aM_lro.roa
File:                     W83Qpybqx65Ac6Y7lFhP1aM_lro.roa (raw, json)
Hash identifier:          LI4CrFtANBavAZJslF7sy23kfwQibKfMy+Mrqm/j0bQ=
Subject key identifier:   5B:CD:D0:A7:26:EA:C7:AE:40:73:A6:3B:94:58:4F:D5:A3:3F:96:BA
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC801489216986C4CE8BB3A4837A07CE3
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/W83Qpybqx65Ac6Y7lFhP1aM_lro.roa
Signing time:             Tue 02 Jan 2024 02:29:36 +0000
ROA not before:           Tue 02 Jan 2024 02:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34681
IP address blocks:        2a0c:b641:60::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:48:92:16:98:6c:4c:e8:bb:3a:48:37:a0:7c:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5bcdd0a726eac7ae4073a63b94584fd5a33f96ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:f3:09:86:35:27:b0:7d:e9:c5:a3:73:7c:9f:
                    17:b6:d7:80:b8:fb:32:fc:e3:d4:ae:5e:e2:89:d6:
                    83:a9:38:07:cf:7b:70:d9:f2:a1:7c:1f:d5:89:84:
                    8f:d2:87:5f:50:a9:14:09:94:c3:f1:62:37:1f:54:
                    76:9c:0a:6a:b3:a6:2b:05:ff:f8:5d:53:a0:ab:4a:
                    c2:ae:87:61:68:4a:18:a0:41:7d:11:24:93:9c:2a:
                    df:b5:2a:a5:24:23:92:76:c1:2a:a8:49:7d:19:b3:
                    c0:63:b3:14:12:a6:09:74:65:03:a3:4d:45:b4:0b:
                    41:3f:28:59:81:46:35:b0:b2:07:a8:87:be:b6:c9:
                    ce:07:3f:60:8d:2c:3f:4b:78:e0:a0:d4:09:41:54:
                    16:32:c6:d1:4e:7f:6c:65:f8:93:ac:46:12:75:59:
                    ed:05:b9:b3:90:d7:85:1d:b6:a3:15:c8:49:16:74:
                    f6:0b:ef:bf:ca:df:69:f6:c6:95:62:89:2e:1d:97:
                    02:51:74:4d:f2:96:24:08:83:ae:fd:28:54:d0:3a:
                    2a:27:ef:99:7f:e8:d4:89:25:1a:2f:d5:af:8d:35:
                    4a:5b:ab:c5:01:2a:ab:ab:79:ad:c8:b9:88:2d:e8:
                    b8:b0:bb:b5:b6:f1:70:30:90:73:c9:ac:3b:d0:5b:
                    a1:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:CD:D0:A7:26:EA:C7:AE:40:73:A6:3B:94:58:4F:D5:A3:3F:96:BA
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/W83Qpybqx65Ac6Y7lFhP1aM_lro.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:60::/44

    Signature Algorithm: sha256WithRSAEncryption
         8c:69:3b:1f:17:84:51:55:39:58:a0:71:d4:7b:f8:86:0a:53:
         09:c9:4f:e1:25:af:84:54:9e:5b:13:a0:53:e1:7e:83:39:09:
         72:62:bf:b5:03:cb:14:69:f6:e4:a4:d3:22:ae:ef:23:8a:df:
         10:ae:6f:d1:e4:93:4a:46:ff:4b:be:0c:7a:b8:43:7f:68:8f:
         56:0b:5b:98:65:a6:18:48:1b:12:d0:ea:10:bb:32:86:f0:66:
         3a:1c:29:d0:22:65:c2:73:2f:57:03:bd:6e:a3:fc:bb:e1:de:
         63:e2:9e:57:2f:a5:3c:01:b7:6b:d5:bf:36:1d:0d:74:3c:21:
         85:9c:4e:c8:c6:34:9c:3a:87:4d:e1:a4:77:ad:7e:8b:3e:ae:
         c4:8e:c2:7f:dc:40:21:94:63:71:a4:96:a5:2d:3f:dd:a3:47:
         c2:d9:15:63:9f:24:64:a9:f9:7b:8f:43:f9:fa:73:8d:ee:cd:
         52:cc:95:64:65:58:02:68:94:9d:a1:3c:12:f3:bf:7e:2f:10:
         6c:d4:a0:f4:b4:ae:f2:24:90:13:8c:7d:07:39:47:ed:eb:12:
         99:ae:38:bc:3f:f7:8c:7a:75:21:6a:a6:c4:23:87:57:85:d1:
         69:46:a2:ab:17:d5:39:66:78:c1:22:6d:36:91:d1:a2:b9:f4:
         22:3a:b7:77
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAUiSFphsTOi7Okg3oHzjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmNkZDBhNzI2ZWFjN2FlNDA3M2E2M2I5NDU4NGZkNWEzM2Y5NmJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxfMJhjUnsH3pxaNzfJ8XtteAuPsy
/OPUrl7iidaDqTgHz3tw2fKhfB/ViYSP0odfUKkUCZTD8WI3H1R2nApqs6YrBf/4
XVOgq0rCrodhaEoYoEF9ESSTnCrftSqlJCOSdsEqqEl9GbPAY7MUEqYJdGUDo01F
tAtBPyhZgUY1sLIHqIe+tsnOBz9gjSw/S3jgoNQJQVQWMsbRTn9sZfiTrEYSdVnt
BbmzkNeFHbajFchJFnT2C++/yt9p9saVYokuHZcCUXRN8pYkCIOu/ShU0DoqJ++Z
f+jUiSUaL9WvjTVKW6vFASqrq3mtyLmILei4sLu1tvFwMJBzyaw70Fuh0wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFvN0Kcm6seuQHOmO5RYT9WjP5a6MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvVzgzUXB5YnF4NjVBYzZZN2xGaFAxYU1fbHJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQBg
MA0GCSqGSIb3DQEBCwUAA4IBAQCMaTsfF4RRVTlYoHHUe/iGClMJyU/hJa+EVJ5b
E6BT4X6DOQlyYr+1A8sUafbkpNMiru8jit8Qrm/R5JNKRv9Lvgx6uEN/aI9WC1uY
ZaYYSBsS0OoQuzKG8GY6HCnQImXCcy9XA71uo/y74d5j4p5XL6U8Abdr1b82HQ10
PCGFnE7IxjScOodN4aR3rX6LPq7EjsJ/3EAhlGNxpJalLT/do0fC2RVjnyRkqfl7
j0P5+nON7s1SzJVkZVgCaJSdoTwS879+LxBs1KD0tK7yJJATjH0HOUft6xKZrji8
P/eMenUhaqbEI4dXhdFpRqKrF9U5ZnjBIm02kdGiufQiOrd3
-----END CERTIFICATE-----