Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/WZ8Cxlg8UzIxtIRgx_e2gE1toY4.roa
File:                     WZ8Cxlg8UzIxtIRgx_e2gE1toY4.roa (raw, json)
Hash identifier:          Fnjh0frfBYnVM1zNgfLiE+mBTPTtZKxPrKpTvfef8Fg=
Subject key identifier:   59:9F:02:C6:58:3C:53:32:31:B4:84:60:C7:F7:B6:80:4D:6D:A1:8E
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8015EDF8CDA7BA7FA80B1ED3DE58B39
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/WZ8Cxlg8UzIxtIRgx_e2gE1toY4.roa
Signing time:             Tue 02 Jan 2024 02:29:42 +0000
ROA not before:           Tue 02 Jan 2024 02:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205463
IP address blocks:        2a0c:b641:9f0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:5e:df:8c:da:7b:a7:fa:80:b1:ed:3d:e5:8b:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=599f02c6583c533231b48460c7f7b6804d6da18e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:ab:a2:cd:40:f9:ec:46:5b:88:84:60:02:36:
                    c1:e8:ad:81:76:23:d4:f1:a5:50:15:11:65:09:79:
                    1d:e6:42:c5:81:cf:0b:2d:db:c0:50:c5:67:c1:be:
                    e2:ab:44:59:6c:36:94:8d:88:19:60:cc:44:d0:b8:
                    3f:0e:d2:c0:aa:39:9c:a1:a9:6f:67:69:b8:7b:1b:
                    06:2c:98:70:65:f1:1b:f8:d7:19:1a:fe:25:bb:ab:
                    33:48:78:bf:94:b4:e8:08:7f:f3:14:b3:ae:09:0b:
                    b3:ef:19:76:5c:d1:ed:14:8d:8f:af:2f:32:e5:9b:
                    5b:0e:18:06:f8:43:5b:51:1b:3b:a1:3c:0c:7f:d6:
                    da:80:bf:e1:a0:31:2c:99:cb:d9:c3:64:fe:97:da:
                    f5:d3:a8:ab:ce:d2:11:e8:29:3f:72:55:dc:89:f7:
                    9e:d7:bc:81:f0:9d:c0:0e:de:47:a1:26:0e:2d:fa:
                    b5:d6:4a:04:12:34:be:ed:d5:53:fb:27:bf:d3:61:
                    38:0f:49:05:f2:ea:92:34:1d:00:14:35:19:ec:6f:
                    2c:cb:b1:db:6e:62:48:e6:90:fc:e2:a2:63:c6:68:
                    8a:8d:e5:b8:4a:74:3b:59:2b:06:e5:63:a2:69:2f:
                    cd:26:53:a8:55:29:0b:2c:d8:ec:ac:7b:64:6d:e1:
                    b5:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:9F:02:C6:58:3C:53:32:31:B4:84:60:C7:F7:B6:80:4D:6D:A1:8E
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/WZ8Cxlg8UzIxtIRgx_e2gE1toY4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:9f0::/44

    Signature Algorithm: sha256WithRSAEncryption
         73:eb:8e:0f:69:5d:8b:55:eb:08:d9:6f:9b:8a:40:5b:e3:88:
         b0:46:80:1b:15:6c:78:db:ce:d3:12:62:06:4f:29:d0:0a:13:
         1c:f8:3e:23:27:2b:e7:3e:b0:1d:72:3a:b9:91:8d:a3:ea:39:
         51:87:f3:87:41:ee:82:86:b1:c8:34:a0:e2:66:75:bf:51:16:
         49:15:11:72:c4:ef:58:90:4f:61:d2:52:ad:6c:3f:25:d0:0f:
         57:ae:f2:ae:42:be:51:98:a1:49:8c:9a:49:de:76:1c:2a:de:
         85:9b:69:b5:78:2c:89:37:96:bb:48:43:46:01:bd:da:e8:c0:
         31:7f:68:a6:24:b6:2a:02:4c:fc:8f:b6:cc:c8:41:2b:1f:77:
         19:0d:b2:c2:f8:47:0d:2a:1e:78:db:4d:f1:06:b5:e4:db:a4:
         f9:ce:33:7a:14:a3:a8:05:49:58:f3:9a:35:d9:23:08:6a:3f:
         91:4c:3c:9f:72:1b:4c:a4:3a:23:d2:89:1a:06:27:ee:ac:1e:
         4a:83:25:c9:df:5f:b9:80:e5:e0:bd:06:c1:be:45:c8:ce:a6:
         90:35:38:75:7c:41:3a:2b:41:e3:44:22:8c:ea:fd:6c:a8:ac:
         2a:b4:6f:36:64:65:09:1b:d7:e2:5e:cc:05:fc:e7:76:9d:1f:
         25:b9:dd:04
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAV7fjNp7p/qAse095Ys5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTlmMDJjNjU4M2M1MzMyMzFiNDg0NjBjN2Y3YjY4MDRkNmRhMThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6uizUD57EZbiIRgAjbB6K2BdiPU
8aVQFRFlCXkd5kLFgc8LLdvAUMVnwb7iq0RZbDaUjYgZYMxE0Lg/DtLAqjmcoalv
Z2m4exsGLJhwZfEb+NcZGv4lu6szSHi/lLToCH/zFLOuCQuz7xl2XNHtFI2Pry8y
5ZtbDhgG+ENbURs7oTwMf9bagL/hoDEsmcvZw2T+l9r106irztIR6Ck/clXcifee
17yB8J3ADt5HoSYOLfq11koEEjS+7dVT+ye/02E4D0kF8uqSNB0AFDUZ7G8sy7Hb
bmJI5pD84qJjxmiKjeW4SnQ7WSsG5WOiaS/NJlOoVSkLLNjsrHtkbeG15wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFmfAsZYPFMyMbSEYMf3toBNbaGOMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvV1o4Q3hsZzhVekl4dElSZ3hfZTJnRTF0b1k0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQnw
MA0GCSqGSIb3DQEBCwUAA4IBAQBz644PaV2LVesI2W+bikBb44iwRoAbFWx4287T
EmIGTynQChMc+D4jJyvnPrAdcjq5kY2j6jlRh/OHQe6ChrHINKDiZnW/URZJFRFy
xO9YkE9h0lKtbD8l0A9XrvKuQr5RmKFJjJpJ3nYcKt6Fm2m1eCyJN5a7SENGAb3a
6MAxf2imJLYqAkz8j7bMyEErH3cZDbLC+EcNKh54203xBrXk26T5zjN6FKOoBUlY
85o12SMIaj+RTDyfchtMpDoj0okaBifurB5KgyXJ31+5gOXgvQbBvkXIzqaQNTh1
fEE6K0HjRCKM6v1sqKwqtG82ZGUJG9fiXswF/Od2nR8lud0E
-----END CERTIFICATE-----