Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/WytAjSvg6gD2oV5UOsnbYOGsMdI.roa
File:                     WytAjSvg6gD2oV5UOsnbYOGsMdI.roa (raw, json)
Hash identifier:          eB/fv2x/0DbuJlmXBfEJtJfWybG46MC5CJd5ebLhBe0=
Subject key identifier:   5B:2B:40:8D:2B:E0:EA:00:F6:A1:5E:54:3A:C9:DB:60:E1:AC:31:D2
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8016CAE782B39DF1CC504A088D90331
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/WytAjSvg6gD2oV5UOsnbYOGsMdI.roa
Signing time:             Tue 02 Jan 2024 02:29:45 +0000
ROA not before:           Tue 02 Jan 2024 02:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209710
IP address blocks:        2a0c:b641:200::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:6c:ae:78:2b:39:df:1c:c5:04:a0:88:d9:03:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5b2b408d2be0ea00f6a15e543ac9db60e1ac31d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:69:5d:24:9c:03:24:e1:1d:ef:d4:89:95:7d:
                    c3:31:c4:5d:36:55:8a:6d:cc:2b:3e:ef:48:79:3a:
                    89:67:66:64:14:60:8c:b7:0d:47:7c:0e:7a:fb:8f:
                    13:1b:cc:7d:13:7d:ba:83:de:0a:34:0f:08:59:c3:
                    ce:e1:bc:f7:c8:1e:cc:a2:08:42:80:9c:a3:21:be:
                    1a:37:1e:ca:83:bc:f5:20:4f:d2:89:93:30:67:1b:
                    8e:13:d4:f2:6e:f9:8b:3a:dd:0d:fb:8a:af:bb:5b:
                    74:aa:84:28:3f:a6:fd:5f:e5:da:b5:50:a4:14:e6:
                    36:8d:d6:0c:b5:95:d7:7f:7c:fb:c4:17:0e:e7:ac:
                    01:84:a9:ae:c8:46:bf:6b:94:a8:83:4c:1f:67:1a:
                    96:36:81:2a:d6:b6:33:bd:84:f5:32:6e:76:af:20:
                    22:60:87:a5:9e:6b:65:dc:ed:15:aa:dc:dd:58:62:
                    61:74:71:e2:f5:8a:e7:d8:58:72:1c:50:b9:d4:98:
                    e7:12:00:d0:40:83:57:fd:e1:81:19:0b:60:38:5a:
                    80:89:c2:03:40:3e:17:3c:65:89:de:b3:50:6d:c3:
                    6c:62:9b:89:1a:45:4a:3a:f5:32:60:25:78:0e:77:
                    84:99:c6:72:24:09:66:17:89:b3:b1:64:25:b4:6f:
                    26:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:2B:40:8D:2B:E0:EA:00:F6:A1:5E:54:3A:C9:DB:60:E1:AC:31:D2
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/WytAjSvg6gD2oV5UOsnbYOGsMdI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:200::/44

    Signature Algorithm: sha256WithRSAEncryption
         14:ed:20:5f:d1:ed:0c:15:d6:b2:44:f8:a1:6e:40:1d:c9:3f:
         76:26:df:3a:86:c9:3b:fc:45:67:61:3b:25:96:2b:b2:e3:8d:
         3b:c7:eb:1f:96:b6:41:34:e4:98:a7:08:5c:06:cf:4c:3a:84:
         56:5c:66:1d:81:ae:38:96:18:aa:c2:0e:44:18:6b:e1:2c:df:
         3c:a3:23:1d:98:2f:59:8b:82:bf:29:28:cd:73:20:57:e1:af:
         c7:1c:57:bc:6d:1a:4d:30:9d:c8:6d:d7:d5:34:30:b4:39:45:
         8f:02:3b:57:be:36:76:8d:f1:a3:cd:51:7e:f2:86:12:b8:27:
         12:78:90:07:4c:85:65:8a:4b:74:24:33:b8:85:ee:f0:a3:cd:
         62:1f:21:bc:c8:16:6f:4a:b3:86:86:95:81:bf:c7:3e:8d:f1:
         7d:02:f5:4a:e0:7a:9b:e3:24:7d:26:ce:a1:b7:bc:c6:5c:6c:
         c8:c4:45:55:3a:54:dc:cd:9a:14:ca:34:e8:de:d9:88:43:13:
         05:e7:0f:c5:72:ef:b3:8e:8f:36:f2:65:4b:5e:ef:17:83:64:
         47:72:97:28:81:12:e1:07:75:8b:64:83:69:6a:b3:b6:87:9a:
         dc:2f:ad:b5:c3:fd:87:c5:37:83:48:08:44:88:16:5e:c1:4e:
         d0:06:03:8a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAWyueCs53xzFBKCI2QMxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjJiNDA4ZDJiZTBlYTAwZjZhMTVlNTQzYWM5ZGI2MGUxYWMzMWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApWldJJwDJOEd79SJlX3DMcRdNlWK
bcwrPu9IeTqJZ2ZkFGCMtw1HfA56+48TG8x9E326g94KNA8IWcPO4bz3yB7MoghC
gJyjIb4aNx7Kg7z1IE/SiZMwZxuOE9TybvmLOt0N+4qvu1t0qoQoP6b9X+XatVCk
FOY2jdYMtZXXf3z7xBcO56wBhKmuyEa/a5Sog0wfZxqWNoEq1rYzvYT1Mm52ryAi
YIelnmtl3O0VqtzdWGJhdHHi9Yrn2FhyHFC51JjnEgDQQINX/eGBGQtgOFqAicID
QD4XPGWJ3rNQbcNsYpuJGkVKOvUyYCV4DneEmcZyJAlmF4mzsWQltG8mCQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFsrQI0r4OoA9qFeVDrJ22DhrDHSMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvV3l0QWpTdmc2Z0Qyb1Y1VU9zbmJZT0dzTWRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQIA
MA0GCSqGSIb3DQEBCwUAA4IBAQAU7SBf0e0MFdayRPihbkAdyT92Jt86hsk7/EVn
YTslliuy4407x+sflrZBNOSYpwhcBs9MOoRWXGYdga44lhiqwg5EGGvhLN88oyMd
mC9Zi4K/KSjNcyBX4a/HHFe8bRpNMJ3IbdfVNDC0OUWPAjtXvjZ2jfGjzVF+8oYS
uCcSeJAHTIVlikt0JDO4he7wo81iHyG8yBZvSrOGhpWBv8c+jfF9AvVK4Hqb4yR9
Js6ht7zGXGzIxEVVOlTczZoUyjTo3tmIQxMF5w/Fcu+zjo828mVLXu8Xg2RHcpco
gRLhB3WLZINparO2h5rcL621w/2HxTeDSAhEiBZewU7QBgOK
-----END CERTIFICATE-----