Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/XuAUJ_ninbSmwrHiHblqI6DsCiI.roa
File:                     XuAUJ_ninbSmwrHiHblqI6DsCiI.roa (raw, json)
Hash identifier:          IJCCwijohAr/pPVmkqn+Uyb2xzuzCwjjsnS4/zMYHYU=
Subject key identifier:   5E:E0:14:27:F9:E2:9D:B4:A6:C2:B1:E2:1D:B9:6A:23:A0:EC:0A:22
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8017CFA6ACAAC8795E2FD4DCF6B231F
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/XuAUJ_ninbSmwrHiHblqI6DsCiI.roa
Signing time:             Tue 02 Jan 2024 02:29:49 +0000
ROA not before:           Tue 02 Jan 2024 02:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212653
IP address blocks:        2a0c:b641:4f0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:7c:fa:6a:ca:ac:87:95:e2:fd:4d:cf:6b:23:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5ee01427f9e29db4a6c2b1e21db96a23a0ec0a22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:09:bc:23:85:b7:16:31:48:de:9c:d3:ee:79:
                    39:ed:52:de:fb:3d:b4:8c:82:ab:32:5e:03:4f:7a:
                    53:2e:73:ea:78:be:93:81:9d:95:94:c8:4d:d5:46:
                    61:82:44:c7:6d:64:0f:71:3d:73:aa:ee:df:9a:fc:
                    a7:65:e8:52:0b:27:3c:1b:dd:20:d0:c8:aa:bd:23:
                    d8:8c:99:84:64:ec:c3:43:b1:70:9b:57:7c:99:8c:
                    a1:5d:6b:17:c3:8e:ac:67:1b:16:5c:de:59:15:c7:
                    13:76:e8:82:fa:02:9d:e3:f4:ec:86:e9:07:c1:a2:
                    2c:7c:16:c0:5c:c7:08:26:13:1a:17:3f:9b:e5:92:
                    19:da:0c:63:7e:cb:36:3a:7b:a8:9b:93:b8:ec:f4:
                    92:f8:ec:79:bf:cc:c8:32:e7:e6:ec:ef:55:ae:39:
                    fd:e0:a0:22:d4:4c:c3:9c:bc:c6:73:ec:9f:44:1c:
                    db:2c:35:4e:47:3c:88:2f:ff:c0:8f:be:1e:62:dc:
                    e2:b6:cd:ec:96:fe:e5:f3:15:e9:e9:0c:12:4a:a3:
                    97:d7:a7:37:26:3f:77:ac:9c:61:d0:c4:ce:95:72:
                    5f:dc:22:d5:26:3e:83:ed:cd:4c:e1:ab:4a:89:e2:
                    04:5d:10:9d:9a:fc:52:5f:e7:49:8f:59:4e:ab:e2:
                    e3:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:E0:14:27:F9:E2:9D:B4:A6:C2:B1:E2:1D:B9:6A:23:A0:EC:0A:22
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/XuAUJ_ninbSmwrHiHblqI6DsCiI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:4f0::/44

    Signature Algorithm: sha256WithRSAEncryption
         9d:7d:7d:46:07:27:0f:57:07:f0:b4:65:88:d6:72:31:b5:89:
         52:f8:18:34:2d:9b:40:83:c8:83:39:1c:27:e2:8d:2d:9b:a8:
         05:0e:dd:21:31:23:0b:50:bd:d5:cb:a4:f1:01:bd:58:f1:63:
         b0:19:31:bb:ad:24:3f:10:57:a0:e2:a2:e3:fc:fa:e1:41:69:
         79:bc:63:56:d1:4d:52:a8:56:6c:2b:4e:41:8a:c3:47:9f:52:
         e0:d1:dd:03:7e:42:5e:18:f9:28:d1:7e:d0:cb:78:97:b6:41:
         fe:45:e0:38:f7:3a:0b:15:b4:7d:1d:4a:64:33:6c:df:e6:7f:
         2a:74:28:1e:92:28:51:cc:5a:87:b1:e4:3b:53:ab:ab:ed:de:
         2b:00:0c:e6:de:f3:80:d9:8e:59:50:1f:20:29:9b:21:10:c6:
         00:ac:72:fd:ee:26:9b:1e:ed:5e:14:35:0f:43:44:f0:4f:fa:
         57:30:e9:6e:a8:64:0e:87:82:99:58:bf:09:7c:e5:8c:a1:35:
         f1:c3:17:3a:69:1e:fd:97:a8:f3:bf:5d:cb:55:1f:8e:d9:5a:
         ec:d5:2c:0a:4f:95:c1:6a:59:76:40:30:36:c5:23:4f:2c:7f:
         fe:84:46:17:65:8c:c3:33:71:68:0e:38:a4:a9:31:86:e4:b9:
         54:a7:5d:e1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAXz6asqsh5Xi/U3PayMfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWUwMTQyN2Y5ZTI5ZGI0YTZjMmIxZTIxZGI5NmEyM2EwZWMwYTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAggm8I4W3FjFI3pzT7nk57VLe+z20
jIKrMl4DT3pTLnPqeL6TgZ2VlMhN1UZhgkTHbWQPcT1zqu7fmvynZehSCyc8G90g
0MiqvSPYjJmEZOzDQ7Fwm1d8mYyhXWsXw46sZxsWXN5ZFccTduiC+gKd4/TshukH
waIsfBbAXMcIJhMaFz+b5ZIZ2gxjfss2Onuom5O47PSS+Ox5v8zIMufm7O9Vrjn9
4KAi1EzDnLzGc+yfRBzbLDVORzyIL//Aj74eYtzits3slv7l8xXp6QwSSqOX16c3
Jj93rJxh0MTOlXJf3CLVJj6D7c1M4atKieIEXRCdmvxSX+dJj1lOq+LjgwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFF7gFCf54p20psKx4h25aiOg7AoiMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvWHVBVUpfbmluYlNtd3JIaUhibHFJNkRzQ2lJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQTw
MA0GCSqGSIb3DQEBCwUAA4IBAQCdfX1GBycPVwfwtGWI1nIxtYlS+Bg0LZtAg8iD
ORwn4o0tm6gFDt0hMSMLUL3Vy6TxAb1Y8WOwGTG7rSQ/EFeg4qLj/PrhQWl5vGNW
0U1SqFZsK05BisNHn1Lg0d0DfkJeGPko0X7Qy3iXtkH+ReA49zoLFbR9HUpkM2zf
5n8qdCgekihRzFqHseQ7U6ur7d4rAAzm3vOA2Y5ZUB8gKZshEMYArHL97iabHu1e
FDUPQ0TwT/pXMOluqGQOh4KZWL8JfOWMoTXxwxc6aR79l6jzv13LVR+O2Vrs1SwK
T5XBall2QDA2xSNPLH/+hEYXZYzDM3FoDjikqTGG5LlUp13h
-----END CERTIFICATE-----