Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Yi74dvpL7N2TQPbugIQ1lXDjZ90.roa
File:                     Yi74dvpL7N2TQPbugIQ1lXDjZ90.roa (raw, json)
Hash identifier:          mmXx8EquaNt4SoOmwBracTJHhRftK7lEiDdXKEK4VPo=
Subject key identifier:   62:2E:F8:76:FA:4B:EC:DD:93:40:F6:EE:80:84:35:95:70:E3:67:DD
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8015E9F8D1D76AFB5F9506D346183F6
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Yi74dvpL7N2TQPbugIQ1lXDjZ90.roa
Signing time:             Tue 02 Jan 2024 02:29:42 +0000
ROA not before:           Tue 02 Jan 2024 02:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204767
IP address blocks:        2a0c:b641:8c0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:5e:9f:8d:1d:76:af:b5:f9:50:6d:34:61:83:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=622ef876fa4becdd9340f6ee8084359570e367dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:0e:fc:04:54:22:82:43:96:af:65:1c:a8:37:
                    df:3b:08:63:5c:85:2b:06:b5:95:22:54:b3:64:b7:
                    ec:c3:44:26:a5:fb:dc:92:27:55:16:1a:d0:4d:e5:
                    19:19:44:fd:4a:c8:ca:ac:cb:a8:dc:d7:00:4b:b8:
                    f9:66:a5:ef:24:fd:ae:0f:e1:60:97:28:51:da:b0:
                    5d:f5:f1:38:52:86:37:e6:93:c2:de:be:e5:9e:a9:
                    15:88:a1:c7:7a:80:ad:c1:3d:ee:23:95:d1:e5:13:
                    1b:08:ea:02:a4:dc:8e:85:e9:eb:d5:b6:85:18:50:
                    03:ac:b1:6c:d9:83:e0:3f:75:73:f0:6a:76:8f:04:
                    7a:fe:11:a9:c9:d1:53:ad:0c:57:a2:9f:ef:74:9c:
                    24:56:26:f9:fd:33:82:9a:ac:3c:0e:bf:9f:f1:19:
                    9c:34:18:9a:8a:df:36:12:99:3c:e5:05:c2:70:c9:
                    b3:b0:7c:ca:41:f2:7e:8a:ec:01:1c:ac:a0:3c:ec:
                    2c:22:ce:9d:07:2e:12:48:3d:df:b3:8b:c3:61:32:
                    61:43:b9:79:63:fd:50:be:02:98:ec:86:ca:c0:37:
                    f0:da:a6:88:7b:36:cf:ea:b1:05:16:df:f0:b8:96:
                    cf:13:f6:21:42:88:5b:99:90:25:f8:c3:29:57:b3:
                    bc:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:2E:F8:76:FA:4B:EC:DD:93:40:F6:EE:80:84:35:95:70:E3:67:DD
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Yi74dvpL7N2TQPbugIQ1lXDjZ90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:8c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         83:02:13:2d:71:49:4d:3d:13:30:f6:f1:2d:dd:d9:84:26:a6:
         1c:ad:c4:7a:6a:e9:23:94:5e:b2:28:03:0b:c8:16:ae:fa:d9:
         b5:90:2e:5c:28:f3:4a:af:63:79:64:15:4d:f6:3e:e0:76:be:
         f4:e8:b3:5d:16:2f:ce:0d:67:04:60:e6:02:c1:10:07:d7:b9:
         da:f5:00:b8:b6:e9:15:92:7e:a5:4f:26:e7:cc:f6:33:01:25:
         e9:86:59:3e:79:35:30:f5:70:8b:0c:22:76:89:e0:81:60:21:
         49:14:5b:b1:f0:15:1e:f9:b8:93:a0:0b:78:96:d6:e2:5a:05:
         53:a5:fd:1e:0a:51:3f:39:8a:27:6d:73:72:9e:35:25:a4:d7:
         a8:08:0e:94:90:6f:45:4f:e6:33:f7:6b:ac:cf:0b:bd:7f:33:
         82:5b:aa:6d:50:b3:22:ab:85:57:fa:28:22:5b:3b:b3:1c:8c:
         5c:9c:92:5d:36:63:bf:d4:04:d2:5d:c3:56:b6:ee:ea:40:44:
         7b:0b:13:97:7c:00:34:22:b9:3b:60:fa:46:6c:83:6d:c4:cc:
         99:7c:3e:9d:a5:aa:5d:11:2d:e2:3f:43:10:2a:ef:d9:6b:aa:
         cb:6c:f7:c8:49:f8:5d:d7:e1:45:9d:bf:4e:85:22:67:3a:3d:
         c4:5f:43:93
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAV6fjR12r7X5UG00YYP2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjJlZjg3NmZhNGJlY2RkOTM0MGY2ZWU4MDg0MzU5NTcwZTM2N2RkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhg78BFQigkOWr2UcqDffOwhjXIUr
BrWVIlSzZLfsw0QmpfvckidVFhrQTeUZGUT9SsjKrMuo3NcAS7j5ZqXvJP2uD+Fg
lyhR2rBd9fE4UoY35pPC3r7lnqkViKHHeoCtwT3uI5XR5RMbCOoCpNyOhenr1baF
GFADrLFs2YPgP3Vz8Gp2jwR6/hGpydFTrQxXop/vdJwkVib5/TOCmqw8Dr+f8Rmc
NBiait82Epk85QXCcMmzsHzKQfJ+iuwBHKygPOwsIs6dBy4SSD3fs4vDYTJhQ7l5
Y/1QvgKY7IbKwDfw2qaIezbP6rEFFt/wuJbPE/YhQohbmZAl+MMpV7O8PQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGIu+Hb6S+zdk0D27oCENZVw42fdMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvWWk3NGR2cEw3TjJUUVBidWdJUTFsWERqWjkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQjA
MA0GCSqGSIb3DQEBCwUAA4IBAQCDAhMtcUlNPRMw9vEt3dmEJqYcrcR6aukjlF6y
KAMLyBau+tm1kC5cKPNKr2N5ZBVN9j7gdr706LNdFi/ODWcEYOYCwRAH17na9QC4
tukVkn6lTybnzPYzASXphlk+eTUw9XCLDCJ2ieCBYCFJFFux8BUe+biToAt4ltbi
WgVTpf0eClE/OYonbXNynjUlpNeoCA6UkG9FT+Yz92uszwu9fzOCW6ptULMiq4VX
+igiWzuzHIxcnJJdNmO/1ATSXcNWtu7qQER7CxOXfAA0Irk7YPpGbINtxMyZfD6d
papdES3iP0MQKu/Za6rLbPfISfhd1+FFnb9OhSJnOj3EX0OT
-----END CERTIFICATE-----