Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Yp9Elp6rTPPyYbehay_GciguPDE.roa
File:                     Yp9Elp6rTPPyYbehay_GciguPDE.roa (raw, json)
Hash identifier:          kQqAZL21FhZ3Q7YcAFUJ2MGHTJtFsGfEKiGBhhiVHrI=
Subject key identifier:   62:9F:44:96:9E:AB:4C:F3:F2:61:B7:A1:6B:2F:C6:72:28:2E:3C:31
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC801595212C349F3FAFF0571DC9F4004
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Yp9Elp6rTPPyYbehay_GciguPDE.roa
Signing time:             Tue 02 Jan 2024 02:29:40 +0000
ROA not before:           Tue 02 Jan 2024 02:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202827
IP address blocks:        2a0c:b641:390::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:59:52:12:c3:49:f3:fa:ff:05:71:dc:9f:40:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=629f44969eab4cf3f261b7a16b2fc672282e3c31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:31:30:45:cd:cc:03:15:af:d7:cb:03:2b:e7:
                    f5:89:c3:80:86:a1:f2:96:02:86:57:ba:20:ef:ad:
                    84:91:5b:9d:6e:91:7a:82:85:78:aa:a5:2e:98:d6:
                    59:a5:5d:c4:ca:8c:83:ed:9b:49:1e:88:c9:f8:da:
                    96:4c:ac:67:12:71:c1:bb:25:af:7a:4a:95:c9:a5:
                    9e:2e:64:56:73:97:0c:b2:27:12:9b:de:ba:2d:51:
                    78:54:bd:cb:41:18:a8:c0:be:43:4f:ea:eb:a6:7a:
                    c4:87:a3:c8:4c:21:5d:42:63:40:6c:1f:ad:0d:fd:
                    33:62:7c:69:af:29:db:15:d8:6d:25:a8:4d:d6:34:
                    1a:ec:fe:4a:15:6d:06:35:2d:23:2f:2e:7f:fc:6f:
                    cd:e3:b7:b4:f5:e8:75:4a:bd:23:fd:d2:e0:3d:a4:
                    c1:b9:f5:aa:d2:f1:38:41:5b:70:d4:72:cc:d3:c2:
                    c1:33:14:52:47:7d:ea:ce:0d:aa:21:ca:1c:64:fc:
                    a7:b4:13:05:bd:15:86:39:82:3f:00:9b:27:02:db:
                    a6:5f:35:76:ae:5e:c6:1b:48:aa:ca:a4:8c:a5:b6:
                    42:52:68:c0:f9:c4:4c:8d:6f:0d:98:42:93:18:ca:
                    82:72:68:50:ef:10:dd:be:28:00:51:3f:33:be:a7:
                    01:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:9F:44:96:9E:AB:4C:F3:F2:61:B7:A1:6B:2F:C6:72:28:2E:3C:31
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Yp9Elp6rTPPyYbehay_GciguPDE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:390::/44

    Signature Algorithm: sha256WithRSAEncryption
         8b:1f:b5:7b:f1:b0:c5:c1:24:d1:3a:be:70:3a:a6:e9:dd:d8:
         cd:e0:6e:6e:a7:cc:64:35:4c:a0:79:a9:99:0c:4d:7e:b8:f8:
         35:bf:88:d9:e5:6b:8e:fd:16:03:f6:6d:f4:5a:dd:98:e3:81:
         9d:a6:ed:53:81:d5:0b:a7:38:26:e0:03:d2:d7:3b:c4:86:27:
         f2:39:a6:67:7a:a1:f1:b4:3f:a9:0f:f7:13:89:76:af:02:6e:
         fa:66:cd:ff:6a:e8:ea:cf:e5:2f:0e:bd:05:7f:b2:77:bc:b8:
         5c:43:f7:01:50:c8:48:63:98:c6:b0:ce:d0:fc:97:33:d4:6a:
         72:09:26:1c:46:6a:fa:98:48:90:b2:46:a5:34:e8:77:3e:16:
         4a:4a:1f:5d:4f:7d:83:cb:d5:b9:fc:fb:26:bd:b1:fc:b9:2d:
         37:81:0c:3f:08:3b:1e:6c:3b:8a:30:03:54:ac:26:60:35:0e:
         80:94:87:52:ee:bf:3a:bd:6c:7e:7a:1e:df:fb:96:4b:16:34:
         87:91:1d:73:4c:c3:96:11:da:a0:8e:3e:ba:b7:b6:01:a5:34:
         3c:b7:f5:a6:9c:d1:3f:41:e8:fa:b0:09:a9:23:85:cc:72:2a:
         34:31:7e:4c:7d:e6:60:ba:f3:d7:13:ff:28:21:46:aa:22:f1:
         80:16:28:bc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAVlSEsNJ8/r/BXHcn0AEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjlmNDQ5NjllYWI0Y2YzZjI2MWI3YTE2YjJmYzY3MjI4MmUzYzMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqzEwRc3MAxWv18sDK+f1icOAhqHy
lgKGV7og762EkVudbpF6goV4qqUumNZZpV3EyoyD7ZtJHojJ+NqWTKxnEnHBuyWv
ekqVyaWeLmRWc5cMsicSm966LVF4VL3LQRiowL5DT+rrpnrEh6PITCFdQmNAbB+t
Df0zYnxprynbFdhtJahN1jQa7P5KFW0GNS0jLy5//G/N47e09eh1Sr0j/dLgPaTB
ufWq0vE4QVtw1HLM08LBMxRSR33qzg2qIcocZPyntBMFvRWGOYI/AJsnAtumXzV2
rl7GG0iqyqSMpbZCUmjA+cRMjW8NmEKTGMqCcmhQ7xDdvigAUT8zvqcB1wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGKfRJaeq0zz8mG3oWsvxnIoLjwxMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvWXA5RWxwNnJUUFB5WWJlaGF5X0djaWd1UERFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQOQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCLH7V78bDFwSTROr5wOqbp3djN4G5up8xkNUyg
eamZDE1+uPg1v4jZ5WuO/RYD9m30Wt2Y44Gdpu1TgdULpzgm4APS1zvEhifyOaZn
eqHxtD+pD/cTiXavAm76Zs3/aujqz+UvDr0Ff7J3vLhcQ/cBUMhIY5jGsM7Q/Jcz
1GpyCSYcRmr6mEiQskalNOh3PhZKSh9dT32Dy9W5/PsmvbH8uS03gQw/CDsebDuK
MANUrCZgNQ6AlIdS7r86vWx+eh7f+5ZLFjSHkR1zTMOWEdqgjj66t7YBpTQ8t/Wm
nNE/Qej6sAmpI4XMcio0MX5MfeZguvPXE/8oIUaqIvGAFii8
-----END CERTIFICATE-----