Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/ZBOfHlEmXan8lQi-0qXcz2hj7kU.roa
File:                     ZBOfHlEmXan8lQi-0qXcz2hj7kU.roa (raw, json)
Hash identifier:          x/sm57NxoHwTo/h+DNJhyJfie0Yq0bBTzF2xFWcmEZk=
Subject key identifier:   64:13:9F:1E:51:26:5D:A9:FC:95:08:BE:D2:A5:DC:CF:68:63:EE:45
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8016FA570DE677F4F14D1F766571C3A
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/ZBOfHlEmXan8lQi-0qXcz2hj7kU.roa
Signing time:             Tue 02 Jan 2024 02:29:46 +0000
ROA not before:           Tue 02 Jan 2024 02:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210281
IP address blocks:        2a0c:b641:820::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:6f:a5:70:de:67:7f:4f:14:d1:f7:66:57:1c:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=64139f1e51265da9fc9508bed2a5dccf6863ee45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:c6:29:17:d6:40:52:58:49:0f:d4:9a:85:8b:
                    0e:3f:52:23:6b:ef:a8:98:8f:36:85:41:7c:0d:f2:
                    a0:bc:f7:54:66:53:dc:dc:0e:89:89:6a:03:13:55:
                    f0:cc:b3:1f:d2:c6:f3:ef:60:93:2a:56:63:8f:5d:
                    19:02:36:3c:0d:2e:77:97:a9:d1:9a:7d:e0:88:63:
                    8d:e5:60:88:cd:d5:09:c6:ef:a0:f5:d5:86:4d:fa:
                    3c:c7:f9:1a:d1:c7:4e:13:d6:b9:1d:8a:a1:0a:78:
                    83:1e:04:7c:5f:c5:c5:db:7e:f2:5c:76:24:c8:e0:
                    56:42:74:0c:9a:37:6e:01:5c:c0:9e:8a:61:3a:a0:
                    a7:48:77:5f:54:dd:e9:d1:74:49:d1:8c:86:cc:42:
                    9c:1b:17:73:68:1c:a7:60:af:11:46:60:22:c8:0d:
                    d3:85:a0:83:8e:14:c4:f4:0a:fd:42:d4:06:f4:07:
                    c1:0d:14:a0:eb:1d:6c:2e:f7:b6:5c:3f:73:9b:51:
                    2c:3a:cd:36:db:65:77:48:b4:cd:a7:4c:d4:26:76:
                    06:61:b4:03:0d:e1:b3:84:0d:31:3e:5a:12:17:4c:
                    05:63:2c:de:31:17:a4:0f:55:c4:90:21:b3:18:92:
                    e6:87:09:3b:54:2d:da:a8:0d:20:75:5f:95:d3:f3:
                    b7:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:13:9F:1E:51:26:5D:A9:FC:95:08:BE:D2:A5:DC:CF:68:63:EE:45
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/ZBOfHlEmXan8lQi-0qXcz2hj7kU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:820::/44

    Signature Algorithm: sha256WithRSAEncryption
         38:1b:8e:b1:d9:98:7c:dd:14:5f:6b:ed:96:9b:01:a6:96:37:
         be:65:a6:3b:e6:42:b1:a3:d4:7d:44:5b:62:ee:e3:81:58:c0:
         50:c4:0b:46:9d:64:4d:4d:1a:17:f0:41:11:50:c5:26:94:55:
         5d:8c:17:5b:ed:be:4c:c0:e9:58:f4:2b:ce:5b:92:cd:25:89:
         d4:98:b3:40:59:12:b5:ae:1f:39:4a:2d:ab:e6:9c:00:fb:da:
         39:df:bd:09:07:a8:48:9e:a6:10:b4:8a:ab:77:35:df:03:47:
         2f:e8:24:7e:c9:11:ec:98:bb:fe:32:5a:15:a7:db:a0:f3:01:
         51:26:c2:a2:d2:6e:32:72:54:ad:9d:d2:dd:f4:48:3e:27:ff:
         ad:f0:11:21:e6:ce:f8:3b:7e:68:68:c6:9c:56:e8:75:8e:f9:
         4a:95:7f:0e:60:6f:46:b4:4e:54:91:c3:a5:18:ed:91:1a:fa:
         e9:e1:43:93:1b:e0:67:73:64:e9:e4:7e:f0:09:1c:08:d5:7d:
         15:9d:85:11:1f:a7:1e:a4:65:02:fb:41:cf:26:9d:f7:91:5b:
         aa:93:b1:69:11:e2:74:54:9a:01:9d:06:3e:f5:e4:0d:73:9a:
         62:00:ae:12:8a:a1:09:25:36:0a:92:90:48:db:df:e5:4d:c2:
         03:ea:d3:d8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAW+lcN5nf08U0fdmVxw6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDEzOWYxZTUxMjY1ZGE5ZmM5NTA4YmVkMmE1ZGNjZjY4NjNlZTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA88YpF9ZAUlhJD9SahYsOP1Ija++o
mI82hUF8DfKgvPdUZlPc3A6JiWoDE1XwzLMf0sbz72CTKlZjj10ZAjY8DS53l6nR
mn3giGON5WCIzdUJxu+g9dWGTfo8x/ka0cdOE9a5HYqhCniDHgR8X8XF237yXHYk
yOBWQnQMmjduAVzAnophOqCnSHdfVN3p0XRJ0YyGzEKcGxdzaBynYK8RRmAiyA3T
haCDjhTE9Ar9QtQG9AfBDRSg6x1sLve2XD9zm1EsOs0222V3SLTNp0zUJnYGYbQD
DeGzhA0xPloSF0wFYyzeMRekD1XEkCGzGJLmhwk7VC3aqA0gdV+V0/O3WQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGQTnx5RJl2p/JUIvtKl3M9oY+5FMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvWkJPZkhsRW1YYW44bFFpLTBxWGN6MmhqN2tVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQgg
MA0GCSqGSIb3DQEBCwUAA4IBAQA4G46x2Zh83RRfa+2WmwGmlje+ZaY75kKxo9R9
RFti7uOBWMBQxAtGnWRNTRoX8EERUMUmlFVdjBdb7b5MwOlY9CvOW5LNJYnUmLNA
WRK1rh85Si2r5pwA+9o5370JB6hInqYQtIqrdzXfA0cv6CR+yRHsmLv+MloVp9ug
8wFRJsKi0m4yclStndLd9Eg+J/+t8BEh5s74O35oaMacVuh1jvlKlX8OYG9GtE5U
kcOlGO2RGvrp4UOTG+Bnc2Tp5H7wCRwI1X0VnYURH6cepGUC+0HPJp33kVuqk7Fp
EeJ0VJoBnQY+9eQNc5piAK4SiqEJJTYKkpBI29/lTcID6tPY
-----END CERTIFICATE-----