Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/ZHtOvQWQ93fLkrcba2TY-SdyM8g.roa
File:                     ZHtOvQWQ93fLkrcba2TY-SdyM8g.roa (raw, json)
Hash identifier:          6JLrh7fPLk3ypWcLufKCLIfHLIUYa59GvSoil594K0U=
Subject key identifier:   64:7B:4E:BD:05:90:F7:77:CB:92:B7:1B:6B:64:D8:F9:27:72:33:C8
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8017A11879C5BD2ED1809498DF9DCC1
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/ZHtOvQWQ93fLkrcba2TY-SdyM8g.roa
Signing time:             Tue 02 Jan 2024 02:29:49 +0000
ROA not before:           Tue 02 Jan 2024 02:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212201
IP address blocks:        2a0c:b641:c0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:7a:11:87:9c:5b:d2:ed:18:09:49:8d:f9:dc:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=647b4ebd0590f777cb92b71b6b64d8f9277233c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:20:e4:97:c5:7c:02:04:f7:d5:0a:9d:00:5a:
                    19:39:8d:b8:fb:a5:16:2f:fa:ea:82:ca:30:f4:d8:
                    c7:77:fd:c0:b1:51:76:75:3f:05:2a:6e:28:c1:00:
                    84:17:3a:c9:3a:cc:00:ce:d7:2c:e8:78:a2:ea:bb:
                    b2:06:76:a0:82:d7:93:dd:a5:64:ba:8a:6e:c6:5d:
                    34:ae:f1:65:e8:50:65:52:26:ca:94:6f:2c:d6:27:
                    9d:c9:c8:cb:fe:45:48:09:4d:ec:e0:99:db:b1:a5:
                    ab:50:d7:86:08:57:d4:9c:ec:fd:d4:86:cc:2f:4a:
                    31:a0:41:75:eb:9f:cc:92:39:24:29:00:ce:80:86:
                    57:aa:c3:47:1e:ee:bf:96:9e:73:72:14:b0:2c:68:
                    e3:d4:17:c6:a1:26:a7:2c:b0:f3:af:47:1f:45:53:
                    02:84:ac:8d:fd:ae:1a:91:6b:2a:22:34:a0:75:ff:
                    f2:74:33:5e:2f:8e:6c:e4:98:df:1b:9c:e2:19:6f:
                    2e:55:09:13:57:1d:8e:f4:2b:ea:76:1a:7f:5c:02:
                    f9:2e:9a:c6:8d:56:5a:3a:25:59:59:c1:5e:ac:05:
                    f0:6f:8c:94:2b:73:37:a1:ac:22:57:4e:44:28:b4:
                    97:5e:9d:91:1c:8d:d4:1e:7f:1b:b1:81:30:96:26:
                    5f:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:7B:4E:BD:05:90:F7:77:CB:92:B7:1B:6B:64:D8:F9:27:72:33:C8
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/ZHtOvQWQ93fLkrcba2TY-SdyM8g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         4a:a7:0b:a5:ae:83:de:c8:1c:3e:7d:57:f6:be:39:0b:30:50:
         56:b8:e6:54:bf:91:ab:f9:27:8c:d9:54:b9:d6:87:33:0d:9b:
         7e:ed:28:05:fd:8c:1f:d7:d7:60:be:50:fc:49:12:f1:cd:40:
         e6:de:0a:bd:77:b7:c2:93:d4:8a:5b:c5:db:d7:d7:f0:8b:94:
         6f:a3:2f:ce:fb:fd:a6:14:eb:b2:05:7b:d2:67:80:4c:a0:7f:
         be:fb:62:05:7f:0a:55:be:7a:43:82:59:e5:64:d6:6c:b9:fb:
         77:6e:cb:5c:4a:81:73:47:97:a6:83:54:d4:3a:19:61:b6:90:
         34:d9:98:7e:fe:d3:f7:be:36:f3:ac:d4:b5:b6:3b:5f:eb:e6:
         bd:df:a4:2e:4a:84:4f:19:bd:07:95:86:54:60:7e:29:be:8e:
         56:4e:09:6b:88:0f:4a:6a:1e:f8:09:41:ba:48:4c:11:2c:34:
         15:ab:9f:e8:b4:4a:54:ee:51:b7:b0:9c:b5:fd:1f:6e:9f:a7:
         b2:09:bf:e9:19:10:ad:26:59:a0:4f:dd:32:cd:80:b8:a3:4a:
         56:72:8a:76:36:8d:97:45:ea:11:37:4d:4b:61:ec:f8:7b:7a:
         da:f0:79:9a:f6:8f:26:7d:38:dc:31:04:16:86:3f:b9:69:6a:
         4f:b8:3b:5a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAXoRh5xb0u0YCUmN+dzBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDdiNGViZDA1OTBmNzc3Y2I5MmI3MWI2YjY0ZDhmOTI3NzIzM2M4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsCDkl8V8AgT31QqdAFoZOY24+6UW
L/rqgsow9NjHd/3AsVF2dT8FKm4owQCEFzrJOswAztcs6Hii6ruyBnaggteT3aVk
uopuxl00rvFl6FBlUibKlG8s1iedycjL/kVICU3s4JnbsaWrUNeGCFfUnOz91IbM
L0oxoEF165/MkjkkKQDOgIZXqsNHHu6/lp5zchSwLGjj1BfGoSanLLDzr0cfRVMC
hKyN/a4akWsqIjSgdf/ydDNeL45s5JjfG5ziGW8uVQkTVx2O9Cvqdhp/XAL5LprG
jVZaOiVZWcFerAXwb4yUK3M3oawiV05EKLSXXp2RHI3UHn8bsYEwliZfCwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGR7Tr0FkPd3y5K3G2tk2PkncjPIMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvWkh0T3ZRV1E5M2ZMa3JjYmEyVFktU2R5TThnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQDA
MA0GCSqGSIb3DQEBCwUAA4IBAQBKpwulroPeyBw+fVf2vjkLMFBWuOZUv5Gr+SeM
2VS51oczDZt+7SgF/Ywf19dgvlD8SRLxzUDm3gq9d7fCk9SKW8Xb19fwi5Rvoy/O
+/2mFOuyBXvSZ4BMoH+++2IFfwpVvnpDglnlZNZsuft3bstcSoFzR5emg1TUOhlh
tpA02Zh+/tP3vjbzrNS1tjtf6+a936QuSoRPGb0HlYZUYH4pvo5WTglriA9Kah74
CUG6SEwRLDQVq5/otEpU7lG3sJy1/R9un6eyCb/pGRCtJlmgT90yzYC4o0pWcop2
No2XReoRN01LYez4e3ra8Hma9o8mfTjcMQQWhj+5aWpPuDta
-----END CERTIFICATE-----