Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/ZL_AO_H31LxXcSx2ljXfchkxe-Q.roa
File:                     ZL_AO_H31LxXcSx2ljXfchkxe-Q.roa (raw, json)
Hash identifier:          UWQ4/Tv6x4KwkbW0S9wmfLCJw+JCEywEKIato/qo3fg=
Subject key identifier:   64:BF:C0:3B:F1:F7:D4:BC:57:71:2C:76:96:35:DF:72:19:31:7B:E4
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC80156E587905AFF0D8C441279D85AC4
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/ZL_AO_H31LxXcSx2ljXfchkxe-Q.roa
Signing time:             Tue 02 Jan 2024 02:29:40 +0000
ROA not before:           Tue 02 Jan 2024 02:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200118
IP address blocks:        2a0c:b641:960::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:56:e5:87:90:5a:ff:0d:8c:44:12:79:d8:5a:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=64bfc03bf1f7d4bc57712c769635df7219317be4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:84:df:4f:67:63:25:09:7e:3f:f1:60:22:ac:
                    17:d2:50:d7:2e:bc:e3:7a:14:8a:b5:9a:9f:07:63:
                    5d:6d:9b:2e:83:d9:53:03:c0:53:0f:20:74:3c:1f:
                    7d:f7:3d:ac:d2:0a:84:aa:9f:7a:98:ed:dc:22:a9:
                    d8:dd:fb:34:98:43:fc:cd:b9:b0:54:bf:7e:15:40:
                    eb:d8:52:52:d2:fc:8b:86:08:77:ed:95:4a:b9:bd:
                    98:61:44:f7:75:65:59:a8:c2:e4:11:44:26:d2:76:
                    77:ba:64:3f:1a:2d:f6:a4:ad:78:85:8b:a2:0e:fb:
                    11:12:d7:46:ec:fa:0a:e3:c4:6a:be:0a:19:c3:f6:
                    9b:63:ad:39:d3:ca:61:5d:7e:95:ec:05:2b:18:3e:
                    8e:c3:a7:53:0e:ed:8c:18:77:03:8c:f8:77:ac:05:
                    16:b9:1f:2d:71:4a:5a:22:28:c9:bf:01:4f:36:b8:
                    e5:ce:9c:70:52:45:ae:ea:3b:dd:82:90:bd:ec:d7:
                    8c:6a:f6:7f:f3:d2:d3:e5:c2:21:f3:6f:81:2a:7d:
                    3e:e8:3c:32:39:2b:f7:42:b7:0c:16:c5:13:47:8b:
                    ce:ea:74:5d:d9:07:2f:44:98:f8:8c:61:9e:1e:04:
                    10:8d:17:72:4b:d1:8d:93:f5:2a:ca:6d:bb:d8:04:
                    a8:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:BF:C0:3B:F1:F7:D4:BC:57:71:2C:76:96:35:DF:72:19:31:7B:E4
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/ZL_AO_H31LxXcSx2ljXfchkxe-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:960::/44

    Signature Algorithm: sha256WithRSAEncryption
         58:0e:2a:af:89:eb:90:17:50:d0:1a:0a:0b:42:71:bf:3a:80:
         62:58:a3:35:b3:00:b2:af:9e:6e:2b:76:97:4a:a0:f6:4a:e1:
         e6:7a:97:c2:c1:2a:88:3e:ce:13:2f:52:f5:6f:a6:2d:02:43:
         84:65:80:62:d8:71:12:f6:88:1f:cb:1d:f6:b0:fe:65:03:04:
         86:c1:3b:d2:e8:34:17:b3:27:9e:91:be:94:bc:67:ff:11:1a:
         12:36:f9:f2:d4:d8:4b:e9:0b:bd:a9:40:84:99:3e:5c:6a:0e:
         d6:83:d5:f4:1a:af:e9:44:09:ea:21:c8:56:7f:f7:87:d2:83:
         97:b4:4e:2e:85:b5:86:89:85:dd:5e:41:e4:e5:ff:7b:8a:90:
         e9:1a:e7:21:5e:02:9f:97:f6:17:e1:17:71:b0:e2:7e:56:72:
         1b:fa:5d:bd:00:b0:a7:63:98:17:6c:d9:28:07:d3:7f:0f:7c:
         5a:c1:d1:90:98:40:d2:64:59:7e:2c:6a:9e:6b:28:6c:17:ec:
         c7:3d:01:ad:8b:cd:7b:06:12:c8:57:63:72:65:5c:ff:fc:c6:
         d3:93:3b:d7:9a:1d:3c:e5:e5:91:67:7e:b9:97:7e:6c:6c:ff:
         49:25:50:48:6e:7a:3f:91:92:99:11:07:4b:5e:f3:e9:9e:8e:
         23:c5:37:9c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAVblh5Ba/w2MRBJ52FrEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGJmYzAzYmYxZjdkNGJjNTc3MTJjNzY5NjM1ZGY3MjE5MzE3YmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoYTfT2djJQl+P/FgIqwX0lDXLrzj
ehSKtZqfB2NdbZsug9lTA8BTDyB0PB999z2s0gqEqp96mO3cIqnY3fs0mEP8zbmw
VL9+FUDr2FJS0vyLhgh37ZVKub2YYUT3dWVZqMLkEUQm0nZ3umQ/Gi32pK14hYui
DvsREtdG7PoK48RqvgoZw/abY60508phXX6V7AUrGD6Ow6dTDu2MGHcDjPh3rAUW
uR8tcUpaIijJvwFPNrjlzpxwUkWu6jvdgpC97NeMavZ/89LT5cIh82+BKn0+6Dwy
OSv3QrcMFsUTR4vO6nRd2QcvRJj4jGGeHgQQjRdyS9GNk/Uqym272ASoMwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGS/wDvx99S8V3EsdpY133IZMXvkMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvWkxfQU9fSDMxTHhYY1N4MmxqWGZjaGt4ZS1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQlg
MA0GCSqGSIb3DQEBCwUAA4IBAQBYDiqvieuQF1DQGgoLQnG/OoBiWKM1swCyr55u
K3aXSqD2SuHmepfCwSqIPs4TL1L1b6YtAkOEZYBi2HES9ogfyx32sP5lAwSGwTvS
6DQXsyeekb6UvGf/ERoSNvny1NhL6Qu9qUCEmT5cag7Wg9X0Gq/pRAnqIchWf/eH
0oOXtE4uhbWGiYXdXkHk5f97ipDpGuchXgKfl/YX4RdxsOJ+VnIb+l29ALCnY5gX
bNkoB9N/D3xawdGQmEDSZFl+LGqeayhsF+zHPQGti817BhLIV2NyZVz//MbTkzvX
mh085eWRZ365l35sbP9JJVBIbno/kZKZEQdLXvPpno4jxTec
-----END CERTIFICATE-----