Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/ZtjWhAO0_t_l-QVjZzsGRMgunwI.roa
File:                     ZtjWhAO0_t_l-QVjZzsGRMgunwI.roa (raw, json)
Hash identifier:          lhwHheAHcWG7LbqfOh9Hmon7iOn5ZEFH5s5gu/O4L/0=
Subject key identifier:   66:D8:D6:84:03:B4:FE:DF:E5:F9:05:63:67:3B:06:44:C8:2E:9F:02
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8016B52C58EAEB6476BC88CA7E3EB15
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/ZtjWhAO0_t_l-QVjZzsGRMgunwI.roa
Signing time:             Tue 02 Jan 2024 02:29:45 +0000
ROA not before:           Tue 02 Jan 2024 02:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209606
IP address blocks:        2a0c:b641:200::/44 maxlen: 48
                          2a0c:b641:320::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:6b:52:c5:8e:ae:b6:47:6b:c8:8c:a7:e3:eb:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=66d8d68403b4fedfe5f90563673b0644c82e9f02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:49:b5:00:63:68:d5:89:86:0f:cc:13:a9:d8:
                    92:1e:bd:ae:95:1a:a3:04:90:e5:b4:55:3e:b3:1c:
                    bd:0f:7b:1c:64:47:ea:55:42:90:94:4a:b3:8d:65:
                    2a:d0:11:44:05:da:ce:af:84:1d:f0:71:3e:33:4c:
                    cf:57:b1:1e:fb:4c:ea:c0:f2:d5:fa:91:ed:4a:30:
                    81:9a:2f:fe:88:a1:23:28:b8:89:5e:7f:1d:bc:b6:
                    46:99:22:bc:da:14:1f:76:59:1f:2c:d0:81:00:ff:
                    90:0f:36:51:0b:b1:1f:cd:e3:29:af:a4:39:af:98:
                    a4:ac:b4:5d:bc:94:5d:01:76:50:10:6a:fc:7b:29:
                    a1:6d:de:34:71:5f:55:5b:ae:9f:ed:cd:cb:3e:1a:
                    84:a3:cd:0b:38:aa:d9:a7:02:4f:4d:bb:90:8c:91:
                    65:75:66:8f:66:7a:d2:e6:b1:2e:b1:06:2f:94:05:
                    e8:d3:98:44:4b:79:5e:1d:7e:41:e1:49:82:5a:6a:
                    90:b0:3c:58:db:5c:0a:d8:d1:2d:9e:c7:84:33:f0:
                    70:32:91:d1:5b:c8:7b:b6:f2:a7:e0:53:97:00:cd:
                    5e:1d:5e:02:b8:92:4a:d9:ac:7e:ae:f7:be:62:5a:
                    0a:3c:71:98:0f:8a:b9:6f:8f:80:3c:f4:ee:9b:fe:
                    a3:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:D8:D6:84:03:B4:FE:DF:E5:F9:05:63:67:3B:06:44:C8:2E:9F:02
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/ZtjWhAO0_t_l-QVjZzsGRMgunwI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:200::/44
                  2a0c:b641:320::/44

    Signature Algorithm: sha256WithRSAEncryption
         39:0d:4d:cc:e2:e2:99:44:81:9d:2e:66:00:18:46:3d:95:09:
         3a:a1:e3:4b:18:36:43:24:7e:d7:a8:80:0e:2d:4c:10:86:9e:
         02:83:5b:13:b4:f7:a6:6c:84:cb:ef:5f:7f:33:68:be:2f:ab:
         88:d8:23:ff:c2:89:90:74:58:2a:f0:02:87:33:ec:1b:8c:90:
         0f:0c:de:a9:b5:f6:67:87:b1:69:b7:b3:12:65:64:98:77:41:
         17:33:08:24:f6:c8:b9:76:0e:73:dc:67:29:2b:f0:c4:21:94:
         bb:66:d7:55:0e:70:a0:75:61:54:72:a1:9f:bf:83:cb:0f:c3:
         06:48:4b:38:22:17:e5:3b:58:8d:09:9b:36:3e:9c:0b:67:43:
         0e:95:45:be:73:e1:31:74:d6:d1:72:bc:e5:38:d4:28:3d:fb:
         dd:6e:cc:07:92:da:ca:93:15:07:6c:99:59:c8:ca:f3:bb:04:
         f3:76:70:2f:62:7c:ea:33:a0:94:7f:89:12:07:78:21:35:c7:
         7c:b2:1a:4e:94:fc:48:db:a6:99:f8:da:28:c9:64:21:47:6a:
         4d:fc:57:f6:0f:c8:72:b5:1b:a1:09:d7:db:06:85:b1:d8:44:
         0a:c7:a7:28:39:8a:9f:03:59:2f:da:78:30:23:d3:e7:f7:07:
         fd:d7:1f:93
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzIAWtSxY6utkdryIyn4+sVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmQ4ZDY4NDAzYjRmZWRmZTVmOTA1NjM2NzNiMDY0NGM4MmU5ZjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhUm1AGNo1YmGD8wTqdiSHr2ulRqj
BJDltFU+sxy9D3scZEfqVUKQlEqzjWUq0BFEBdrOr4Qd8HE+M0zPV7Ee+0zqwPLV
+pHtSjCBmi/+iKEjKLiJXn8dvLZGmSK82hQfdlkfLNCBAP+QDzZRC7EfzeMpr6Q5
r5ikrLRdvJRdAXZQEGr8eymhbd40cV9VW66f7c3LPhqEo80LOKrZpwJPTbuQjJFl
dWaPZnrS5rEusQYvlAXo05hES3leHX5B4UmCWmqQsDxY21wK2NEtnseEM/BwMpHR
W8h7tvKn4FOXAM1eHV4CuJJK2ax+rve+YloKPHGYD4q5b4+APPTum/6jIQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGbY1oQDtP7f5fkFY2c7BkTILp8CMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvWnRqV2hBTzBfdF9sLVFWalp6c0dSTWd1bndJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKgy2QQIA
AwcEKgy2QQMgMA0GCSqGSIb3DQEBCwUAA4IBAQA5DU3M4uKZRIGdLmYAGEY9lQk6
oeNLGDZDJH7XqIAOLUwQhp4Cg1sTtPembITL719/M2i+L6uI2CP/womQdFgq8AKH
M+wbjJAPDN6ptfZnh7Fpt7MSZWSYd0EXMwgk9si5dg5z3GcpK/DEIZS7ZtdVDnCg
dWFUcqGfv4PLD8MGSEs4IhflO1iNCZs2PpwLZ0MOlUW+c+ExdNbRcrzlONQoPfvd
bswHktrKkxUHbJlZyMrzuwTzdnAvYnzqM6CUf4kSB3ghNcd8shpOlPxI26aZ+Noo
yWQhR2pN/Ff2D8hytRuhCdfbBoWx2EQKx6coOYqfA1kv2ngwI9Pn9wf91x+T
-----END CERTIFICATE-----