Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/_TxsYk-rfMlijvZ4IpqCTDl9sgg.roa
File:                     _TxsYk-rfMlijvZ4IpqCTDl9sgg.roa (raw, json)
Hash identifier:          HSsItGG/Wkf1RqlQGeiTOtFyy7hnkJEcipdmdtqaDzw=
Subject key identifier:   FD:3C:6C:62:4F:AB:7C:C9:62:8E:F6:78:22:9A:82:4C:39:7D:B2:08
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC801668811AA460D1DFA079C249144CB
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/_TxsYk-rfMlijvZ4IpqCTDl9sgg.roa
Signing time:             Tue 02 Jan 2024 02:29:44 +0000
ROA not before:           Tue 02 Jan 2024 02:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207887
IP address blocks:        2a0c:b641:640::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:66:88:11:aa:46:0d:1d:fa:07:9c:24:91:44:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd3c6c624fab7cc9628ef678229a824c397db208
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:8f:a7:c9:37:f4:34:b3:7c:22:35:f8:46:c0:
                    1a:e2:7a:e3:54:dd:c2:55:f4:75:c5:4b:18:d3:fa:
                    af:a7:16:2f:c0:ca:8e:12:e3:9d:b2:e0:c2:fe:19:
                    81:c0:0c:d3:86:84:15:e1:c0:96:98:25:be:14:01:
                    f3:5b:1d:88:4c:80:d6:cd:26:72:fd:d3:ea:88:29:
                    54:c8:a8:af:ab:9b:bc:70:4e:4c:41:6e:91:48:77:
                    5a:a2:c2:c9:e0:26:16:b4:66:c2:34:7c:38:6f:b4:
                    2b:44:0e:8d:76:39:44:d6:a9:60:f1:29:db:37:8f:
                    91:1b:c8:b9:12:75:1b:21:79:5e:6c:ac:8b:4e:64:
                    3c:fd:53:ef:1a:f3:54:f7:a5:b6:81:84:ab:fa:dc:
                    49:45:0d:05:9c:a3:d5:84:f1:9f:df:e9:8e:ea:61:
                    94:81:b6:d0:7f:68:a9:9c:63:16:16:3b:50:7e:1f:
                    11:3d:f8:84:2d:aa:85:51:31:ac:bc:16:b0:42:c3:
                    12:3f:5d:c2:75:be:d9:9a:b0:3f:7e:3e:5b:ce:40:
                    73:87:7a:e8:2c:58:64:c2:f6:61:68:14:a7:cc:20:
                    41:89:57:e6:51:e0:fe:b3:25:65:99:67:2d:77:3e:
                    a0:f5:17:d8:02:23:a5:cc:04:57:c9:97:86:f0:d5:
                    d6:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:3C:6C:62:4F:AB:7C:C9:62:8E:F6:78:22:9A:82:4C:39:7D:B2:08
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/_TxsYk-rfMlijvZ4IpqCTDl9sgg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:640::/44

    Signature Algorithm: sha256WithRSAEncryption
         50:5e:ba:81:a8:a8:96:ad:b1:43:a5:a3:52:3e:fa:f2:6b:ed:
         c1:b4:87:07:57:4c:90:09:95:b2:b5:55:70:61:0f:a7:fa:94:
         d3:55:3f:5e:81:88:e6:b3:bc:6c:a6:6d:8e:e0:99:0e:a0:3a:
         71:b8:ec:13:e6:53:38:af:f4:fc:ee:7e:82:b1:1c:46:18:40:
         4f:18:75:be:d7:08:37:d2:03:eb:35:29:55:60:7c:bf:1c:99:
         08:f7:33:a0:f0:3a:8f:cb:ef:e5:8b:53:6a:d8:5b:aa:52:cf:
         c0:13:cf:e9:38:cc:8d:94:09:07:ff:87:ae:5d:43:22:ba:4a:
         52:6c:96:55:ea:69:d8:e7:0b:a8:97:ab:d4:2f:fd:b6:0a:2a:
         dc:58:5d:50:83:05:a1:39:57:91:22:f3:23:0a:2b:22:4f:3f:
         27:ea:c6:d9:ac:bf:c7:85:95:ab:ea:62:f1:b5:51:0b:71:b3:
         a6:8f:57:56:ea:6b:2f:31:b3:33:97:22:e0:b1:c8:a3:12:ec:
         cb:dd:93:8f:cf:7e:8a:b8:0d:a7:ed:5b:25:c9:f3:50:e2:fd:
         f1:54:31:10:f5:37:68:d5:d2:87:ec:27:ea:64:27:59:76:ee:
         a1:53:dc:c8:1f:54:39:6f:dc:db:98:96:9a:fc:f9:fe:ba:a8:
         2f:01:c6:49
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAWaIEapGDR36B5wkkUTLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDNjNmM2MjRmYWI3Y2M5NjI4ZWY2NzgyMjlhODI0YzM5N2RiMjA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAto+nyTf0NLN8IjX4RsAa4nrjVN3C
VfR1xUsY0/qvpxYvwMqOEuOdsuDC/hmBwAzThoQV4cCWmCW+FAHzWx2ITIDWzSZy
/dPqiClUyKivq5u8cE5MQW6RSHdaosLJ4CYWtGbCNHw4b7QrRA6NdjlE1qlg8Snb
N4+RG8i5EnUbIXlebKyLTmQ8/VPvGvNU96W2gYSr+txJRQ0FnKPVhPGf3+mO6mGU
gbbQf2ipnGMWFjtQfh8RPfiELaqFUTGsvBawQsMSP13Cdb7ZmrA/fj5bzkBzh3ro
LFhkwvZhaBSnzCBBiVfmUeD+syVlmWctdz6g9RfYAiOlzARXyZeG8NXWcQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFP08bGJPq3zJYo72eCKagkw5fbIIMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvX1R4c1lrLXJmTWxpanZaNElwcUNURGw5c2dnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQZA
MA0GCSqGSIb3DQEBCwUAA4IBAQBQXrqBqKiWrbFDpaNSPvrya+3BtIcHV0yQCZWy
tVVwYQ+n+pTTVT9egYjms7xspm2O4JkOoDpxuOwT5lM4r/T87n6CsRxGGEBPGHW+
1wg30gPrNSlVYHy/HJkI9zOg8DqPy+/li1Nq2FuqUs/AE8/pOMyNlAkH/4euXUMi
ukpSbJZV6mnY5wuol6vUL/22CircWF1QgwWhOVeRIvMjCisiTz8n6sbZrL/HhZWr
6mLxtVELcbOmj1dW6msvMbMzlyLgscijEuzL3ZOPz36KuA2n7VslyfNQ4v3xVDEQ
9Tdo1dKH7CfqZCdZdu6hU9zIH1Q5b9zbmJaa/Pn+uqgvAcZJ
-----END CERTIFICATE-----