Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/_W95N_Qum2pmPN2Zu0XDUP_6o3k.roa
File:                     _W95N_Qum2pmPN2Zu0XDUP_6o3k.roa (raw, json)
Hash identifier:          +72C2NcGprKocGtKPmhQ7e2/0fmnccRBe+7VXeTcR7E=
Subject key identifier:   FD:6F:79:37:F4:2E:9B:6A:66:3C:DD:99:BB:45:C3:50:FF:FA:A3:79
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC80166DF86B959F7991882351A923D54
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/_W95N_Qum2pmPN2Zu0XDUP_6o3k.roa
Signing time:             Tue 02 Jan 2024 02:29:44 +0000
ROA not before:           Tue 02 Jan 2024 02:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207957
IP address blocks:        2a0c:b641:880::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:66:df:86:b9:59:f7:99:18:82:35:1a:92:3d:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd6f7937f42e9b6a663cdd99bb45c350fffaa379
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:5f:ee:fa:5a:23:6f:e0:d0:93:de:d7:12:5f:
                    5e:12:1b:01:d9:1b:88:e2:57:18:13:c4:e5:40:b3:
                    a0:75:98:42:92:90:e2:e4:f3:a6:30:7f:84:00:16:
                    06:4e:2c:c2:22:95:73:8f:1f:2f:73:ad:06:12:cb:
                    a3:ec:e1:a7:10:6e:f3:00:18:01:0f:24:49:0c:a3:
                    92:bb:8a:f6:ec:ff:f1:0b:bc:9b:e1:37:8d:96:c7:
                    44:68:13:13:48:37:ca:d6:6c:bf:67:da:a3:1a:88:
                    7b:06:29:0c:35:04:60:00:e7:d9:b7:a0:6c:20:0d:
                    0d:75:66:dd:8b:64:12:3e:6d:72:2d:cb:70:7d:19:
                    2a:b3:fd:46:6b:7b:bd:9f:82:d5:d4:71:83:0d:56:
                    eb:a2:27:a4:a1:40:96:f2:2a:b9:dd:92:d2:de:37:
                    d4:05:99:81:e3:9a:32:47:5b:92:38:2d:fd:fd:a9:
                    1e:36:e5:89:13:68:0d:7b:dc:ca:e1:2d:7d:88:a8:
                    61:6c:6c:8f:3f:7d:32:12:5a:8f:cc:40:76:8b:cc:
                    77:f3:49:d4:29:c8:b8:81:25:09:e1:e5:2c:a1:19:
                    e2:71:09:ac:be:9d:38:22:59:e6:05:c0:47:93:98:
                    80:bf:d1:c0:54:7f:fc:95:ce:18:55:15:81:33:49:
                    a9:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:6F:79:37:F4:2E:9B:6A:66:3C:DD:99:BB:45:C3:50:FF:FA:A3:79
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/_W95N_Qum2pmPN2Zu0XDUP_6o3k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:880::/44

    Signature Algorithm: sha256WithRSAEncryption
         32:29:01:51:d3:1d:07:ec:5d:9e:a2:3a:f2:b3:1f:38:12:27:
         fa:1b:ca:d3:5b:b1:b4:ec:62:ed:b9:74:6e:5a:19:60:2a:7b:
         b6:f5:94:b4:c0:63:be:bd:1b:8a:3e:6d:9d:7e:81:76:2c:62:
         3f:22:35:b3:89:f2:72:c6:9e:f1:74:d2:4c:a9:d4:4a:f6:92:
         9a:fa:32:26:99:a4:c5:a0:6a:4e:ea:c4:d2:ab:3e:bb:63:e7:
         ec:6c:3c:bc:5b:e6:1b:ed:4a:95:4a:c9:73:5a:37:87:73:8b:
         13:8d:eb:34:3e:7f:97:ca:b6:36:c3:72:cc:06:e2:27:34:9f:
         3f:23:de:78:21:7c:1f:fc:05:97:2f:f6:67:11:c6:16:68:18:
         b4:81:ca:f1:5f:34:33:8d:d8:f8:4a:2f:56:35:8a:ce:b9:d7:
         11:10:62:c1:e6:a6:87:ce:c8:4d:db:a4:62:4a:4f:cd:46:a3:
         f6:8c:2c:94:c7:b9:64:1d:a2:18:13:71:b4:c3:5c:75:00:e3:
         84:47:ff:f8:8a:62:2c:fb:63:9d:bd:a7:7e:7a:2e:ec:de:a1:
         37:ea:6d:20:95:d0:e5:16:63:c6:43:64:1a:b1:76:13:6b:6e:
         1d:6d:9a:00:a5:d5:11:57:5e:62:58:37:b5:87:c8:a2:c8:27:
         47:9f:0f:52
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAWbfhrlZ95kYgjUakj1UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDZmNzkzN2Y0MmU5YjZhNjYzY2RkOTliYjQ1YzM1MGZmZmFhMzc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjF/u+lojb+DQk97XEl9eEhsB2RuI
4lcYE8TlQLOgdZhCkpDi5POmMH+EABYGTizCIpVzjx8vc60GEsuj7OGnEG7zABgB
DyRJDKOSu4r27P/xC7yb4TeNlsdEaBMTSDfK1my/Z9qjGoh7BikMNQRgAOfZt6Bs
IA0NdWbdi2QSPm1yLctwfRkqs/1Ga3u9n4LV1HGDDVbroiekoUCW8iq53ZLS3jfU
BZmB45oyR1uSOC39/akeNuWJE2gNe9zK4S19iKhhbGyPP30yElqPzEB2i8x380nU
Kci4gSUJ4eUsoRnicQmsvp04IlnmBcBHk5iAv9HAVH/8lc4YVRWBM0mpuwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFP1veTf0LptqZjzdmbtFw1D/+qN5MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvX1c5NU5fUXVtMnBtUE4yWnUwWERVUF82bzNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQiA
MA0GCSqGSIb3DQEBCwUAA4IBAQAyKQFR0x0H7F2eojrysx84Eif6G8rTW7G07GLt
uXRuWhlgKnu29ZS0wGO+vRuKPm2dfoF2LGI/IjWzifJyxp7xdNJMqdRK9pKa+jIm
maTFoGpO6sTSqz67Y+fsbDy8W+Yb7UqVSslzWjeHc4sTjes0Pn+XyrY2w3LMBuIn
NJ8/I954IXwf/AWXL/ZnEcYWaBi0gcrxXzQzjdj4Si9WNYrOudcREGLB5qaHzshN
26RiSk/NRqP2jCyUx7lkHaIYE3G0w1x1AOOER//4imIs+2Odvad+ei7s3qE36m0g
ldDlFmPGQ2QasXYTa24dbZoApdURV15iWDe1h8iiyCdHnw9S
-----END CERTIFICATE-----