Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/_imMkjByTOsHYA4iqCUVPZhBIBs.roa
File:                     _imMkjByTOsHYA4iqCUVPZhBIBs.roa (raw, json)
Hash identifier:          KaZj1BE7/JoK3bHYreeB08rwfm5sUq32NQLcWqV7VVE=
Subject key identifier:   FE:29:8C:92:30:72:4C:EB:07:60:0E:22:A8:25:15:3D:98:41:20:1B
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC801853233ADF6C6B9F3BC40AB2E02F9
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/_imMkjByTOsHYA4iqCUVPZhBIBs.roa
Signing time:             Tue 02 Jan 2024 02:29:51 +0000
ROA not before:           Tue 02 Jan 2024 02:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215969
IP address blocks:        2a0c:b641:b20::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:85:32:33:ad:f6:c6:b9:f3:bc:40:ab:2e:02:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fe298c9230724ceb07600e22a825153d9841201b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:91:e1:96:be:13:61:c9:72:5b:9a:0d:bb:69:
                    29:cc:08:23:7d:31:b2:1c:23:c9:11:73:9b:73:b0:
                    5f:c4:25:ab:f6:c9:4b:7d:bb:8f:10:6f:8a:66:63:
                    b9:58:f6:a3:90:3b:bb:4a:95:14:78:b5:68:bd:36:
                    53:06:78:69:c5:21:af:0d:22:a6:09:70:e8:3b:dd:
                    e5:52:6f:1d:a3:3a:5c:df:09:ac:07:e1:02:c9:4e:
                    90:de:03:d9:71:17:a9:bd:7b:32:e3:03:94:99:bd:
                    9d:51:27:97:47:b1:b8:ef:4c:16:d9:33:06:4e:af:
                    78:d4:96:19:0b:32:74:a1:7d:6a:b7:21:f9:a0:af:
                    ac:a8:25:ec:3a:bb:c1:2b:a9:be:92:e1:da:31:1e:
                    a6:83:6c:50:51:a2:d7:3b:63:da:15:26:95:1b:21:
                    54:ad:d1:9e:b3:99:40:30:76:25:04:db:51:bd:e4:
                    d8:6b:bb:af:85:22:1c:e4:68:93:bb:c8:48:16:5c:
                    a2:fe:2c:50:00:35:56:32:84:2c:ea:da:b4:57:43:
                    80:e2:d8:85:96:fc:ce:49:df:f7:82:7c:aa:35:45:
                    70:5b:f1:b1:14:2b:14:3a:4a:05:2d:dc:b3:fe:50:
                    97:56:b8:3a:07:57:ad:14:8e:37:85:b6:10:84:1a:
                    13:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:29:8C:92:30:72:4C:EB:07:60:0E:22:A8:25:15:3D:98:41:20:1B
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/_imMkjByTOsHYA4iqCUVPZhBIBs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:b20::/44

    Signature Algorithm: sha256WithRSAEncryption
         36:97:63:5e:d9:60:7d:9f:25:7a:30:92:a4:68:1b:35:ca:72:
         64:f8:03:30:71:e7:f1:ef:93:03:65:99:97:79:78:99:ee:d7:
         da:80:ba:42:44:1d:b8:72:bb:d9:5a:1f:44:51:4a:31:b4:11:
         e8:58:23:68:e0:55:46:5c:67:2a:bf:29:40:a5:b5:db:ed:6a:
         18:1f:82:40:27:89:15:fe:4a:12:dd:a6:76:57:73:3c:b0:bb:
         dd:d6:2e:c9:76:e3:8b:2d:0e:1e:3e:6a:b2:1e:48:22:5e:a5:
         88:77:82:98:9b:e5:d9:be:8a:49:e3:d2:e1:db:8d:fc:45:59:
         45:a2:df:15:1e:33:43:3d:86:2a:e3:9a:b0:98:44:04:a2:f2:
         36:d6:d8:c0:7e:4f:84:fb:dc:c7:20:3b:d5:3b:b7:8c:37:af:
         c9:df:a5:a6:49:99:b8:eb:70:3c:c8:5f:b5:15:4b:79:54:94:
         cc:42:dd:41:79:ab:56:5b:b2:f9:96:4a:e9:9d:77:fd:e5:b2:
         0d:5f:78:ea:d7:24:ea:4b:9c:15:a1:ae:6a:d4:c6:7d:fc:99:
         6f:ed:a8:5e:2a:3e:ba:3e:f7:ce:31:15:80:ad:7c:10:96:49:
         82:a5:cc:bf:fc:64:ef:18:7f:ac:2e:e5:50:87:b1:c2:2f:fb:
         1c:fc:44:4d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAYUyM632xrnzvECrLgL5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTI5OGM5MjMwNzI0Y2ViMDc2MDBlMjJhODI1MTUzZDk4NDEyMDFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArJHhlr4TYclyW5oNu2kpzAgjfTGy
HCPJEXObc7BfxCWr9slLfbuPEG+KZmO5WPajkDu7SpUUeLVovTZTBnhpxSGvDSKm
CXDoO93lUm8dozpc3wmsB+ECyU6Q3gPZcRepvXsy4wOUmb2dUSeXR7G470wW2TMG
Tq941JYZCzJ0oX1qtyH5oK+sqCXsOrvBK6m+kuHaMR6mg2xQUaLXO2PaFSaVGyFU
rdGes5lAMHYlBNtRveTYa7uvhSIc5GiTu8hIFlyi/ixQADVWMoQs6tq0V0OA4tiF
lvzOSd/3gnyqNUVwW/GxFCsUOkoFLdyz/lCXVrg6B1etFI43hbYQhBoTiwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFP4pjJIwckzrB2AOIqglFT2YQSAbMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvX2ltTWtqQnlUT3NIWUE0aXFDVVZQWmhCSUJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQsg
MA0GCSqGSIb3DQEBCwUAA4IBAQA2l2Ne2WB9nyV6MJKkaBs1ynJk+AMwcefx75MD
ZZmXeXiZ7tfagLpCRB24crvZWh9EUUoxtBHoWCNo4FVGXGcqvylApbXb7WoYH4JA
J4kV/koS3aZ2V3M8sLvd1i7JduOLLQ4ePmqyHkgiXqWId4KYm+XZvopJ49Lh2438
RVlFot8VHjNDPYYq45qwmEQEovI21tjAfk+E+9zHIDvVO7eMN6/J36WmSZm463A8
yF+1FUt5VJTMQt1BeatWW7L5lkrpnXf95bINX3jq1yTqS5wVoa5q1MZ9/Jlv7ahe
Kj66PvfOMRWArXwQlkmCpcy//GTvGH+sLuVQh7HCL/sc/ERN
-----END CERTIFICATE-----