Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/_teAHLA_z7WEEP0IVbk4n63Vxn8.roa
File:                     _teAHLA_z7WEEP0IVbk4n63Vxn8.roa (raw, json)
Hash identifier:          p22Abwr0NAKEt1M18oYPV0akbyD0rsS2u3r3jTs3bIk=
Subject key identifier:   FE:D7:80:1C:B0:3F:CF:B5:84:10:FD:08:55:B9:38:9F:AD:D5:C6:7F
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8014A32BCF61342478014D08732D867
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/_teAHLA_z7WEEP0IVbk4n63Vxn8.roa
Signing time:             Tue 02 Jan 2024 02:29:36 +0000
ROA not before:           Tue 02 Jan 2024 02:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35913
IP address blocks:        2a0c:b642:1a08::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 05:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:4a:32:bc:f6:13:42:47:80:14:d0:87:32:d8:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fed7801cb03fcfb58410fd0855b9389fadd5c67f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:35:d8:01:8d:3f:95:45:fc:29:31:43:8d:2b:
                    19:6e:41:55:8b:c0:88:96:34:dc:9b:a2:ff:3b:08:
                    bb:c9:ed:af:33:50:7a:1a:3e:c8:96:30:62:c1:90:
                    81:0e:a6:55:1c:d9:cb:da:8c:8a:6d:5f:95:57:e0:
                    e2:ca:ba:0f:d2:a4:28:69:ab:3c:f8:3a:d9:31:2b:
                    c1:f1:0d:c8:30:7c:ba:48:a0:15:6d:fb:2e:02:53:
                    c3:72:b5:70:79:b2:cf:a4:07:b9:f0:c3:82:0d:cf:
                    8e:36:ae:9d:bf:36:a6:8c:7c:26:61:02:89:e4:a6:
                    95:fd:93:61:9f:dd:84:2e:0d:16:dd:f9:42:17:e1:
                    ed:41:ea:d5:d2:a4:cd:27:70:80:ff:ed:1b:63:cf:
                    93:1f:7f:4c:41:a0:6f:c8:77:23:89:45:2d:f8:28:
                    8b:ce:af:07:80:ff:a5:4d:02:2a:f6:d1:47:1e:b6:
                    a1:44:15:2e:5e:f6:b6:3a:d1:7c:c7:a2:b2:37:f5:
                    e3:f7:96:dc:04:b0:e7:b5:d9:58:5d:da:cf:0a:6d:
                    bf:c2:b5:41:96:ae:d6:30:4f:59:ef:f6:3a:9d:97:
                    80:ae:6d:8c:8b:67:84:4e:ec:06:4e:26:03:3f:37:
                    dd:01:81:d5:81:63:d4:36:37:5d:40:e5:a6:76:f1:
                    7a:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:D7:80:1C:B0:3F:CF:B5:84:10:FD:08:55:B9:38:9F:AD:D5:C6:7F
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/_teAHLA_z7WEEP0IVbk4n63Vxn8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b642:1a08::/48

    Signature Algorithm: sha256WithRSAEncryption
         14:18:c0:3c:db:57:18:9e:f8:4b:37:8f:74:af:bb:6e:d6:dc:
         2c:48:99:3b:c1:d7:ef:8c:90:21:53:95:95:86:50:c6:90:0f:
         1e:00:bc:72:28:8a:1d:0b:cd:48:4f:cd:47:3e:46:d1:8f:4b:
         e3:d1:b4:ce:cd:97:a7:13:04:db:22:90:2f:00:64:8e:93:b8:
         ff:f3:ef:56:f8:7e:34:d2:64:5a:ac:08:73:06:cd:56:9c:28:
         9b:aa:38:29:38:63:5b:fc:6d:5a:9a:69:75:a1:c5:9e:89:14:
         57:a9:98:30:38:58:d8:f0:5e:f3:01:a7:0b:95:02:34:9e:3b:
         32:21:c9:3a:b8:46:2f:e2:49:41:c5:15:5d:f1:b8:71:ef:a7:
         c3:cf:8a:1a:cd:f2:42:d2:58:48:f9:f8:35:d3:30:9a:91:6c:
         f7:2e:eb:68:d3:b0:bc:83:6f:3f:e7:a1:06:4b:2b:2b:8a:b3:
         d7:4a:02:43:bf:95:76:a4:13:c3:35:60:db:d2:e5:a8:28:e6:
         e9:03:84:cd:17:d5:5c:01:d9:dd:01:bb:eb:87:3a:ae:db:1a:
         db:e5:ed:f5:e2:0d:98:db:83:92:05:6e:66:e5:f1:71:1a:15:
         4f:1b:4b:99:09:7d:f8:24:60:05:f1:82:a5:57:81:a5:98:d7:
         f3:23:8f:2a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAUoyvPYTQkeAFNCHMthnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWQ3ODAxY2IwM2ZjZmI1ODQxMGZkMDg1NWI5Mzg5ZmFkZDVjNjdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnjXYAY0/lUX8KTFDjSsZbkFVi8CI
ljTcm6L/Owi7ye2vM1B6Gj7IljBiwZCBDqZVHNnL2oyKbV+VV+DiyroP0qQoaas8
+DrZMSvB8Q3IMHy6SKAVbfsuAlPDcrVwebLPpAe58MOCDc+ONq6dvzamjHwmYQKJ
5KaV/ZNhn92ELg0W3flCF+HtQerV0qTNJ3CA/+0bY8+TH39MQaBvyHcjiUUt+CiL
zq8HgP+lTQIq9tFHHrahRBUuXva2OtF8x6KyN/Xj95bcBLDntdlYXdrPCm2/wrVB
lq7WME9Z7/Y6nZeArm2Mi2eETuwGTiYDPzfdAYHVgWPUNjddQOWmdvF6pQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFP7XgBywP8+1hBD9CFW5OJ+t1cZ/MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvX3RlQUhMQV96N1dFRVAwSVZiazRuNjNWeG44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgy2QhoI
MA0GCSqGSIb3DQEBCwUAA4IBAQAUGMA821cYnvhLN490r7tu1twsSJk7wdfvjJAh
U5WVhlDGkA8eALxyKIodC81IT81HPkbRj0vj0bTOzZenEwTbIpAvAGSOk7j/8+9W
+H400mRarAhzBs1WnCibqjgpOGNb/G1amml1ocWeiRRXqZgwOFjY8F7zAacLlQI0
njsyIck6uEYv4klBxRVd8bhx76fDz4oazfJC0lhI+fg10zCakWz3Luto07C8g28/
56EGSysrirPXSgJDv5V2pBPDNWDb0uWoKObpA4TNF9VcAdndAbvrhzqu2xrb5e31
4g2Y24OSBW5m5fFxGhVPG0uZCX34JGAF8YKlV4GlmNfzI48q
-----END CERTIFICATE-----