Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/a41nGh_wcPP2PWxXNHmBPdEO0oQ.roa
File:                     a41nGh_wcPP2PWxXNHmBPdEO0oQ.roa (raw, json)
Hash identifier:          /1m7AZM9PyhY8IBj+O4mIds32KjzGGWW70KAhwCmgaM=
Subject key identifier:   6B:8D:67:1A:1F:F0:70:F3:F6:3D:6C:57:34:79:81:3D:D1:0E:D2:84
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8015464076CD343467D02D68C6ED2A9
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/a41nGh_wcPP2PWxXNHmBPdEO0oQ.roa
Signing time:             Tue 02 Jan 2024 02:29:39 +0000
ROA not before:           Tue 02 Jan 2024 02:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198764
IP address blocks:        2a0c:b641:a10::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Apr 2024 20:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:54:64:07:6c:d3:43:46:7d:02:d6:8c:6e:d2:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6b8d671a1ff070f3f63d6c573479813dd10ed284
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:83:82:7d:45:ad:c2:40:ab:6d:6a:e0:c2:5d:
                    3e:fb:ec:b7:a9:de:20:9d:ea:e5:30:7a:28:ee:88:
                    41:94:50:7e:d9:ce:b7:b7:cc:ee:84:02:b2:6e:74:
                    9c:a3:fc:fe:26:4e:78:1a:b3:38:0b:ab:a1:84:79:
                    fb:cb:ea:f2:c7:b6:61:a6:89:53:fc:67:a9:2e:71:
                    64:8e:24:1c:9b:65:66:de:79:0d:6c:b1:ce:2c:82:
                    44:2a:5b:8b:cf:8a:2a:3a:84:4d:95:42:05:9b:e7:
                    73:66:c2:e1:a6:27:f2:06:ee:f8:f6:e6:54:c8:9f:
                    e6:df:4f:ed:69:42:42:8b:1f:07:21:b4:0d:80:fb:
                    e8:c3:3d:08:6f:46:93:05:af:22:17:a9:e3:c5:21:
                    a7:f6:03:d3:fa:8d:bf:11:81:10:40:49:fe:17:da:
                    91:4f:d6:2b:a1:76:15:75:e5:c6:47:86:96:70:94:
                    44:57:3f:4a:58:da:62:5b:66:53:9a:6a:40:d6:ee:
                    fc:9f:39:94:44:aa:ff:be:71:6d:90:98:38:58:23:
                    ed:1b:ec:bc:d1:74:b0:d0:b1:6b:b2:a6:ff:93:6b:
                    8b:5e:2e:bd:79:58:9e:e9:a8:53:40:d9:4e:46:29:
                    42:c0:56:d1:6d:4a:f0:ba:fb:a4:a5:c5:48:15:c7:
                    a1:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:8D:67:1A:1F:F0:70:F3:F6:3D:6C:57:34:79:81:3D:D1:0E:D2:84
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/a41nGh_wcPP2PWxXNHmBPdEO0oQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:a10::/44

    Signature Algorithm: sha256WithRSAEncryption
         4d:98:6f:0c:b4:b1:4c:c0:e8:5a:93:f7:92:cb:14:b6:42:49:
         22:5c:b0:04:60:fe:5a:4c:c3:ca:ab:bd:da:d3:82:18:2b:49:
         54:74:74:f3:a3:45:f0:22:28:6a:9f:48:a4:fc:ad:b8:90:da:
         4f:35:fd:a8:f7:9c:bc:8e:2d:ee:81:1a:7a:8c:55:f1:b5:57:
         2e:c3:5c:81:19:22:21:02:d2:6e:63:3e:be:1e:f8:59:78:d8:
         85:f6:f1:91:50:33:5d:16:7d:29:a3:c1:b7:9c:94:08:5a:fe:
         24:24:be:6a:5e:ff:63:0e:35:f8:c8:08:0e:09:cd:2f:dc:93:
         53:1d:1e:30:30:da:bb:77:68:9d:c8:52:8d:c3:63:be:08:d9:
         2a:b5:c7:ac:8b:68:d9:08:53:f2:1d:a4:53:f6:7e:17:f4:53:
         7c:94:07:8a:e2:eb:ce:d5:1c:93:a5:3a:99:6c:2e:7f:69:59:
         35:c1:17:67:c6:fe:b8:0e:22:46:67:ad:15:82:07:28:37:6e:
         01:ce:62:53:19:50:4e:11:27:fe:76:c9:b9:1d:86:9f:80:1e:
         11:e7:a5:51:1c:cf:b3:cf:3d:5f:71:39:2f:96:0b:90:f1:44:
         d0:4e:b9:7e:c0:9b:8d:2f:07:c7:a1:05:b4:f7:db:85:58:20:
         36:f5:6c:d5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAVRkB2zTQ0Z9AtaMbtKpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjhkNjcxYTFmZjA3MGYzZjYzZDZjNTczNDc5ODEzZGQxMGVkMjg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm4OCfUWtwkCrbWrgwl0+++y3qd4g
nerlMHoo7ohBlFB+2c63t8zuhAKybnSco/z+Jk54GrM4C6uhhHn7y+ryx7ZhpolT
/GepLnFkjiQcm2Vm3nkNbLHOLIJEKluLz4oqOoRNlUIFm+dzZsLhpifyBu749uZU
yJ/m30/taUJCix8HIbQNgPvowz0Ib0aTBa8iF6njxSGn9gPT+o2/EYEQQEn+F9qR
T9YroXYVdeXGR4aWcJREVz9KWNpiW2ZTmmpA1u78nzmURKr/vnFtkJg4WCPtG+y8
0XSw0LFrsqb/k2uLXi69eVie6ahTQNlORilCwFbRbUrwuvukpcVIFcehawIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGuNZxof8HDz9j1sVzR5gT3RDtKEMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvYTQxbkdoX3djUFAyUFd4WE5IbUJQZEVPMG9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQoQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBNmG8MtLFMwOhak/eSyxS2QkkiXLAEYP5aTMPK
q73a04IYK0lUdHTzo0XwIihqn0ik/K24kNpPNf2o95y8ji3ugRp6jFXxtVcuw1yB
GSIhAtJuYz6+HvhZeNiF9vGRUDNdFn0po8G3nJQIWv4kJL5qXv9jDjX4yAgOCc0v
3JNTHR4wMNq7d2idyFKNw2O+CNkqtcesi2jZCFPyHaRT9n4X9FN8lAeK4uvO1RyT
pTqZbC5/aVk1wRdnxv64DiJGZ60VggcoN24BzmJTGVBOESf+dsm5HYafgB4R56VR
HM+zzz1fcTkvlguQ8UTQTrl+wJuNLwfHoQW099uFWCA29WzV
-----END CERTIFICATE-----