Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/atURITjj4yoiKRMR_0pBhmZtQW8.roa
File:                     atURITjj4yoiKRMR_0pBhmZtQW8.roa (raw, json)
Hash identifier:          /zPMmQrlRnZfPoA8CCAAkdFFNsaTDgh6fVe7znR3SY0=
Subject key identifier:   6A:D5:11:21:38:E3:E3:2A:22:29:13:11:FF:4A:41:86:66:6D:41:6F
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8015AD6A690005DA5E9A8D2B7426DAD
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/atURITjj4yoiKRMR_0pBhmZtQW8.roa
Signing time:             Tue 02 Jan 2024 02:29:41 +0000
ROA not before:           Tue 02 Jan 2024 02:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203169
IP address blocks:        2a0c:b641:360::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:5a:d6:a6:90:00:5d:a5:e9:a8:d2:b7:42:6d:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ad5112138e3e32a22291311ff4a4186666d416f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:53:f0:fe:8b:9e:51:4e:0b:93:31:42:5b:3f:
                    97:5a:24:38:dc:37:18:a8:c1:30:05:8c:a4:66:fa:
                    eb:2c:e9:da:1e:ff:8f:73:36:99:f5:75:77:74:d7:
                    46:4c:9d:ad:b8:f7:1b:8b:61:86:b6:28:45:86:b4:
                    2f:cd:06:ab:59:e5:9a:2d:0a:ae:9a:3f:a7:32:1e:
                    03:07:c9:b9:f0:af:9f:51:94:98:de:eb:00:78:88:
                    78:91:7a:4c:64:1c:d0:99:0c:39:2d:a2:f3:ec:02:
                    95:c2:54:c2:76:1e:84:19:cc:54:59:f5:22:89:0d:
                    48:3b:92:9d:67:4e:91:b7:07:03:a7:58:26:e9:3f:
                    38:b7:5f:23:e7:ab:25:bd:fe:f1:60:d3:9e:72:2d:
                    63:05:58:7f:25:51:76:80:d2:a5:71:14:3d:59:1a:
                    35:bf:e4:8e:ba:1f:79:de:1c:ff:0b:2a:3f:22:c2:
                    fc:6c:13:65:b1:b9:9c:71:e5:04:07:49:ce:ad:18:
                    2e:9a:78:e3:a8:19:a0:6b:83:1a:94:35:11:60:7b:
                    0e:b2:a6:c0:db:63:a3:b2:ce:7e:23:7d:13:16:8d:
                    7f:ae:36:9e:41:84:14:39:78:c4:a5:64:32:54:85:
                    b8:29:0c:3b:5b:33:37:99:8c:65:07:45:9b:13:cd:
                    77:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:D5:11:21:38:E3:E3:2A:22:29:13:11:FF:4A:41:86:66:6D:41:6F
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/atURITjj4yoiKRMR_0pBhmZtQW8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:360::/44

    Signature Algorithm: sha256WithRSAEncryption
         49:5f:cc:6c:49:60:6f:24:e7:08:cc:07:5a:bd:98:29:76:60:
         b9:36:fe:c9:0e:63:27:e4:92:d1:d0:cc:2b:ee:08:dd:97:06:
         6f:30:9a:b2:c8:11:19:0b:4a:b4:93:1d:cd:2e:06:3e:3c:52:
         39:22:6c:1d:00:d0:26:a8:0e:05:88:37:1c:c7:49:74:39:ba:
         9e:69:7b:d0:54:48:96:cb:16:e6:9b:7e:03:d8:10:4e:c1:c9:
         0a:59:39:d2:9b:91:67:c6:33:57:aa:b8:42:55:bd:89:d8:8f:
         6c:56:d8:c6:9c:05:a5:65:c6:eb:d7:8c:b6:df:e2:28:4f:41:
         b9:d3:59:ae:e5:5a:22:5d:c7:dd:4e:3e:5f:d4:ae:1f:1a:26:
         f8:77:93:84:ca:1d:c3:9f:95:c9:27:9f:4a:95:e7:27:26:25:
         12:36:4c:34:81:42:64:0b:4a:20:3c:a9:b2:ba:2d:a9:cd:0f:
         cd:45:47:da:87:b0:ab:f0:67:9a:14:15:4a:1b:eb:27:62:6e:
         90:a2:2c:ea:b9:63:cb:32:b8:50:81:90:97:67:11:c9:59:07:
         62:61:42:7f:96:7c:fe:7b:c5:d9:5d:b8:de:18:14:d6:ef:8c:
         85:ec:1d:4e:57:ac:fe:31:01:8e:53:48:e2:2f:a0:00:f1:6f:
         16:a9:20:84
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAVrWppAAXaXpqNK3Qm2tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWQ1MTEyMTM4ZTNlMzJhMjIyOTEzMTFmZjRhNDE4NjY2NmQ0MTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAllPw/oueUU4LkzFCWz+XWiQ43DcY
qMEwBYykZvrrLOnaHv+PczaZ9XV3dNdGTJ2tuPcbi2GGtihFhrQvzQarWeWaLQqu
mj+nMh4DB8m58K+fUZSY3usAeIh4kXpMZBzQmQw5LaLz7AKVwlTCdh6EGcxUWfUi
iQ1IO5KdZ06RtwcDp1gm6T84t18j56slvf7xYNOeci1jBVh/JVF2gNKlcRQ9WRo1
v+SOuh953hz/Cyo/IsL8bBNlsbmcceUEB0nOrRgumnjjqBmga4MalDURYHsOsqbA
22Ojss5+I30TFo1/rjaeQYQUOXjEpWQyVIW4KQw7WzM3mYxlB0WbE813XQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGrVESE44+MqIikTEf9KQYZmbUFvMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvYXRVUklUamo0eW9pS1JNUl8wcEJobVp0UVc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQNg
MA0GCSqGSIb3DQEBCwUAA4IBAQBJX8xsSWBvJOcIzAdavZgpdmC5Nv7JDmMn5JLR
0Mwr7gjdlwZvMJqyyBEZC0q0kx3NLgY+PFI5ImwdANAmqA4FiDccx0l0ObqeaXvQ
VEiWyxbmm34D2BBOwckKWTnSm5FnxjNXqrhCVb2J2I9sVtjGnAWlZcbr14y23+Io
T0G501mu5VoiXcfdTj5f1K4fGib4d5OEyh3Dn5XJJ59KlecnJiUSNkw0gUJkC0og
PKmyui2pzQ/NRUfah7Cr8GeaFBVKG+snYm6QoizquWPLMrhQgZCXZxHJWQdiYUJ/
lnz+e8XZXbjeGBTW74yF7B1OV6z+MQGOU0jiL6AA8W8WqSCE
-----END CERTIFICATE-----