Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/c4hYzwREJcYzV9PMbb07HQES6d4.roa
File:                     c4hYzwREJcYzV9PMbb07HQES6d4.roa (raw, json)
Hash identifier:          1VbAQNbZUB/HovqiK7y04sjywHEy0FmmDz65ma/o2oA=
Subject key identifier:   73:88:58:CF:04:44:25:C6:33:57:D3:CC:6D:BD:3B:1D:01:12:E9:DE
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC801753641A70DB5629D4CC993031695
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/c4hYzwREJcYzV9PMbb07HQES6d4.roa
Signing time:             Tue 02 Jan 2024 02:29:47 +0000
ROA not before:           Tue 02 Jan 2024 02:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211013
IP address blocks:        2a0c:b641:70::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:75:36:41:a7:0d:b5:62:9d:4c:c9:93:03:16:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=738858cf044425c63357d3cc6dbd3b1d0112e9de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:c0:7c:4c:58:41:da:08:fb:de:fb:96:18:21:
                    64:89:ec:5c:ac:8a:cc:41:7c:3e:22:aa:02:ec:64:
                    ad:9c:7b:a8:22:fb:8f:3f:81:05:ff:7f:f0:b2:90:
                    ed:ad:1e:68:0b:2c:71:79:53:0d:87:08:ba:23:41:
                    95:86:51:e1:19:73:d1:ba:23:12:fd:08:28:e9:75:
                    10:90:eb:0e:4f:4e:ab:7b:1a:0e:8d:58:0c:a1:d7:
                    77:14:ca:31:b7:9d:33:66:f1:e4:c1:b2:7b:cd:e9:
                    ab:be:56:2d:a0:61:59:ee:cc:87:e2:03:fc:06:65:
                    ec:56:3e:01:ad:11:82:a9:6c:27:f3:ef:d5:4f:da:
                    18:c4:fe:6e:c6:76:aa:93:6e:a8:be:f1:ef:f5:a8:
                    e2:45:da:6c:8f:48:ca:30:6f:fa:da:af:d6:a2:6f:
                    3b:1c:86:b4:a5:dc:2f:8b:06:14:34:d8:ea:53:0d:
                    08:8e:82:57:e0:ee:98:ab:2c:f7:b9:bc:4e:1d:21:
                    6b:a1:69:1f:b2:c2:be:c7:67:55:9f:8d:1a:30:75:
                    3a:21:b0:62:35:34:a7:ae:08:04:b4:54:43:32:a9:
                    2d:99:c6:36:c3:78:5f:ed:65:1a:ce:c4:7d:2d:ff:
                    fe:cc:16:8e:7d:88:73:de:c3:6a:b8:65:e1:d1:56:
                    f9:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:88:58:CF:04:44:25:C6:33:57:D3:CC:6D:BD:3B:1D:01:12:E9:DE
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/c4hYzwREJcYzV9PMbb07HQES6d4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:70::/44

    Signature Algorithm: sha256WithRSAEncryption
         86:8a:66:35:20:2d:f6:19:47:fd:31:fb:f9:e6:94:fd:3b:00:
         1c:6a:0f:e7:b0:f7:c6:14:f4:04:51:83:80:4a:fb:d8:b6:3c:
         fd:3f:a4:25:bd:80:a1:7d:ab:40:94:df:51:2e:f6:19:02:ef:
         6c:fb:72:c9:87:ae:89:ca:17:29:e7:ab:af:f5:c0:61:22:67:
         63:79:5e:ec:ab:0b:33:04:86:29:e5:30:c3:9c:df:e4:80:24:
         e2:4e:73:77:b1:c9:ca:9a:e3:74:7c:35:15:e4:c0:8e:87:49:
         c5:bc:10:53:af:f1:39:ad:66:a0:e9:43:75:8e:05:23:73:6c:
         bd:35:67:bb:a1:ae:5a:7a:eb:3d:94:79:ca:37:d9:5f:03:0e:
         ab:16:0f:64:72:e7:d0:97:3a:89:59:bb:f8:7c:74:01:97:45:
         ae:dd:c5:44:40:fa:b0:28:d1:83:43:af:89:a0:41:e5:a5:a0:
         29:eb:3f:a4:57:1c:08:61:f2:34:d8:62:f7:07:84:13:71:fa:
         83:39:b5:0b:d5:8d:7f:ef:0d:9a:da:52:6a:88:7e:5e:1a:f2:
         62:b8:a3:19:dc:91:2d:c5:a0:31:52:53:20:cd:ce:2c:2c:cd:
         eb:90:4e:32:13:c0:6b:51:a4:19:2b:c9:15:05:e8:09:06:d1:
         7d:db:4b:8c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAXU2QacNtWKdTMmTAxaVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Mzg4NThjZjA0NDQyNWM2MzM1N2QzY2M2ZGJkM2IxZDAxMTJlOWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtcB8TFhB2gj73vuWGCFkiexcrIrM
QXw+IqoC7GStnHuoIvuPP4EF/3/wspDtrR5oCyxxeVMNhwi6I0GVhlHhGXPRuiMS
/Qgo6XUQkOsOT06rexoOjVgModd3FMoxt50zZvHkwbJ7zemrvlYtoGFZ7syH4gP8
BmXsVj4BrRGCqWwn8+/VT9oYxP5uxnaqk26ovvHv9ajiRdpsj0jKMG/62q/Wom87
HIa0pdwviwYUNNjqUw0IjoJX4O6Yqyz3ubxOHSFroWkfssK+x2dVn40aMHU6IbBi
NTSnrggEtFRDMqktmcY2w3hf7WUazsR9Lf/+zBaOfYhz3sNquGXh0Vb5vQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHOIWM8ERCXGM1fTzG29Ox0BEuneMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvYzRoWXp3UkVKY1l6VjlQTWJiMDdIUUVTNmQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQBw
MA0GCSqGSIb3DQEBCwUAA4IBAQCGimY1IC32GUf9Mfv55pT9OwAcag/nsPfGFPQE
UYOASvvYtjz9P6QlvYChfatAlN9RLvYZAu9s+3LJh66Jyhcp56uv9cBhImdjeV7s
qwszBIYp5TDDnN/kgCTiTnN3scnKmuN0fDUV5MCOh0nFvBBTr/E5rWag6UN1jgUj
c2y9NWe7oa5aeus9lHnKN9lfAw6rFg9kcufQlzqJWbv4fHQBl0Wu3cVEQPqwKNGD
Q6+JoEHlpaAp6z+kVxwIYfI02GL3B4QTcfqDObUL1Y1/7w2a2lJqiH5eGvJiuKMZ
3JEtxaAxUlMgzc4sLM3rkE4yE8BrUaQZK8kVBegJBtF920uM
-----END CERTIFICATE-----