Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/cf4sMtQiUI-wOvT3sXgnMq2oMTo.roa
File:                     cf4sMtQiUI-wOvT3sXgnMq2oMTo.roa (raw, json)
Hash identifier:          wx2Uet0/dM0Ae1eS+dzq4OZmTz7nrbXXQCPp775tFbk=
Subject key identifier:   71:FE:2C:32:D4:22:50:8F:B0:3A:F4:F7:B1:78:27:32:AD:A8:31:3A
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8016357195E756ABAAA8EE8DCCA142F
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/cf4sMtQiUI-wOvT3sXgnMq2oMTo.roa
Signing time:             Tue 02 Jan 2024 02:29:43 +0000
ROA not before:           Tue 02 Jan 2024 02:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207268
IP address blocks:        2a0c:b641:7a0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:63:57:19:5e:75:6a:ba:aa:8e:e8:dc:ca:14:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=71fe2c32d422508fb03af4f7b1782732ada8313a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:dc:be:c6:e9:c2:9f:2e:4d:1b:17:5e:42:ee:
                    ee:c8:d1:ec:a4:3a:b3:03:19:b9:a3:36:e0:68:dd:
                    98:54:cb:83:ba:87:f6:35:eb:87:80:14:fb:84:09:
                    a3:34:73:db:a8:1a:52:e2:49:77:6b:df:98:a1:1e:
                    4d:8d:dd:aa:c4:56:4c:8b:1e:22:55:a9:8b:57:57:
                    30:64:8a:65:6e:74:1d:74:48:0c:fd:f0:02:04:68:
                    6b:cc:a8:94:48:84:4b:b8:fc:90:a1:3e:c9:d9:31:
                    75:18:08:c5:83:eb:8e:f3:bb:fc:78:c5:75:64:3e:
                    2d:1f:ff:d7:b9:10:f4:94:52:64:d8:56:91:92:d3:
                    ac:b4:af:c6:49:47:28:e9:5a:88:36:ae:6a:5a:fc:
                    5d:b5:0e:b7:a8:61:f4:8b:25:2f:dd:37:5d:6b:b1:
                    43:e4:9f:f4:3a:a1:c2:60:75:3c:eb:60:08:cd:ea:
                    cb:03:7b:f8:3f:7f:89:c0:3b:06:65:0c:48:e3:d5:
                    d4:08:d8:06:f3:70:ec:29:5b:2b:cd:88:34:da:a4:
                    4c:21:48:ec:03:ac:3d:65:a7:51:87:16:d7:2f:7e:
                    f1:f4:f6:e0:09:8f:9e:da:dd:c5:fc:e8:4c:04:ed:
                    d9:3d:e6:68:61:15:f8:3f:b1:31:6e:c9:36:4d:96:
                    cf:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:FE:2C:32:D4:22:50:8F:B0:3A:F4:F7:B1:78:27:32:AD:A8:31:3A
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/cf4sMtQiUI-wOvT3sXgnMq2oMTo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:7a0::/44

    Signature Algorithm: sha256WithRSAEncryption
         14:e0:28:52:d2:d0:d7:16:09:ae:e8:06:c6:db:c5:66:e6:b4:
         71:44:b4:4d:66:89:dd:45:3c:e3:9b:81:32:4a:b6:a6:63:3a:
         6b:88:d3:55:d3:73:45:c8:b4:d5:18:12:5a:ef:bd:f8:6b:28:
         bb:8f:1b:bd:77:35:cf:3e:9d:da:0c:c5:1a:c6:8d:32:8c:82:
         12:6b:45:2c:7b:e7:26:4c:c8:40:4e:84:54:af:da:0a:f5:7c:
         cf:f7:45:b6:4e:c8:ca:bf:2a:90:0a:92:02:7c:f8:26:77:fd:
         20:af:7c:ba:10:07:53:ba:cc:06:c1:53:3d:52:c5:db:6a:ab:
         fb:2d:aa:14:2d:e8:aa:c4:19:47:17:fd:96:18:5f:63:f1:f9:
         cc:88:57:03:88:60:5d:15:dd:42:41:a4:45:13:1c:da:6b:77:
         c2:f8:b2:d1:06:16:b0:29:b1:b6:c9:24:a4:77:0b:4f:91:f9:
         ad:60:fc:1e:60:a8:71:bf:c8:1a:57:6c:aa:e3:bb:cf:86:1d:
         f5:8f:51:e3:fb:d8:81:e4:2b:a2:5e:c4:ff:03:2a:d9:be:85:
         ec:84:41:10:07:15:a5:d1:0c:e3:a2:5d:de:f4:be:68:ef:bc:
         5b:64:b1:f0:a1:f5:ab:2c:e2:68:6b:4d:85:3d:46:98:49:a8:
         39:47:cb:2b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAWNXGV51arqqjujcyhQvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWZlMmMzMmQ0MjI1MDhmYjAzYWY0ZjdiMTc4MjczMmFkYTgzMTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg9y+xunCny5NGxdeQu7uyNHspDqz
Axm5ozbgaN2YVMuDuof2NeuHgBT7hAmjNHPbqBpS4kl3a9+YoR5Njd2qxFZMix4i
VamLV1cwZIplbnQddEgM/fACBGhrzKiUSIRLuPyQoT7J2TF1GAjFg+uO87v8eMV1
ZD4tH//XuRD0lFJk2FaRktOstK/GSUco6VqINq5qWvxdtQ63qGH0iyUv3Tdda7FD
5J/0OqHCYHU862AIzerLA3v4P3+JwDsGZQxI49XUCNgG83DsKVsrzYg02qRMIUjs
A6w9ZadRhxbXL37x9PbgCY+e2t3F/OhMBO3ZPeZoYRX4P7Exbsk2TZbP9wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHH+LDLUIlCPsDr097F4JzKtqDE6MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvY2Y0c010UWlVSS13T3ZUM3NYZ25NcTJvTVRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQeg
MA0GCSqGSIb3DQEBCwUAA4IBAQAU4ChS0tDXFgmu6AbG28Vm5rRxRLRNZondRTzj
m4EySramYzpriNNV03NFyLTVGBJa7734ayi7jxu9dzXPPp3aDMUaxo0yjIISa0Us
e+cmTMhAToRUr9oK9XzP90W2TsjKvyqQCpICfPgmd/0gr3y6EAdTuswGwVM9UsXb
aqv7LaoULeiqxBlHF/2WGF9j8fnMiFcDiGBdFd1CQaRFExzaa3fC+LLRBhawKbG2
ySSkdwtPkfmtYPweYKhxv8gaV2yq47vPhh31j1Hj+9iB5CuiXsT/AyrZvoXshEEQ
BxWl0Qzjol3e9L5o77xbZLHwofWrLOJoa02FPUaYSag5R8sr
-----END CERTIFICATE-----