Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/cpsjOtRVQ23i3VEcwDmir0eMYBo.roa
File:                     cpsjOtRVQ23i3VEcwDmir0eMYBo.roa (raw, json)
Hash identifier:          mXc5fx/5aZWWspyMjZKcif2w+x33+6bhgBMwOXECBHU=
Subject key identifier:   72:9B:23:3A:D4:55:43:6D:E2:DD:51:1C:C0:39:A2:AF:47:8C:60:1A
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC80154175FC108753F611C71118C7743
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/cpsjOtRVQ23i3VEcwDmir0eMYBo.roa
Signing time:             Tue 02 Jan 2024 02:29:39 +0000
ROA not before:           Tue 02 Jan 2024 02:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198587
IP address blocks:        2a0c:b641:a20::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:54:17:5f:c1:08:75:3f:61:1c:71:11:8c:77:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=729b233ad455436de2dd511cc039a2af478c601a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:94:39:cc:6d:2d:2d:47:80:7a:0b:16:69:36:
                    b5:34:e1:56:10:84:06:37:a3:58:ba:fe:ec:01:04:
                    ba:0b:72:3d:68:5f:3e:d1:89:85:40:c8:7e:77:20:
                    68:b8:2a:51:8b:e5:01:10:0b:1e:bb:1b:19:82:de:
                    fe:58:e1:98:ae:04:e3:7e:1c:2d:d9:60:6a:9c:61:
                    63:0d:76:42:36:1d:05:f0:58:15:02:27:00:80:fe:
                    d1:3d:1d:d9:57:20:6c:9d:01:f6:5b:2c:79:af:30:
                    38:f8:68:df:5e:61:4b:74:c1:20:10:05:5b:31:43:
                    7d:d1:73:22:25:32:52:73:f8:86:5a:d3:63:8c:9d:
                    e0:41:26:ba:8c:f6:81:1c:3c:b6:71:94:5f:c1:b1:
                    6c:06:34:9b:0e:70:ea:8b:3b:91:7a:bb:38:26:ba:
                    2f:39:1d:f3:90:cd:d0:d7:35:46:68:81:74:09:7e:
                    a9:22:e7:da:bd:53:6a:48:99:f4:c1:ab:1a:4e:aa:
                    1d:64:67:95:2c:51:49:2d:76:b1:56:84:ab:c4:13:
                    32:23:e0:54:6c:25:4d:2d:f6:50:ab:27:3c:77:ad:
                    44:34:4a:b9:a9:12:f9:d7:a1:fb:8e:ed:6a:78:ee:
                    5f:0f:6c:4c:d8:89:bf:d6:18:d3:4b:7b:f7:ed:48:
                    d6:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:9B:23:3A:D4:55:43:6D:E2:DD:51:1C:C0:39:A2:AF:47:8C:60:1A
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/cpsjOtRVQ23i3VEcwDmir0eMYBo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:a20::/44

    Signature Algorithm: sha256WithRSAEncryption
         1a:ed:7d:e4:db:5d:1d:fb:97:f2:9e:da:61:ca:e2:4d:8b:0a:
         fd:d2:0c:da:ac:89:d1:bf:93:b5:52:9c:68:dd:06:27:19:13:
         2a:3e:26:0d:e7:a2:d3:ea:b2:fb:be:4c:12:aa:90:2b:c2:3e:
         20:d5:1a:ef:e5:3b:22:9b:4f:4b:e5:19:3e:de:3e:2f:86:be:
         b4:8f:f4:1b:49:fe:d7:58:60:d2:c0:3d:af:d8:a7:2b:3d:3a:
         2f:da:84:57:a1:f0:1b:74:bd:46:f8:40:72:76:8e:4c:68:dd:
         54:53:57:3d:38:19:5a:52:73:e0:3e:da:33:30:59:3a:8d:c3:
         55:c5:1c:cd:f0:d4:da:7e:10:44:1a:2e:8a:5f:08:b0:02:ea:
         d8:b1:2e:38:2a:f6:1a:05:57:6e:ec:3b:f5:7d:52:0f:dc:6f:
         c8:bd:c2:b9:6e:b3:95:24:24:bc:e4:7e:61:af:8e:74:46:ac:
         4a:21:af:c3:ec:42:84:b1:22:52:0f:05:c7:f5:f6:13:1e:e6:
         88:0e:09:ee:24:05:46:be:c8:51:98:ab:82:9e:42:68:de:09:
         31:82:7f:58:0d:0f:d6:64:7a:fc:15:5b:7b:4a:17:aa:a3:c3:
         2a:c6:4e:e1:2e:5e:d3:ab:53:b7:c1:4a:01:1f:7f:a7:f9:27:
         65:6f:4c:b1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAVQXX8EIdT9hHHERjHdDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjliMjMzYWQ0NTU0MzZkZTJkZDUxMWNjMDM5YTJhZjQ3OGM2MDFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhpQ5zG0tLUeAegsWaTa1NOFWEIQG
N6NYuv7sAQS6C3I9aF8+0YmFQMh+dyBouCpRi+UBEAseuxsZgt7+WOGYrgTjfhwt
2WBqnGFjDXZCNh0F8FgVAicAgP7RPR3ZVyBsnQH2Wyx5rzA4+GjfXmFLdMEgEAVb
MUN90XMiJTJSc/iGWtNjjJ3gQSa6jPaBHDy2cZRfwbFsBjSbDnDqizuRers4Jrov
OR3zkM3Q1zVGaIF0CX6pIufavVNqSJn0wasaTqodZGeVLFFJLXaxVoSrxBMyI+BU
bCVNLfZQqyc8d61ENEq5qRL516H7ju1qeO5fD2xM2Im/1hjTS3v37UjWFwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHKbIzrUVUNt4t1RHMA5oq9HjGAaMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvY3Bzak90UlZRMjNpM1ZFY3dEbWlyMGVNWUJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQog
MA0GCSqGSIb3DQEBCwUAA4IBAQAa7X3k210d+5fyntphyuJNiwr90gzarInRv5O1
Upxo3QYnGRMqPiYN56LT6rL7vkwSqpArwj4g1Rrv5Tsim09L5Rk+3j4vhr60j/Qb
Sf7XWGDSwD2v2KcrPTov2oRXofAbdL1G+EBydo5MaN1UU1c9OBlaUnPgPtozMFk6
jcNVxRzN8NTafhBEGi6KXwiwAurYsS44KvYaBVdu7Dv1fVIP3G/IvcK5brOVJCS8
5H5hr450RqxKIa/D7EKEsSJSDwXH9fYTHuaIDgnuJAVGvshRmKuCnkJo3gkxgn9Y
DQ/WZHr8FVt7Sheqo8Mqxk7hLl7Tq1O3wUoBH3+n+Sdlb0yx
-----END CERTIFICATE-----