Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/dizFY_ZnrsVq9qngPZ99acXDUCw.roa
File:                     dizFY_ZnrsVq9qngPZ99acXDUCw.roa (raw, json)
Hash identifier:          VZ5UcKNvRFmnY6fQlNJJLv1lPWjuGU/+aRTGSiAcpY4=
Subject key identifier:   76:2C:C5:63:F6:67:AE:C5:6A:F6:A9:E0:3D:9F:7D:69:C5:C3:50:2C
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018D747DC811CCAA7109EA4CF6E295E7AF6B
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/dizFY_ZnrsVq9qngPZ99acXDUCw.roa
Signing time:             Sun 04 Feb 2024 14:20:16 +0000
ROA not before:           Sun 04 Feb 2024 14:20:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210233
IP address blocks:        2a0c:b641:870::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:74:7d:c8:11:cc:aa:71:09:ea:4c:f6:e2:95:e7:af:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Feb  4 14:20:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=762cc563f667aec56af6a9e03d9f7d69c5c3502c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:2e:c2:10:8a:1a:62:5f:3b:c2:f5:36:b0:74:
                    ce:1f:cd:f5:1c:20:55:76:e7:9f:0d:ac:6e:96:ad:
                    8a:53:7d:ac:f9:64:cc:99:03:d8:4e:80:23:f1:30:
                    d5:84:c7:7f:68:53:d3:7e:c8:8b:08:f2:bd:1d:0e:
                    f2:ce:46:b2:5d:4a:05:3c:e1:4b:98:d9:4e:64:1c:
                    59:9e:20:68:c6:c9:37:94:ba:e7:f9:db:a8:33:67:
                    81:88:0d:b5:c6:8f:bc:24:62:82:0a:42:cf:37:36:
                    d5:b6:f5:e4:b1:88:d7:3e:4f:f6:15:f1:fd:f0:d5:
                    f2:0a:d7:9b:df:36:b0:a7:71:c9:5d:8a:7a:39:1b:
                    f8:53:32:05:8a:69:27:6e:21:51:ea:98:20:8f:f9:
                    60:63:d2:7a:1f:9d:29:1a:6c:93:e2:32:7a:10:a6:
                    f0:ba:77:f3:02:2f:03:ce:92:07:bb:50:4a:f1:84:
                    b2:22:4f:b2:b8:d7:bb:0a:6f:fa:cf:85:20:e4:e0:
                    c4:b1:e9:14:ce:b7:84:5c:09:45:b9:9f:53:3f:d5:
                    62:86:54:b4:9f:ea:f8:1a:74:0c:9c:6e:c5:fa:15:
                    32:c9:dd:fa:0a:f3:3f:ad:66:f1:6e:b6:37:86:de:
                    85:26:c6:78:55:70:bc:1e:86:d5:24:ff:bb:f2:46:
                    19:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:2C:C5:63:F6:67:AE:C5:6A:F6:A9:E0:3D:9F:7D:69:C5:C3:50:2C
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/dizFY_ZnrsVq9qngPZ99acXDUCw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:870::/44

    Signature Algorithm: sha256WithRSAEncryption
         5c:4c:84:9d:ce:66:0f:c2:f8:4e:3d:60:db:75:86:3f:bf:74:
         90:b8:e3:b8:fd:9c:05:f2:53:c9:35:60:75:63:6b:b2:39:82:
         ec:6d:c6:9c:24:3e:38:a6:4e:75:a1:27:98:67:01:51:0e:c0:
         46:3e:83:7c:d8:d7:38:2c:a4:2d:22:be:2a:8e:0f:09:24:16:
         b5:fd:47:2a:5d:5b:37:f1:d9:f3:dc:58:84:62:ec:bb:56:73:
         e7:f6:06:59:ea:aa:91:d5:ac:ea:d2:25:52:38:8d:16:2f:54:
         5a:06:17:57:ef:24:90:d3:2c:09:10:96:6a:bb:02:ab:69:13:
         d8:97:43:3a:e4:b6:9c:b3:c5:4f:5e:62:d6:bf:28:d4:9b:c2:
         67:7b:b9:24:f2:ea:09:3e:c5:29:67:90:01:8f:b5:f0:51:cb:
         bc:9a:20:06:40:77:c6:b7:21:e2:83:08:5d:8d:f7:de:b7:ff:
         77:cb:87:a5:7d:b6:60:f6:ff:f6:80:d9:27:eb:54:c8:60:eb:
         8b:4b:02:81:77:40:05:a7:6f:f9:8b:b3:4d:ff:b3:84:3f:31:
         39:e4:a8:a6:72:9d:30:c7:78:58:95:7c:62:2c:59:0a:c5:f9:
         7e:3d:4c:86:41:0f:ea:ab:27:0f:b0:7d:39:a0:21:aa:fc:3f:
         82:83:9e:b6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY10fcgRzKpxCepM9uKV569rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMjA0MTQyMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjJjYzU2M2Y2NjdhZWM1NmFmNmE5ZTAzZDlmN2Q2OWM1YzM1MDJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9C7CEIoaYl87wvU2sHTOH831HCBV
duefDaxulq2KU32s+WTMmQPYToAj8TDVhMd/aFPTfsiLCPK9HQ7yzkayXUoFPOFL
mNlOZBxZniBoxsk3lLrn+duoM2eBiA21xo+8JGKCCkLPNzbVtvXksYjXPk/2FfH9
8NXyCteb3zawp3HJXYp6ORv4UzIFimknbiFR6pggj/lgY9J6H50pGmyT4jJ6EKbw
unfzAi8DzpIHu1BK8YSyIk+yuNe7Cm/6z4Ug5ODEsekUzreEXAlFuZ9TP9VihlS0
n+r4GnQMnG7F+hUyyd36CvM/rWbxbrY3ht6FJsZ4VXC8HobVJP+78kYZSwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHYsxWP2Z67Favap4D2ffWnFw1AsMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvZGl6RllfWm5yc1ZxOXFuZ1BaOTlhY1hEVUN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQhw
MA0GCSqGSIb3DQEBCwUAA4IBAQBcTISdzmYPwvhOPWDbdYY/v3SQuOO4/ZwF8lPJ
NWB1Y2uyOYLsbcacJD44pk51oSeYZwFRDsBGPoN82Nc4LKQtIr4qjg8JJBa1/Ucq
XVs38dnz3FiEYuy7VnPn9gZZ6qqR1azq0iVSOI0WL1RaBhdX7ySQ0ywJEJZquwKr
aRPYl0M65Lacs8VPXmLWvyjUm8Jne7kk8uoJPsUpZ5ABj7XwUcu8miAGQHfGtyHi
gwhdjffet/93y4elfbZg9v/2gNkn61TIYOuLSwKBd0AFp2/5i7NN/7OEPzE55Kim
cp0wx3hYlXxiLFkKxfl+PUyGQQ/qqycPsH05oCGq/D+Cg562
-----END CERTIFICATE-----