Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/eCaSLRSR22sPC7tL2SFkg4fci_g.roa
File:                     eCaSLRSR22sPC7tL2SFkg4fci_g.roa (raw, json)
Hash identifier:          +XqxhP7IpA24RVyRudOwuwK9HRfUYZlxQyD+ZRNJFxk=
Subject key identifier:   78:26:92:2D:14:91:DB:6B:0F:0B:BB:4B:D9:21:64:83:87:DC:8B:F8
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC801779ED97D3BF9D148535DAE75F03F
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/eCaSLRSR22sPC7tL2SFkg4fci_g.roa
Signing time:             Tue 02 Jan 2024 02:29:48 +0000
ROA not before:           Tue 02 Jan 2024 02:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211364
IP address blocks:        2a0c:b641:170::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:77:9e:d9:7d:3b:f9:d1:48:53:5d:ae:75:f0:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7826922d1491db6b0f0bbb4bd921648387dc8bf8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:33:68:0d:eb:09:65:03:8e:9f:5e:e5:9d:76:
                    53:12:bf:23:dd:f9:12:46:ad:0b:5e:58:97:0c:95:
                    d3:6a:6b:01:e0:cc:37:a1:b6:ef:d6:a3:8b:d6:fd:
                    89:3f:4c:b3:65:b7:d5:e8:35:56:db:97:2f:e9:ba:
                    31:5b:f8:ee:2a:6a:99:2b:49:6f:d6:61:b3:2a:25:
                    e4:15:80:e3:bf:0d:ad:29:d4:3f:37:ae:93:5b:fa:
                    b1:99:28:94:67:2e:8f:14:0d:f4:66:3f:46:e1:1f:
                    31:ab:dd:e2:dc:6e:e7:cc:65:be:96:bf:ff:59:02:
                    cd:b1:4d:38:68:3a:5c:99:3f:18:b8:fe:4d:c1:b8:
                    36:6f:23:40:5b:24:21:3a:e8:92:9d:8e:19:1b:04:
                    0d:a2:f5:80:6f:55:dc:a1:ef:d0:78:1d:c6:15:62:
                    9c:e1:5c:c8:25:a1:e3:76:06:d5:c0:58:59:01:1c:
                    86:0e:bf:1a:bb:3e:43:46:c1:85:ce:1b:3d:53:e9:
                    19:c0:0a:84:2d:05:0a:8f:12:18:67:f7:10:70:4b:
                    6d:27:d9:da:68:27:6b:fc:b3:d4:37:28:57:a3:d1:
                    2d:fc:f5:e7:0f:15:5e:d2:c7:f3:d9:42:83:7c:7f:
                    80:d5:10:4b:7e:1c:4b:af:cd:c9:8b:d1:56:1d:28:
                    bf:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:26:92:2D:14:91:DB:6B:0F:0B:BB:4B:D9:21:64:83:87:DC:8B:F8
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/eCaSLRSR22sPC7tL2SFkg4fci_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:170::/44

    Signature Algorithm: sha256WithRSAEncryption
         1e:d0:5b:d3:20:32:41:30:76:d0:fd:ef:6b:c4:5f:1b:d9:d5:
         5d:18:9b:08:e8:6f:0a:99:ab:38:81:40:42:9d:f4:e0:8b:f1:
         4a:31:1e:e5:40:3f:e8:f7:5d:75:41:93:f6:01:ca:e1:6f:09:
         b0:99:c4:be:f2:4e:33:08:fc:68:76:fc:00:3f:9a:73:44:19:
         29:74:b9:ff:72:d7:34:77:e5:c4:c3:e4:88:fd:98:b9:4b:1b:
         90:76:65:a6:b1:61:9b:32:6f:98:5d:56:a9:61:47:0e:5b:d1:
         ff:70:69:db:28:be:3a:1c:f3:16:20:99:f5:f9:63:de:42:ce:
         60:3c:eb:c6:20:26:59:f5:1b:cc:fd:f1:d5:f7:be:00:77:5c:
         58:69:40:8f:67:06:43:57:2c:b5:b8:4b:50:5e:e1:e6:af:c6:
         74:63:4c:19:06:8a:e4:0d:7a:9a:66:70:c6:b2:97:4f:6d:74:
         ad:e3:c0:6e:9d:85:89:5f:16:67:bd:82:96:3d:e2:b8:7e:43:
         46:d0:20:39:83:cf:14:9d:79:1c:91:44:4a:e3:32:de:e8:f5:
         93:2f:26:e9:1a:e7:26:4c:97:bc:ac:d9:5b:66:12:3d:0d:a3:
         e8:fc:4c:4c:98:2a:42:5c:f9:69:ef:5a:79:b3:b0:ee:d3:98:
         a4:6e:d4:a5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAXee2X07+dFIU12udfA/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODI2OTIyZDE0OTFkYjZiMGYwYmJiNGJkOTIxNjQ4Mzg3ZGM4YmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArDNoDesJZQOOn17lnXZTEr8j3fkS
Rq0LXliXDJXTamsB4Mw3obbv1qOL1v2JP0yzZbfV6DVW25cv6boxW/juKmqZK0lv
1mGzKiXkFYDjvw2tKdQ/N66TW/qxmSiUZy6PFA30Zj9G4R8xq93i3G7nzGW+lr//
WQLNsU04aDpcmT8YuP5Nwbg2byNAWyQhOuiSnY4ZGwQNovWAb1Xcoe/QeB3GFWKc
4VzIJaHjdgbVwFhZARyGDr8auz5DRsGFzhs9U+kZwAqELQUKjxIYZ/cQcEttJ9na
aCdr/LPUNyhXo9Et/PXnDxVe0sfz2UKDfH+A1RBLfhxLr83Ji9FWHSi/IwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHgmki0UkdtrDwu7S9khZIOH3Iv4MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvZUNhU0xSU1IyMnNQQzd0TDJTRmtnNGZjaV9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQFw
MA0GCSqGSIb3DQEBCwUAA4IBAQAe0FvTIDJBMHbQ/e9rxF8b2dVdGJsI6G8Kmas4
gUBCnfTgi/FKMR7lQD/o9111QZP2AcrhbwmwmcS+8k4zCPxodvwAP5pzRBkpdLn/
ctc0d+XEw+SI/Zi5SxuQdmWmsWGbMm+YXVapYUcOW9H/cGnbKL46HPMWIJn1+WPe
Qs5gPOvGICZZ9RvM/fHV974Ad1xYaUCPZwZDVyy1uEtQXuHmr8Z0Y0wZBorkDXqa
ZnDGspdPbXSt48BunYWJXxZnvYKWPeK4fkNG0CA5g88UnXkckURK4zLe6PWTLybp
GucmTJe8rNlbZhI9DaPo/ExMmCpCXPlp71p5s7Du05ikbtSl
-----END CERTIFICATE-----