Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/eDjdZYfX-Mqw2Lt6pnF7h_tn1oo.roa
File:                     eDjdZYfX-Mqw2Lt6pnF7h_tn1oo.roa (raw, json)
Hash identifier:          MSwXETyKKYgTAVGhi50pI5yiqT1VAvx3bXhDizBZ4Bg=
Subject key identifier:   78:38:DD:65:87:D7:F8:CA:B0:D8:BB:7A:A6:71:7B:87:FB:67:D6:8A
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC80145FD4F98994C75A3083FF2349504
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/eDjdZYfX-Mqw2Lt6pnF7h_tn1oo.roa
Signing time:             Tue 02 Jan 2024 02:29:35 +0000
ROA not before:           Tue 02 Jan 2024 02:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13830
IP address blocks:        2a0c:b642:1a02::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:45:fd:4f:98:99:4c:75:a3:08:3f:f2:34:95:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7838dd6587d7f8cab0d8bb7aa6717b87fb67d68a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:15:9d:fa:d3:26:81:49:b9:4e:37:03:9a:21:
                    80:02:61:b7:72:87:bb:7f:c5:6b:87:5d:d5:f7:6a:
                    eb:5b:f4:8f:8e:54:9c:52:2a:d1:43:a1:a2:4f:7b:
                    c7:98:99:83:c9:ea:df:0c:0d:76:d9:ac:26:ba:7b:
                    96:a3:73:52:2e:7d:54:56:2b:b6:d6:4c:65:0c:f7:
                    97:80:1b:97:d8:32:d4:a4:10:68:dd:eb:3c:98:e3:
                    75:77:6e:0e:30:6e:f5:db:bc:d7:fb:5a:ed:b8:5d:
                    a5:1f:a3:06:03:e3:8f:67:a2:b9:98:7a:9b:5c:e7:
                    75:51:4b:17:e9:b1:39:07:f2:a2:a7:9a:41:32:bc:
                    84:ef:10:85:40:92:8e:46:fd:23:06:4e:9d:7a:3b:
                    f9:73:69:8d:20:59:0d:10:fd:c3:71:3b:7c:a6:02:
                    d6:97:9f:e9:6e:d1:8e:54:08:ca:cd:a2:36:db:a5:
                    c5:e4:c2:a8:b2:5a:5f:1f:48:f9:ea:19:0b:25:44:
                    95:d1:1a:de:26:d4:40:e9:62:39:f5:04:c6:4f:a5:
                    b5:dc:88:cf:d7:b2:3b:b3:80:cc:d1:e8:5d:1f:3e:
                    26:d6:1d:42:ad:0d:51:6b:89:cc:f8:cd:b0:46:96:
                    13:ce:bb:bb:8a:ac:c3:22:99:66:68:50:f8:3a:cb:
                    7f:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:38:DD:65:87:D7:F8:CA:B0:D8:BB:7A:A6:71:7B:87:FB:67:D6:8A
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/eDjdZYfX-Mqw2Lt6pnF7h_tn1oo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b642:1a02::/48

    Signature Algorithm: sha256WithRSAEncryption
         22:35:36:c0:c6:77:23:62:e5:bd:f3:24:e6:a1:7f:1b:cc:db:
         89:e6:74:96:e8:22:aa:f4:e9:02:d2:40:57:c4:2c:3a:49:29:
         49:37:98:fb:fb:ec:d3:3e:f7:01:35:01:97:0c:33:53:b8:cd:
         ab:d4:3c:df:d0:82:7d:c3:f1:54:0e:7e:ce:c1:0d:fa:05:02:
         ca:90:45:7d:24:14:0a:6c:b3:3f:2e:84:7f:a6:1e:41:79:d2:
         3e:a2:59:24:15:f2:cc:3a:33:11:a5:4b:00:cd:b9:20:6b:e6:
         86:2a:ae:2a:82:3b:4b:e8:c8:2d:e0:11:8f:63:cc:a6:03:8d:
         9b:bd:09:ff:ee:2a:9e:a3:93:bf:5c:0c:db:62:0c:70:14:b7:
         b4:ec:b1:c8:e6:8e:16:a6:1c:1b:e7:9c:f3:a5:54:ad:88:16:
         1f:5f:49:ad:50:7e:21:de:d4:d9:d1:b3:eb:ff:77:ff:4c:3a:
         1e:f6:96:92:ad:7b:68:92:a0:90:1b:89:ea:f7:e6:ca:3e:b0:
         55:d4:2e:d7:e7:61:dc:d1:ba:c4:87:f8:e6:13:34:5f:52:2c:
         88:95:c6:6c:35:52:31:5b:28:81:1f:59:48:da:cd:d0:93:a6:
         be:30:91:0c:42:4b:89:51:70:c9:ab:b7:7b:8d:c9:14:fd:08:
         91:c5:69:6c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAUX9T5iZTHWjCD/yNJUEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODM4ZGQ2NTg3ZDdmOGNhYjBkOGJiN2FhNjcxN2I4N2ZiNjdkNjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjxWd+tMmgUm5TjcDmiGAAmG3coe7
f8Vrh13V92rrW/SPjlScUirRQ6GiT3vHmJmDyerfDA122awmunuWo3NSLn1UViu2
1kxlDPeXgBuX2DLUpBBo3es8mON1d24OMG7127zX+1rtuF2lH6MGA+OPZ6K5mHqb
XOd1UUsX6bE5B/Kip5pBMryE7xCFQJKORv0jBk6dejv5c2mNIFkNEP3DcTt8pgLW
l5/pbtGOVAjKzaI226XF5MKoslpfH0j56hkLJUSV0RreJtRA6WI59QTGT6W13IjP
17I7s4DM0ehdHz4m1h1CrQ1Ra4nM+M2wRpYTzru7iqzDIplmaFD4Ost//QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHg43WWH1/jKsNi7eqZxe4f7Z9aKMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvZURqZFpZZlgtTXF3Mkx0NnBuRjdoX3RuMW9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgy2QhoC
MA0GCSqGSIb3DQEBCwUAA4IBAQAiNTbAxncjYuW98yTmoX8bzNuJ5nSW6CKq9OkC
0kBXxCw6SSlJN5j7++zTPvcBNQGXDDNTuM2r1Dzf0IJ9w/FUDn7OwQ36BQLKkEV9
JBQKbLM/LoR/ph5BedI+olkkFfLMOjMRpUsAzbkga+aGKq4qgjtL6Mgt4BGPY8ym
A42bvQn/7iqeo5O/XAzbYgxwFLe07LHI5o4Wphwb55zzpVStiBYfX0mtUH4h3tTZ
0bPr/3f/TDoe9paSrXtokqCQG4nq9+bKPrBV1C7X52Hc0brEh/jmEzRfUiyIlcZs
NVIxWyiBH1lI2s3Qk6a+MJEMQkuJUXDJq7d7jckU/QiRxWls
-----END CERTIFICATE-----