Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/fE1F4iCVr-BCDlA2jvtPchtRleY.roa
File:                     fE1F4iCVr-BCDlA2jvtPchtRleY.roa (raw, json)
Hash identifier:          HBshkp4kzIPRuvJG8KHWTxa+5cqtrjGTkXp9ekKsnhw=
Subject key identifier:   7C:4D:45:E2:20:95:AF:E0:42:0E:50:36:8E:FB:4F:72:1B:51:95:E6
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8017E06D5591B49F02A15C192991C16
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/fE1F4iCVr-BCDlA2jvtPchtRleY.roa
Signing time:             Tue 02 Jan 2024 02:29:50 +0000
ROA not before:           Tue 02 Jan 2024 02:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212832
IP address blocks:        2a0c:b641:5f0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:7e:06:d5:59:1b:49:f0:2a:15:c1:92:99:1c:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c4d45e22095afe0420e50368efb4f721b5195e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:4e:3f:22:15:49:25:76:03:e6:44:79:92:58:
                    e0:0a:6c:f3:1a:99:45:97:b6:8f:56:c0:00:d5:68:
                    16:64:1d:4d:6e:11:76:d0:97:bd:40:b4:54:d0:52:
                    76:76:e6:e3:30:40:85:8c:78:f0:67:b2:6b:25:8b:
                    b2:ef:55:d4:f6:dd:ab:9e:4c:1e:76:bf:cc:6f:65:
                    5e:18:89:b7:da:8c:86:05:f9:30:85:db:d8:e4:0a:
                    db:ef:18:8e:4e:f9:6d:e8:77:09:ef:24:87:07:f1:
                    90:97:00:5b:85:3b:88:82:70:6e:4c:ed:5a:c0:aa:
                    5c:4e:19:5f:1c:84:1e:a9:d8:59:39:d8:79:22:e1:
                    46:8b:c1:7b:89:75:e2:64:27:5d:e3:19:b3:d5:3a:
                    e0:0d:f7:51:ea:fe:04:99:9f:71:d7:d3:77:71:7f:
                    34:c8:5c:ec:9b:a9:9a:05:d6:ee:94:24:97:03:10:
                    ab:b8:46:5e:c5:d2:87:a2:c9:21:a2:ac:39:00:e7:
                    60:2d:fa:65:b3:ae:0c:91:50:52:aa:c8:29:2e:ad:
                    11:86:d2:a2:ae:9a:3f:07:b1:6b:fe:36:3a:29:36:
                    2d:41:97:66:e5:07:49:78:19:f4:30:01:43:4c:da:
                    0c:9f:df:c0:16:ca:45:01:f1:2f:48:f5:ce:ae:0f:
                    4a:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:4D:45:E2:20:95:AF:E0:42:0E:50:36:8E:FB:4F:72:1B:51:95:E6
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/fE1F4iCVr-BCDlA2jvtPchtRleY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:5f0::/44

    Signature Algorithm: sha256WithRSAEncryption
         83:f5:85:ad:e2:10:59:29:8e:e5:38:16:9f:26:c3:68:0e:e6:
         bb:df:68:1d:5d:68:84:78:09:cc:26:96:fa:74:ba:dd:a4:dc:
         e7:12:7d:54:ca:cd:57:bd:cc:e6:41:d3:03:bd:38:bc:7b:77:
         c2:db:6d:9d:10:ae:e8:07:95:0d:9b:5f:ee:44:39:ad:14:66:
         25:bb:b9:56:fa:e7:1d:2b:18:dc:b6:7e:60:26:41:04:65:50:
         72:99:6e:78:9d:60:51:30:14:15:0d:a6:23:5b:a0:aa:ac:0e:
         53:3b:6f:fb:d1:c2:7c:ed:bc:87:20:3b:64:f2:e1:46:82:c5:
         a0:09:03:8f:e2:37:d0:b5:7e:26:cd:f4:87:22:42:eb:d0:e4:
         4f:79:53:ec:a0:15:4b:e2:41:b3:05:cb:6f:d1:14:16:b6:59:
         bb:c3:83:40:96:01:db:bb:7c:cb:7f:72:f0:13:cf:c7:49:f6:
         da:e5:94:2a:57:03:37:0b:d1:ce:94:40:d9:15:55:ad:e5:bb:
         68:99:0d:ec:22:01:b0:6d:d3:82:f1:9d:59:37:11:46:db:d4:
         05:7d:9d:cd:2d:0d:90:5f:e4:61:3b:db:e7:7a:a5:66:57:7d:
         af:b1:9b:1f:d9:fc:2e:25:b8:8a:e9:0d:4b:28:cd:f7:ac:58:
         04:96:ec:4e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAX4G1VkbSfAqFcGSmRwWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzRkNDVlMjIwOTVhZmUwNDIwZTUwMzY4ZWZiNGY3MjFiNTE5NWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjU4/IhVJJXYD5kR5kljgCmzzGplF
l7aPVsAA1WgWZB1NbhF20Je9QLRU0FJ2dubjMECFjHjwZ7JrJYuy71XU9t2rnkwe
dr/Mb2VeGIm32oyGBfkwhdvY5Arb7xiOTvlt6HcJ7ySHB/GQlwBbhTuIgnBuTO1a
wKpcThlfHIQeqdhZOdh5IuFGi8F7iXXiZCdd4xmz1TrgDfdR6v4EmZ9x19N3cX80
yFzsm6maBdbulCSXAxCruEZexdKHoskhoqw5AOdgLfpls64MkVBSqsgpLq0RhtKi
rpo/B7Fr/jY6KTYtQZdm5QdJeBn0MAFDTNoMn9/AFspFAfEvSPXOrg9K+QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHxNReIgla/gQg5QNo77T3IbUZXmMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvZkUxRjRpQ1ZyLUJDRGxBMmp2dFBjaHRSbGVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQXw
MA0GCSqGSIb3DQEBCwUAA4IBAQCD9YWt4hBZKY7lOBafJsNoDua732gdXWiEeAnM
Jpb6dLrdpNznEn1Uys1XvczmQdMDvTi8e3fC222dEK7oB5UNm1/uRDmtFGYlu7lW
+ucdKxjctn5gJkEEZVBymW54nWBRMBQVDaYjW6CqrA5TO2/70cJ87byHIDtk8uFG
gsWgCQOP4jfQtX4mzfSHIkLr0ORPeVPsoBVL4kGzBctv0RQWtlm7w4NAlgHbu3zL
f3LwE8/HSfba5ZQqVwM3C9HOlEDZFVWt5btomQ3sIgGwbdOC8Z1ZNxFG29QFfZ3N
LQ2QX+RhO9vneqVmV32vsZsf2fwuJbiK6Q1LKM33rFgEluxO
-----END CERTIFICATE-----