Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/gAs2BfNp_tRUW-X0r190vrQxOnQ.roa
File:                     gAs2BfNp_tRUW-X0r190vrQxOnQ.roa (raw, json)
Hash identifier:          zDWbEFgOwBcus0TTKjX/C+h0ajOS/+4D1Wd30hOrJvg=
Subject key identifier:   80:0B:36:05:F3:69:FE:D4:54:5B:E5:F4:AF:5F:74:BE:B4:31:3A:74
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8014A8354B66ABC07623314862C4794
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/gAs2BfNp_tRUW-X0r190vrQxOnQ.roa
Signing time:             Tue 02 Jan 2024 02:29:36 +0000
ROA not before:           Tue 02 Jan 2024 02:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39792
IP address blocks:        2a0c:b641:1c0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:4a:83:54:b6:6a:bc:07:62:33:14:86:2c:47:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=800b3605f369fed4545be5f4af5f74beb4313a74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:fd:1e:bf:8d:f3:5d:af:f0:d7:9a:e6:45:32:
                    e4:8f:8c:0d:aa:95:24:55:8b:c0:04:a5:d7:0d:5a:
                    3e:a7:81:06:3a:2d:41:78:d1:f2:96:5a:4e:cb:a4:
                    1e:0d:e3:2a:05:c0:2a:4f:24:e9:77:cb:dd:42:f8:
                    e4:32:3c:bd:60:e4:68:b4:7a:ec:88:77:c5:5a:88:
                    2e:51:ed:2f:a1:2b:49:82:eb:85:e3:9b:d4:35:34:
                    2f:6e:ce:b1:0e:19:db:da:c2:bb:3e:44:d9:9c:55:
                    41:6d:bd:9c:89:ef:ef:ec:f5:62:6c:e1:05:ce:6d:
                    a3:a9:70:a2:c2:d6:1b:05:9c:8f:e7:c2:21:e5:74:
                    63:86:80:f6:1e:18:08:85:7b:a6:04:5c:da:a0:4d:
                    d0:59:f5:be:2b:86:b2:a8:19:17:de:76:2a:a4:39:
                    ce:77:4a:5c:7a:17:5a:6f:0f:e8:a0:77:03:cd:95:
                    29:f7:38:70:49:26:9c:7d:97:9f:19:04:5f:12:81:
                    44:35:e8:33:c2:87:1f:b7:96:c6:84:33:19:48:dd:
                    98:6d:52:d8:6f:54:ee:f3:61:98:a3:b7:94:82:20:
                    9e:6b:94:e4:a7:a5:82:cf:dc:31:6c:98:cc:87:4f:
                    4a:4e:78:ea:c2:8a:4c:7f:ef:b2:9c:93:b0:3d:53:
                    7a:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:0B:36:05:F3:69:FE:D4:54:5B:E5:F4:AF:5F:74:BE:B4:31:3A:74
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/gAs2BfNp_tRUW-X0r190vrQxOnQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:1c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         7c:87:60:d9:45:6a:b9:5c:8d:5b:e5:1c:38:a3:4b:5d:67:a7:
         12:78:1e:0d:26:88:b7:46:1e:b8:16:0f:55:fc:79:58:61:2e:
         99:ca:61:ae:de:40:91:00:f6:07:c1:1f:16:53:70:d6:f0:9d:
         d1:66:e0:bc:1d:df:42:78:05:08:a4:c2:34:08:ec:61:1a:e0:
         8f:3d:25:7c:91:5b:01:cc:5b:9d:c5:30:1e:ec:71:65:b4:41:
         88:0a:45:ae:c5:fd:fd:67:21:8e:e9:c1:41:9f:16:88:5a:db:
         69:c3:6f:7d:d5:9e:bc:a8:1d:b5:e7:30:f5:e2:3a:c4:3d:fe:
         03:b8:fd:b6:8e:17:a7:03:fb:41:68:e9:9c:c8:b9:37:0d:1d:
         86:3b:0f:92:55:6e:88:16:d0:c1:9b:ad:74:e9:52:e8:2b:8d:
         c6:53:9c:b8:2a:3b:d6:bb:28:9f:e3:bf:74:2a:b0:ad:4c:77:
         81:16:d4:33:ae:e8:a0:b6:a9:ac:04:18:03:60:c4:62:59:46:
         05:3c:b7:48:74:5c:4b:b8:ad:2f:f6:49:3c:a6:8a:90:39:df:
         bb:4c:0b:48:5c:66:fc:de:07:08:cf:7b:32:c6:95:81:8a:e3:
         fa:bf:55:96:7a:9f:be:72:47:a2:8c:16:10:48:97:4b:79:f0:
         3c:6c:c1:2d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAUqDVLZqvAdiMxSGLEeUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDBiMzYwNWYzNjlmZWQ0NTQ1YmU1ZjRhZjVmNzRiZWI0MzEzYTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkf0ev43zXa/w15rmRTLkj4wNqpUk
VYvABKXXDVo+p4EGOi1BeNHyllpOy6QeDeMqBcAqTyTpd8vdQvjkMjy9YORotHrs
iHfFWoguUe0voStJguuF45vUNTQvbs6xDhnb2sK7PkTZnFVBbb2cie/v7PVibOEF
zm2jqXCiwtYbBZyP58Ih5XRjhoD2HhgIhXumBFzaoE3QWfW+K4ayqBkX3nYqpDnO
d0pcehdabw/ooHcDzZUp9zhwSSacfZefGQRfEoFENegzwocft5bGhDMZSN2YbVLY
b1Tu82GYo7eUgiCea5Tkp6WCz9wxbJjMh09KTnjqwopMf++ynJOwPVN6MwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIALNgXzaf7UVFvl9K9fdL60MTp0MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvZ0FzMkJmTnBfdFJVVy1YMHIxOTB2clF4T25RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQHA
MA0GCSqGSIb3DQEBCwUAA4IBAQB8h2DZRWq5XI1b5Rw4o0tdZ6cSeB4NJoi3Rh64
Fg9V/HlYYS6ZymGu3kCRAPYHwR8WU3DW8J3RZuC8Hd9CeAUIpMI0COxhGuCPPSV8
kVsBzFudxTAe7HFltEGICkWuxf39ZyGO6cFBnxaIWttpw2991Z68qB215zD14jrE
Pf4DuP22jhenA/tBaOmcyLk3DR2GOw+SVW6IFtDBm6106VLoK43GU5y4KjvWuyif
4790KrCtTHeBFtQzruigtqmsBBgDYMRiWUYFPLdIdFxLuK0v9kk8poqQOd+7TAtI
XGb83gcIz3syxpWBiuP6v1WWep++ckeijBYQSJdLefA8bMEt
-----END CERTIFICATE-----