Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/gFvh5kgzudmCF5tSPAI7eOa_ZMk.roa
File:                     gFvh5kgzudmCF5tSPAI7eOa_ZMk.roa (raw, json)
Hash identifier:          aTDFg8DROv4IahRlgSOX0B7YeIqGDE2zlZDjf8VHllE=
Subject key identifier:   80:5B:E1:E6:48:33:B9:D9:82:17:9B:52:3C:02:3B:78:E6:BF:64:C9
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC801732F7E6B8037C257F87BB1D99AF3
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/gFvh5kgzudmCF5tSPAI7eOa_ZMk.roa
Signing time:             Tue 02 Jan 2024 02:29:47 +0000
ROA not before:           Tue 02 Jan 2024 02:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210597
IP address blocks:        2a0c:b641:530::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:73:2f:7e:6b:80:37:c2:57:f8:7b:b1:d9:9a:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=805be1e64833b9d982179b523c023b78e6bf64c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:b3:b6:f1:78:ea:17:c6:c4:ce:bf:8e:6f:71:
                    90:d9:bb:d4:22:74:70:2d:91:ef:c5:f7:0e:de:63:
                    1d:1b:05:cd:f0:3c:9f:c6:f9:7c:a6:ff:39:9b:ee:
                    8f:e8:1d:44:77:3b:be:89:20:49:c0:ba:a9:e9:53:
                    6c:98:ba:c1:48:58:90:05:6b:d6:73:c4:a4:d9:86:
                    9e:b7:c9:af:3a:10:de:29:1a:90:0b:ad:74:6a:3e:
                    7a:30:45:97:82:c6:72:8e:b0:ac:4c:da:5c:8a:d0:
                    b2:ff:9f:90:da:a5:d7:20:15:e2:e1:f0:ca:3a:ce:
                    9c:d3:50:ad:6a:2d:22:48:80:2c:a7:40:0f:fe:13:
                    23:9f:31:f2:8e:c0:b8:ac:4f:0d:8a:8f:f9:61:30:
                    df:81:c6:73:d8:34:33:9f:e0:5c:46:c3:05:f6:08:
                    3d:3a:8a:d7:6d:f1:5a:59:18:c4:19:79:60:1a:d6:
                    b9:95:68:e1:3d:9d:4d:65:55:c9:61:66:25:ab:0d:
                    b5:a0:dc:71:43:0d:e9:59:31:5a:ba:cb:80:a1:21:
                    e5:48:a1:79:3c:1c:a1:b2:a9:1e:29:b1:00:5f:8b:
                    06:6b:23:67:3a:b7:de:8b:83:89:26:91:2c:68:a8:
                    e2:54:d7:f7:e1:da:39:ce:30:ae:45:81:59:f0:77:
                    df:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:5B:E1:E6:48:33:B9:D9:82:17:9B:52:3C:02:3B:78:E6:BF:64:C9
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/gFvh5kgzudmCF5tSPAI7eOa_ZMk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:530::/44

    Signature Algorithm: sha256WithRSAEncryption
         83:40:9a:ce:71:65:a8:f9:f5:8a:05:10:70:59:3a:63:9b:42:
         b2:c7:a1:49:d8:14:ee:36:ac:c6:39:09:e1:2a:0d:1c:47:6e:
         6c:5f:32:38:db:80:de:da:60:8c:2c:3c:ab:10:a7:2c:38:de:
         28:33:27:a2:a2:d4:70:99:b9:62:65:39:e1:ff:7d:1d:4d:f7:
         f4:27:c1:8c:3e:bc:11:0d:c3:8a:40:f4:2b:45:c2:ff:63:58:
         71:97:a1:aa:b8:8a:c5:92:11:b0:36:ce:83:9a:46:ed:52:6c:
         a6:09:5d:2b:2d:a5:d0:b8:2d:e9:83:60:9a:07:37:ef:32:7b:
         9d:06:f9:88:74:34:f7:15:57:01:b4:6a:2a:99:89:2f:8e:48:
         3b:8c:ae:a5:03:e1:3d:d3:5e:86:ca:eb:10:fb:4c:38:38:c7:
         b8:6a:3f:40:dc:14:80:95:73:b8:88:c0:3e:f1:94:4a:50:65:
         f1:30:ef:34:8c:55:60:d6:3d:ca:2d:87:65:0b:3f:01:9d:ed:
         fc:66:fb:25:72:14:e8:de:c2:18:e6:5a:c5:db:80:b1:5b:8c:
         65:92:1e:3a:3c:cd:c0:43:1a:80:ab:e2:73:6c:50:f4:c8:c1:
         6b:b8:63:58:eb:e2:01:e2:31:f0:bd:c8:16:4c:ab:12:b3:86:
         9d:55:26:77
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAXMvfmuAN8JX+Hux2ZrzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDViZTFlNjQ4MzNiOWQ5ODIxNzliNTIzYzAyM2I3OGU2YmY2NGM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnbO28XjqF8bEzr+Ob3GQ2bvUInRw
LZHvxfcO3mMdGwXN8Dyfxvl8pv85m+6P6B1Edzu+iSBJwLqp6VNsmLrBSFiQBWvW
c8Sk2Yaet8mvOhDeKRqQC610aj56MEWXgsZyjrCsTNpcitCy/5+Q2qXXIBXi4fDK
Os6c01Ctai0iSIAsp0AP/hMjnzHyjsC4rE8Nio/5YTDfgcZz2DQzn+BcRsMF9gg9
OorXbfFaWRjEGXlgGta5lWjhPZ1NZVXJYWYlqw21oNxxQw3pWTFausuAoSHlSKF5
PByhsqkeKbEAX4sGayNnOrfei4OJJpEsaKjiVNf34do5zjCuRYFZ8HffkwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIBb4eZIM7nZghebUjwCO3jmv2TJMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvZ0Z2aDVrZ3p1ZG1DRjV0U1BBSTdlT2FfWk1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQUw
MA0GCSqGSIb3DQEBCwUAA4IBAQCDQJrOcWWo+fWKBRBwWTpjm0Kyx6FJ2BTuNqzG
OQnhKg0cR25sXzI424De2mCMLDyrEKcsON4oMyeiotRwmbliZTnh/30dTff0J8GM
PrwRDcOKQPQrRcL/Y1hxl6GquIrFkhGwNs6DmkbtUmymCV0rLaXQuC3pg2CaBzfv
MnudBvmIdDT3FVcBtGoqmYkvjkg7jK6lA+E9016GyusQ+0w4OMe4aj9A3BSAlXO4
iMA+8ZRKUGXxMO80jFVg1j3KLYdlCz8Bne38ZvslchTo3sIY5lrF24CxW4xlkh46
PM3AQxqAq+JzbFD0yMFruGNY6+IB4jHwvcgWTKsSs4adVSZ3
-----END CERTIFICATE-----