Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/hMuH_duowQftLDfGGxB221_iOko.roa
File:                     hMuH_duowQftLDfGGxB221_iOko.roa (raw, json)
Hash identifier:          RyJrHsW1+g6YqLv7eXfHpaYTQQqdFp4R59hzlAs3i+Y=
Subject key identifier:   84:CB:87:FD:DB:A8:C1:07:ED:2C:37:C6:1B:10:76:DB:5F:E2:3A:4A
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8018667F09817F6108915C998054CA1
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/hMuH_duowQftLDfGGxB221_iOko.roa
Signing time:             Tue 02 Jan 2024 02:29:52 +0000
ROA not before:           Tue 02 Jan 2024 02:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216424
IP address blocks:        2a0c:b641:ac0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:86:67:f0:98:17:f6:10:89:15:c9:98:05:4c:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=84cb87fddba8c107ed2c37c61b1076db5fe23a4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:9d:4b:13:48:ef:00:8d:39:e3:48:c6:f8:4a:
                    ec:8e:0b:ad:0b:6d:07:24:9d:dd:b6:e5:ca:05:51:
                    63:f8:eb:18:58:6a:49:9a:1d:2e:bf:3a:47:7d:28:
                    32:92:81:7b:e6:9c:c8:b9:8c:c0:f9:f8:a4:a6:22:
                    d0:c8:22:be:55:21:18:41:19:8b:4f:66:27:77:f1:
                    4d:ba:e0:6b:ca:fe:b6:72:27:dc:37:02:0c:3b:a7:
                    01:5a:46:d4:e8:62:83:35:ea:da:0e:e9:a0:e6:0b:
                    08:e0:fe:91:8e:0f:bf:fa:c0:86:f2:7f:26:b4:af:
                    d9:68:13:79:8e:fe:83:e7:c3:5a:9a:c7:e6:49:bb:
                    aa:86:ef:f3:c6:a5:5a:b1:53:9f:a1:aa:c6:8e:86:
                    7c:1d:9f:3f:de:32:84:8a:f3:4d:9b:53:4b:e4:f6:
                    dc:48:0f:e8:e0:e0:cc:49:8f:1a:d6:6b:e8:6d:a4:
                    5f:31:81:27:c5:c8:34:37:4f:19:98:b1:42:43:fe:
                    04:f0:1b:bf:db:4a:34:6e:fb:52:a6:18:92:0c:0f:
                    3b:c8:92:3c:2b:cf:1a:13:ef:04:24:e3:b6:82:d6:
                    90:82:a0:51:14:73:77:13:e0:71:de:72:1b:af:3c:
                    53:ba:34:70:61:c5:06:ee:3e:11:77:81:ec:10:e4:
                    95:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:CB:87:FD:DB:A8:C1:07:ED:2C:37:C6:1B:10:76:DB:5F:E2:3A:4A
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/hMuH_duowQftLDfGGxB221_iOko.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:ac0::/44

    Signature Algorithm: sha256WithRSAEncryption
         3a:07:63:88:05:60:52:6c:34:8f:bd:d0:d1:b7:7c:37:e2:40:
         42:ac:e5:94:fc:37:e4:ed:44:c2:a6:c1:ef:2c:59:2d:b4:71:
         5a:2a:13:31:70:8a:43:5f:77:7a:6a:bb:6b:5c:f3:2f:a8:b4:
         8a:82:c0:06:77:c5:f6:a6:e6:53:2a:ee:1d:8d:6d:bc:2e:68:
         31:49:b4:8a:25:80:1c:dc:56:fe:b4:ac:81:22:20:54:46:00:
         9b:5c:68:c8:49:d2:c7:6e:9b:f7:df:45:e8:18:b9:1b:dc:49:
         b2:c2:7f:d2:be:a8:d8:e5:92:0b:8e:23:ae:40:97:72:5f:8b:
         92:6e:c8:69:9b:63:4c:4a:48:3d:86:1b:02:7d:62:0f:20:71:
         cb:52:82:e7:4b:5b:81:56:1a:f6:1f:76:27:4a:af:7b:79:16:
         0c:9a:53:19:99:69:dc:04:b4:26:fd:0b:d7:9e:5f:44:c3:66:
         dd:1a:0f:6e:de:e0:f7:07:da:e5:6b:e4:59:58:27:3c:b9:ad:
         de:2d:8e:d3:0b:f6:a5:43:26:8d:5b:e1:d0:f3:b6:97:d6:44:
         45:ab:be:47:af:65:17:8e:12:17:fc:ba:d2:0e:67:59:f7:ec:
         73:53:2c:39:6b:a2:ba:9c:ef:7c:f6:f0:be:ed:d0:4f:69:55:
         de:5b:05:81
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAYZn8JgX9hCJFcmYBUyhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGNiODdmZGRiYThjMTA3ZWQyYzM3YzYxYjEwNzZkYjVmZTIzYTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg51LE0jvAI0540jG+ErsjgutC20H
JJ3dtuXKBVFj+OsYWGpJmh0uvzpHfSgykoF75pzIuYzA+fikpiLQyCK+VSEYQRmL
T2Ynd/FNuuBryv62cifcNwIMO6cBWkbU6GKDNeraDumg5gsI4P6Rjg+/+sCG8n8m
tK/ZaBN5jv6D58NamsfmSbuqhu/zxqVasVOfoarGjoZ8HZ8/3jKEivNNm1NL5Pbc
SA/o4ODMSY8a1mvobaRfMYEnxcg0N08ZmLFCQ/4E8Bu/20o0bvtSphiSDA87yJI8
K88aE+8EJOO2gtaQgqBRFHN3E+Bx3nIbrzxTujRwYcUG7j4Rd4HsEOSVSwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFITLh/3bqMEH7Sw3xhsQdttf4jpKMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvaE11SF9kdW93UWZ0TERmR0d4QjIyMV9pT2tvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQrA
MA0GCSqGSIb3DQEBCwUAA4IBAQA6B2OIBWBSbDSPvdDRt3w34kBCrOWU/Dfk7UTC
psHvLFkttHFaKhMxcIpDX3d6artrXPMvqLSKgsAGd8X2puZTKu4djW28LmgxSbSK
JYAc3Fb+tKyBIiBURgCbXGjISdLHbpv330XoGLkb3Emywn/SvqjY5ZILjiOuQJdy
X4uSbshpm2NMSkg9hhsCfWIPIHHLUoLnS1uBVhr2H3YnSq97eRYMmlMZmWncBLQm
/QvXnl9Ew2bdGg9u3uD3B9rla+RZWCc8ua3eLY7TC/alQyaNW+HQ87aX1kRFq75H
r2UXjhIX/LrSDmdZ9+xzUyw5a6K6nO989vC+7dBPaVXeWwWB
-----END CERTIFICATE-----