Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/hde6Z6lLq0qRjeXYqY9P_DzoPXg.roa
File:                     hde6Z6lLq0qRjeXYqY9P_DzoPXg.roa (raw, json)
Hash identifier:          Ij4W1bL4GStEvYKAJ86vtnzfomgt0TJW6b+opioNtUk=
Subject key identifier:   85:D7:BA:67:A9:4B:AB:4A:91:8D:E5:D8:A9:8F:4F:FC:3C:E8:3D:78
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC801553484DCDFC129DF00B40151D39B
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/hde6Z6lLq0qRjeXYqY9P_DzoPXg.roa
Signing time:             Tue 02 Jan 2024 02:29:39 +0000
ROA not before:           Tue 02 Jan 2024 02:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199258
IP address blocks:        2a0c:b641:9d0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:55:34:84:dc:df:c1:29:df:00:b4:01:51:d3:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=85d7ba67a94bab4a918de5d8a98f4ffc3ce83d78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:28:60:75:b5:48:b7:b6:f5:f9:a7:39:af:cf:
                    d0:53:bb:f3:47:3e:85:86:43:11:f3:f7:aa:8a:2e:
                    18:c3:3c:58:fa:0a:57:1c:f1:11:33:9f:b9:f7:cd:
                    bc:1a:f1:0c:87:5b:f1:c4:85:02:d1:9c:5e:98:78:
                    77:13:99:f5:1f:54:7e:70:59:86:59:8f:db:0e:18:
                    9f:40:69:20:cd:70:61:07:62:0d:0f:e7:3c:41:b6:
                    5b:76:77:31:80:c6:e3:2f:00:74:8c:51:1c:1c:7b:
                    d2:bd:f6:d0:53:a4:6c:bd:b5:a8:2b:f2:b1:bc:99:
                    fc:57:53:8d:1b:a9:4b:77:49:5c:42:b1:b7:26:f8:
                    d0:f0:bd:24:58:ba:d9:14:2c:df:67:6d:2e:37:dd:
                    0c:96:8e:74:a7:25:2e:f8:4e:02:8f:98:4e:d7:b2:
                    c5:17:6f:a6:0d:0b:a8:10:97:fa:fa:fb:f2:da:f5:
                    3b:6b:32:50:81:78:54:70:aa:f8:5b:40:d1:65:6f:
                    d3:e1:91:d6:5c:d9:9c:53:32:a2:a1:08:97:0d:21:
                    fd:66:3d:89:54:14:e6:0a:15:d3:25:5d:99:46:f1:
                    09:33:91:b6:f8:d8:9e:05:9c:69:7c:e2:6e:a4:92:
                    f0:3d:61:71:43:42:16:96:35:8a:89:29:20:f8:0f:
                    09:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:D7:BA:67:A9:4B:AB:4A:91:8D:E5:D8:A9:8F:4F:FC:3C:E8:3D:78
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/hde6Z6lLq0qRjeXYqY9P_DzoPXg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:9d0::/44

    Signature Algorithm: sha256WithRSAEncryption
         21:5d:fe:69:cc:5a:90:60:4d:00:bc:d4:c6:cd:57:3d:98:c7:
         35:93:6a:24:d5:ec:13:d5:51:54:3c:01:3b:07:ca:6d:a1:ca:
         2e:dd:e5:fd:dd:2b:1d:28:6d:dc:ce:f2:f9:bd:5f:5d:7a:bf:
         fa:88:0e:8a:42:85:09:f7:32:29:73:ff:f3:cb:24:1a:01:ab:
         5f:1a:83:19:a5:15:9f:06:86:92:cc:24:8a:8d:50:ea:df:0c:
         49:4f:85:59:d8:2a:a6:bc:3d:c0:c5:03:77:d5:69:b6:f5:fb:
         e1:ba:a3:01:9c:3d:5d:e0:9f:fc:cd:aa:db:20:4d:3b:49:af:
         5f:a4:ed:a5:f2:94:1c:36:92:3c:6b:ff:90:9b:32:5c:61:73:
         ee:30:4e:df:e7:9e:f5:49:58:2b:7e:c1:18:bc:6b:5c:dd:72:
         26:c5:6a:1c:22:e3:ff:7a:cd:6b:cd:d1:d2:39:fa:a1:c1:e7:
         ec:4c:28:05:4c:0a:a2:db:e7:94:9a:45:45:cb:88:53:1c:65:
         f6:6d:ab:7a:e1:72:e2:80:66:d6:fe:86:7b:72:1a:2b:7c:5e:
         b5:84:62:9a:10:51:42:0c:85:f8:01:16:c1:91:24:82:0e:62:
         e6:15:46:97:63:fb:ff:3c:9b:39:e9:30:1f:63:5c:93:bd:4e:
         46:5b:57:8c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAVU0hNzfwSnfALQBUdObMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWQ3YmE2N2E5NGJhYjRhOTE4ZGU1ZDhhOThmNGZmYzNjZTgzZDc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoyhgdbVIt7b1+ac5r8/QU7vzRz6F
hkMR8/eqii4YwzxY+gpXHPERM5+59828GvEMh1vxxIUC0ZxemHh3E5n1H1R+cFmG
WY/bDhifQGkgzXBhB2IND+c8QbZbdncxgMbjLwB0jFEcHHvSvfbQU6RsvbWoK/Kx
vJn8V1ONG6lLd0lcQrG3JvjQ8L0kWLrZFCzfZ20uN90Mlo50pyUu+E4Cj5hO17LF
F2+mDQuoEJf6+vvy2vU7azJQgXhUcKr4W0DRZW/T4ZHWXNmcUzKioQiXDSH9Zj2J
VBTmChXTJV2ZRvEJM5G2+NieBZxpfOJupJLwPWFxQ0IWljWKiSkg+A8JWwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIXXumepS6tKkY3l2KmPT/w86D14MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvaGRlNlo2bExxMHFSamVYWXFZOVBfRHpvUFhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQnQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAhXf5pzFqQYE0AvNTGzVc9mMc1k2ok1ewT1VFU
PAE7B8ptocou3eX93SsdKG3czvL5vV9der/6iA6KQoUJ9zIpc//zyyQaAatfGoMZ
pRWfBoaSzCSKjVDq3wxJT4VZ2CqmvD3AxQN31Wm29fvhuqMBnD1d4J/8zarbIE07
Sa9fpO2l8pQcNpI8a/+QmzJcYXPuME7f5571SVgrfsEYvGtc3XImxWocIuP/es1r
zdHSOfqhwefsTCgFTAqi2+eUmkVFy4hTHGX2bat64XLigGbW/oZ7chorfF61hGKa
EFFCDIX4ARbBkSSCDmLmFUaXY/v/PJs56TAfY1yTvU5GW1eM
-----END CERTIFICATE-----