Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/jX4mX6lZkP0ZzzYRU3Uvq8zeM1o.roa
File:                     jX4mX6lZkP0ZzzYRU3Uvq8zeM1o.roa (raw, json)
Hash identifier:          4F8fNl5EyYmGjax1tVanyk8rn9aRucEav/7CwnksR14=
Subject key identifier:   8D:7E:26:5F:A9:59:90:FD:19:CF:36:11:53:75:2F:AB:CC:DE:33:5A
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8018008B34909CB26252FFFF25FBF87
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/jX4mX6lZkP0ZzzYRU3Uvq8zeM1o.roa
Signing time:             Tue 02 Jan 2024 02:29:50 +0000
ROA not before:           Tue 02 Jan 2024 02:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213034
IP address blocks:        2a0c:b642:fc0::/43 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:80:08:b3:49:09:cb:26:25:2f:ff:f2:5f:bf:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8d7e265fa95990fd19cf361153752fabccde335a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:99:6a:ac:7e:e1:38:7a:f1:87:5f:82:eb:5b:
                    40:4e:d5:24:08:6e:2c:9e:a9:93:26:29:ac:d1:81:
                    e3:9e:ea:fa:b6:23:51:37:f3:1b:93:cf:3a:99:b5:
                    a6:b0:53:34:3c:cc:d9:7f:1a:8e:2a:06:ea:d0:35:
                    f2:b5:f2:84:43:24:02:23:25:85:9c:19:50:cf:52:
                    94:d8:bb:83:f0:91:4d:b6:4e:29:df:7d:69:bf:bd:
                    d1:72:c2:0f:43:d3:4e:3e:21:ed:d6:8a:96:e0:02:
                    13:c5:8e:8e:8d:a9:a3:4a:f1:1c:63:d3:48:d1:0c:
                    20:69:73:cb:08:8b:80:35:ff:e1:74:68:04:0d:11:
                    67:9d:d3:3c:b3:f9:2a:26:7a:03:bc:30:73:a7:bc:
                    d4:97:ab:dd:9a:70:2d:ed:c5:82:6f:58:77:66:79:
                    01:5c:7c:45:6b:5e:4d:54:bb:65:48:98:d6:13:2e:
                    99:21:80:c3:ba:38:fb:00:a1:04:29:7c:0e:a4:34:
                    80:b1:37:3c:ca:5b:8b:2b:89:06:d7:19:1f:52:1c:
                    59:b8:33:d3:e8:b4:05:74:e2:6d:7c:ff:8d:e5:97:
                    8a:47:6b:5f:50:78:5b:94:b3:50:76:db:cf:1f:83:
                    c7:86:5a:f1:9d:f4:5c:b0:67:fe:71:31:2e:13:82:
                    cb:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:7E:26:5F:A9:59:90:FD:19:CF:36:11:53:75:2F:AB:CC:DE:33:5A
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/jX4mX6lZkP0ZzzYRU3Uvq8zeM1o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b642:fc0::/43

    Signature Algorithm: sha256WithRSAEncryption
         21:38:fa:81:af:77:b1:b7:f8:23:14:03:69:35:0c:76:8a:7d:
         05:ab:75:b7:57:69:79:70:ee:9b:42:9a:e6:08:24:da:4c:4d:
         ca:45:e8:8a:47:d5:c9:a3:11:ef:95:d1:02:80:28:25:e6:3d:
         46:d9:85:f5:92:f3:85:2e:06:a3:75:09:c1:44:05:17:5b:b4:
         ca:7a:f4:78:8c:e4:ac:4f:47:e5:34:3b:ea:2b:9c:37:7d:4a:
         d8:0e:7f:2a:be:9c:dc:b8:18:20:76:3a:fe:1d:a5:73:ba:5e:
         09:3e:fe:c6:a7:be:ba:36:3e:01:8d:ee:e3:50:b6:15:48:e6:
         89:95:de:c2:c0:1a:c1:04:7c:a8:29:a0:57:12:14:28:62:79:
         25:80:bb:02:b8:af:6e:a9:ca:13:41:07:15:b9:f3:f6:4f:2f:
         4b:99:25:5b:7f:ca:e2:70:45:91:cf:a7:8b:a3:a3:1c:b3:93:
         21:ca:5b:6c:23:62:6c:b9:6e:4a:67:41:44:7e:9f:02:ed:8c:
         b3:55:34:50:67:de:1a:55:63:49:fc:b4:22:40:1f:66:fc:81:
         d0:9c:13:12:f7:e5:d9:1a:e6:ac:61:85:01:3f:18:8c:16:cc:
         8b:47:7c:a3:3f:71:dd:d2:99:99:cf:52:b8:82:40:a5:58:9e:
         1a:7d:4a:5c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAYAIs0kJyyYlL//yX7+HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDdlMjY1ZmE5NTk5MGZkMTljZjM2MTE1Mzc1MmZhYmNjZGUzMzVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnZlqrH7hOHrxh1+C61tATtUkCG4s
nqmTJims0YHjnur6tiNRN/Mbk886mbWmsFM0PMzZfxqOKgbq0DXytfKEQyQCIyWF
nBlQz1KU2LuD8JFNtk4p331pv73RcsIPQ9NOPiHt1oqW4AITxY6OjamjSvEcY9NI
0QwgaXPLCIuANf/hdGgEDRFnndM8s/kqJnoDvDBzp7zUl6vdmnAt7cWCb1h3ZnkB
XHxFa15NVLtlSJjWEy6ZIYDDujj7AKEEKXwOpDSAsTc8yluLK4kG1xkfUhxZuDPT
6LQFdOJtfP+N5ZeKR2tfUHhblLNQdtvPH4PHhlrxnfRcsGf+cTEuE4LLgwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFI1+Jl+pWZD9Gc82EVN1L6vM3jNaMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvalg0bVg2bFprUDBaenpZUlUzVXZxOHplTTFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcFKgy2Qg/A
MA0GCSqGSIb3DQEBCwUAA4IBAQAhOPqBr3ext/gjFANpNQx2in0Fq3W3V2l5cO6b
QprmCCTaTE3KReiKR9XJoxHvldECgCgl5j1G2YX1kvOFLgajdQnBRAUXW7TKevR4
jOSsT0flNDvqK5w3fUrYDn8qvpzcuBggdjr+HaVzul4JPv7Gp766Nj4Bje7jULYV
SOaJld7CwBrBBHyoKaBXEhQoYnklgLsCuK9uqcoTQQcVufP2Ty9LmSVbf8ricEWR
z6eLo6Mcs5MhyltsI2JsuW5KZ0FEfp8C7YyzVTRQZ94aVWNJ/LQiQB9m/IHQnBMS
9+XZGuasYYUBPxiMFsyLR3yjP3Hd0pmZz1K4gkClWJ4afUpc
-----END CERTIFICATE-----