Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/jq3utpRJM4Nefawbix_o-1_oQn8.roa
File:                     jq3utpRJM4Nefawbix_o-1_oQn8.roa (raw, json)
Hash identifier:          EmghHQOU6VwPhIq+xQIEgMoPankyZUEzXaussWYCNNs=
Subject key identifier:   8E:AD:EE:B6:94:49:33:83:5E:7D:AC:1B:8B:1F:E8:FB:5F:E8:42:7F
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018D3805F884400957D439AF8F48D979387B
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/jq3utpRJM4Nefawbix_o-1_oQn8.roa
Signing time:             Tue 23 Jan 2024 20:32:11 +0000
ROA not before:           Tue 23 Jan 2024 20:32:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208210
IP address blocks:        2a0c:b641:870::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:38:05:f8:84:40:09:57:d4:39:af:8f:48:d9:79:38:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan 23 20:32:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8eadeeb6944933835e7dac1b8b1fe8fb5fe8427f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:73:37:61:6a:7f:3f:53:21:2f:53:02:80:05:
                    29:56:51:fa:0d:ac:74:c2:43:e3:79:00:d6:fd:6b:
                    70:e1:ce:74:7d:8a:a9:14:10:38:f8:a2:a0:46:95:
                    67:62:67:a5:db:cb:00:98:ce:bb:7b:d9:a9:5b:63:
                    af:53:83:8d:fc:92:e4:c9:8d:e1:7f:04:3f:e4:71:
                    70:0b:db:3d:b7:b0:0e:43:98:ff:40:9a:34:c8:61:
                    fc:2a:c9:e5:bf:21:b8:a6:26:2e:c8:68:a0:d7:27:
                    f4:f7:9d:02:25:a8:17:21:51:0a:10:06:2f:c5:cb:
                    cb:65:74:8f:fb:64:42:41:38:cf:ae:72:50:d1:76:
                    cb:5d:9b:8b:cf:9d:2b:60:31:e2:56:d5:35:7c:54:
                    30:3c:78:12:61:98:d9:db:e4:34:5d:b3:45:72:1c:
                    2d:e2:9a:7d:1b:c0:35:c3:85:9c:94:7e:3a:40:d8:
                    1e:b3:63:d8:30:b3:ba:d9:35:08:51:6f:a2:79:b8:
                    8a:51:b7:1e:e1:48:85:9f:91:a1:4f:f1:45:2b:45:
                    fb:13:39:3d:22:d5:19:97:65:5b:a5:65:05:df:45:
                    43:d2:c7:67:87:d9:d6:44:97:45:a1:8c:c3:f4:91:
                    7c:3c:36:11:7d:88:1d:b3:3d:3a:c6:ca:c1:e7:96:
                    1a:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:AD:EE:B6:94:49:33:83:5E:7D:AC:1B:8B:1F:E8:FB:5F:E8:42:7F
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/jq3utpRJM4Nefawbix_o-1_oQn8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:870::/44

    Signature Algorithm: sha256WithRSAEncryption
         96:6e:f4:ea:6a:91:22:f8:7f:bd:46:32:3a:2f:39:a5:2d:c6:
         2d:eb:a2:77:00:3a:b3:b0:5a:c5:87:b4:1e:b8:15:41:64:91:
         44:12:05:78:83:84:98:54:b6:d1:ae:5d:b1:ca:4a:7d:0a:88:
         37:ba:1b:84:46:17:cd:f5:6e:e7:11:67:b2:60:91:d2:f7:e5:
         f7:fb:da:74:7b:c5:db:ea:95:ac:42:81:7a:be:41:f3:5a:d8:
         80:95:bd:2c:0f:b6:08:d1:2f:27:d4:6a:e2:be:87:dd:27:6f:
         a0:cb:b4:69:60:12:7e:01:56:6f:8b:1a:3c:9e:1c:79:2f:3e:
         32:b1:d3:82:f4:4a:50:a4:e7:39:99:78:2a:0b:4c:09:2a:51:
         4b:29:76:c9:2c:52:30:cd:81:66:7e:7e:e5:b6:9b:e7:79:4f:
         60:6e:07:3c:0b:b2:37:62:bb:45:ee:7e:f9:fa:b6:af:6f:7f:
         5a:f6:fa:07:de:d1:42:03:c7:c8:ca:30:6a:25:56:55:fc:df:
         e5:10:b2:b5:16:b0:2b:55:ff:a8:a9:43:eb:7d:1e:4b:c3:f3:
         83:0b:2b:cc:86:f9:0e:b1:1c:83:3c:3f:94:47:80:ca:16:7f:
         3a:75:2b:a7:a2:db:66:6d:e2:e6:f2:1e:91:97:13:c6:4a:c8:
         e0:65:2c:54
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY04BfiEQAlX1Dmvj0jZeTh7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTIzMjAzMjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWFkZWViNjk0NDkzMzgzNWU3ZGFjMWI4YjFmZThmYjVmZTg0MjdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAunM3YWp/P1MhL1MCgAUpVlH6Dax0
wkPjeQDW/Wtw4c50fYqpFBA4+KKgRpVnYmel28sAmM67e9mpW2OvU4ON/JLkyY3h
fwQ/5HFwC9s9t7AOQ5j/QJo0yGH8KsnlvyG4piYuyGig1yf0950CJagXIVEKEAYv
xcvLZXSP+2RCQTjPrnJQ0XbLXZuLz50rYDHiVtU1fFQwPHgSYZjZ2+Q0XbNFchwt
4pp9G8A1w4WclH46QNges2PYMLO62TUIUW+iebiKUbce4UiFn5GhT/FFK0X7Ezk9
ItUZl2VbpWUF30VD0sdnh9nWRJdFoYzD9JF8PDYRfYgdsz06xsrB55YaJQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFI6t7raUSTODXn2sG4sf6Ptf6EJ/MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvanEzdXRwUkpNNE5lZmF3Yml4X28tMV9vUW44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQhw
MA0GCSqGSIb3DQEBCwUAA4IBAQCWbvTqapEi+H+9RjI6LzmlLcYt66J3ADqzsFrF
h7QeuBVBZJFEEgV4g4SYVLbRrl2xykp9Cog3uhuERhfN9W7nEWeyYJHS9+X3+9p0
e8Xb6pWsQoF6vkHzWtiAlb0sD7YI0S8n1GrivofdJ2+gy7RpYBJ+AVZvixo8nhx5
Lz4ysdOC9EpQpOc5mXgqC0wJKlFLKXbJLFIwzYFmfn7ltpvneU9gbgc8C7I3YrtF
7n75+ravb39a9voH3tFCA8fIyjBqJVZV/N/lELK1FrArVf+oqUPrfR5Lw/ODCyvM
hvkOsRyDPD+UR4DKFn86dSunottmbeLm8h6RlxPGSsjgZSxU
-----END CERTIFICATE-----