Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/jwWirNSbmhk_g_UYmaLEyUkfGDI.roa
File:                     jwWirNSbmhk_g_UYmaLEyUkfGDI.roa (raw, json)
Hash identifier:          uUg5bncSk8WYw88X73ppVA3HmYjTLkZUKJEWdc9vREY=
Subject key identifier:   8F:05:A2:AC:D4:9B:9A:19:3F:83:F5:18:99:A2:C4:C9:49:1F:18:32
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC801577A24ADD86DECC3306C7D22A702
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/jwWirNSbmhk_g_UYmaLEyUkfGDI.roa
Signing time:             Tue 02 Jan 2024 02:29:40 +0000
ROA not before:           Tue 02 Jan 2024 02:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200153
IP address blocks:        2a0c:b641:930::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:57:7a:24:ad:d8:6d:ec:c3:30:6c:7d:22:a7:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f05a2acd49b9a193f83f51899a2c4c9491f1832
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:e3:7a:fc:08:f1:e8:ab:d8:71:60:be:59:77:
                    50:d0:ad:f1:2a:77:44:c4:45:8c:13:e1:b8:cd:cc:
                    fe:40:42:5f:48:ee:54:00:79:1b:9b:e9:c6:fb:ba:
                    72:63:ef:a5:b4:92:83:80:50:fb:ec:3b:53:18:60:
                    3c:fd:c4:0e:da:ff:59:d3:ff:01:1b:4d:e4:bc:a0:
                    a1:a9:54:12:33:7c:c9:15:11:f2:d8:06:f0:c6:25:
                    5d:8f:a0:9b:df:26:8d:03:df:ee:4d:5b:04:20:f9:
                    23:13:c7:99:77:91:be:fb:02:a4:5c:26:52:15:41:
                    66:26:24:bb:8e:b4:9e:98:21:2e:ae:6c:eb:8b:81:
                    06:13:e9:b2:02:cf:b3:0d:77:4d:a5:67:81:0f:04:
                    11:ce:cb:61:10:19:af:16:9f:af:2d:4e:77:b4:0c:
                    00:92:8c:86:58:a7:cc:fb:26:11:c9:7a:d2:80:8f:
                    cf:3d:4b:e6:d9:35:d5:2d:a8:df:5d:83:df:ba:79:
                    f8:ec:82:e6:fd:81:09:90:2d:64:a1:9e:eb:71:7a:
                    94:71:ee:14:00:77:9b:26:19:d7:93:e3:1d:15:a9:
                    39:fe:81:39:91:e0:df:8f:ea:99:82:34:a0:1c:5c:
                    cc:2e:29:59:15:3f:50:b3:fc:fb:72:cb:dd:28:ab:
                    19:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:05:A2:AC:D4:9B:9A:19:3F:83:F5:18:99:A2:C4:C9:49:1F:18:32
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/jwWirNSbmhk_g_UYmaLEyUkfGDI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:930::/44

    Signature Algorithm: sha256WithRSAEncryption
         09:47:f0:16:ec:78:dd:2d:83:51:f8:22:01:da:0a:e4:e3:1c:
         ea:63:d6:18:7b:b5:30:a5:d0:0d:3d:ff:89:ed:ab:49:e2:a6:
         6a:3e:a4:4c:d5:8d:27:56:1f:6a:c0:ad:a0:f3:e1:60:fa:b6:
         f6:47:4f:58:bf:1f:d9:44:51:7a:77:96:cc:50:6a:0f:41:47:
         54:58:d6:fe:02:01:6e:79:50:41:7c:0a:19:ac:76:06:62:27:
         f9:db:27:e3:53:b2:da:f3:9e:8a:43:ab:23:cf:21:2d:11:99:
         2c:f0:7d:5a:a6:25:19:67:30:d1:20:c9:cd:bb:51:6c:1f:3c:
         54:21:da:87:98:e9:18:0d:7b:62:ce:ed:b5:06:24:0c:c4:61:
         5e:12:ab:3a:2f:33:c4:e1:8b:e4:97:a9:7e:a9:c6:93:c4:6a:
         9e:5e:d0:90:97:f7:5b:f8:07:e4:0e:0a:5f:b6:de:d4:48:e0:
         1a:a5:3b:29:ba:f7:7f:18:c5:bc:4b:3f:18:b2:0e:76:8a:82:
         b5:a5:72:62:5c:ef:ec:9e:a7:7b:5a:95:38:70:37:88:58:c9:
         97:d9:29:c9:be:9a:90:3e:66:be:21:18:11:a8:30:a0:1b:23:
         6d:4e:e5:42:63:53:d6:03:71:3b:92:9c:54:7a:d8:37:10:4d:
         a7:ec:2d:31
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAVd6JK3YbezDMGx9IqcCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjA1YTJhY2Q0OWI5YTE5M2Y4M2Y1MTg5OWEyYzRjOTQ5MWYxODMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAseN6/Ajx6KvYcWC+WXdQ0K3xKndE
xEWME+G4zcz+QEJfSO5UAHkbm+nG+7pyY++ltJKDgFD77DtTGGA8/cQO2v9Z0/8B
G03kvKChqVQSM3zJFRHy2AbwxiVdj6Cb3yaNA9/uTVsEIPkjE8eZd5G++wKkXCZS
FUFmJiS7jrSemCEurmzri4EGE+myAs+zDXdNpWeBDwQRzsthEBmvFp+vLU53tAwA
koyGWKfM+yYRyXrSgI/PPUvm2TXVLajfXYPfunn47ILm/YEJkC1koZ7rcXqUce4U
AHebJhnXk+MdFak5/oE5keDfj+qZgjSgHFzMLilZFT9Qs/z7csvdKKsZlQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFI8FoqzUm5oZP4P1GJmixMlJHxgyMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvandXaXJOU2JtaGtfZ19VWW1hTEV5VWtmR0RJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQkw
MA0GCSqGSIb3DQEBCwUAA4IBAQAJR/AW7HjdLYNR+CIB2grk4xzqY9YYe7UwpdAN
Pf+J7atJ4qZqPqRM1Y0nVh9qwK2g8+Fg+rb2R09Yvx/ZRFF6d5bMUGoPQUdUWNb+
AgFueVBBfAoZrHYGYif52yfjU7La856KQ6sjzyEtEZks8H1apiUZZzDRIMnNu1Fs
HzxUIdqHmOkYDXtizu21BiQMxGFeEqs6LzPE4Yvkl6l+qcaTxGqeXtCQl/db+Afk
Dgpftt7USOAapTspuvd/GMW8Sz8Ysg52ioK1pXJiXO/snqd7WpU4cDeIWMmX2SnJ
vpqQPma+IRgRqDCgGyNtTuVCY1PWA3E7kpxUetg3EE2n7C0x
-----END CERTIFICATE-----