Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/k8pllPAfLSZFMo0ir6vc0uEP2bw.roa
File:                     k8pllPAfLSZFMo0ir6vc0uEP2bw.roa (raw, json)
Hash identifier:          moyEBugUBMU0Hc2OjuTgqEgPQFzZ2FO7MEVYUP60adc=
Subject key identifier:   93:CA:65:94:F0:1F:2D:26:45:32:8D:22:AF:AB:DC:D2:E1:0F:D9:BC
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8015BE5F895129FBA7642FB1847AFB3
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/k8pllPAfLSZFMo0ir6vc0uEP2bw.roa
Signing time:             Tue 02 Jan 2024 02:29:41 +0000
ROA not before:           Tue 02 Jan 2024 02:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204210
IP address blocks:        2a0c:b641:300::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:5b:e5:f8:95:12:9f:ba:76:42:fb:18:47:af:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=93ca6594f01f2d2645328d22afabdcd2e10fd9bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:36:a3:70:d5:e1:46:ec:98:07:83:7a:6b:cb:
                    3f:52:23:6d:e0:51:fb:b0:28:1c:cb:d3:6b:af:a1:
                    de:27:7a:be:99:f5:d9:ab:e2:9b:d6:7e:1b:0b:27:
                    10:48:d4:cf:87:e5:d9:f8:c2:31:53:cc:28:c8:e8:
                    86:e4:f2:75:ed:90:5a:07:d8:c1:d2:08:e8:86:6d:
                    96:3c:b1:52:49:6d:bd:8f:a0:8e:4e:b8:43:a5:7b:
                    cf:14:32:9b:c2:03:5c:53:69:1a:52:fe:db:e6:03:
                    b7:ff:3f:2f:cc:a7:17:66:1b:fc:26:f9:ff:9a:f0:
                    0f:ff:a3:06:65:6d:53:8d:23:a8:b1:58:d3:38:20:
                    1f:53:66:95:63:ac:0b:2e:0c:ab:00:f1:33:1c:17:
                    8e:a1:de:d3:b3:10:fb:59:24:05:2e:cf:83:73:d0:
                    ce:13:cb:ba:f1:a0:ae:2c:4a:40:9b:0e:94:0a:64:
                    be:49:80:df:fb:66:74:58:70:8f:88:d9:ed:b7:94:
                    57:8e:21:f3:8c:7a:f4:6c:93:15:a4:1d:68:a2:11:
                    98:7c:a2:ee:63:2f:de:56:b0:a4:d1:eb:04:3d:0c:
                    88:8f:c8:8c:38:a1:83:08:09:89:50:06:17:0e:fc:
                    0f:5c:7b:14:76:87:95:fc:ec:52:b5:5a:f9:8e:51:
                    2b:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:CA:65:94:F0:1F:2D:26:45:32:8D:22:AF:AB:DC:D2:E1:0F:D9:BC
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/k8pllPAfLSZFMo0ir6vc0uEP2bw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:300::/44

    Signature Algorithm: sha256WithRSAEncryption
         90:4b:d6:9c:a1:36:d7:c2:9a:dc:d4:03:de:a9:36:54:10:29:
         1c:4f:db:87:80:18:b8:83:6d:bc:e5:cf:ef:48:90:49:7a:5c:
         58:6d:15:62:2d:c7:77:5c:14:6d:ae:f1:c8:04:0d:f9:b3:0d:
         cc:4b:49:46:8c:02:55:e4:96:f0:eb:87:f6:61:85:bf:b9:7b:
         70:e9:73:d6:8e:99:18:4f:30:13:8b:a3:7c:b8:88:2b:43:88:
         c0:ec:9f:c4:aa:96:f0:e4:91:57:4d:9c:25:a1:50:dc:17:9f:
         3b:bb:d1:7a:e8:76:c1:d7:55:5d:2c:a9:a7:eb:53:b2:c5:09:
         72:b6:d4:e0:f1:d4:e1:ce:e7:b9:80:8c:c3:16:fe:19:72:a9:
         fc:a6:2a:84:71:f7:8c:65:46:16:73:41:9a:e7:f1:a8:d0:42:
         50:a1:89:50:5c:f5:98:a2:a6:2d:48:b0:03:47:71:f2:0a:51:
         48:7b:92:c6:12:be:21:03:ef:8b:35:e6:57:9c:dc:9b:31:19:
         13:26:9f:0b:f7:07:13:6c:aa:1a:25:2b:f6:db:44:b2:df:52:
         37:e7:df:18:ec:a4:ea:f7:bf:3e:a5:69:0b:88:ed:4f:f3:9c:
         fe:11:96:4d:84:c8:a9:90:b9:9e:15:b6:27:31:8b:40:0c:b1:
         77:d3:21:3a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAVvl+JUSn7p2QvsYR6+zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2NhNjU5NGYwMWYyZDI2NDUzMjhkMjJhZmFiZGNkMmUxMGZkOWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqzajcNXhRuyYB4N6a8s/UiNt4FH7
sCgcy9Nrr6HeJ3q+mfXZq+Kb1n4bCycQSNTPh+XZ+MIxU8woyOiG5PJ17ZBaB9jB
0gjohm2WPLFSSW29j6COTrhDpXvPFDKbwgNcU2kaUv7b5gO3/z8vzKcXZhv8Jvn/
mvAP/6MGZW1TjSOosVjTOCAfU2aVY6wLLgyrAPEzHBeOod7TsxD7WSQFLs+Dc9DO
E8u68aCuLEpAmw6UCmS+SYDf+2Z0WHCPiNntt5RXjiHzjHr0bJMVpB1oohGYfKLu
Yy/eVrCk0esEPQyIj8iMOKGDCAmJUAYXDvwPXHsUdoeV/OxStVr5jlErFwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJPKZZTwHy0mRTKNIq+r3NLhD9m8MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvazhwbGxQQWZMU1pGTW8waXI2dmMwdUVQMmJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQMA
MA0GCSqGSIb3DQEBCwUAA4IBAQCQS9acoTbXwprc1APeqTZUECkcT9uHgBi4g228
5c/vSJBJelxYbRViLcd3XBRtrvHIBA35sw3MS0lGjAJV5Jbw64f2YYW/uXtw6XPW
jpkYTzATi6N8uIgrQ4jA7J/Eqpbw5JFXTZwloVDcF587u9F66HbB11VdLKmn61Oy
xQlyttTg8dThzue5gIzDFv4Zcqn8piqEcfeMZUYWc0Ga5/Go0EJQoYlQXPWYoqYt
SLADR3HyClFIe5LGEr4hA++LNeZXnNybMRkTJp8L9wcTbKoaJSv220Sy31I3598Y
7KTq978+pWkLiO1P85z+EZZNhMipkLmeFbYnMYtADLF30yE6
-----END CERTIFICATE-----