Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/m2xf9feniMkfRfGTrRTaIYCdkdU.roa
File:                     m2xf9feniMkfRfGTrRTaIYCdkdU.roa (raw, json)
Hash identifier:          83XMlwVo6mwA/J0CQ7VeTvJ1izisZ7ZwLJ4TuMToBKc=
Subject key identifier:   9B:6C:5F:F5:F7:A7:88:C9:1F:45:F1:93:AD:14:DA:21:80:9D:91:D5
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC801549818F73FBC502BDCD8774E8F77
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/m2xf9feniMkfRfGTrRTaIYCdkdU.roa
Signing time:             Tue 02 Jan 2024 02:29:39 +0000
ROA not before:           Tue 02 Jan 2024 02:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198825
IP address blocks:        2a0c:b641:af0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:54:98:18:f7:3f:bc:50:2b:dc:d8:77:4e:8f:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9b6c5ff5f7a788c91f45f193ad14da21809d91d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:7c:f3:20:c5:0c:16:93:2d:55:3a:4f:20:af:
                    a0:09:99:64:1a:ad:46:de:d4:77:50:0d:6b:89:df:
                    3b:16:7a:ae:9c:09:84:0f:f0:c5:a7:8c:b2:c6:7f:
                    0b:76:9a:3b:7f:57:eb:aa:81:70:25:60:0e:90:31:
                    11:82:1b:97:05:98:31:17:06:75:ff:27:53:a5:87:
                    85:e9:05:63:28:39:79:c2:7f:bc:92:3b:a3:3c:54:
                    b5:cc:47:b3:82:7d:3d:95:82:58:d3:0c:d0:50:73:
                    4b:12:b4:b3:e5:35:b1:cd:04:e3:e5:21:c4:43:92:
                    a0:0d:f4:35:a3:92:13:db:90:46:cd:21:48:f7:80:
                    6f:ef:c8:cd:02:e4:81:14:42:cc:5e:08:2c:99:b4:
                    27:ec:ff:ef:d2:d2:3e:61:9f:2c:7d:4a:eb:da:87:
                    15:2c:54:85:61:0c:fd:dc:6d:70:ae:b4:20:bd:13:
                    57:6a:5f:0c:3a:e6:90:fd:44:dd:4f:54:2e:7e:3a:
                    f4:77:e9:63:b2:82:c2:ac:3f:fb:c4:06:e7:ea:8b:
                    0e:21:ee:3b:55:99:00:26:31:bb:61:3d:e8:73:bb:
                    27:b9:f5:9b:c5:53:67:9b:ab:65:fd:ca:39:fb:47:
                    5d:07:66:36:19:50:c0:1f:b9:4f:b8:1b:8e:a4:02:
                    fe:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:6C:5F:F5:F7:A7:88:C9:1F:45:F1:93:AD:14:DA:21:80:9D:91:D5
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/m2xf9feniMkfRfGTrRTaIYCdkdU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:af0::/44

    Signature Algorithm: sha256WithRSAEncryption
         27:4e:e4:5a:46:ed:5c:46:a0:85:7d:d8:43:ed:de:5c:f5:35:
         48:a2:e2:56:be:ba:3a:81:84:c8:63:81:81:65:88:2c:c7:e2:
         0f:39:aa:c5:d3:e8:13:30:83:31:37:40:56:26:b8:74:c6:90:
         f8:a7:42:22:7f:3f:83:4e:66:42:10:06:f2:e3:23:04:25:23:
         2a:69:c6:61:b5:18:59:20:d6:4a:a7:c8:d3:54:49:24:cb:25:
         bc:7e:e1:c8:96:10:89:f1:67:94:8d:37:48:5f:1a:51:a0:80:
         da:34:1f:75:ba:1c:04:db:68:97:c7:ea:3c:bc:65:b1:d3:bc:
         9e:94:f0:e3:94:08:d1:2d:00:98:4d:e4:38:1e:e1:71:9e:d6:
         78:d3:98:48:ae:8e:88:3b:e4:60:13:40:2b:e1:50:59:ae:72:
         49:8a:fb:56:25:b8:4d:1c:a0:e4:60:9f:87:2a:80:ec:8f:43:
         f8:f2:c2:1d:eb:c8:61:b0:13:99:b7:22:95:7f:34:0b:22:00:
         30:aa:50:39:ed:46:e5:98:d8:a9:36:2a:48:aa:16:58:eb:a2:
         79:1e:97:0f:18:1b:6d:40:bb:2c:ce:0f:82:4f:b1:e2:64:5d:
         eb:77:88:db:6f:be:aa:22:96:c6:1a:ee:50:a1:d2:8c:99:64:
         b3:74:22:98
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAVSYGPc/vFAr3Nh3To93MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjZjNWZmNWY3YTc4OGM5MWY0NWYxOTNhZDE0ZGEyMTgwOWQ5MWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn3zzIMUMFpMtVTpPIK+gCZlkGq1G
3tR3UA1rid87FnqunAmED/DFp4yyxn8Ldpo7f1frqoFwJWAOkDERghuXBZgxFwZ1
/ydTpYeF6QVjKDl5wn+8kjujPFS1zEezgn09lYJY0wzQUHNLErSz5TWxzQTj5SHE
Q5KgDfQ1o5IT25BGzSFI94Bv78jNAuSBFELMXggsmbQn7P/v0tI+YZ8sfUrr2ocV
LFSFYQz93G1wrrQgvRNXal8MOuaQ/UTdT1Qufjr0d+ljsoLCrD/7xAbn6osOIe47
VZkAJjG7YT3oc7snufWbxVNnm6tl/co5+0ddB2Y2GVDAH7lPuBuOpAL+twIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJtsX/X3p4jJH0Xxk60U2iGAnZHVMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvbTJ4ZjlmZW5pTWtmUmZHVHJSVGFJWUNka2RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQrw
MA0GCSqGSIb3DQEBCwUAA4IBAQAnTuRaRu1cRqCFfdhD7d5c9TVIouJWvro6gYTI
Y4GBZYgsx+IPOarF0+gTMIMxN0BWJrh0xpD4p0Iifz+DTmZCEAby4yMEJSMqacZh
tRhZINZKp8jTVEkkyyW8fuHIlhCJ8WeUjTdIXxpRoIDaNB91uhwE22iXx+o8vGWx
07yelPDjlAjRLQCYTeQ4HuFxntZ405hIro6IO+RgE0Ar4VBZrnJJivtWJbhNHKDk
YJ+HKoDsj0P48sId68hhsBOZtyKVfzQLIgAwqlA57UblmNipNipIqhZY66J5HpcP
GBttQLsszg+CT7HiZF3rd4jbb76qIpbGGu5QodKMmWSzdCKY
-----END CERTIFICATE-----