Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/n-tLV5ycG06z4cqjVhspkHLUrNQ.roa
File:                     n-tLV5ycG06z4cqjVhspkHLUrNQ.roa (raw, json)
Hash identifier:          Evo8LQ6sWRYOp7FxZzRhgeKcTS5MlUscSWwpB17lwog=
Subject key identifier:   9F:EB:4B:57:9C:9C:1B:4E:B3:E1:CA:A3:56:1B:29:90:72:D4:AC:D4
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8014B564B7EF0F1DAD67F4148FFF84B
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/n-tLV5ycG06z4cqjVhspkHLUrNQ.roa
Signing time:             Tue 02 Jan 2024 02:29:37 +0000
ROA not before:           Tue 02 Jan 2024 02:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     45049
IP address blocks:        194.28.97.0/24 maxlen: 24
                          2a0c:b641:400::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:4b:56:4b:7e:f0:f1:da:d6:7f:41:48:ff:f8:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9feb4b579c9c1b4eb3e1caa3561b299072d4acd4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:b8:26:50:ab:65:06:92:dd:49:41:91:13:4c:
                    36:16:d4:05:3a:a8:68:25:8b:21:5a:ab:85:bb:08:
                    e3:72:e3:5a:eb:2b:90:b6:ef:6f:07:a3:85:89:c8:
                    24:dc:01:7a:87:44:21:32:99:f7:ca:38:23:69:48:
                    43:da:45:95:2f:6c:b3:da:e2:15:9a:d7:2c:be:12:
                    1d:31:ac:01:83:e4:0b:6e:a7:dd:9e:8b:2e:09:f2:
                    45:31:4b:0a:fe:bc:da:74:95:bb:09:59:f9:8c:7c:
                    76:fa:62:52:4f:18:ae:dd:73:25:56:ff:1c:5f:59:
                    45:61:3e:ce:c1:3a:49:dd:23:40:40:f1:64:8c:b6:
                    52:7f:a4:ac:82:19:d0:b1:2a:2d:29:06:08:62:72:
                    f6:70:cb:11:0e:95:98:34:26:a2:81:a1:e9:4d:b7:
                    c1:b9:52:8a:0a:df:fe:85:88:1b:e8:2e:be:0e:2e:
                    fc:a4:1c:02:41:0f:18:00:c7:80:a6:95:08:d2:75:
                    65:5c:64:d8:b1:9b:25:04:0d:d3:1d:16:67:2b:e2:
                    89:71:60:5d:c0:57:f8:bb:ce:fd:d4:c9:9a:d0:63:
                    c4:12:85:3f:26:ba:95:88:bf:41:54:57:7e:1a:98:
                    94:05:82:8c:30:cb:60:ec:61:44:ff:71:0d:ae:1c:
                    8d:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:EB:4B:57:9C:9C:1B:4E:B3:E1:CA:A3:56:1B:29:90:72:D4:AC:D4
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/n-tLV5ycG06z4cqjVhspkHLUrNQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.28.97.0/24
                IPv6:
                  2a0c:b641:400::/44

    Signature Algorithm: sha256WithRSAEncryption
         9b:55:2a:b2:12:73:ce:a3:cc:7e:1d:7c:85:6e:5f:48:6f:72:
         df:fb:39:22:e9:fb:7a:c8:17:41:ed:25:e8:59:75:91:7f:09:
         2e:a0:c0:9b:6b:f3:63:ee:73:8e:8d:94:a2:b6:96:20:c9:e1:
         04:47:c7:22:bd:e4:c3:30:17:3b:06:52:98:31:49:30:81:98:
         f8:d1:b7:53:50:39:54:73:d9:1f:97:5f:3d:f6:91:ba:2d:d9:
         1a:a1:2b:b7:21:03:10:5b:ec:f6:41:97:81:7c:3b:9b:d4:4d:
         90:72:63:93:a8:2e:09:c6:49:b5:0a:e1:93:e8:a5:93:6c:23:
         42:54:54:c7:98:d4:fe:21:fd:51:e3:79:1e:74:c8:c2:e0:4f:
         50:36:cf:2a:6a:b0:b5:fc:d3:a0:e7:ac:6e:21:21:1f:66:1a:
         62:0c:f4:e4:a8:57:cb:6b:25:f5:e6:4a:0c:72:d1:ed:52:be:
         9b:a3:4c:1d:b5:68:29:59:dc:57:bd:f1:fa:3f:d3:1f:1a:48:
         ef:93:e0:e7:4d:67:8d:00:66:f0:a9:ad:2c:2d:1f:c0:43:65:
         e3:2c:61:ec:3f:1a:cb:23:2e:75:32:0f:5e:1b:b7:a4:0d:d9:
         53:41:65:ae:2f:56:21:9b:0f:2d:9f:2e:00:f7:07:9b:26:d8:
         36:71:1e:43
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzIAUtWS37w8drWf0FI//hLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmViNGI1NzljOWMxYjRlYjNlMWNhYTM1NjFiMjk5MDcyZDRhY2Q0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx7gmUKtlBpLdSUGRE0w2FtQFOqho
JYshWquFuwjjcuNa6yuQtu9vB6OFicgk3AF6h0QhMpn3yjgjaUhD2kWVL2yz2uIV
mtcsvhIdMawBg+QLbqfdnosuCfJFMUsK/rzadJW7CVn5jHx2+mJSTxiu3XMlVv8c
X1lFYT7OwTpJ3SNAQPFkjLZSf6SsghnQsSotKQYIYnL2cMsRDpWYNCaigaHpTbfB
uVKKCt/+hYgb6C6+Di78pBwCQQ8YAMeAppUI0nVlXGTYsZslBA3THRZnK+KJcWBd
wFf4u8791Mma0GPEEoU/JrqViL9BVFd+GpiUBYKMMMtg7GFE/3ENrhyNvwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJ/rS1ecnBtOs+HKo1YbKZBy1KzUMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvbi10TFY1eWNHMDZ6NGNxalZoc3BrSExVck5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwhxhMA8E
AgACMAkDBwQqDLZBBAAwDQYJKoZIhvcNAQELBQADggEBAJtVKrISc86jzH4dfIVu
X0hvct/7OSLp+3rIF0HtJehZdZF/CS6gwJtr82Puc46NlKK2liDJ4QRHxyK95MMw
FzsGUpgxSTCBmPjRt1NQOVRz2R+XXz32kbot2RqhK7chAxBb7PZBl4F8O5vUTZBy
Y5OoLgnGSbUK4ZPopZNsI0JUVMeY1P4h/VHjeR50yMLgT1A2zypqsLX806DnrG4h
IR9mGmIM9OSoV8trJfXmSgxy0e1SvpujTB21aClZ3Fe98fo/0x8aSO+T4OdNZ40A
ZvCprSwtH8BDZeMsYew/GssjLnUyD14bt6QN2VNBZa4vViGbDy2fLgD3B5sm2DZx
HkM=
-----END CERTIFICATE-----