Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/nnB_5pjZbXWmTZEshqu2AXsz6pw.roa
File:                     nnB_5pjZbXWmTZEshqu2AXsz6pw.roa (raw, json)
Hash identifier:          pvfL0d/cVTOT6d5rKUVZP9k0H7XP1IXCNVdJH+uTpPc=
Subject key identifier:   9E:70:7F:E6:98:D9:6D:75:A6:4D:91:2C:86:AB:B6:01:7B:33:EA:9C
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8014CE963DDCCB2BF2F55A1C7CA1201
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/nnB_5pjZbXWmTZEshqu2AXsz6pw.roa
Signing time:             Tue 02 Jan 2024 02:29:37 +0000
ROA not before:           Tue 02 Jan 2024 02:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50124
IP address blocks:        2a0c:b641:8f0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:4c:e9:63:dd:cc:b2:bf:2f:55:a1:c7:ca:12:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9e707fe698d96d75a64d912c86abb6017b33ea9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:c3:39:4f:0a:8f:c1:df:3e:b0:9d:4d:74:c0:
                    ca:f9:8e:f6:1c:0d:ae:31:2c:3c:98:41:93:81:04:
                    a8:e3:8d:60:f5:d0:57:1b:a8:4b:89:5b:7f:52:03:
                    66:1d:78:16:08:98:1d:e4:af:e8:a5:78:9c:0c:9f:
                    14:e3:4c:0e:a7:c9:f6:85:49:84:99:70:21:87:a2:
                    2b:17:cd:81:4e:66:12:7e:fa:69:03:3d:4c:12:0e:
                    51:61:de:b6:8e:f6:69:78:c0:f8:8d:3a:f1:b1:de:
                    eb:10:b3:63:d5:61:5a:a0:e4:a0:3f:c9:43:71:b3:
                    85:21:80:ca:c9:11:71:2c:de:da:bb:c2:c7:4e:68:
                    0f:b8:22:e0:3a:2d:18:01:4d:ca:99:e7:09:10:d3:
                    b7:bc:ce:b6:f7:79:f8:85:0b:dc:d6:0d:f6:46:fe:
                    3e:ac:6e:54:e2:0e:8a:aa:bb:6b:58:a7:07:65:27:
                    d0:bb:4a:2f:30:20:93:de:35:37:3e:bb:4b:85:ce:
                    6f:2d:bb:8e:c0:a1:de:af:17:70:e1:79:e4:35:0b:
                    be:c7:c8:87:5f:09:22:a1:78:38:4a:7b:d1:a1:b5:
                    12:84:96:f5:dc:54:5b:f4:8f:c7:22:fb:a1:20:1f:
                    5c:44:a9:7e:92:11:a9:d7:51:ed:60:b9:00:32:22:
                    9b:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:70:7F:E6:98:D9:6D:75:A6:4D:91:2C:86:AB:B6:01:7B:33:EA:9C
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/nnB_5pjZbXWmTZEshqu2AXsz6pw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:8f0::/44

    Signature Algorithm: sha256WithRSAEncryption
         38:2b:dd:41:a2:c4:1e:4a:aa:49:90:58:18:9c:9e:66:17:3f:
         63:7c:c2:bd:65:7a:a9:b3:62:cf:06:2a:7d:db:c9:6e:ef:d7:
         1b:be:aa:14:cc:ed:72:55:ef:f6:44:d0:b2:1a:b4:31:8e:4a:
         27:6e:9e:90:1e:78:f1:00:24:88:0a:84:51:8c:98:23:62:ef:
         8a:d7:f3:7b:6c:38:e3:84:ac:fb:03:0d:3c:56:ce:c7:02:52:
         8e:72:ba:7d:ee:22:3b:dd:21:1e:98:ef:a4:2d:1b:b0:9a:ae:
         4e:d6:cf:28:4e:49:fb:e6:13:67:5c:92:ee:06:9c:99:1f:b9:
         5f:45:00:8c:b6:77:66:b0:42:d7:f5:03:60:ae:ef:df:22:76:
         da:47:b5:65:5c:69:b3:b9:88:81:c7:9b:1a:9e:bd:aa:3e:a1:
         c7:f8:f3:65:57:03:2e:cc:e4:f3:73:7c:ab:2c:e5:bd:0a:62:
         7b:81:43:8f:ba:23:c6:da:ca:14:f0:9b:b3:88:8a:70:2c:20:
         b2:c1:9e:a7:61:2a:20:86:d1:b8:2c:39:10:f1:6a:56:b2:55:
         a7:aa:83:69:e3:72:ef:21:73:ca:4b:45:cf:84:4b:75:08:37:
         47:6d:12:d6:a0:b1:52:8c:04:a0:ea:ea:9d:b1:af:c1:aa:69:
         57:0c:0f:22
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAUzpY93Msr8vVaHHyhIBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTcwN2ZlNjk4ZDk2ZDc1YTY0ZDkxMmM4NmFiYjYwMTdiMzNlYTljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxcM5TwqPwd8+sJ1NdMDK+Y72HA2u
MSw8mEGTgQSo441g9dBXG6hLiVt/UgNmHXgWCJgd5K/opXicDJ8U40wOp8n2hUmE
mXAhh6IrF82BTmYSfvppAz1MEg5RYd62jvZpeMD4jTrxsd7rELNj1WFaoOSgP8lD
cbOFIYDKyRFxLN7au8LHTmgPuCLgOi0YAU3KmecJENO3vM6293n4hQvc1g32Rv4+
rG5U4g6KqrtrWKcHZSfQu0ovMCCT3jU3PrtLhc5vLbuOwKHerxdw4XnkNQu+x8iH
XwkioXg4SnvRobUShJb13FRb9I/HIvuhIB9cRKl+khGp11HtYLkAMiKbCQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJ5wf+aY2W11pk2RLIartgF7M+qcMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvbm5CXzVwalpiWFdtVFpFc2hxdTJBWHN6NnB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQjw
MA0GCSqGSIb3DQEBCwUAA4IBAQA4K91BosQeSqpJkFgYnJ5mFz9jfMK9ZXqps2LP
Bip928lu79cbvqoUzO1yVe/2RNCyGrQxjkonbp6QHnjxACSICoRRjJgjYu+K1/N7
bDjjhKz7Aw08Vs7HAlKOcrp97iI73SEemO+kLRuwmq5O1s8oTkn75hNnXJLuBpyZ
H7lfRQCMtndmsELX9QNgru/fInbaR7VlXGmzuYiBx5sanr2qPqHH+PNlVwMuzOTz
c3yrLOW9CmJ7gUOPuiPG2soU8JuziIpwLCCywZ6nYSoghtG4LDkQ8WpWslWnqoNp
43LvIXPKS0XPhEt1CDdHbRLWoLFSjASg6uqdsa/BqmlXDA8i
-----END CERTIFICATE-----