Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/owqjviwu9-L2FrkUPgmuQp7m9yI.roa
File:                     owqjviwu9-L2FrkUPgmuQp7m9yI.roa (raw, json)
Hash identifier:          ts2ExxlgChtmkFeD8T3OxSPLjMV/v79WUlBGvfF/Vkw=
Subject key identifier:   A3:0A:A3:BE:2C:2E:F7:E2:F6:16:B9:14:3E:09:AE:42:9E:E6:F7:22
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC801819706E220E590C4E7925FB53743
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/owqjviwu9-L2FrkUPgmuQp7m9yI.roa
Signing time:             Tue 02 Jan 2024 02:29:51 +0000
ROA not before:           Tue 02 Jan 2024 02:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213219
IP address blocks:        2a0c:b641:9a0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:81:97:06:e2:20:e5:90:c4:e7:92:5f:b5:37:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a30aa3be2c2ef7e2f616b9143e09ae429ee6f722
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:54:55:24:80:6c:43:59:96:c1:3d:cc:df:8f:
                    14:c2:ab:4e:9d:7d:2b:8a:31:8f:32:4a:87:d1:c9:
                    d5:8e:dc:4d:ac:31:bd:ff:3e:ce:77:20:71:e4:2e:
                    e7:6c:0b:56:c3:e9:f4:2d:ba:a0:59:da:e0:15:ff:
                    ef:f9:60:2f:72:dd:a7:b2:1c:8d:83:c1:00:c3:d4:
                    21:a5:f2:3c:b6:c2:42:90:04:ad:df:90:7f:e6:57:
                    5e:05:c9:b6:90:c4:d0:02:ef:2d:6a:56:0e:33:35:
                    37:f1:9e:db:b7:6b:06:49:0c:56:1b:19:ad:a1:38:
                    91:f5:dc:6b:61:00:6a:02:6e:27:c9:09:df:a0:cf:
                    20:77:95:92:16:70:76:21:3d:fc:09:aa:7c:a2:11:
                    d9:4e:67:f1:ae:17:da:dd:0f:f3:99:a9:36:a1:70:
                    9b:2d:f7:3f:4b:60:3c:96:b0:c3:3f:97:9f:f9:e0:
                    c8:39:e3:88:7b:29:e5:53:2f:ef:43:2f:f5:e9:8e:
                    60:92:ef:9c:b6:94:6a:6c:ce:e0:3a:96:82:61:bb:
                    1b:2c:dd:03:b1:d8:28:45:f9:96:d2:20:3f:4a:57:
                    b6:b4:c2:99:98:a0:8f:be:5c:bf:bd:05:69:dc:d4:
                    78:16:78:2d:df:d4:21:82:44:98:88:b3:24:8b:c2:
                    d0:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:0A:A3:BE:2C:2E:F7:E2:F6:16:B9:14:3E:09:AE:42:9E:E6:F7:22
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/owqjviwu9-L2FrkUPgmuQp7m9yI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:9a0::/44

    Signature Algorithm: sha256WithRSAEncryption
         4b:ab:c3:5a:6b:5c:72:da:64:fe:68:b9:89:d6:fd:de:e6:f2:
         e1:61:18:69:3b:e0:8f:3d:99:cf:a5:57:44:e0:82:13:15:3a:
         ab:ed:56:5b:1e:c8:3d:e8:90:9d:0f:7c:31:46:99:29:e7:79:
         7e:aa:48:55:91:19:d6:85:89:4a:6b:a3:30:f4:2a:93:bb:57:
         16:42:96:eb:63:ae:bd:46:89:1d:1e:7a:01:74:b0:10:96:9b:
         d2:4b:df:21:af:53:50:f1:4c:a7:0b:8a:51:f4:56:fc:83:cc:
         c0:05:b1:33:14:3b:ff:cd:f8:a3:8d:0f:cd:ec:86:2f:8e:bd:
         ef:07:41:db:15:80:0e:e4:57:b2:b9:b3:39:af:11:a1:86:0a:
         7e:a9:f3:a1:18:ff:21:2f:27:15:20:bf:11:75:92:96:9b:90:
         aa:1a:3f:e7:1c:0a:37:3e:73:79:e0:12:04:5d:e7:f7:d2:70:
         b8:62:b9:5c:12:ba:6e:00:e2:da:e6:da:d5:de:f9:3d:73:e1:
         4e:8d:34:00:d2:7b:3e:29:94:63:43:d2:d4:65:9f:6f:5b:a3:
         a4:0e:e4:f1:24:33:32:f6:51:b3:02:d1:59:37:c8:64:cd:79:
         45:48:f0:91:a1:33:b6:65:1e:8b:2f:76:2a:b0:eb:cd:79:75:
         31:e9:c5:3c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAYGXBuIg5ZDE55JftTdDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzBhYTNiZTJjMmVmN2UyZjYxNmI5MTQzZTA5YWU0MjllZTZmNzIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlFRVJIBsQ1mWwT3M348UwqtOnX0r
ijGPMkqH0cnVjtxNrDG9/z7OdyBx5C7nbAtWw+n0LbqgWdrgFf/v+WAvct2nshyN
g8EAw9QhpfI8tsJCkASt35B/5ldeBcm2kMTQAu8talYOMzU38Z7bt2sGSQxWGxmt
oTiR9dxrYQBqAm4nyQnfoM8gd5WSFnB2IT38Cap8ohHZTmfxrhfa3Q/zmak2oXCb
Lfc/S2A8lrDDP5ef+eDIOeOIeynlUy/vQy/16Y5gku+ctpRqbM7gOpaCYbsbLN0D
sdgoRfmW0iA/Sle2tMKZmKCPvly/vQVp3NR4Fngt39QhgkSYiLMki8LQzQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKMKo74sLvfi9ha5FD4JrkKe5vciMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvb3dxanZpd3U5LUwyRnJrVVBnbXVRcDdtOXlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQmg
MA0GCSqGSIb3DQEBCwUAA4IBAQBLq8Naa1xy2mT+aLmJ1v3e5vLhYRhpO+CPPZnP
pVdE4IITFTqr7VZbHsg96JCdD3wxRpkp53l+qkhVkRnWhYlKa6Mw9CqTu1cWQpbr
Y669RokdHnoBdLAQlpvSS98hr1NQ8UynC4pR9Fb8g8zABbEzFDv/zfijjQ/N7IYv
jr3vB0HbFYAO5FeyubM5rxGhhgp+qfOhGP8hLycVIL8RdZKWm5CqGj/nHAo3PnN5
4BIEXef30nC4YrlcErpuAOLa5trV3vk9c+FOjTQA0ns+KZRjQ9LUZZ9vW6OkDuTx
JDMy9lGzAtFZN8hkzXlFSPCRoTO2ZR6LL3YqsOvNeXUx6cU8
-----END CERTIFICATE-----