Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/pBu7PATkPkPWwRw-n1qT5t7n07w.roa
File:                     pBu7PATkPkPWwRw-n1qT5t7n07w.roa (raw, json)
Hash identifier:          D457RXReFB5vrxQD1OkRgDaInmF726M6XV0g8hCl49w=
Subject key identifier:   A4:1B:BB:3C:04:E4:3E:43:D6:C1:1C:3E:9F:5A:93:E6:DE:E7:D3:BC
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01929FE4AE85DE1642C4C404E2E35B27196F
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/pBu7PATkPkPWwRw-n1qT5t7n07w.roa
Signing time:             Fri 18 Oct 2024 13:50:17 +0000
ROA not before:           Fri 18 Oct 2024 13:50:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214001
IP address blocks:        2a0c:b641:d40::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:9f:e4:ae:85:de:16:42:c4:c4:04:e2:e3:5b:27:19:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Oct 18 13:50:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a41bbb3c04e43e43d6c11c3e9f5a93e6dee7d3bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:2b:69:d1:e7:16:7d:4c:e1:25:4c:54:fc:40:
                    5c:6b:4d:5e:35:2c:fb:9f:c9:c4:1a:c0:34:e2:85:
                    f6:06:b4:b4:22:05:2d:51:56:12:a1:95:38:39:38:
                    77:fb:c2:3c:ae:77:06:6c:f1:44:60:30:ce:1d:16:
                    c6:7a:54:e7:f3:64:18:c7:a5:bc:d1:ac:a6:22:e5:
                    bc:a3:8a:e7:88:1f:56:ed:7b:c6:97:b7:87:37:72:
                    c2:a3:80:cd:1e:81:52:45:3a:73:9a:e9:5d:08:83:
                    1a:73:15:72:f1:d5:11:96:c0:e2:29:25:0d:3c:f5:
                    c2:65:36:66:db:61:17:23:a1:92:56:7f:76:c5:a9:
                    5b:5f:d3:ee:22:28:8f:a1:76:f6:f1:09:b1:03:82:
                    84:f7:83:ad:dd:9f:3f:4e:00:31:1b:6c:b5:4f:96:
                    0f:45:df:6e:d9:90:18:0f:69:f6:10:e8:54:1a:19:
                    37:35:66:7a:2f:97:ca:d0:01:04:77:4f:43:56:64:
                    26:94:02:8d:3c:ac:ec:43:1e:fc:64:80:24:a4:7d:
                    a5:55:02:91:63:95:ac:ae:4a:41:36:9c:a4:03:16:
                    1b:8b:c9:c1:d7:ac:e9:f4:94:d3:01:16:7e:6e:97:
                    71:a9:fc:4a:32:87:0d:21:c3:b3:66:6f:cd:d1:80:
                    82:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:1B:BB:3C:04:E4:3E:43:D6:C1:1C:3E:9F:5A:93:E6:DE:E7:D3:BC
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/pBu7PATkPkPWwRw-n1qT5t7n07w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:d40::/44

    Signature Algorithm: sha256WithRSAEncryption
         59:fd:e6:74:d8:9c:c0:72:ef:b5:71:1f:64:c3:7e:48:3f:d3:
         62:f2:88:30:e5:cf:c6:62:7a:ff:57:f2:4e:a0:53:de:c0:5c:
         29:e9:03:d2:ee:b9:dd:d0:0b:50:2e:85:23:c6:b5:92:28:f8:
         92:fe:f1:cf:0f:ba:25:4e:a4:e9:f7:d0:d0:57:9c:59:80:12:
         3a:ba:cf:b0:43:3b:d2:14:c0:ff:2f:97:a5:00:83:c2:0b:a0:
         36:71:a8:62:4c:24:f9:86:40:48:26:ec:55:af:37:f6:09:1e:
         e8:99:8a:ef:e2:f3:d1:b1:b3:d7:41:22:9d:4e:23:dc:f8:18:
         d0:f9:7d:fb:02:cb:08:19:03:77:9e:3e:88:0a:f9:2e:d7:0b:
         d5:0b:57:17:03:58:91:9e:a5:9f:4d:b9:d6:33:92:dd:03:74:
         b7:01:ac:63:17:c4:b5:cc:9e:05:cd:79:ce:37:32:55:fd:7a:
         bf:8c:cc:f0:01:f7:5d:38:a2:e8:59:71:0d:14:e8:57:a2:63:
         8e:7f:dd:8c:63:b0:44:3c:66:06:93:6b:44:78:88:43:45:74:
         db:c1:2a:1d:a2:b8:77:76:4f:be:0b:fd:3f:68:d6:5b:32:7f:
         0a:60:5c:e3:f1:69:db:cd:12:50:75:14:45:19:48:97:bf:d5:
         b5:17:5f:c4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZKf5K6F3hZCxMQE4uNbJxlvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQxMDE4MTM1MDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDFiYmIzYzA0ZTQzZTQzZDZjMTFjM2U5ZjVhOTNlNmRlZTdkM2JjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxitp0ecWfUzhJUxU/EBca01eNSz7
n8nEGsA04oX2BrS0IgUtUVYSoZU4OTh3+8I8rncGbPFEYDDOHRbGelTn82QYx6W8
0aymIuW8o4rniB9W7XvGl7eHN3LCo4DNHoFSRTpzmuldCIMacxVy8dURlsDiKSUN
PPXCZTZm22EXI6GSVn92xalbX9PuIiiPoXb28QmxA4KE94Ot3Z8/TgAxG2y1T5YP
Rd9u2ZAYD2n2EOhUGhk3NWZ6L5fK0AEEd09DVmQmlAKNPKzsQx78ZIAkpH2lVQKR
Y5WsrkpBNpykAxYbi8nB16zp9JTTARZ+bpdxqfxKMocNIcOzZm/N0YCCEwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKQbuzwE5D5D1sEcPp9ak+be59O8MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvcEJ1N1BBVGtQa1BXd1J3LW4xcVQ1dDduMDd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQ1A
MA0GCSqGSIb3DQEBCwUAA4IBAQBZ/eZ02JzAcu+1cR9kw35IP9Ni8ogw5c/GYnr/
V/JOoFPewFwp6QPS7rnd0AtQLoUjxrWSKPiS/vHPD7olTqTp99DQV5xZgBI6us+w
QzvSFMD/L5elAIPCC6A2cahiTCT5hkBIJuxVrzf2CR7omYrv4vPRsbPXQSKdTiPc
+BjQ+X37AssIGQN3nj6ICvku1wvVC1cXA1iRnqWfTbnWM5LdA3S3AaxjF8S1zJ4F
zXnONzJV/Xq/jMzwAfddOKLoWXENFOhXomOOf92MY7BEPGYGk2tEeIhDRXTbwSod
orh3dk++C/0/aNZbMn8KYFzj8WnbzRJQdRRFGUiXv9W1F1/E
-----END CERTIFICATE-----