Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/pCvekNiB64EXfSlRX4vO1k1L94Q.roa
File:                     pCvekNiB64EXfSlRX4vO1k1L94Q.roa (raw, json)
Hash identifier:          zDBfL+8AaDSGxX8wkZNOf2TZo+LO1PiSHiNaWladdnc=
Subject key identifier:   A4:2B:DE:90:D8:81:EB:81:17:7D:29:51:5F:8B:CE:D6:4D:4B:F7:84
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC801741FF12E2E9FF26A95ECEA7CACD2
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/pCvekNiB64EXfSlRX4vO1k1L94Q.roa
Signing time:             Tue 02 Jan 2024 02:29:47 +0000
ROA not before:           Tue 02 Jan 2024 02:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210800
IP address blocks:        2a0c:b641:430::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:74:1f:f1:2e:2e:9f:f2:6a:95:ec:ea:7c:ac:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a42bde90d881eb81177d29515f8bced64d4bf784
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:bb:34:d7:22:87:37:92:29:84:db:ed:65:ab:
                    19:2a:55:2f:00:26:40:b4:86:4f:5c:9d:9e:45:64:
                    19:e2:bc:99:df:78:77:33:53:cb:aa:8d:9c:7a:07:
                    0a:44:8d:b6:fb:fe:d5:75:48:8e:b2:cc:fd:f8:35:
                    32:a6:09:35:9c:8f:ac:36:f4:7c:b0:cb:64:e3:44:
                    94:48:dc:b1:ca:e5:40:13:25:76:94:07:ef:63:7a:
                    44:26:73:9f:09:54:5a:02:94:d4:8f:a6:cc:be:41:
                    c1:83:88:18:dc:cc:d2:89:11:f3:eb:3e:dc:29:e9:
                    c7:56:62:1f:fd:a4:ed:ca:21:38:9b:34:19:f4:fc:
                    4f:d3:db:01:e7:d1:4e:f7:b9:b6:cf:f6:63:d5:5c:
                    75:07:d2:29:47:a0:23:bf:4f:aa:dd:48:ba:42:4f:
                    54:70:52:f5:16:2f:bd:7e:21:8c:c9:b5:b5:70:e1:
                    8b:47:22:92:45:70:e6:2b:45:f9:da:30:b2:f1:e6:
                    92:28:cc:04:ba:67:28:28:84:a8:2e:dd:b6:aa:9b:
                    85:a9:2e:ad:70:71:11:69:d0:90:2f:7d:61:f2:4b:
                    d5:89:cd:25:85:90:fd:4b:2a:c1:54:26:3d:f3:39:
                    16:55:a8:93:23:68:f5:41:51:b4:8d:f5:52:e8:3a:
                    57:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:2B:DE:90:D8:81:EB:81:17:7D:29:51:5F:8B:CE:D6:4D:4B:F7:84
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/pCvekNiB64EXfSlRX4vO1k1L94Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:430::/44

    Signature Algorithm: sha256WithRSAEncryption
         3c:f5:ba:3b:7c:98:91:04:ba:14:90:c7:df:ed:2e:8e:fd:a5:
         a7:b3:0b:91:a8:e2:8d:23:83:03:44:d0:2c:0f:3d:fa:d3:13:
         af:8b:ff:ad:61:44:da:72:8b:b6:65:5b:7f:67:c8:be:90:ae:
         01:93:48:bb:d8:f9:a5:62:61:ae:60:3e:64:f6:4c:56:6b:21:
         cf:5c:65:9b:39:03:05:dd:db:b5:d4:0b:8c:56:21:bd:30:82:
         e8:28:67:b7:96:c8:5d:ad:f8:5f:56:e0:c8:1a:9c:68:f4:9f:
         aa:4e:a7:34:23:53:e0:86:f7:bc:0f:b6:f7:4c:a0:ed:45:ba:
         ba:87:c1:b8:53:12:a6:c7:bb:da:ed:cd:df:bb:db:d2:17:15:
         5e:08:b2:7d:5c:57:28:2b:80:d9:65:08:70:6f:e2:f5:33:90:
         4b:ae:88:6c:33:78:d7:7c:30:07:05:c9:33:57:49:56:87:b9:
         30:a2:53:05:18:4a:13:95:d2:4c:ef:b0:8a:82:4b:e2:57:bf:
         50:8d:b8:bc:c3:61:20:ff:bc:7d:95:94:e6:30:c1:d8:5d:fd:
         3f:34:d1:d8:15:0a:1a:42:c7:d8:65:db:26:37:e0:0d:6e:b7:
         70:42:3b:02:ab:7e:f9:98:9b:f2:24:60:f0:89:a1:42:b4:4f:
         9e:03:21:27
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAXQf8S4un/JqlezqfKzSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDJiZGU5MGQ4ODFlYjgxMTc3ZDI5NTE1ZjhiY2VkNjRkNGJmNzg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoLs01yKHN5IphNvtZasZKlUvACZA
tIZPXJ2eRWQZ4ryZ33h3M1PLqo2cegcKRI22+/7VdUiOssz9+DUypgk1nI+sNvR8
sMtk40SUSNyxyuVAEyV2lAfvY3pEJnOfCVRaApTUj6bMvkHBg4gY3MzSiRHz6z7c
KenHVmIf/aTtyiE4mzQZ9PxP09sB59FO97m2z/Zj1Vx1B9IpR6Ajv0+q3Ui6Qk9U
cFL1Fi+9fiGMybW1cOGLRyKSRXDmK0X52jCy8eaSKMwEumcoKISoLt22qpuFqS6t
cHERadCQL31h8kvVic0lhZD9SyrBVCY98zkWVaiTI2j1QVG0jfVS6DpXdQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKQr3pDYgeuBF30pUV+LztZNS/eEMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvcEN2ZWtOaUI2NEVYZlNsUlg0dk8xazFMOTRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQQw
MA0GCSqGSIb3DQEBCwUAA4IBAQA89bo7fJiRBLoUkMff7S6O/aWnswuRqOKNI4MD
RNAsDz360xOvi/+tYUTacou2ZVt/Z8i+kK4Bk0i72PmlYmGuYD5k9kxWayHPXGWb
OQMF3du11AuMViG9MILoKGe3lshdrfhfVuDIGpxo9J+qTqc0I1Pghve8D7b3TKDt
Rbq6h8G4UxKmx7va7c3fu9vSFxVeCLJ9XFcoK4DZZQhwb+L1M5BLrohsM3jXfDAH
BckzV0lWh7kwolMFGEoTldJM77CKgkviV79Qjbi8w2Eg/7x9lZTmMMHYXf0/NNHY
FQoaQsfYZdsmN+ANbrdwQjsCq375mJvyJGDwiaFCtE+eAyEn
-----END CERTIFICATE-----