Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/qt9xALvoOLtuMIFw7DDZo8PSvB4.roa
File:                     qt9xALvoOLtuMIFw7DDZo8PSvB4.roa (raw, json)
Hash identifier:          6LvCjQgUI52NGOATj04X2FRgQQxwCJdcWQUThzD9cxk=
Subject key identifier:   AA:DF:71:00:BB:E8:38:BB:6E:30:81:70:EC:30:D9:A3:C3:D2:BC:1E
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8014E658B082B515C11293038BEFEF4
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/qt9xALvoOLtuMIFw7DDZo8PSvB4.roa
Signing time:             Tue 02 Jan 2024 02:29:37 +0000
ROA not before:           Tue 02 Jan 2024 02:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57853
IP address blocks:        2a0c:b641:190::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:4e:65:8b:08:2b:51:5c:11:29:30:38:be:fe:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aadf7100bbe838bb6e308170ec30d9a3c3d2bc1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:73:f8:7f:68:e9:8f:6a:da:a6:3b:58:05:c5:
                    aa:9a:de:c9:6b:0d:c9:e3:c0:cc:96:cb:06:bb:e4:
                    f1:3c:3e:2a:39:be:d1:80:35:77:a7:0c:da:2f:4b:
                    b9:3c:3d:0a:35:76:90:42:bd:e7:81:4e:33:d7:37:
                    25:33:30:03:a9:15:13:ec:4d:cf:43:c1:22:d0:7f:
                    61:81:3b:cc:77:21:2b:c0:62:a4:37:38:00:96:25:
                    40:42:94:2f:a7:53:c2:21:70:ac:05:cd:b1:e3:62:
                    2b:d2:6e:c0:da:d9:1a:ce:f3:fb:46:e8:51:2a:45:
                    05:22:12:b1:d1:4c:cd:11:a6:a5:34:11:57:a8:0a:
                    a7:94:31:5c:eb:52:84:80:8a:42:ff:0b:e9:34:0d:
                    85:1f:b4:a9:fd:08:ed:43:3e:50:66:a8:8d:65:e6:
                    ff:ff:b5:ac:bf:1e:9c:0c:cf:8a:32:88:7b:a8:8f:
                    3c:95:ae:c9:7d:79:6a:ab:5e:6e:ab:e1:c4:55:31:
                    a5:20:65:41:0e:14:f3:0c:a5:18:10:54:35:78:b6:
                    1e:e5:8f:9e:c1:27:06:e6:4c:08:a8:90:f3:bc:92:
                    52:5b:e1:78:e5:47:13:93:31:64:f5:90:44:b7:91:
                    9b:fb:0a:5e:9b:66:16:a0:84:47:d4:4f:5d:0b:93:
                    8b:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:DF:71:00:BB:E8:38:BB:6E:30:81:70:EC:30:D9:A3:C3:D2:BC:1E
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/qt9xALvoOLtuMIFw7DDZo8PSvB4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:190::/44

    Signature Algorithm: sha256WithRSAEncryption
         97:4b:20:51:78:4c:63:e3:18:de:b8:9d:fb:30:ed:72:3e:30:
         ef:ab:8b:80:5e:9c:62:23:5a:c3:69:98:0a:8c:b5:ec:34:55:
         91:60:ed:1b:ee:19:51:f0:9c:4d:d5:d7:fb:d1:1b:58:cd:51:
         f0:e8:60:66:a0:02:a1:ea:2f:3c:79:e4:63:8c:b3:02:02:83:
         a5:ee:ae:fa:66:61:c1:58:de:49:2b:dd:15:85:9a:f3:ae:c1:
         3a:7c:73:c0:23:69:4e:97:c8:c7:ab:50:29:22:5f:06:ec:11:
         2a:79:e8:31:8b:68:dd:75:4b:a5:8d:07:2e:ed:35:08:56:a5:
         3b:f1:68:9b:31:89:75:7f:54:a8:26:00:39:e7:9b:f7:db:c7:
         1a:e9:51:a4:1a:80:b2:b6:70:26:f0:f7:cc:c1:44:95:d9:5a:
         ee:4b:f6:50:9f:a4:9d:6a:4a:88:f1:d9:74:ed:03:08:c4:62:
         8a:f0:10:a6:93:3b:a9:0a:c4:1c:7f:78:6d:83:3b:32:18:b8:
         24:43:3e:b4:98:4f:12:d0:7e:23:73:3d:4a:65:a7:af:c5:9a:
         ff:52:bf:e4:99:c5:da:75:66:d7:5d:45:53:7a:a4:d2:2d:3a:
         c9:5d:04:87:12:d2:c6:c0:04:92:aa:e5:66:9c:eb:e9:e7:54:
         40:33:86:47
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAU5liwgrUVwRKTA4vv70MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWRmNzEwMGJiZTgzOGJiNmUzMDgxNzBlYzMwZDlhM2MzZDJiYzFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs3P4f2jpj2rapjtYBcWqmt7Jaw3J
48DMlssGu+TxPD4qOb7RgDV3pwzaL0u5PD0KNXaQQr3ngU4z1zclMzADqRUT7E3P
Q8Ei0H9hgTvMdyErwGKkNzgAliVAQpQvp1PCIXCsBc2x42Ir0m7A2tkazvP7RuhR
KkUFIhKx0UzNEaalNBFXqAqnlDFc61KEgIpC/wvpNA2FH7Sp/QjtQz5QZqiNZeb/
/7Wsvx6cDM+KMoh7qI88la7JfXlqq15uq+HEVTGlIGVBDhTzDKUYEFQ1eLYe5Y+e
wScG5kwIqJDzvJJSW+F45UcTkzFk9ZBEt5Gb+wpem2YWoIRH1E9dC5OLlQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKrfcQC76Di7bjCBcOww2aPD0rweMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvcXQ5eEFMdm9PTHR1TUlGdzdERFpvOFBTdkI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQGQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCXSyBReExj4xjeuJ37MO1yPjDvq4uAXpxiI1rD
aZgKjLXsNFWRYO0b7hlR8JxN1df70RtYzVHw6GBmoAKh6i88eeRjjLMCAoOl7q76
ZmHBWN5JK90VhZrzrsE6fHPAI2lOl8jHq1ApIl8G7BEqeegxi2jddUuljQcu7TUI
VqU78WibMYl1f1SoJgA555v328ca6VGkGoCytnAm8PfMwUSV2VruS/ZQn6SdakqI
8dl07QMIxGKK8BCmkzupCsQcf3htgzsyGLgkQz60mE8S0H4jcz1KZaevxZr/Ur/k
mcXadWbXXUVTeqTSLTrJXQSHEtLGwASSquVmnOvp51RAM4ZH
-----END CERTIFICATE-----