Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/r_wVFwCj2Vd82eGP2OKQP8Fdrug.roa
File:                     r_wVFwCj2Vd82eGP2OKQP8Fdrug.roa (raw, json)
Hash identifier:          mGoy//L7YwXyZx9xQoWP02f8afxzAC6U1FmQJutTqe8=
Subject key identifier:   AF:FC:15:17:00:A3:D9:57:7C:D9:E1:8F:D8:E2:90:3F:C1:5D:AE:E8
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC801681DEF5A7C7BB4C1E349FDCC5D21
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/r_wVFwCj2Vd82eGP2OKQP8Fdrug.roa
Signing time:             Tue 02 Jan 2024 02:29:44 +0000
ROA not before:           Tue 02 Jan 2024 02:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208505
IP address blocks:        2a0c:b641:610::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:68:1d:ef:5a:7c:7b:b4:c1:e3:49:fd:cc:5d:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=affc151700a3d9577cd9e18fd8e2903fc15daee8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:9f:c0:83:0d:e6:6e:4d:02:17:e0:3d:c5:65:
                    1b:34:1f:19:f1:e4:18:f8:ac:b1:ea:95:c4:b2:bc:
                    5a:dc:bd:35:ee:1a:13:4e:53:c0:80:19:d9:07:11:
                    43:ef:79:35:a8:6e:17:5e:88:68:ef:49:d4:54:f9:
                    5e:87:fc:ff:bb:1d:9c:2b:30:4d:55:24:a8:89:a8:
                    f2:4e:a8:f0:dd:d4:98:f0:d4:1d:e6:6d:55:97:7d:
                    38:ae:1c:e0:e4:07:7c:f0:68:c3:66:f9:b7:14:4d:
                    01:1c:ea:b6:61:ac:12:fc:fe:68:53:eb:2d:6e:5a:
                    f8:91:61:a1:c5:6d:86:54:69:2d:6d:8b:26:62:cd:
                    76:49:4d:0f:d2:e1:94:0e:07:92:60:a2:7a:ba:cd:
                    d7:af:2d:2c:75:50:6c:a4:51:47:0b:f6:6a:15:a9:
                    92:be:ef:a6:c4:4e:9e:2c:07:42:01:cc:b2:18:79:
                    fb:c9:dc:cd:5c:3a:3e:08:86:ff:26:68:e9:cb:43:
                    00:cb:54:e3:1e:bb:91:5e:18:31:b3:24:90:90:e7:
                    37:f5:da:cf:4f:ad:f0:19:b2:b8:dd:a1:62:ae:84:
                    ee:32:71:9a:22:6e:52:b4:01:28:01:46:7e:65:b8:
                    76:70:10:aa:6b:7c:57:49:f6:e0:86:39:27:e9:51:
                    5f:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:FC:15:17:00:A3:D9:57:7C:D9:E1:8F:D8:E2:90:3F:C1:5D:AE:E8
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/r_wVFwCj2Vd82eGP2OKQP8Fdrug.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:610::/44

    Signature Algorithm: sha256WithRSAEncryption
         5f:20:b3:09:2e:f1:46:0b:da:2a:67:c4:86:36:c1:09:90:ed:
         d7:07:c6:82:a1:c0:e7:a9:66:29:11:9d:2c:6b:7f:6f:b8:2f:
         c9:e3:19:3e:58:06:bf:6f:0f:9a:a5:2b:85:34:36:43:2d:25:
         68:b6:71:d4:7e:da:aa:db:d5:f0:5d:f1:50:c1:fc:1d:69:f2:
         53:6f:10:d8:87:fd:a7:8c:6a:21:16:bf:4c:b7:2b:38:4f:d6:
         fe:ee:c9:4f:9d:27:2e:b9:c0:56:02:2e:3b:61:4d:31:1a:60:
         1a:97:cd:1f:92:17:41:f4:f4:a5:0d:86:c9:ce:fa:a9:b4:4f:
         2f:dd:3c:67:29:f1:1d:34:ed:ce:98:36:75:5c:29:5f:00:32:
         f8:9d:17:1c:2e:c0:31:06:1d:7b:83:23:b5:cc:b3:09:52:c9:
         96:8e:33:f0:cb:9a:68:cf:91:24:78:81:fa:4e:fd:8a:48:69:
         8e:76:0a:aa:4f:84:61:f5:02:49:a8:fe:86:92:21:2b:b1:42:
         4a:1f:79:a7:20:82:49:b5:eb:58:ec:5c:77:96:0c:23:93:e8:
         49:cc:13:0a:d0:57:25:a6:cc:67:d1:04:91:8b:b1:f4:57:99:
         af:d4:6e:0d:d8:32:17:1d:5c:ac:dd:a4:2c:04:0b:4e:e9:6e:
         d3:1c:fb:4c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAWgd71p8e7TB40n9zF0hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmZjMTUxNzAwYTNkOTU3N2NkOWUxOGZkOGUyOTAzZmMxNWRhZWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj5/Agw3mbk0CF+A9xWUbNB8Z8eQY
+Kyx6pXEsrxa3L017hoTTlPAgBnZBxFD73k1qG4XXoho70nUVPleh/z/ux2cKzBN
VSSoiajyTqjw3dSY8NQd5m1Vl304rhzg5Ad88GjDZvm3FE0BHOq2YawS/P5oU+st
blr4kWGhxW2GVGktbYsmYs12SU0P0uGUDgeSYKJ6us3Xry0sdVBspFFHC/ZqFamS
vu+mxE6eLAdCAcyyGHn7ydzNXDo+CIb/Jmjpy0MAy1TjHruRXhgxsySQkOc39drP
T63wGbK43aFiroTuMnGaIm5StAEoAUZ+Zbh2cBCqa3xXSfbghjkn6VFfgQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFK/8FRcAo9lXfNnhj9jikD/BXa7oMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvcl93VkZ3Q2oyVmQ4MmVHUDJPS1FQOEZkcnVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQYQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBfILMJLvFGC9oqZ8SGNsEJkO3XB8aCocDnqWYp
EZ0sa39vuC/J4xk+WAa/bw+apSuFNDZDLSVotnHUftqq29XwXfFQwfwdafJTbxDY
h/2njGohFr9Mtys4T9b+7slPnScuucBWAi47YU0xGmAal80fkhdB9PSlDYbJzvqp
tE8v3TxnKfEdNO3OmDZ1XClfADL4nRccLsAxBh17gyO1zLMJUsmWjjPwy5poz5Ek
eIH6Tv2KSGmOdgqqT4Rh9QJJqP6GkiErsUJKH3mnIIJJtetY7Fx3lgwjk+hJzBMK
0Fclpsxn0QSRi7H0V5mv1G4N2DIXHVys3aQsBAtO6W7THPtM
-----END CERTIFICATE-----