Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/rxHTTEwe23aaeQp46g5c9aqFIXo.roa
File:                     rxHTTEwe23aaeQp46g5c9aqFIXo.roa (raw, json)
Hash identifier:          gqj4W/52zJYoyzi2SQ+8WcInqo42/fc//ajbOZDd9AE=
Subject key identifier:   AF:11:D3:4C:4C:1E:DB:76:9A:79:0A:78:EA:0E:5C:F5:AA:85:21:7A
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC801814ACC1A6EC201D8AD0FBC2C9874
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/rxHTTEwe23aaeQp46g5c9aqFIXo.roa
Signing time:             Tue 02 Jan 2024 02:29:50 +0000
ROA not before:           Tue 02 Jan 2024 02:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213201
IP address blocks:        2a0c:b641:6e0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:81:4a:cc:1a:6e:c2:01:d8:ad:0f:bc:2c:98:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=af11d34c4c1edb769a790a78ea0e5cf5aa85217a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:d2:c9:66:82:2d:92:c5:44:aa:1a:dd:e0:0c:
                    57:18:0d:7a:d0:b2:9c:cb:10:3b:81:7f:fb:21:f0:
                    fd:e3:e9:bc:77:54:b3:b8:00:20:20:cf:3b:a6:68:
                    1b:c5:2d:bc:0d:ae:ff:eb:bc:d0:f3:30:ad:33:4e:
                    77:20:80:90:96:da:bf:78:03:2b:4b:64:23:6b:92:
                    f8:fa:70:73:8b:a4:03:fe:16:b4:76:f1:13:71:6c:
                    53:b1:36:ee:76:a0:7e:45:88:68:1a:e5:ac:67:44:
                    a0:f2:b4:3f:2c:29:9c:b5:1b:f8:d5:f4:b4:8c:86:
                    63:51:46:78:98:b9:fd:f0:89:5d:57:f3:d9:74:b9:
                    fe:f8:d3:9a:65:31:2e:b5:f5:1a:19:b8:0f:02:a7:
                    cd:3b:3d:1e:a5:94:52:50:cb:76:ff:ca:0d:7e:4d:
                    c8:55:ad:71:28:e8:f4:29:fc:3f:f0:49:64:7d:41:
                    20:3e:61:52:3e:a9:c2:bb:b2:0c:82:7c:a0:cd:25:
                    fc:4d:72:d0:63:82:23:65:9c:b6:d0:4e:12:98:be:
                    a3:fc:01:f2:66:8e:09:f0:f3:0f:67:35:4c:09:cb:
                    1e:59:81:ed:1e:b3:19:68:14:5f:58:ef:6c:70:e8:
                    cb:66:42:ad:f3:a5:3c:0e:f1:f6:38:74:90:68:96:
                    72:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:11:D3:4C:4C:1E:DB:76:9A:79:0A:78:EA:0E:5C:F5:AA:85:21:7A
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/rxHTTEwe23aaeQp46g5c9aqFIXo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:6e0::/44

    Signature Algorithm: sha256WithRSAEncryption
         92:e4:40:d8:1f:ca:f0:9e:c7:c7:6f:0c:21:04:5e:d8:78:ba:
         7f:c8:1e:de:c4:fb:59:2f:76:8b:fd:74:ae:fa:55:b8:42:03:
         ea:6e:4c:cb:62:85:77:82:c5:9b:86:d5:fa:ba:be:c5:90:8d:
         36:f9:37:f1:5d:0e:9b:05:15:b2:7b:be:5c:14:d0:6a:6d:a3:
         65:6d:a6:ea:31:5e:db:21:c3:ca:fa:31:b8:35:e3:f2:a9:be:
         2f:45:5b:03:86:2b:89:ef:9f:4c:e8:62:b5:6b:48:69:89:b6:
         fe:39:d7:dc:55:42:a1:6b:f5:3b:7b:b9:70:a1:d3:74:99:37:
         07:5a:b2:03:67:07:de:3a:7c:16:79:3c:22:13:c7:e9:17:99:
         c3:8a:04:a5:b5:12:6e:5e:d3:56:ef:1e:a5:1c:86:2d:63:cf:
         61:77:ac:bd:46:54:62:11:e0:da:f2:1b:b1:7b:24:86:ee:c5:
         c2:6d:c3:ae:02:de:25:53:1f:7c:e2:76:82:cd:17:85:21:c4:
         72:d7:1a:27:1e:60:6d:bb:30:f3:2d:06:26:1a:68:83:c8:47:
         b9:9b:72:fd:3f:93:1c:63:44:14:b2:5c:8d:ee:ea:be:9f:4c:
         7c:11:01:e4:31:37:b2:0b:a1:3a:fc:70:f9:19:5d:08:ac:53:
         eb:df:02:2f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAYFKzBpuwgHYrQ+8LJh0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjExZDM0YzRjMWVkYjc2OWE3OTBhNzhlYTBlNWNmNWFhODUyMTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzdLJZoItksVEqhrd4AxXGA160LKc
yxA7gX/7IfD94+m8d1SzuAAgIM87pmgbxS28Da7/67zQ8zCtM053IICQltq/eAMr
S2Qja5L4+nBzi6QD/ha0dvETcWxTsTbudqB+RYhoGuWsZ0Sg8rQ/LCmctRv41fS0
jIZjUUZ4mLn98IldV/PZdLn++NOaZTEutfUaGbgPAqfNOz0epZRSUMt2/8oNfk3I
Va1xKOj0Kfw/8ElkfUEgPmFSPqnCu7IMgnygzSX8TXLQY4IjZZy20E4SmL6j/AHy
Zo4J8PMPZzVMCcseWYHtHrMZaBRfWO9scOjLZkKt86U8DvH2OHSQaJZyuwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFK8R00xMHtt2mnkKeOoOXPWqhSF6MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvcnhIVFRFd2UyM2FhZVFwNDZnNWM5YXFGSVhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQbg
MA0GCSqGSIb3DQEBCwUAA4IBAQCS5EDYH8rwnsfHbwwhBF7YeLp/yB7exPtZL3aL
/XSu+lW4QgPqbkzLYoV3gsWbhtX6ur7FkI02+TfxXQ6bBRWye75cFNBqbaNlbabq
MV7bIcPK+jG4NePyqb4vRVsDhiuJ759M6GK1a0hpibb+OdfcVUKha/U7e7lwodN0
mTcHWrIDZwfeOnwWeTwiE8fpF5nDigSltRJuXtNW7x6lHIYtY89hd6y9RlRiEeDa
8huxeySG7sXCbcOuAt4lUx984naCzReFIcRy1xonHmBtuzDzLQYmGmiDyEe5m3L9
P5McY0QUslyN7uq+n0x8EQHkMTeyC6E6/HD5GV0IrFPr3wIv
-----END CERTIFICATE-----