Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/sPketpWdXZjBYY4UZPF5NG_Dgp8.roa
File:                     sPketpWdXZjBYY4UZPF5NG_Dgp8.roa (raw, json)
Hash identifier:          6uyMfT60sXMchCVWfky787wnL2iEatMw+HN+ZQtpMU0=
Subject key identifier:   B0:F9:1E:B6:95:9D:5D:98:C1:61:8E:14:64:F1:79:34:6F:C3:82:9F
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC801830CF1B51DF44F77837743B56F62
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/sPketpWdXZjBYY4UZPF5NG_Dgp8.roa
Signing time:             Tue 02 Jan 2024 02:29:51 +0000
ROA not before:           Tue 02 Jan 2024 02:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215858
IP address blocks:        2a0c:b641:b80::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:83:0c:f1:b5:1d:f4:4f:77:83:77:43:b5:6f:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b0f91eb6959d5d98c1618e1464f179346fc3829f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:79:82:ae:30:79:84:77:dc:9c:0f:fd:a0:f0:
                    5c:95:66:2d:18:49:4f:18:10:71:0a:7c:45:00:8a:
                    ae:3c:85:6c:50:32:63:b6:a3:89:0e:12:e0:59:d2:
                    d6:b8:f0:4c:91:4b:01:ce:71:f9:fd:26:a4:fa:31:
                    66:22:a7:40:a1:5b:c3:39:69:91:64:48:6d:71:af:
                    c3:56:22:63:ee:8f:cc:b2:b1:09:bd:5a:78:54:4a:
                    a4:52:ec:25:e6:92:5e:e9:4c:b3:b1:7b:ec:44:a6:
                    e1:f1:2f:05:26:81:bb:0e:85:75:fe:7e:f3:68:46:
                    9f:3b:89:16:b0:77:b7:c9:29:24:72:36:97:59:5e:
                    db:59:ce:d9:26:f5:9e:c6:da:a2:b6:f3:9e:52:40:
                    19:6d:f5:11:2a:bb:ce:be:e1:1a:ab:7c:92:67:3a:
                    fd:a2:d7:db:7f:15:5c:06:ad:71:2f:6f:1e:86:e2:
                    d4:62:43:66:61:c1:97:6a:4f:d5:87:10:07:75:ff:
                    aa:d0:0d:4a:73:b0:76:c2:39:61:7e:c9:f7:11:1f:
                    95:89:32:a7:a6:55:c8:81:8b:b9:54:ab:a1:cb:a2:
                    6d:fa:85:07:22:b2:f1:64:95:52:ea:ee:9e:29:53:
                    3e:e1:dd:32:b6:a7:ae:6f:99:a4:63:c0:dd:fa:96:
                    d5:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:F9:1E:B6:95:9D:5D:98:C1:61:8E:14:64:F1:79:34:6F:C3:82:9F
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/sPketpWdXZjBYY4UZPF5NG_Dgp8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:b80::/44

    Signature Algorithm: sha256WithRSAEncryption
         94:3f:52:49:00:64:94:4c:dd:df:0e:9f:c7:2d:fc:40:03:3e:
         14:b7:10:15:de:39:6a:eb:de:77:f6:1e:64:5c:84:38:c7:b1:
         15:d0:d8:4d:7e:9d:53:37:90:48:62:d8:18:20:39:39:e4:bb:
         f7:04:e2:f0:1c:67:0c:0b:f7:e7:da:43:db:f1:90:7f:33:fa:
         c8:5a:6c:e3:31:65:f8:af:a8:1b:d5:50:ac:66:34:72:df:30:
         32:99:4d:d8:9f:02:0a:3d:f2:a4:2c:60:25:90:51:07:d0:ec:
         9d:9c:9b:d5:ae:2d:10:d7:71:43:7a:ed:e2:59:b1:58:00:23:
         d0:b7:9e:ed:bb:5f:3f:bf:4c:c3:0e:e7:a9:c2:6b:83:76:a1:
         ef:ea:c8:bf:3d:42:f2:57:2d:eb:33:62:4c:0f:78:4d:6c:18:
         55:5b:8f:40:68:af:b4:41:df:8d:61:34:89:0d:bc:3f:66:1b:
         5d:33:96:08:b6:2f:d8:c4:f5:68:8f:02:27:3a:17:4f:1b:7d:
         dc:f2:e4:db:fe:b4:3b:14:76:e4:9a:ce:1a:f2:0c:e2:19:b9:
         70:fc:71:98:e6:6d:0c:09:14:d3:dc:af:dc:79:a5:05:06:18:
         2d:78:71:d9:07:4b:ac:63:b7:1f:f7:30:8d:4c:1b:bb:b2:a2:
         5d:4a:76:87
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAYMM8bUd9E93g3dDtW9iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGY5MWViNjk1OWQ1ZDk4YzE2MThlMTQ2NGYxNzkzNDZmYzM4MjlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn3mCrjB5hHfcnA/9oPBclWYtGElP
GBBxCnxFAIquPIVsUDJjtqOJDhLgWdLWuPBMkUsBznH5/Sak+jFmIqdAoVvDOWmR
ZEhtca/DViJj7o/MsrEJvVp4VEqkUuwl5pJe6UyzsXvsRKbh8S8FJoG7DoV1/n7z
aEafO4kWsHe3ySkkcjaXWV7bWc7ZJvWextqitvOeUkAZbfURKrvOvuEaq3ySZzr9
otfbfxVcBq1xL28ehuLUYkNmYcGXak/VhxAHdf+q0A1Kc7B2wjlhfsn3ER+ViTKn
plXIgYu5VKuhy6Jt+oUHIrLxZJVS6u6eKVM+4d0ytqeub5mkY8Dd+pbVDwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLD5HraVnV2YwWGOFGTxeTRvw4KfMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvc1BrZXRwV2RYWmpCWVk0VVpQRjVOR19EZ3A4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQuA
MA0GCSqGSIb3DQEBCwUAA4IBAQCUP1JJAGSUTN3fDp/HLfxAAz4UtxAV3jlq6953
9h5kXIQ4x7EV0NhNfp1TN5BIYtgYIDk55Lv3BOLwHGcMC/fn2kPb8ZB/M/rIWmzj
MWX4r6gb1VCsZjRy3zAymU3YnwIKPfKkLGAlkFEH0OydnJvVri0Q13FDeu3iWbFY
ACPQt57tu18/v0zDDuepwmuDdqHv6si/PULyVy3rM2JMD3hNbBhVW49AaK+0Qd+N
YTSJDbw/ZhtdM5YIti/YxPVojwInOhdPG33c8uTb/rQ7FHbkms4a8gziGblw/HGY
5m0MCRTT3K/ceaUFBhgteHHZB0usY7cf9zCNTBu7sqJdSnaH
-----END CERTIFICATE-----