Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/tdnUQohX34w1U9fzKaKRYmk6_RY.roa
File:                     tdnUQohX34w1U9fzKaKRYmk6_RY.roa (raw, json)
Hash identifier:          DDlV+iOeAuLl7GqfEYdPTNqTRkN8Re/hRH8MVKNCM7s=
Subject key identifier:   B5:D9:D4:42:88:57:DF:8C:35:53:D7:F3:29:A2:91:62:69:3A:FD:16
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC801563EF455F9B57374998A17634E69
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/tdnUQohX34w1U9fzKaKRYmk6_RY.roa
Signing time:             Tue 02 Jan 2024 02:29:40 +0000
ROA not before:           Tue 02 Jan 2024 02:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199487
IP address blocks:        2a0c:b641:a00::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:56:3e:f4:55:f9:b5:73:74:99:8a:17:63:4e:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b5d9d4428857df8c3553d7f329a29162693afd16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:7a:20:9b:14:68:56:73:53:e1:b1:a5:f5:cb:
                    bc:9e:7c:cc:76:92:cd:ec:24:ea:a3:ee:c7:89:76:
                    b5:9f:98:6f:39:52:58:cf:42:0a:f6:85:5f:3a:e8:
                    ef:fa:4b:d8:46:86:6b:73:bb:80:99:10:64:0f:5d:
                    bf:87:3c:8c:3d:41:b9:3c:7d:c7:98:a8:fd:90:04:
                    4d:d8:cc:6c:22:52:2c:79:5b:47:8a:d9:9f:e7:48:
                    65:09:42:63:9e:f0:d0:b1:88:b6:6e:d4:d7:e8:0b:
                    fc:fa:5d:67:eb:3b:92:45:3d:f1:a4:8c:7f:a6:3c:
                    f6:35:a7:fe:b2:f4:ee:ab:f3:4e:cf:fd:4f:5b:b0:
                    23:b9:17:cb:46:fa:09:a6:35:8d:76:fe:ba:c2:22:
                    7e:ae:e1:df:51:f4:7d:c6:16:71:9a:59:c9:4e:61:
                    3c:a4:3a:aa:2b:17:88:ed:7f:c7:54:99:d6:12:5a:
                    92:87:ef:a1:f5:93:a9:a7:79:2b:b9:1f:16:59:7d:
                    e1:8c:ed:c0:a2:a3:fe:6f:dc:09:a7:11:1e:79:e9:
                    62:50:ad:10:dc:46:62:71:af:ff:18:92:2a:c7:40:
                    e2:57:09:0e:6e:b3:e6:00:2e:58:ad:da:ef:59:e0:
                    33:7c:f6:e9:09:80:f3:68:9f:e7:3b:cd:80:6e:23:
                    eb:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:D9:D4:42:88:57:DF:8C:35:53:D7:F3:29:A2:91:62:69:3A:FD:16
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/tdnUQohX34w1U9fzKaKRYmk6_RY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:a00::/44

    Signature Algorithm: sha256WithRSAEncryption
         6f:6c:7c:9f:16:a1:3f:80:d1:fd:3f:51:cf:76:c7:b0:4e:98:
         d0:65:9d:af:b4:ec:4e:75:51:0f:af:03:45:93:56:d0:10:bd:
         34:cd:73:f2:cd:fe:a2:82:df:5c:51:22:48:af:e6:a6:6d:d9:
         93:62:3f:f5:3f:c2:15:ef:a1:9b:2b:87:48:bb:b7:cc:3c:36:
         2c:fa:68:fb:9a:08:3e:58:29:37:aa:86:3c:cc:54:10:ef:92:
         89:0e:2c:90:36:f9:37:db:6f:71:ef:e6:11:ed:5d:b3:6e:6c:
         40:7d:71:7e:f3:4e:e9:8b:d4:18:f0:bc:84:40:5e:4c:13:ff:
         79:0d:02:8c:bb:a4:12:95:18:92:f8:7e:8f:6d:df:9a:f2:db:
         41:0e:c2:34:51:8f:88:a1:6a:1b:bb:a3:43:3e:3a:79:a6:8d:
         e9:e4:f0:c3:7b:de:4c:ee:0a:28:52:77:d4:11:1b:20:1e:d7:
         3c:59:8e:5b:a6:ce:83:70:7a:9c:79:32:6b:78:e1:9c:c2:6d:
         22:02:4b:48:a5:20:a1:02:3e:03:a2:4f:74:a6:68:8f:b7:57:
         56:d3:aa:98:7c:a2:13:7b:94:90:20:ee:eb:de:07:be:91:2a:
         88:f8:20:19:59:d1:d9:f2:13:eb:7a:1c:bb:25:ca:88:42:55:
         ad:28:71:7a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAVY+9FX5tXN0mYoXY05pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWQ5ZDQ0Mjg4NTdkZjhjMzU1M2Q3ZjMyOWEyOTE2MjY5M2FmZDE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA13ogmxRoVnNT4bGl9cu8nnzMdpLN
7CTqo+7HiXa1n5hvOVJYz0IK9oVfOujv+kvYRoZrc7uAmRBkD12/hzyMPUG5PH3H
mKj9kARN2MxsIlIseVtHitmf50hlCUJjnvDQsYi2btTX6Av8+l1n6zuSRT3xpIx/
pjz2Naf+svTuq/NOz/1PW7AjuRfLRvoJpjWNdv66wiJ+ruHfUfR9xhZxmlnJTmE8
pDqqKxeI7X/HVJnWElqSh++h9ZOpp3kruR8WWX3hjO3AoqP+b9wJpxEeeeliUK0Q
3EZica//GJIqx0DiVwkObrPmAC5YrdrvWeAzfPbpCYDzaJ/nO82AbiPrfwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLXZ1EKIV9+MNVPX8ymikWJpOv0WMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvdGRuVVFvaFgzNHcxVTlmekthS1JZbWs2X1JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQoA
MA0GCSqGSIb3DQEBCwUAA4IBAQBvbHyfFqE/gNH9P1HPdsewTpjQZZ2vtOxOdVEP
rwNFk1bQEL00zXPyzf6igt9cUSJIr+ambdmTYj/1P8IV76GbK4dIu7fMPDYs+mj7
mgg+WCk3qoY8zFQQ75KJDiyQNvk3229x7+YR7V2zbmxAfXF+807pi9QY8LyEQF5M
E/95DQKMu6QSlRiS+H6Pbd+a8ttBDsI0UY+IoWobu6NDPjp5po3p5PDDe95M7goo
UnfUERsgHtc8WY5bps6DcHqceTJreOGcwm0iAktIpSChAj4Dok90pmiPt1dW06qY
fKITe5SQIO7r3ge+kSqI+CAZWdHZ8hPrehy7JcqIQlWtKHF6
-----END CERTIFICATE-----