Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/uYupxwXMU5GppuQwaosLjIpY-1o.roa
File:                     uYupxwXMU5GppuQwaosLjIpY-1o.roa (raw, json)
Hash identifier:          NwLQSr/OU07wbC8e60NV2WKT+2kc6SMjJDpEIxzo6ig=
Subject key identifier:   B9:8B:A9:C7:05:CC:53:91:A9:A6:E4:30:6A:8B:0B:8C:8A:58:FB:5A
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8016A7BFA31404F4E463C2E8914FBD3
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/uYupxwXMU5GppuQwaosLjIpY-1o.roa
Signing time:             Tue 02 Jan 2024 02:29:45 +0000
ROA not before:           Tue 02 Jan 2024 02:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209295
IP address blocks:        2a0c:b641:580::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:6a:7b:fa:31:40:4f:4e:46:3c:2e:89:14:fb:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b98ba9c705cc5391a9a6e4306a8b0b8c8a58fb5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:91:7e:c9:85:c1:95:b0:d5:d0:fd:11:66:4d:
                    f4:53:3d:97:c3:72:55:72:25:b1:0c:a1:cd:e4:ac:
                    46:dc:52:a2:43:a4:8d:96:f3:71:2c:2a:d4:31:01:
                    91:96:28:df:48:38:df:9a:c1:a7:d1:0c:ab:61:f1:
                    d5:82:ce:ee:12:f7:ce:09:13:51:0b:b7:1c:b1:c8:
                    79:57:05:57:f7:b0:34:ee:90:84:40:64:6a:ad:89:
                    4f:43:6a:b6:5d:b9:b8:d0:c8:e1:64:86:ca:ef:37:
                    54:e4:0e:13:15:26:63:4a:e0:8e:ae:d3:8a:54:fd:
                    58:c2:87:ba:19:bf:65:4a:9a:f0:63:20:41:e4:7a:
                    77:bc:b9:d4:58:8f:dc:84:bd:0f:8f:93:4d:b0:55:
                    9b:c4:6c:c0:af:df:54:38:56:e0:e8:de:13:bd:2f:
                    99:c2:bd:d8:af:f1:c0:73:c8:58:f5:88:f3:a2:f6:
                    60:44:3b:62:b7:53:33:6b:c7:6e:a2:45:78:92:72:
                    03:f2:64:04:37:49:34:b8:c1:d6:bc:01:44:43:3c:
                    c6:dc:c3:11:cd:8e:b0:26:ca:2d:de:8c:f9:fc:ce:
                    15:25:24:b2:2d:9b:dc:5c:63:e3:e5:29:bb:fd:3c:
                    f2:de:b7:4a:72:9c:5c:bc:58:9d:4b:f8:07:44:43:
                    41:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:8B:A9:C7:05:CC:53:91:A9:A6:E4:30:6A:8B:0B:8C:8A:58:FB:5A
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/uYupxwXMU5GppuQwaosLjIpY-1o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:580::/44

    Signature Algorithm: sha256WithRSAEncryption
         66:26:d2:28:b6:20:ac:53:80:54:3e:ca:c5:a1:38:f4:93:30:
         9e:14:ee:90:6a:f3:7a:83:da:bc:cf:6c:e4:fe:73:4b:9c:f5:
         26:7b:00:d9:f8:ae:f5:cc:32:88:b3:ed:23:33:42:c1:cf:92:
         b6:a7:87:ee:5f:e6:ed:72:97:8e:eb:bc:01:93:31:60:52:ae:
         8d:57:85:94:7d:d4:5d:ee:9b:70:ac:2c:a1:1d:96:bf:cf:fb:
         28:90:e4:c9:df:9a:a8:c8:0d:d8:d5:a7:86:6e:71:6f:3b:6c:
         54:27:88:b7:ea:04:11:ac:0d:67:01:40:2a:d1:77:f6:cd:84:
         ce:0a:3d:92:ae:e3:ca:21:dc:68:ec:f9:53:7f:27:54:61:09:
         5d:cc:8f:a1:1d:f8:09:ef:3e:2f:f5:1a:43:3c:84:2a:8d:91:
         d4:05:49:91:f0:81:5e:b9:9b:92:66:09:53:a1:f5:d9:50:42:
         f9:2e:a2:77:72:36:bb:57:d6:4c:f9:e9:43:50:30:c5:a3:52:
         56:cf:7e:e0:b3:9b:c4:f3:7e:d3:b0:e6:c6:dc:7b:5a:c2:53:
         78:e0:23:51:21:e5:3c:70:bb:68:a5:fc:09:2a:01:da:81:27:
         f5:91:33:24:8c:40:9f:76:46:06:af:29:55:07:a5:5b:2b:c7:
         e6:15:04:4c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAWp7+jFAT05GPC6JFPvTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOThiYTljNzA1Y2M1MzkxYTlhNmU0MzA2YThiMGI4YzhhNThmYjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgJF+yYXBlbDV0P0RZk30Uz2Xw3JV
ciWxDKHN5KxG3FKiQ6SNlvNxLCrUMQGRlijfSDjfmsGn0QyrYfHVgs7uEvfOCRNR
C7ccsch5VwVX97A07pCEQGRqrYlPQ2q2Xbm40MjhZIbK7zdU5A4TFSZjSuCOrtOK
VP1Ywoe6Gb9lSprwYyBB5Hp3vLnUWI/chL0Pj5NNsFWbxGzAr99UOFbg6N4TvS+Z
wr3Yr/HAc8hY9YjzovZgRDtit1Mza8duokV4knID8mQEN0k0uMHWvAFEQzzG3MMR
zY6wJsot3oz5/M4VJSSyLZvcXGPj5Sm7/Tzy3rdKcpxcvFidS/gHRENByQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLmLqccFzFORqabkMGqLC4yKWPtaMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvdVl1cHh3WE1VNUdwcHVRd2Fvc0xqSXBZLTFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQWA
MA0GCSqGSIb3DQEBCwUAA4IBAQBmJtIotiCsU4BUPsrFoTj0kzCeFO6QavN6g9q8
z2zk/nNLnPUmewDZ+K71zDKIs+0jM0LBz5K2p4fuX+btcpeO67wBkzFgUq6NV4WU
fdRd7ptwrCyhHZa/z/sokOTJ35qoyA3Y1aeGbnFvO2xUJ4i36gQRrA1nAUAq0Xf2
zYTOCj2SruPKIdxo7PlTfydUYQldzI+hHfgJ7z4v9RpDPIQqjZHUBUmR8IFeuZuS
ZglTofXZUEL5LqJ3cja7V9ZM+elDUDDFo1JWz37gs5vE837TsObG3HtawlN44CNR
IeU8cLtopfwJKgHagSf1kTMkjECfdkYGrylVB6VbK8fmFQRM
-----END CERTIFICATE-----