Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/vDRHiLY_hLuIg7Oyf0UCVwPhjeI.roa
File:                     vDRHiLY_hLuIg7Oyf0UCVwPhjeI.roa (raw, json)
Hash identifier:          +nwQLpPklb/BGIn3q0fjJykTVyX1RRxV9Q2uZCRjM8I=
Subject key identifier:   BC:34:47:88:B6:3F:84:BB:88:83:B3:B2:7F:45:02:57:03:E1:8D:E2
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8014ED42CD1B968209ADF2A32DE628B
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/vDRHiLY_hLuIg7Oyf0UCVwPhjeI.roa
Signing time:             Tue 02 Jan 2024 02:29:38 +0000
ROA not before:           Tue 02 Jan 2024 02:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58305
IP address blocks:        2a0c:b642:1a0d::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:4e:d4:2c:d1:b9:68:20:9a:df:2a:32:de:62:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc344788b63f84bb8883b3b27f45025703e18de2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:91:91:df:dc:85:76:66:bb:a0:e8:37:db:32:
                    eb:ca:2f:47:8c:03:6f:e3:58:89:4c:ef:08:eb:31:
                    6a:18:06:4f:87:23:b1:c8:16:45:d6:56:ce:c4:15:
                    db:23:94:fe:c7:cd:e4:05:d4:58:97:95:ea:78:fd:
                    a0:c1:41:b2:b8:e2:6c:0d:e6:83:15:c6:35:37:fb:
                    d1:7f:c8:b6:2a:2d:80:ba:65:8e:6b:85:75:84:42:
                    9e:81:81:5a:eb:11:9a:b0:f9:21:df:d4:7c:e7:ed:
                    bb:d3:87:87:c6:35:9b:05:13:89:4f:90:5c:5b:0a:
                    58:43:9c:88:62:4a:4e:00:8e:a3:cf:63:d6:07:2a:
                    7e:77:b6:d9:f6:50:af:d6:b2:59:47:cd:7c:49:df:
                    ea:e2:d7:44:02:57:77:7a:39:d9:94:29:50:17:43:
                    99:1d:72:a9:af:49:2b:19:e8:48:81:47:45:47:50:
                    cd:b3:a9:f8:6f:fd:f8:85:2a:d6:c5:57:18:5e:cd:
                    3f:f7:c3:e7:51:e5:f4:af:1f:e5:f7:c0:29:2a:24:
                    f2:8b:7f:09:7b:f1:8b:c1:51:9a:72:81:18:4a:f2:
                    1b:f8:5a:1e:e7:05:f9:b2:dc:fb:67:5c:b6:b5:ef:
                    c2:7a:22:ec:ea:16:5a:11:d0:83:83:c4:47:f8:75:
                    4b:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:34:47:88:B6:3F:84:BB:88:83:B3:B2:7F:45:02:57:03:E1:8D:E2
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/vDRHiLY_hLuIg7Oyf0UCVwPhjeI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b642:1a0d::/48

    Signature Algorithm: sha256WithRSAEncryption
         04:e2:1f:01:ee:60:e3:ea:55:4b:92:15:77:57:bf:4d:cd:be:
         59:48:b5:4d:e5:ba:16:18:6c:da:f0:32:19:b9:fa:54:ac:95:
         b5:94:7d:bc:65:c8:2f:ab:83:90:db:9d:9f:18:ef:ec:c2:e7:
         cb:b1:bb:40:24:ce:44:15:fa:cf:fa:0c:6a:10:a9:43:8c:0a:
         e0:f9:86:ba:d5:2d:a5:63:f0:52:1e:1d:1c:42:6c:c9:fd:2f:
         ca:9a:f1:8b:47:f6:8a:3a:f8:30:7c:f6:72:02:c5:de:38:cb:
         7c:b5:c5:8e:33:1f:76:a6:18:f0:1d:44:29:cb:6f:5c:ec:8d:
         c7:5e:be:0a:bd:e4:4d:92:c6:9e:8b:0b:6e:d4:d4:5e:d0:27:
         1d:59:df:e7:dc:6a:c0:32:b1:1e:38:3e:3b:8f:ba:58:be:2e:
         57:89:9d:05:b9:1a:8a:74:3d:3e:cd:e1:80:b5:02:5f:d5:b4:
         bb:c0:89:98:4d:2e:16:e8:8f:8c:62:f1:fc:2e:08:29:72:1b:
         6c:f3:a8:57:67:a2:95:0c:82:ca:4b:1d:2d:3a:5c:7d:f9:f1:
         20:b6:e4:b8:7b:5a:71:ab:cc:9c:74:93:f0:f4:a1:35:63:b4:
         3b:ef:6e:9e:2e:fd:71:67:fb:7d:d6:d1:74:1a:fd:ae:ab:5c:
         b6:1e:5a:71
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAU7ULNG5aCCa3yoy3mKLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzM0NDc4OGI2M2Y4NGJiODg4M2IzYjI3ZjQ1MDI1NzAzZTE4ZGUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg5GR39yFdma7oOg32zLryi9HjANv
41iJTO8I6zFqGAZPhyOxyBZF1lbOxBXbI5T+x83kBdRYl5XqeP2gwUGyuOJsDeaD
FcY1N/vRf8i2Ki2AumWOa4V1hEKegYFa6xGasPkh39R85+2704eHxjWbBROJT5Bc
WwpYQ5yIYkpOAI6jz2PWByp+d7bZ9lCv1rJZR818Sd/q4tdEAld3ejnZlClQF0OZ
HXKpr0krGehIgUdFR1DNs6n4b/34hSrWxVcYXs0/98PnUeX0rx/l98ApKiTyi38J
e/GLwVGacoEYSvIb+Foe5wX5stz7Z1y2te/CeiLs6hZaEdCDg8RH+HVLJQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLw0R4i2P4S7iIOzsn9FAlcD4Y3iMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvdkRSSGlMWV9oTHVJZzdPeWYwVUNWd1BoamVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgy2QhoN
MA0GCSqGSIb3DQEBCwUAA4IBAQAE4h8B7mDj6lVLkhV3V79Nzb5ZSLVN5boWGGza
8DIZufpUrJW1lH28Zcgvq4OQ252fGO/swufLsbtAJM5EFfrP+gxqEKlDjArg+Ya6
1S2lY/BSHh0cQmzJ/S/KmvGLR/aKOvgwfPZyAsXeOMt8tcWOMx92phjwHUQpy29c
7I3HXr4KveRNksaeiwtu1NRe0CcdWd/n3GrAMrEeOD47j7pYvi5XiZ0FuRqKdD0+
zeGAtQJf1bS7wImYTS4W6I+MYvH8Lggpchts86hXZ6KVDILKSx0tOlx9+fEgtuS4
e1pxq8ycdJPw9KE1Y7Q7726eLv1xZ/t91tF0Gv2uq1y2Hlpx
-----END CERTIFICATE-----