Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/vbQ9rPpeV3U1RWFd0Plkmg0Koy0.roa
File:                     vbQ9rPpeV3U1RWFd0Plkmg0Koy0.roa (raw, json)
Hash identifier:          N8ns8jl47SmnN3HaPcTdkw49bnFqtCnj88oR0Iji32w=
Subject key identifier:   BD:B4:3D:AC:FA:5E:57:75:35:45:61:5D:D0:F9:64:9A:0D:0A:A3:2D
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC80180EF1E8325997C82F613A4207FCD
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/vbQ9rPpeV3U1RWFd0Plkmg0Koy0.roa
Signing time:             Tue 02 Jan 2024 02:29:50 +0000
ROA not before:           Tue 02 Jan 2024 02:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213190
IP address blocks:        2a0c:b642:fc0::/43 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:80:ef:1e:83:25:99:7c:82:f6:13:a4:20:7f:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bdb43dacfa5e57753545615dd0f9649a0d0aa32d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:2f:ba:99:de:69:72:1f:84:be:3c:16:96:73:
                    3a:c5:02:78:53:62:37:5c:b4:1d:2e:86:a2:3d:73:
                    4c:16:e4:29:00:2d:90:25:c3:0b:db:ba:b4:b3:85:
                    e8:71:26:c4:00:6e:97:f8:96:62:86:38:84:75:13:
                    1a:9d:b9:57:6f:62:69:c9:d2:5f:92:6a:ed:9f:08:
                    e8:26:a4:38:b7:30:da:5e:9e:d7:50:0e:f7:4e:31:
                    74:1d:c2:c6:7b:4d:ff:27:16:c9:21:57:f4:57:20:
                    7c:fa:12:18:7e:a5:2b:50:ec:5f:aa:62:fb:eb:3f:
                    cb:d9:74:04:9e:32:22:4b:70:6d:0e:88:f2:14:76:
                    bc:6e:87:cb:c0:ea:2b:32:48:61:2a:d1:c1:bf:f4:
                    1b:84:f6:8f:bd:49:db:6a:fe:0f:53:dd:6b:4b:23:
                    10:af:f8:7b:fb:fd:eb:c1:61:f3:e7:18:84:03:9d:
                    d0:7a:04:dc:4b:da:29:7b:45:dd:1d:fb:31:13:07:
                    19:5e:67:a2:75:3d:41:22:1c:fc:c8:6c:67:40:37:
                    4d:21:32:19:47:a2:8e:4a:c7:26:4d:2f:df:74:33:
                    9e:f7:5f:5d:9f:5d:38:fb:89:4c:b3:ed:02:10:4e:
                    d1:00:f4:24:6d:f8:39:1e:80:af:a1:a4:d8:28:ae:
                    92:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:B4:3D:AC:FA:5E:57:75:35:45:61:5D:D0:F9:64:9A:0D:0A:A3:2D
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/vbQ9rPpeV3U1RWFd0Plkmg0Koy0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b642:fc0::/43

    Signature Algorithm: sha256WithRSAEncryption
         7b:26:11:c6:5e:7e:7c:af:41:46:e9:0f:7b:da:f7:a5:5f:1d:
         15:66:73:09:30:7e:75:92:7e:cd:5c:a6:64:9d:39:db:81:79:
         72:06:52:ac:7c:7d:f1:06:c4:85:46:5d:22:8d:d6:6b:a8:a3:
         9a:bf:80:a1:b3:e1:3d:df:92:76:02:04:4d:0f:ed:ba:87:3a:
         df:e8:0f:22:1d:74:d1:dd:b2:cf:ca:e2:65:78:a3:67:d5:d5:
         67:db:45:c0:8d:fc:0a:19:aa:d4:9e:2f:ef:57:b4:dd:e2:6b:
         53:be:91:03:24:b9:b4:a4:e0:a8:a5:bb:d6:a7:17:85:7f:6a:
         f0:f0:55:e8:99:1e:5d:14:e4:5a:ff:4d:a2:d5:4b:50:cc:3c:
         ce:5f:e1:11:e1:85:44:83:ea:07:40:6d:e0:02:9e:54:ed:f5:
         7d:a3:6b:d9:be:3f:70:bf:14:15:1e:3a:c6:e2:cc:e2:30:5a:
         d6:c6:78:9e:9f:d1:30:20:54:5b:33:3b:63:d5:fc:2c:27:71:
         c4:08:b5:a4:9e:72:c3:11:84:f1:e6:a3:fa:ac:0e:87:1d:de:
         93:89:2f:12:0f:43:a0:a4:81:37:cd:4c:3c:ed:78:50:5f:83:
         ed:b0:e9:19:ae:41:a3:ca:7d:e4:a0:33:df:2c:ab:4d:db:a8:
         aa:da:a8:56
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAYDvHoMlmXyC9hOkIH/NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGI0M2RhY2ZhNWU1Nzc1MzU0NTYxNWRkMGY5NjQ5YTBkMGFhMzJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkS+6md5pch+EvjwWlnM6xQJ4U2I3
XLQdLoaiPXNMFuQpAC2QJcML27q0s4XocSbEAG6X+JZihjiEdRManblXb2JpydJf
kmrtnwjoJqQ4tzDaXp7XUA73TjF0HcLGe03/JxbJIVf0VyB8+hIYfqUrUOxfqmL7
6z/L2XQEnjIiS3BtDojyFHa8bofLwOorMkhhKtHBv/QbhPaPvUnbav4PU91rSyMQ
r/h7+/3rwWHz5xiEA53QegTcS9ope0XdHfsxEwcZXmeidT1BIhz8yGxnQDdNITIZ
R6KOSscmTS/fdDOe919dn104+4lMs+0CEE7RAPQkbfg5HoCvoaTYKK6SpQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFL20Paz6Xld1NUVhXdD5ZJoNCqMtMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvdmJROXJQcGVWM1UxUldGZDBQbGttZzBLb3kwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcFKgy2Qg/A
MA0GCSqGSIb3DQEBCwUAA4IBAQB7JhHGXn58r0FG6Q972velXx0VZnMJMH51kn7N
XKZknTnbgXlyBlKsfH3xBsSFRl0ijdZrqKOav4Chs+E935J2AgRND+26hzrf6A8i
HXTR3bLPyuJleKNn1dVn20XAjfwKGarUni/vV7Td4mtTvpEDJLm0pOCopbvWpxeF
f2rw8FXomR5dFORa/02i1UtQzDzOX+ER4YVEg+oHQG3gAp5U7fV9o2vZvj9wvxQV
HjrG4sziMFrWxnien9EwIFRbMztj1fwsJ3HECLWknnLDEYTx5qP6rA6HHd6TiS8S
D0OgpIE3zUw87XhQX4PtsOkZrkGjyn3koDPfLKtN26iq2qhW
-----END CERTIFICATE-----