Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/w_FVIOKONzSquRoHRxvLOT8hXwU.roa
File:                     w_FVIOKONzSquRoHRxvLOT8hXwU.roa (raw, json)
Hash identifier:          vTuQTMkDCl3YE3b/e4wdOoqQa60hXAp+cI58KFAzTp8=
Subject key identifier:   C3:F1:55:20:E2:8E:37:34:AA:B9:1A:07:47:1B:CB:39:3F:21:5F:05
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8015F14EBF014F4120411E93D453621
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/w_FVIOKONzSquRoHRxvLOT8hXwU.roa
Signing time:             Tue 02 Jan 2024 02:29:42 +0000
ROA not before:           Tue 02 Jan 2024 02:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205539
IP address blocks:        2a0c:b641:840::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:5f:14:eb:f0:14:f4:12:04:11:e9:3d:45:36:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c3f15520e28e3734aab91a07471bcb393f215f05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:21:3f:25:e0:1f:d6:29:1b:5a:b0:e3:7f:1d:
                    6a:fd:df:64:f9:ed:f5:d7:99:2d:6d:2b:3d:83:0c:
                    fd:f9:ab:ba:b0:10:7e:0e:07:cc:94:3b:93:a8:f7:
                    cf:81:b8:f8:4b:43:de:32:7c:91:09:05:77:1f:61:
                    8c:e0:cf:a4:20:62:ae:bf:2b:e8:06:a6:66:a5:1b:
                    fc:b0:84:ae:36:5f:02:55:63:33:93:57:86:62:0a:
                    6b:05:aa:46:5e:31:2d:92:98:8b:95:9f:cc:58:12:
                    01:8c:42:0a:64:fb:b2:fd:e9:56:dd:e4:c8:31:e2:
                    a5:3f:75:cd:fc:ac:a2:d3:d7:87:58:d6:02:cd:d0:
                    8d:b8:a9:f6:71:cd:f3:f0:03:07:31:01:90:f1:0b:
                    c0:b2:cd:73:b9:1e:43:aa:42:31:74:60:46:ca:37:
                    d1:3a:be:d8:44:8d:5b:0c:e6:1a:de:c9:c4:c3:91:
                    4b:f0:af:76:46:b2:e0:42:4f:ee:d0:a3:df:d2:67:
                    9d:d1:30:6d:c4:f7:fd:71:fc:6c:43:33:9d:ea:f7:
                    b8:15:48:f5:f4:d8:b0:13:1b:84:6b:70:b0:c6:a9:
                    bb:4f:2a:13:67:8f:22:f4:28:cd:f1:2a:61:f2:83:
                    d8:bd:69:13:b9:50:3e:a1:2e:e6:e2:d5:c2:20:71:
                    06:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:F1:55:20:E2:8E:37:34:AA:B9:1A:07:47:1B:CB:39:3F:21:5F:05
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/w_FVIOKONzSquRoHRxvLOT8hXwU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:840::/44

    Signature Algorithm: sha256WithRSAEncryption
         24:07:bc:a6:89:78:60:f8:6b:59:a1:f2:87:72:f9:e7:84:eb:
         6e:94:97:8e:1a:f4:e9:66:87:1b:31:96:df:de:da:91:d6:65:
         75:f9:13:7a:8d:18:d0:7e:72:ed:05:aa:42:63:1e:28:13:f7:
         9a:aa:8e:03:c7:3f:8a:32:cd:74:f2:5f:16:d7:15:18:81:18:
         f6:7e:ac:0c:e6:41:fe:fb:43:ba:86:f8:d0:b5:4b:0b:27:65:
         a8:e3:f5:df:bb:f2:c5:aa:2d:fc:8a:6f:d7:7b:d8:a0:f7:67:
         9e:f6:0c:ce:2b:4c:42:a5:ff:26:bb:51:17:56:bd:f0:20:04:
         cc:6d:82:fb:5f:85:6a:6b:a4:0e:04:fb:77:9c:7e:73:ca:db:
         22:4f:f2:93:96:a1:5e:f7:49:40:0e:01:a0:38:87:cf:42:91:
         62:54:06:84:14:6d:63:0f:48:0c:a0:aa:11:2c:af:cc:0f:41:
         63:f3:0b:07:4a:e6:a7:53:84:f5:79:81:b9:8e:04:8b:19:fd:
         1e:59:ac:ab:2c:b0:5d:50:b6:15:05:8e:2d:ad:da:99:15:6b:
         e3:e5:49:3b:24:a9:af:68:c2:70:f7:57:5b:00:41:eb:31:a2:
         f2:0c:70:0e:9d:a0:da:c5:ab:5c:41:d7:1e:e4:a9:84:00:6d:
         56:7f:1d:dc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAV8U6/AU9BIEEek9RTYhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2YxNTUyMGUyOGUzNzM0YWFiOTFhMDc0NzFiY2IzOTNmMjE1ZjA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwSE/JeAf1ikbWrDjfx1q/d9k+e31
15ktbSs9gwz9+au6sBB+DgfMlDuTqPfPgbj4S0PeMnyRCQV3H2GM4M+kIGKuvyvo
BqZmpRv8sISuNl8CVWMzk1eGYgprBapGXjEtkpiLlZ/MWBIBjEIKZPuy/elW3eTI
MeKlP3XN/Kyi09eHWNYCzdCNuKn2cc3z8AMHMQGQ8QvAss1zuR5DqkIxdGBGyjfR
Or7YRI1bDOYa3snEw5FL8K92RrLgQk/u0KPf0med0TBtxPf9cfxsQzOd6ve4FUj1
9NiwExuEa3Cwxqm7TyoTZ48i9CjN8Sph8oPYvWkTuVA+oS7m4tXCIHEGuwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMPxVSDijjc0qrkaB0cbyzk/IV8FMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvd19GVklPS09OelNxdVJvSFJ4dkxPVDhoWHdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQhA
MA0GCSqGSIb3DQEBCwUAA4IBAQAkB7ymiXhg+GtZofKHcvnnhOtulJeOGvTpZocb
MZbf3tqR1mV1+RN6jRjQfnLtBapCYx4oE/eaqo4Dxz+KMs108l8W1xUYgRj2fqwM
5kH++0O6hvjQtUsLJ2Wo4/Xfu/LFqi38im/Xe9ig92ee9gzOK0xCpf8mu1EXVr3w
IATMbYL7X4Vqa6QOBPt3nH5zytsiT/KTlqFe90lADgGgOIfPQpFiVAaEFG1jD0gM
oKoRLK/MD0Fj8wsHSuanU4T1eYG5jgSLGf0eWayrLLBdULYVBY4trdqZFWvj5Uk7
JKmvaMJw91dbAEHrMaLyDHAOnaDaxatcQdce5KmEAG1Wfx3c
-----END CERTIFICATE-----