Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/wgGO7mC4EV6ttG9RntQJJVtG3M0.roa
File:                     wgGO7mC4EV6ttG9RntQJJVtG3M0.roa (raw, json)
Hash identifier:          h3VQ7TiKiIH/2yXRXFWLD9ceHVCq1WvD2p0uW1IB/ZI=
Subject key identifier:   C2:01:8E:EE:60:B8:11:5E:AD:B4:6F:51:9E:D4:09:25:5B:46:DC:CD
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8015FA170749F8B64B32C8104057434
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/wgGO7mC4EV6ttG9RntQJJVtG3M0.roa
Signing time:             Tue 02 Jan 2024 02:29:42 +0000
ROA not before:           Tue 02 Jan 2024 02:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205733
IP address blocks:        2a0c:b641:a50::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:5f:a1:70:74:9f:8b:64:b3:2c:81:04:05:74:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c2018eee60b8115eadb46f519ed409255b46dccd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:ec:fd:a2:3a:92:c0:46:e3:60:7a:08:02:d1:
                    ff:8b:94:a2:d5:af:d6:7c:a9:8b:e6:73:17:0b:98:
                    ac:37:b8:52:7c:62:84:49:34:9b:19:34:43:41:a4:
                    99:98:9a:00:75:16:82:11:55:7b:37:6f:f3:10:e7:
                    e4:83:dd:bb:ad:77:4e:5d:c9:ca:dd:bd:67:97:6d:
                    23:b5:f4:75:76:22:00:d6:be:4c:7d:67:44:74:fe:
                    47:22:04:0e:7b:1f:8b:8c:34:47:fc:a7:f8:35:e5:
                    81:28:b2:02:66:32:bc:9d:f8:c9:03:9a:06:7d:b7:
                    de:26:b5:b4:24:f9:c0:82:13:47:63:59:86:e2:65:
                    f7:b6:f6:d5:7e:88:bf:39:29:80:44:60:a4:df:ac:
                    50:d1:80:1f:6b:15:06:a4:6d:4e:47:03:e9:65:7b:
                    7c:64:10:e5:a4:ef:91:51:50:f7:28:1e:f1:61:8f:
                    b4:50:1e:5e:af:eb:7c:12:5c:4c:dd:40:22:2d:fb:
                    26:4f:fa:08:2b:6a:62:dd:45:24:fa:35:ef:31:60:
                    09:d2:64:d8:58:f7:f4:68:57:d5:e5:33:00:d0:a5:
                    07:d6:ee:a3:c8:d1:cf:12:f8:39:4b:8c:32:3f:ef:
                    6e:cb:6d:ff:7b:50:5d:77:37:bf:98:1a:c6:e6:3a:
                    0d:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:01:8E:EE:60:B8:11:5E:AD:B4:6F:51:9E:D4:09:25:5B:46:DC:CD
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/wgGO7mC4EV6ttG9RntQJJVtG3M0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:a50::/44

    Signature Algorithm: sha256WithRSAEncryption
         09:07:3f:0d:e2:21:4f:40:fd:9d:e0:93:ba:70:1f:f7:3b:ff:
         0b:43:c7:2e:3a:dd:b2:fb:70:9a:21:1a:92:5f:c5:c8:60:5f:
         69:be:76:10:d8:16:06:76:78:3f:9a:3d:a3:a7:c4:05:2a:fc:
         93:c7:78:62:7b:a1:a6:47:14:c0:5c:01:4c:a9:31:9f:59:09:
         da:9d:ff:e1:b9:03:96:41:14:29:30:77:82:23:4f:4e:67:8b:
         a1:ab:1e:8f:e1:93:84:7b:81:71:5f:9d:ff:ee:ca:ce:af:51:
         d4:49:77:18:a8:f0:3a:12:68:52:ac:08:88:1f:78:d4:19:0a:
         b0:8e:df:db:26:96:c9:d9:ec:d8:93:cd:ce:cf:2e:19:5a:f6:
         9b:ae:c9:97:5b:8b:3c:e4:b3:35:68:42:70:16:a1:94:81:6a:
         80:4a:6f:a8:b2:b1:d9:72:55:20:30:4a:f8:05:74:b1:ea:94:
         d8:f2:42:09:4a:9a:55:cc:e5:09:ab:9d:ed:82:36:7d:83:5e:
         66:fd:e8:3c:3a:07:72:88:27:26:e9:f1:2e:54:8f:1d:41:83:
         ba:14:60:bc:d1:e2:64:21:7e:f3:c8:a0:a2:9c:6e:de:84:d2:
         4b:33:6b:25:6a:51:dc:e8:89:dd:3a:e5:c8:64:51:d7:da:76:
         0e:49:b2:29
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAV+hcHSfi2SzLIEEBXQ0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjAxOGVlZTYwYjgxMTVlYWRiNDZmNTE5ZWQ0MDkyNTViNDZkY2NkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo+z9ojqSwEbjYHoIAtH/i5Si1a/W
fKmL5nMXC5isN7hSfGKESTSbGTRDQaSZmJoAdRaCEVV7N2/zEOfkg927rXdOXcnK
3b1nl20jtfR1diIA1r5MfWdEdP5HIgQOex+LjDRH/Kf4NeWBKLICZjK8nfjJA5oG
fbfeJrW0JPnAghNHY1mG4mX3tvbVfoi/OSmARGCk36xQ0YAfaxUGpG1ORwPpZXt8
ZBDlpO+RUVD3KB7xYY+0UB5er+t8ElxM3UAiLfsmT/oIK2pi3UUk+jXvMWAJ0mTY
WPf0aFfV5TMA0KUH1u6jyNHPEvg5S4wyP+9uy23/e1Bddze/mBrG5joNVQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMIBju5guBFerbRvUZ7UCSVbRtzNMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvd2dHTzdtQzRFVjZ0dEc5Um50UUpKVnRHM00wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQpQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAJBz8N4iFPQP2d4JO6cB/3O/8LQ8cuOt2y+3Ca
IRqSX8XIYF9pvnYQ2BYGdng/mj2jp8QFKvyTx3hie6GmRxTAXAFMqTGfWQnanf/h
uQOWQRQpMHeCI09OZ4uhqx6P4ZOEe4FxX53/7srOr1HUSXcYqPA6EmhSrAiIH3jU
GQqwjt/bJpbJ2ezYk83Ozy4ZWvabrsmXW4s85LM1aEJwFqGUgWqASm+osrHZclUg
MEr4BXSx6pTY8kIJSppVzOUJq53tgjZ9g15m/eg8OgdyiCcm6fEuVI8dQYO6FGC8
0eJkIX7zyKCinG7ehNJLM2slalHc6IndOuXIZFHX2nYOSbIp
-----END CERTIFICATE-----