Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/whWNi2jBypP8dC_355Td8F2B7xo.roa
File:                     whWNi2jBypP8dC_355Td8F2B7xo.roa (raw, json)
Hash identifier:          ilZCJGPzcnQ5hb3ic5BuETN0ZA8c/LjVMlIQRgXeDtE=
Subject key identifier:   C2:15:8D:8B:68:C1:CA:93:FC:74:2F:F7:E7:94:DD:F0:5D:81:EF:1A
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC80167216DDBD371F326E2AE66FD8309
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/whWNi2jBypP8dC_355Td8F2B7xo.roa
Signing time:             Tue 02 Jan 2024 02:29:44 +0000
ROA not before:           Tue 02 Jan 2024 02:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208029
IP address blocks:        2a0c:b642:5000::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:67:21:6d:db:d3:71:f3:26:e2:ae:66:fd:83:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c2158d8b68c1ca93fc742ff7e794ddf05d81ef1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:85:63:45:5a:5f:15:ea:46:9d:04:5c:2c:f0:
                    93:1a:fb:40:4b:fa:40:ab:af:bb:e6:cd:d8:0e:7c:
                    58:dd:77:41:45:b9:6f:be:d5:f7:de:9f:70:7c:9e:
                    c3:da:41:dc:a3:ab:33:03:73:9d:43:f7:99:42:2b:
                    b4:b0:a1:f0:99:da:52:2a:37:76:4e:e8:63:d7:12:
                    df:28:8e:59:36:9e:eb:7c:60:6f:ba:2d:95:45:08:
                    59:45:32:7d:a5:a6:89:87:e8:24:02:cd:71:1e:65:
                    03:3b:6e:0e:47:f1:92:ac:12:eb:cc:20:08:4f:1f:
                    6d:ce:4f:14:85:e1:cd:5c:fc:8a:5c:85:74:11:0e:
                    29:8e:ec:fb:c1:ed:12:ee:22:55:b2:72:99:ab:4c:
                    c6:b3:36:89:8e:6e:45:f9:48:db:fd:cf:3f:e6:31:
                    df:af:ec:21:ab:4f:a2:3f:50:80:1a:72:f1:fc:a0:
                    1a:d4:95:33:af:fc:77:58:51:fe:94:f4:8c:85:af:
                    3c:ba:5b:68:b8:01:b3:d3:99:95:be:c0:89:b4:50:
                    f3:79:5f:93:69:3d:d4:d7:92:f6:a0:80:93:71:e0:
                    24:4d:a1:6e:e0:2c:23:64:09:3d:58:47:1c:36:21:
                    2b:b7:ed:da:d0:1e:af:69:ec:f1:3b:41:b4:b5:aa:
                    b6:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:15:8D:8B:68:C1:CA:93:FC:74:2F:F7:E7:94:DD:F0:5D:81:EF:1A
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/whWNi2jBypP8dC_355Td8F2B7xo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b642:5000::/36

    Signature Algorithm: sha256WithRSAEncryption
         63:5f:9a:5a:95:86:41:49:68:8d:39:05:a7:97:62:21:13:5d:
         a0:27:d8:cd:f5:3c:ed:23:9b:0f:1f:33:e4:53:5a:7d:56:a6:
         cc:6a:53:f9:f9:b1:88:ce:e9:53:09:09:07:7b:9b:8f:c1:88:
         5b:44:2e:ea:32:85:6a:fc:b3:1e:7b:01:a1:b8:8a:4b:09:ae:
         4f:bd:92:3f:fb:1c:11:7d:f3:a1:c1:7f:04:89:6d:14:fe:07:
         4b:48:a4:96:49:9e:14:02:9c:39:23:7a:21:e8:33:13:71:59:
         f3:f9:c7:2e:32:59:78:60:e4:23:65:42:54:a8:37:6b:12:2e:
         82:19:5b:5c:c3:82:70:cf:0e:01:cb:d4:dd:fd:52:80:1a:8a:
         ef:d7:61:1d:30:f8:75:f1:cf:6e:1d:e7:aa:92:a1:2a:ac:89:
         5c:2a:3b:5a:d5:cf:10:2b:0f:bc:ce:b7:d8:0b:0e:2c:c0:11:
         89:1c:2c:25:3b:00:34:eb:df:d1:70:5d:1c:87:cb:3c:d3:14:
         31:c8:89:fc:03:e5:42:66:11:28:4b:ac:6e:d8:bf:66:65:68:
         e3:4c:a8:d6:ae:af:18:f9:36:2c:7a:fa:1c:81:04:0e:d8:95:
         de:2a:ec:c0:51:9f:87:61:ee:b3:81:30:3c:c3:55:8e:34:f9:
         10:8a:20:c4
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzIAWchbdvTcfMm4q5m/YMJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjE1OGQ4YjY4YzFjYTkzZmM3NDJmZjdlNzk0ZGRmMDVkODFlZjFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlYVjRVpfFepGnQRcLPCTGvtAS/pA
q6+75s3YDnxY3XdBRblvvtX33p9wfJ7D2kHco6szA3OdQ/eZQiu0sKHwmdpSKjd2
Tuhj1xLfKI5ZNp7rfGBvui2VRQhZRTJ9paaJh+gkAs1xHmUDO24OR/GSrBLrzCAI
Tx9tzk8UheHNXPyKXIV0EQ4pjuz7we0S7iJVsnKZq0zGszaJjm5F+Ujb/c8/5jHf
r+whq0+iP1CAGnLx/KAa1JUzr/x3WFH+lPSMha88ultouAGz05mVvsCJtFDzeV+T
aT3U15L2oICTceAkTaFu4CwjZAk9WEccNiErt+3a0B6vaezxO0G0taq2LwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFMIVjYtowcqT/HQv9+eU3fBdge8aMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvd2hXTmkyakJ5cFA4ZENfMzU1VGQ4RjJCN3hvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKgy2QlAw
DQYJKoZIhvcNAQELBQADggEBAGNfmlqVhkFJaI05BaeXYiETXaAn2M31PO0jmw8f
M+RTWn1WpsxqU/n5sYjO6VMJCQd7m4/BiFtELuoyhWr8sx57AaG4iksJrk+9kj/7
HBF986HBfwSJbRT+B0tIpJZJnhQCnDkjeiHoMxNxWfP5xy4yWXhg5CNlQlSoN2sS
LoIZW1zDgnDPDgHL1N39UoAaiu/XYR0w+HXxz24d56qSoSqsiVwqO1rVzxArD7zO
t9gLDizAEYkcLCU7ADTr39FwXRyHyzzTFDHIifwD5UJmEShLrG7Yv2ZlaONMqNau
rxj5Nix6+hyBBA7Yld4q7MBRn4dh7rOBMDzDVY40+RCKIMQ=
-----END CERTIFICATE-----