Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/xhgYtoof1j9S2Ehd3hXL56c6IKA.roa
File:                     xhgYtoof1j9S2Ehd3hXL56c6IKA.roa (raw, json)
Hash identifier:          1Nv5gBmxhIKv5Ix7x8akjZavSIABtGIDzveuw8CuVQM=
Subject key identifier:   C6:18:18:B6:8A:1F:D6:3F:52:D8:48:5D:DE:15:CB:E7:A7:3A:20:A0
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8016C49ADFB25634C54388F6ABC8C82
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/xhgYtoof1j9S2Ehd3hXL56c6IKA.roa
Signing time:             Tue 02 Jan 2024 02:29:45 +0000
ROA not before:           Tue 02 Jan 2024 02:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209661
IP address blocks:        2a0c:b641:210::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:6c:49:ad:fb:25:63:4c:54:38:8f:6a:bc:8c:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c61818b68a1fd63f52d8485dde15cbe7a73a20a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:9c:49:cb:57:6d:c8:7f:ae:24:ad:aa:3c:c7:
                    e3:6a:6f:24:7c:33:bb:d8:87:f0:af:32:2a:2f:09:
                    06:e0:de:aa:40:da:e5:1a:1f:68:f8:59:85:3c:2e:
                    8d:16:1e:05:bf:46:4c:14:b0:a2:ba:f8:77:b6:ed:
                    63:41:ad:89:87:71:71:1a:d7:ad:ad:75:00:c3:f2:
                    2d:b3:e5:25:8c:37:f3:ca:c6:e0:0a:48:f5:ee:12:
                    05:7b:54:95:7a:5e:c2:ae:0f:dc:eb:46:9f:1b:f3:
                    dd:09:e4:7e:7f:d3:fb:db:c1:6d:ef:1e:9d:e4:47:
                    4c:85:0b:ec:3f:07:56:6e:1a:9f:5e:d0:90:ec:67:
                    c0:c1:8b:d9:67:38:3c:ba:d6:4a:91:26:88:d0:ea:
                    ec:01:f5:0d:d4:6a:b0:dc:69:e3:d7:73:5f:13:3c:
                    df:bf:3f:ad:5c:e9:49:20:49:b5:90:3d:e9:79:f4:
                    81:e4:2f:d4:ef:76:83:02:68:3b:3f:e7:49:9b:78:
                    96:2d:1c:aa:6d:53:37:cc:93:f2:3e:c1:d6:30:c3:
                    6f:94:a2:d2:54:bc:7b:38:52:d2:8b:eb:60:96:d6:
                    0f:e8:57:3d:c3:ef:21:35:81:bd:75:45:cb:8a:e3:
                    df:e5:26:2b:42:1a:56:af:39:38:ea:dd:99:14:87:
                    45:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:18:18:B6:8A:1F:D6:3F:52:D8:48:5D:DE:15:CB:E7:A7:3A:20:A0
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/xhgYtoof1j9S2Ehd3hXL56c6IKA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:210::/44

    Signature Algorithm: sha256WithRSAEncryption
         75:2d:4c:58:90:e8:f9:fc:b1:c9:c9:16:aa:41:c5:42:8a:98:
         02:62:3d:34:5d:86:ca:73:99:04:28:ea:39:23:93:0d:0a:4d:
         03:8e:d2:95:92:a7:8c:ed:de:9e:39:25:aa:f7:75:7d:32:00:
         42:af:ad:37:ff:98:5d:b3:1c:e9:69:e5:37:21:af:2a:67:de:
         64:27:4b:4f:5e:a9:06:0c:e5:ba:90:cd:2e:57:91:e6:1a:dc:
         36:15:d3:d5:61:90:ab:16:db:9a:25:56:1f:8d:52:b0:e8:bb:
         58:0e:dc:0d:ba:f3:40:df:76:b3:88:a7:e1:c2:f7:63:ab:20:
         98:c4:e7:21:75:89:ee:58:75:49:3b:a5:4f:90:fb:98:b6:54:
         38:35:d0:89:eb:6e:9e:05:f4:ee:86:04:39:4e:d8:91:e0:81:
         60:fb:2c:9e:3e:c6:ad:59:3c:08:08:36:94:e6:1f:a9:3e:e1:
         53:b0:08:28:15:e3:9b:28:6c:42:56:4b:4f:d8:6a:4d:e9:36:
         f4:fb:d5:f5:73:28:dd:3a:bd:d1:62:69:b0:e3:3b:71:b0:0c:
         58:e6:51:23:15:b7:db:74:7b:ca:67:2c:67:b6:50:cd:9e:73:
         2e:10:29:b6:61:b6:e8:91:0e:e5:f8:ba:0b:00:47:2a:46:7f:
         a1:ee:15:29
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAWxJrfslY0xUOI9qvIyCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjE4MThiNjhhMWZkNjNmNTJkODQ4NWRkZTE1Y2JlN2E3M2EyMGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoZxJy1dtyH+uJK2qPMfjam8kfDO7
2IfwrzIqLwkG4N6qQNrlGh9o+FmFPC6NFh4Fv0ZMFLCiuvh3tu1jQa2Jh3FxGtet
rXUAw/Its+UljDfzysbgCkj17hIFe1SVel7Crg/c60afG/PdCeR+f9P728Ft7x6d
5EdMhQvsPwdWbhqfXtCQ7GfAwYvZZzg8utZKkSaI0OrsAfUN1Gqw3Gnj13NfEzzf
vz+tXOlJIEm1kD3pefSB5C/U73aDAmg7P+dJm3iWLRyqbVM3zJPyPsHWMMNvlKLS
VLx7OFLSi+tgltYP6Fc9w+8hNYG9dUXLiuPf5SYrQhpWrzk46t2ZFIdFgQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMYYGLaKH9Y/UthIXd4Vy+enOiCgMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEveGhnWXRvb2YxajlTMkVoZDNoWEw1NmM2SUtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQIQ
MA0GCSqGSIb3DQEBCwUAA4IBAQB1LUxYkOj5/LHJyRaqQcVCipgCYj00XYbKc5kE
KOo5I5MNCk0DjtKVkqeM7d6eOSWq93V9MgBCr603/5hdsxzpaeU3Ia8qZ95kJ0tP
XqkGDOW6kM0uV5HmGtw2FdPVYZCrFtuaJVYfjVKw6LtYDtwNuvNA33aziKfhwvdj
qyCYxOchdYnuWHVJO6VPkPuYtlQ4NdCJ626eBfTuhgQ5TtiR4IFg+yyePsatWTwI
CDaU5h+pPuFTsAgoFeObKGxCVktP2GpN6Tb0+9X1cyjdOr3RYmmw4ztxsAxY5lEj
FbfbdHvKZyxntlDNnnMuECm2YbbokQ7l+LoLAEcqRn+h7hUp
-----END CERTIFICATE-----