Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/xjTXOaBbGfBHvS0No6_KQNcwFEo.roa
File:                     xjTXOaBbGfBHvS0No6_KQNcwFEo.roa (raw, json)
Hash identifier:          90GmHKTLyZThIjA3yeIcrLzUQYJ67sHoSOnGlWdVyBw=
Subject key identifier:   C6:34:D7:39:A0:5B:19:F0:47:BD:2D:0D:A3:AF:CA:40:D7:30:14:4A
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC80161A3DAEE7A9B0EB1061D03ECA8E8
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/xjTXOaBbGfBHvS0No6_KQNcwFEo.roa
Signing time:             Tue 02 Jan 2024 02:29:42 +0000
ROA not before:           Tue 02 Jan 2024 02:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206592
IP address blocks:        2a0c:b641:3f0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:61:a3:da:ee:7a:9b:0e:b1:06:1d:03:ec:a8:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c634d739a05b19f047bd2d0da3afca40d730144a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:cb:9b:78:d6:42:08:4f:0d:62:35:ad:27:d9:
                    91:14:f9:5a:63:00:a3:d4:51:0b:9e:f0:f8:08:40:
                    db:69:d5:68:0b:8a:88:5f:b8:c1:a8:59:82:46:e6:
                    5e:76:e7:13:b7:0e:6b:d6:c0:95:eb:22:79:f2:fc:
                    17:2e:2f:eb:78:d6:fc:a8:41:57:44:3d:37:61:63:
                    5e:e8:03:61:9f:50:d0:08:81:45:9f:c6:36:e1:b9:
                    e4:96:30:25:99:54:c9:62:16:7c:b6:06:e0:78:01:
                    16:a3:6d:27:89:28:c4:d1:83:42:b7:4e:b1:de:01:
                    97:12:42:db:eb:a1:eb:ab:c5:62:da:43:55:af:95:
                    f5:65:fd:51:f8:f5:b9:a2:30:e6:85:cc:1c:63:42:
                    a8:7c:0f:40:35:5a:be:e2:ca:f6:8d:8f:03:56:ca:
                    dd:8f:55:f3:c9:28:79:54:ae:43:d1:79:7d:00:b7:
                    3d:6c:1b:b6:ae:c4:8b:23:29:94:e1:38:b9:0a:d0:
                    03:67:05:ec:ef:01:a7:39:97:70:b0:ff:2b:91:d7:
                    c5:0b:a8:d2:51:e7:0f:6b:7a:6f:5f:a1:d1:44:1c:
                    9b:db:ab:62:a0:8a:57:2e:e2:7d:33:07:72:f2:7f:
                    7b:e4:33:2d:d0:c5:9a:fd:05:80:96:50:22:18:9e:
                    30:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:34:D7:39:A0:5B:19:F0:47:BD:2D:0D:A3:AF:CA:40:D7:30:14:4A
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/xjTXOaBbGfBHvS0No6_KQNcwFEo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:3f0::/44

    Signature Algorithm: sha256WithRSAEncryption
         9e:2d:2a:aa:28:b0:4e:f7:e9:9b:cd:29:df:67:66:c9:ad:97:
         25:c5:31:a2:55:40:e2:14:c4:40:b9:b4:13:93:0a:e4:21:e8:
         51:ba:4c:f4:9f:ec:f5:d9:0e:18:1b:26:64:fc:3f:97:b1:94:
         91:eb:49:2f:df:de:1c:79:7a:8e:3b:34:5a:55:1a:2b:de:33:
         27:d0:0c:bf:a3:85:6b:49:2d:ea:c4:c7:f9:5c:12:4d:0a:f1:
         a5:5e:10:11:bb:07:84:da:45:7d:15:c7:30:80:d4:a0:34:bb:
         e8:df:53:cf:c7:36:c4:7a:be:6f:a5:dd:37:98:90:1e:ac:71:
         14:80:32:18:e1:bc:c2:8b:3f:9b:7f:34:79:13:7a:cc:c5:ce:
         83:d9:a5:e8:0b:09:0c:5d:fc:79:22:0f:e5:a4:45:3d:49:8d:
         5a:a8:6e:c1:ec:88:7b:5b:ff:d5:a3:00:fb:7e:fe:c8:03:b1:
         08:86:77:83:05:52:e1:c8:a6:ee:e5:77:b9:3b:c3:fd:db:92:
         8a:7d:98:1c:57:17:54:58:9b:55:90:8b:91:6b:10:6f:1b:5f:
         57:9e:e5:29:a9:d0:3e:78:c7:65:90:6a:a6:c3:46:3a:81:e8:
         20:4c:e0:52:da:12:51:71:7f:a5:23:71:88:d5:eb:6a:0a:a5:
         16:90:38:ff
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAWGj2u56mw6xBh0D7KjoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjM0ZDczOWEwNWIxOWYwNDdiZDJkMGRhM2FmY2E0MGQ3MzAxNDRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo8ubeNZCCE8NYjWtJ9mRFPlaYwCj
1FELnvD4CEDbadVoC4qIX7jBqFmCRuZeducTtw5r1sCV6yJ58vwXLi/reNb8qEFX
RD03YWNe6ANhn1DQCIFFn8Y24bnkljAlmVTJYhZ8tgbgeAEWo20niSjE0YNCt06x
3gGXEkLb66Hrq8Vi2kNVr5X1Zf1R+PW5ojDmhcwcY0KofA9ANVq+4sr2jY8DVsrd
j1XzySh5VK5D0Xl9ALc9bBu2rsSLIymU4Ti5CtADZwXs7wGnOZdwsP8rkdfFC6jS
UecPa3pvX6HRRByb26tioIpXLuJ9Mwdy8n975DMt0MWa/QWAllAiGJ4wpQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMY01zmgWxnwR70tDaOvykDXMBRKMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEveGpUWE9hQmJHZkJIdlMwTm82X0tRTmN3RkVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQPw
MA0GCSqGSIb3DQEBCwUAA4IBAQCeLSqqKLBO9+mbzSnfZ2bJrZclxTGiVUDiFMRA
ubQTkwrkIehRukz0n+z12Q4YGyZk/D+XsZSR60kv394ceXqOOzRaVRor3jMn0Ay/
o4VrSS3qxMf5XBJNCvGlXhARuweE2kV9FccwgNSgNLvo31PPxzbEer5vpd03mJAe
rHEUgDIY4bzCiz+bfzR5E3rMxc6D2aXoCwkMXfx5Ig/lpEU9SY1aqG7B7Ih7W//V
owD7fv7IA7EIhneDBVLhyKbu5Xe5O8P925KKfZgcVxdUWJtVkIuRaxBvG19XnuUp
qdA+eMdlkGqmw0Y6geggTOBS2hJRcX+lI3GI1etqCqUWkDj/
-----END CERTIFICATE-----