Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/xtJu4yMXOS6B_zZYsmgR_efXRk0.roa
File:                     xtJu4yMXOS6B_zZYsmgR_efXRk0.roa (raw, json)
Hash identifier:          MnSoNEWvPp6+CsTJ+UO3ZwpUrP3vNRECgg0TPD27psA=
Subject key identifier:   C6:D2:6E:E3:23:17:39:2E:81:FF:36:58:B2:68:11:FD:E7:D7:46:4D
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01927BF90CD181C11FEDF43980BEC3703B69
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/xtJu4yMXOS6B_zZYsmgR_efXRk0.roa
Signing time:             Fri 11 Oct 2024 14:26:12 +0000
ROA not before:           Fri 11 Oct 2024 14:26:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214049
IP address blocks:        2a0c:b641:d20::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:7b:f9:0c:d1:81:c1:1f:ed:f4:39:80:be:c3:70:3b:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Oct 11 14:26:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c6d26ee32317392e81ff3658b26811fde7d7464d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:c7:17:d2:7c:ad:b5:17:4d:67:f8:1c:b8:f7:
                    a8:25:aa:e0:e3:b9:a1:66:ff:93:20:a7:05:a2:88:
                    ed:c0:d4:f7:06:65:12:fa:52:cf:7f:e5:61:d5:99:
                    d6:3f:76:fd:95:bc:02:4b:f5:70:e7:23:75:ba:fa:
                    19:8f:b3:eb:ba:dc:2c:d9:37:ac:d6:e4:2a:f7:a9:
                    24:54:19:20:fb:e8:9b:05:e2:69:b1:00:09:71:e5:
                    ca:43:16:7a:27:8e:60:49:7f:10:d2:d4:1e:34:24:
                    23:ec:79:49:d5:fe:54:66:97:3d:81:1c:40:37:83:
                    59:45:ed:6d:cb:46:5c:37:3f:85:ee:fc:10:42:91:
                    c3:73:46:66:f2:19:6d:34:d3:08:ee:76:88:38:46:
                    7a:6e:f6:d7:14:01:42:66:df:ce:b8:66:11:60:7f:
                    82:5a:9e:14:3a:f3:41:be:5a:e9:5c:a8:e9:9f:28:
                    85:28:eb:e8:49:06:40:a2:20:9e:2b:d3:a9:63:67:
                    70:db:50:4d:1d:9b:39:cb:89:4c:86:e7:30:fd:be:
                    ba:66:82:b3:b2:78:4f:34:2d:5d:ae:21:20:50:36:
                    66:91:de:53:3e:77:78:71:ea:4a:34:4e:af:81:95:
                    f3:05:df:af:ca:5f:07:d7:7d:4c:23:70:21:54:51:
                    b8:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:D2:6E:E3:23:17:39:2E:81:FF:36:58:B2:68:11:FD:E7:D7:46:4D
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/xtJu4yMXOS6B_zZYsmgR_efXRk0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:d20::/44

    Signature Algorithm: sha256WithRSAEncryption
         34:31:ad:f1:d4:3b:17:25:a4:95:6b:93:5a:0a:55:11:ea:e1:
         04:d7:5a:27:b9:c5:64:6c:bd:17:5e:e1:7a:f8:42:fc:f5:bc:
         41:24:22:c5:d2:60:09:bd:3f:82:02:60:e1:91:67:fb:a3:b8:
         89:ff:ae:3d:80:f6:70:72:37:1f:59:47:b5:9c:c8:15:6d:73:
         bd:3f:12:3d:d9:f5:42:ba:bc:59:8a:40:ca:ed:2a:7e:cc:82:
         88:76:db:73:e6:b2:14:f1:0a:1f:f7:82:42:2a:b1:b3:0b:a9:
         f3:80:f3:89:15:57:ee:70:d9:a5:27:30:25:9b:0e:58:80:94:
         19:25:27:ec:a2:f9:39:18:79:42:de:cd:e5:ae:35:e5:d6:26:
         03:f1:7c:24:7d:37:c1:57:ab:13:91:e3:f2:81:49:e2:7c:b9:
         96:f8:13:23:3d:20:56:dd:a9:1d:d9:7f:bb:a6:81:04:1b:72:
         a5:83:bf:35:a1:3d:5c:49:49:ed:d7:55:d4:16:4b:92:7c:55:
         4d:af:53:cd:2a:30:0a:29:49:80:e4:9a:9b:48:8a:40:08:74:
         83:89:3e:e3:e1:af:2c:0a:dd:15:fc:aa:1e:bf:8e:4c:83:f2:
         1b:2e:46:b6:4c:ea:0f:b7:f4:20:41:0f:84:e9:39:e0:7f:4c:
         e9:97:4a:0a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZJ7+QzRgcEf7fQ5gL7DcDtpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQxMDExMTQyNjEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmQyNmVlMzIzMTczOTJlODFmZjM2NThiMjY4MTFmZGU3ZDc0NjRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1McX0nyttRdNZ/gcuPeoJarg47mh
Zv+TIKcFoojtwNT3BmUS+lLPf+Vh1ZnWP3b9lbwCS/Vw5yN1uvoZj7Prutws2Tes
1uQq96kkVBkg++ibBeJpsQAJceXKQxZ6J45gSX8Q0tQeNCQj7HlJ1f5UZpc9gRxA
N4NZRe1ty0ZcNz+F7vwQQpHDc0Zm8hltNNMI7naIOEZ6bvbXFAFCZt/OuGYRYH+C
Wp4UOvNBvlrpXKjpnyiFKOvoSQZAoiCeK9OpY2dw21BNHZs5y4lMhucw/b66ZoKz
snhPNC1driEgUDZmkd5TPnd4cepKNE6vgZXzBd+vyl8H131MI3AhVFG4+QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMbSbuMjFzkugf82WLJoEf3n10ZNMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEveHRKdTR5TVhPUzZCX3paWXNtZ1JfZWZYUmswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQ0g
MA0GCSqGSIb3DQEBCwUAA4IBAQA0Ma3x1DsXJaSVa5NaClUR6uEE11onucVkbL0X
XuF6+EL89bxBJCLF0mAJvT+CAmDhkWf7o7iJ/649gPZwcjcfWUe1nMgVbXO9PxI9
2fVCurxZikDK7Sp+zIKIdttz5rIU8Qof94JCKrGzC6nzgPOJFVfucNmlJzAlmw5Y
gJQZJSfsovk5GHlC3s3lrjXl1iYD8XwkfTfBV6sTkePygUnifLmW+BMjPSBW3akd
2X+7poEEG3Klg781oT1cSUnt11XUFkuSfFVNr1PNKjAKKUmA5JqbSIpACHSDiT7j
4a8sCt0V/Koev45Mg/IbLka2TOoPt/QgQQ+E6Tngf0zpl0oK
-----END CERTIFICATE-----