Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/yTM_kiFiF2F4p3V7y9WpSediYsk.roa
File:                     yTM_kiFiF2F4p3V7y9WpSediYsk.roa (raw, json)
Hash identifier:          FHtwioOLJ+zL3WKrWpjq/ygEkC1TqsMugFd3CjWtk3o=
Subject key identifier:   C9:33:3F:92:21:62:17:61:78:A7:75:7B:CB:D5:A9:49:E7:62:62:C9
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC80153B08604DAA8D588A48529D66767
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/yTM_kiFiF2F4p3V7y9WpSediYsk.roa
Signing time:             Tue 02 Jan 2024 02:29:39 +0000
ROA not before:           Tue 02 Jan 2024 02:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198127
IP address blocks:        2a0c:b641:300::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:53:b0:86:04:da:a8:d5:88:a4:85:29:d6:67:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c9333f922162176178a7757bcbd5a949e76262c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:bc:09:0c:4f:d6:aa:6e:4f:86:4d:f2:11:ee:
                    c4:33:16:5d:42:9e:ac:9a:95:ce:19:94:01:a8:e1:
                    ff:e6:fb:9e:20:d1:60:b2:a1:33:9d:9d:9f:35:a1:
                    30:30:6a:77:b2:10:b5:ae:8c:17:63:e3:45:a5:99:
                    2e:7e:6d:8d:14:b6:8a:a6:c1:69:1e:12:aa:ce:e2:
                    6c:52:49:75:4e:cd:8e:66:76:a0:4e:fa:6c:e2:81:
                    3e:6f:96:d1:fe:0e:fc:e0:89:95:76:0f:5f:51:01:
                    d3:d8:7d:8f:15:e9:dd:b0:6f:83:fb:2d:f8:72:a3:
                    ee:5a:a3:2e:7f:d9:a9:2f:9e:04:d0:18:2d:ad:b9:
                    79:5e:9b:b0:f1:8d:dd:c5:57:6b:a7:51:28:98:96:
                    ca:4e:f5:d2:20:4a:2e:79:d0:a8:20:ab:a8:bb:c2:
                    fd:4a:35:75:9f:79:b6:39:bc:1d:75:bd:40:4d:c7:
                    a3:2b:bb:34:43:41:6e:27:e6:8b:da:60:89:f2:b7:
                    e8:99:3e:64:76:bd:34:44:4b:01:d9:13:99:0e:1a:
                    99:e8:e8:be:4d:e6:d6:35:c4:fa:31:76:e1:5a:8c:
                    12:25:28:d3:3c:a8:48:49:38:d4:f5:df:99:32:58:
                    c4:bc:b3:24:87:31:56:6a:0c:87:a3:fd:fb:6e:96:
                    22:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:33:3F:92:21:62:17:61:78:A7:75:7B:CB:D5:A9:49:E7:62:62:C9
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/yTM_kiFiF2F4p3V7y9WpSediYsk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:300::/44

    Signature Algorithm: sha256WithRSAEncryption
         99:9d:99:eb:82:d7:89:c5:eb:af:5d:d3:72:e4:ab:f5:ac:d0:
         cf:9d:28:06:4d:fb:0b:25:2d:a3:15:52:31:1d:b8:75:79:a8:
         b0:55:41:76:c6:ca:50:b3:fa:a7:3e:24:cb:c8:4b:3e:5b:a8:
         ab:b5:d1:d1:de:f7:51:96:98:8a:74:75:6a:bd:40:2f:42:6c:
         75:8d:fe:24:63:0f:62:ef:e5:14:d0:bd:5e:43:1d:6f:4a:83:
         75:93:ce:0d:d0:ef:94:9a:de:c4:99:d3:01:03:d7:20:2b:87:
         b4:e9:d2:e1:c5:18:eb:cd:32:eb:32:00:65:12:07:78:be:95:
         43:cd:72:9a:d8:18:d1:8a:19:1d:6e:cc:dc:d7:ea:1d:8c:ae:
         f5:62:a1:1b:af:c6:50:96:08:98:d3:05:4c:85:f0:a1:36:6d:
         18:23:0f:72:0a:7a:b4:4e:fd:8b:a0:ac:3f:a5:a8:4a:99:68:
         19:f2:0c:f5:33:34:d6:7f:9e:73:ae:82:2c:62:b1:e2:4b:5a:
         86:97:49:41:f6:f0:85:2c:a1:f4:0c:5f:68:25:57:f9:73:98:
         e8:b5:d8:99:01:a5:6d:ca:93:3f:c2:10:3b:66:96:5b:63:3c:
         85:fe:69:04:4d:9d:3f:e5:df:9e:b2:9f:d4:20:2b:c4:97:23:
         dd:c3:f6:25
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAVOwhgTaqNWIpIUp1mdnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTMzM2Y5MjIxNjIxNzYxNzhhNzc1N2JjYmQ1YTk0OWU3NjI2MmM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgbwJDE/Wqm5Phk3yEe7EMxZdQp6s
mpXOGZQBqOH/5vueINFgsqEznZ2fNaEwMGp3shC1rowXY+NFpZkufm2NFLaKpsFp
HhKqzuJsUkl1Ts2OZnagTvps4oE+b5bR/g784ImVdg9fUQHT2H2PFendsG+D+y34
cqPuWqMuf9mpL54E0Bgtrbl5Xpuw8Y3dxVdrp1EomJbKTvXSIEouedCoIKuou8L9
SjV1n3m2Obwddb1ATcejK7s0Q0FuJ+aL2mCJ8rfomT5kdr00REsB2ROZDhqZ6Oi+
TebWNcT6MXbhWowSJSjTPKhISTjU9d+ZMljEvLMkhzFWagyHo/37bpYibwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMkzP5IhYhdheKd1e8vVqUnnYmLJMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEveVRNX2tpRmlGMkY0cDNWN3k5V3BTZWRpWXNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQMA
MA0GCSqGSIb3DQEBCwUAA4IBAQCZnZnrgteJxeuvXdNy5Kv1rNDPnSgGTfsLJS2j
FVIxHbh1eaiwVUF2xspQs/qnPiTLyEs+W6irtdHR3vdRlpiKdHVqvUAvQmx1jf4k
Yw9i7+UU0L1eQx1vSoN1k84N0O+Umt7EmdMBA9cgK4e06dLhxRjrzTLrMgBlEgd4
vpVDzXKa2BjRihkdbszc1+odjK71YqEbr8ZQlgiY0wVMhfChNm0YIw9yCnq0Tv2L
oKw/pahKmWgZ8gz1MzTWf55zroIsYrHiS1qGl0lB9vCFLKH0DF9oJVf5c5jotdiZ
AaVtypM/whA7ZpZbYzyF/mkETZ0/5d+esp/UICvElyPdw/Yl
-----END CERTIFICATE-----