Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/yWYaXFkcekP9CHsdXf_OYEcaYkI.roa
File:                     yWYaXFkcekP9CHsdXf_OYEcaYkI.roa (raw, json)
Hash identifier:          bGX95Awtc/fI73T6tBo1cZSdZK27uFL4si5kDiPhjb4=
Subject key identifier:   C9:66:1A:5C:59:1C:7A:43:FD:08:7B:1D:5D:FF:CE:60:47:1A:62:42
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8014D82E60BB0E2E2DDFD0B7F85CEFA
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/yWYaXFkcekP9CHsdXf_OYEcaYkI.roa
Signing time:             Tue 02 Jan 2024 02:29:37 +0000
ROA not before:           Tue 02 Jan 2024 02:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     53356
IP address blocks:        2a0c:b641:493::/48 maxlen: 48
                          2a0c:b642:1a0c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:4d:82:e6:0b:b0:e2:e2:dd:fd:0b:7f:85:ce:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c9661a5c591c7a43fd087b1d5dffce60471a6242
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:b1:22:7d:31:74:46:6a:63:4c:56:c7:ba:6a:
                    97:e4:0d:4b:65:73:71:36:96:83:ab:7f:3c:2e:ff:
                    f5:2f:8c:32:dd:d2:45:96:32:3e:4f:0c:18:c6:ff:
                    60:ed:f0:38:57:c3:c9:21:cd:df:c8:c6:77:ff:2f:
                    6f:1c:47:8a:43:b5:e1:38:f1:50:01:89:16:ea:b8:
                    30:d4:2d:b5:a3:46:6a:df:13:3b:e7:ce:3f:7a:c6:
                    ce:8f:d0:a2:76:25:a7:a9:e1:be:f5:1c:e5:9c:5a:
                    fa:87:96:f8:06:52:5c:a1:19:a9:88:94:c6:7a:d3:
                    78:56:a4:31:67:45:fd:84:27:11:23:de:60:61:ba:
                    d5:06:db:45:9e:2c:4e:b6:bf:c1:20:39:88:ed:4e:
                    c1:59:fe:64:48:da:e6:73:fc:4f:5b:cf:a4:be:bb:
                    da:8a:e3:30:72:f4:01:94:3e:29:5d:6d:e2:1d:6c:
                    72:1e:2c:d7:db:e3:c6:63:a3:a4:7c:79:6f:cf:3f:
                    24:58:b7:8a:4e:fa:7f:69:d5:b7:07:5a:89:98:fd:
                    8f:e1:fb:48:64:54:b1:e1:08:82:ff:5c:58:39:c8:
                    d7:f7:e4:a3:f2:bb:51:a4:0f:17:fe:e4:96:87:96:
                    2b:f2:36:2b:1a:ea:b5:fb:1b:84:c1:c4:94:ab:ef:
                    96:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:66:1A:5C:59:1C:7A:43:FD:08:7B:1D:5D:FF:CE:60:47:1A:62:42
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/yWYaXFkcekP9CHsdXf_OYEcaYkI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:493::/48
                  2a0c:b642:1a0c::/48

    Signature Algorithm: sha256WithRSAEncryption
         68:97:6a:91:5f:3f:1c:6f:99:15:6a:e8:9c:81:ee:59:c4:1a:
         87:58:7d:87:a4:00:a0:35:0f:1c:f3:bd:e2:c1:c3:27:07:a9:
         30:9f:11:38:0a:3a:45:cf:34:8f:74:43:1b:b2:c5:97:85:ae:
         ad:4b:a6:13:5e:54:93:2d:42:75:17:d0:bb:a5:ae:e4:d5:5d:
         5f:76:70:56:ab:72:8a:1f:c8:c7:10:f1:71:9a:1b:41:60:6a:
         63:f1:17:7a:cb:28:18:ec:fa:28:70:8b:b1:b3:b7:b9:9b:4e:
         f0:5b:f5:dc:b3:e1:7f:12:20:68:73:55:c7:4d:31:6a:c7:13:
         36:d7:f6:04:02:d3:44:2d:c5:20:5a:35:80:26:6a:2b:af:46:
         1e:cc:fd:a4:6a:01:69:79:0a:2a:aa:11:08:27:54:60:bb:df:
         ef:aa:57:62:17:55:18:3d:16:ae:43:af:3e:37:a3:3f:6b:ab:
         6c:88:92:71:b0:22:0f:74:57:1b:14:3d:3a:d6:1c:d6:a8:a6:
         d0:ba:c1:ea:9a:d5:b5:d5:91:5e:f7:37:7c:34:b7:34:cf:13:
         5c:e6:42:b3:fc:7e:d8:fc:53:48:c2:8c:66:11:e6:74:58:06:
         60:e4:5d:5d:30:bf:c7:7c:ff:90:8b:15:3a:d5:1b:48:ec:2a:
         c0:a6:5e:d5
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzIAU2C5guw4uLd/Qt/hc76MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTY2MWE1YzU5MWM3YTQzZmQwODdiMWQ1ZGZmY2U2MDQ3MWE2MjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlrEifTF0RmpjTFbHumqX5A1LZXNx
NpaDq388Lv/1L4wy3dJFljI+TwwYxv9g7fA4V8PJIc3fyMZ3/y9vHEeKQ7XhOPFQ
AYkW6rgw1C21o0Zq3xM7584/esbOj9CidiWnqeG+9RzlnFr6h5b4BlJcoRmpiJTG
etN4VqQxZ0X9hCcRI95gYbrVBttFnixOtr/BIDmI7U7BWf5kSNrmc/xPW8+kvrva
iuMwcvQBlD4pXW3iHWxyHizX2+PGY6OkfHlvzz8kWLeKTvp/adW3B1qJmP2P4ftI
ZFSx4QiC/1xYOcjX9+Sj8rtRpA8X/uSWh5Yr8jYrGuq1+xuEwcSUq++WJwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMlmGlxZHHpD/Qh7HV3/zmBHGmJCMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEveVdZYVhGa2Nla1A5Q0hzZFhmX09ZRWNhWWtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgy2QQST
AwcAKgy2QhoMMA0GCSqGSIb3DQEBCwUAA4IBAQBol2qRXz8cb5kVauicge5ZxBqH
WH2HpACgNQ8c873iwcMnB6kwnxE4CjpFzzSPdEMbssWXha6tS6YTXlSTLUJ1F9C7
pa7k1V1fdnBWq3KKH8jHEPFxmhtBYGpj8Rd6yygY7PoocIuxs7e5m07wW/Xcs+F/
EiBoc1XHTTFqxxM21/YEAtNELcUgWjWAJmorr0YezP2kagFpeQoqqhEIJ1Rgu9/v
qldiF1UYPRauQ68+N6M/a6tsiJJxsCIPdFcbFD061hzWqKbQusHqmtW11ZFe9zd8
NLc0zxNc5kKz/H7Y/FNIwoxmEeZ0WAZg5F1dML/HfP+QixU61RtI7CrApl7V
-----END CERTIFICATE-----