Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/zJLLYS475-WC3Iw_2QyGFkSPnx0.roa
File:                     zJLLYS475-WC3Iw_2QyGFkSPnx0.roa (raw, json)
Hash identifier:          T/uashVhNPVXcNOOluOQTgwfIUfEAfKQDiXPT1FQikA=
Subject key identifier:   CC:92:CB:61:2E:3B:E7:E5:82:DC:8C:3F:D9:0C:86:16:44:8F:9F:1D
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC801796E501069BC8D44151FF15E1EA9
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/zJLLYS475-WC3Iw_2QyGFkSPnx0.roa
Signing time:             Tue 02 Jan 2024 02:29:48 +0000
ROA not before:           Tue 02 Jan 2024 02:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211907
IP address blocks:        2a0c:b641:a40::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:79:6e:50:10:69:bc:8d:44:15:1f:f1:5e:1e:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cc92cb612e3be7e582dc8c3fd90c8616448f9f1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:35:af:5b:d1:bf:1b:3e:15:75:d6:6b:0b:65:
                    48:6c:4f:71:82:a3:1c:dd:15:11:1c:32:b3:62:07:
                    76:a4:f1:eb:24:f9:3a:eb:31:6a:0c:6e:5d:7d:8a:
                    0a:1e:11:cd:07:6d:ee:e2:8c:e4:4d:9e:34:e8:ab:
                    50:09:07:8e:7e:f1:b4:cd:1a:7c:16:5b:42:b5:4f:
                    17:d4:c1:f8:88:ce:b6:4e:85:e9:14:a2:97:16:f3:
                    a2:34:ee:c5:30:d1:8e:d9:54:04:60:c1:9e:24:e8:
                    a8:59:ea:2b:6a:29:5e:df:c5:4d:6f:c6:ba:bf:d4:
                    dd:36:12:59:f7:a3:eb:53:6a:de:c6:7f:d3:28:10:
                    57:42:c6:d4:56:8b:1b:22:3c:fa:76:0f:03:f0:ae:
                    41:12:05:6e:1a:8b:cd:96:4e:79:36:01:48:a5:f6:
                    98:13:4d:6f:e3:24:9f:b3:5d:be:3b:73:18:cb:d9:
                    e8:58:0d:d8:8a:cf:7f:8f:87:d6:b4:97:82:99:a6:
                    c3:5e:f3:c2:46:48:06:fb:b3:88:eb:40:5b:0c:bc:
                    b8:9c:03:47:dd:f0:12:97:47:bc:42:8d:9f:7c:f1:
                    72:c1:5f:67:7c:e5:ff:21:c4:93:8f:54:e2:5d:59:
                    eb:4e:e5:69:13:ec:7d:ab:03:2d:1c:59:43:e9:78:
                    3d:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:92:CB:61:2E:3B:E7:E5:82:DC:8C:3F:D9:0C:86:16:44:8F:9F:1D
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/zJLLYS475-WC3Iw_2QyGFkSPnx0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:a40::/44

    Signature Algorithm: sha256WithRSAEncryption
         58:1a:5f:81:f3:a5:a5:a8:5b:b3:07:74:46:98:28:70:6f:e8:
         73:09:d2:9b:c5:df:eb:98:0c:6b:9e:72:27:1f:e2:1a:30:cb:
         59:1e:2e:a1:1c:e1:21:0b:d5:04:ef:f9:20:e1:6c:7b:d2:1c:
         24:5d:61:d4:c4:6d:b9:b5:e6:91:60:76:ff:39:fe:63:e5:62:
         dc:22:e4:0f:39:d0:d8:94:9d:76:51:55:f5:19:47:fb:d7:99:
         5f:2f:93:ff:d1:b5:20:62:35:ef:cd:40:ee:a1:64:10:fd:19:
         6d:48:c9:ef:00:ee:64:44:4f:78:d1:32:15:02:fd:d5:4c:fa:
         7b:22:ea:fc:af:4d:1a:4b:ad:04:8e:c5:8a:e3:35:60:82:ce:
         55:f5:b6:7f:c9:b3:90:6f:ab:59:b7:b5:39:39:be:cd:31:f2:
         15:4a:a7:45:c4:33:05:86:27:f1:00:ee:71:6f:f5:e3:47:fb:
         4a:b7:10:0d:99:77:3a:9a:a7:72:6b:c0:41:70:8c:da:63:84:
         ca:fb:74:2e:68:9a:ee:d0:ce:5d:7c:ab:de:d7:cc:4a:c1:be:
         52:20:1a:73:fa:aa:da:8b:33:6a:f7:1e:a8:a0:d1:07:81:a7:
         17:4a:b8:10:24:d8:09:a7:52:3b:a9:40:34:9b:49:cf:4b:d0:
         95:66:05:ed
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAXluUBBpvI1EFR/xXh6pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzkyY2I2MTJlM2JlN2U1ODJkYzhjM2ZkOTBjODYxNjQ0OGY5ZjFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnzWvW9G/Gz4VddZrC2VIbE9xgqMc
3RURHDKzYgd2pPHrJPk66zFqDG5dfYoKHhHNB23u4ozkTZ406KtQCQeOfvG0zRp8
FltCtU8X1MH4iM62ToXpFKKXFvOiNO7FMNGO2VQEYMGeJOioWeoraile38VNb8a6
v9TdNhJZ96PrU2rexn/TKBBXQsbUVosbIjz6dg8D8K5BEgVuGovNlk55NgFIpfaY
E01v4ySfs12+O3MYy9noWA3Yis9/j4fWtJeCmabDXvPCRkgG+7OI60BbDLy4nANH
3fASl0e8Qo2ffPFywV9nfOX/IcSTj1TiXVnrTuVpE+x9qwMtHFlD6Xg9HQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMySy2EuO+flgtyMP9kMhhZEj58dMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvekpMTFlTNDc1LVdDM0l3XzJReUdGa1NQbngwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQpA
MA0GCSqGSIb3DQEBCwUAA4IBAQBYGl+B86WlqFuzB3RGmChwb+hzCdKbxd/rmAxr
nnInH+IaMMtZHi6hHOEhC9UE7/kg4Wx70hwkXWHUxG25teaRYHb/Of5j5WLcIuQP
OdDYlJ12UVX1GUf715lfL5P/0bUgYjXvzUDuoWQQ/RltSMnvAO5kRE940TIVAv3V
TPp7Iur8r00aS60EjsWK4zVggs5V9bZ/ybOQb6tZt7U5Ob7NMfIVSqdFxDMFhifx
AO5xb/XjR/tKtxANmXc6mqdya8BBcIzaY4TK+3QuaJru0M5dfKve18xKwb5SIBpz
+qraizNq9x6ooNEHgacXSrgQJNgJp1I7qUA0m0nPS9CVZgXt
-----END CERTIFICATE-----