Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/5i1T7cduxh0OrAlzRVRXB-Kaudg.roa
File:                     5i1T7cduxh0OrAlzRVRXB-Kaudg.roa (raw, json)
Hash identifier:          qzPN2/mwvdmiADWfiMmVbGlQ6+G8YB8Fwn4GdwjMnUg=
Subject key identifier:   E6:2D:53:ED:C7:6E:C6:1D:0E:AC:09:73:45:54:57:07:E2:9A:B9:D8
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       0197C789C027A44268950D0D7693341AB81D
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/5i1T7cduxh0OrAlzRVRXB-Kaudg.roa
Signing time:             Tue 01 Jul 2025 19:49:42 +0000
ROA not before:           Tue 01 Jul 2025 19:49:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210915
IP address blocks:        2a0c:b641:630::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c7:89:c0:27:a4:42:68:95:0d:0d:76:93:34:1a:b8:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jul  1 19:49:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e62d53edc76ec61d0eac097345545707e29ab9d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:c4:c4:dc:9b:08:19:f9:a0:14:8c:96:01:ee:
                    03:d7:28:11:7b:e0:c7:94:ee:f1:e3:c2:ef:cf:84:
                    a2:60:2a:5f:ae:0c:3d:48:72:9b:93:0b:09:03:f1:
                    d6:e8:13:e2:9a:28:73:10:c0:70:a1:22:e0:79:d3:
                    38:1f:6f:7a:52:c3:d8:24:ac:e4:a1:a3:b5:db:73:
                    2d:d0:4c:0c:02:ad:96:39:40:34:02:61:a4:7b:e6:
                    3a:1d:c8:a0:96:22:bf:0c:e2:50:20:0b:0c:63:8e:
                    28:3d:c7:8e:84:4a:6e:5d:f0:d2:f6:2b:cc:69:59:
                    28:29:43:26:ce:c7:ca:0d:bc:01:0d:d6:a9:71:f2:
                    07:f7:dc:bf:3c:b2:a4:99:16:61:eb:a6:c1:fa:b0:
                    9f:dc:f1:b3:8a:b7:5b:ad:a7:9a:f6:ed:28:94:60:
                    e4:6f:47:c1:c4:64:12:21:07:e9:f8:a9:50:d6:7f:
                    01:62:c2:8d:87:64:2a:73:7f:2e:9b:44:c4:f5:7f:
                    d6:ff:cc:7f:d6:38:f7:68:90:a7:d1:0a:1c:10:ea:
                    85:00:fe:d1:61:76:03:ae:eb:f3:fc:bd:1d:be:f4:
                    f5:ea:58:ad:8d:7c:0d:83:e9:30:c0:c4:3b:bd:4e:
                    3e:af:52:d0:b9:5a:b4:1e:96:38:70:84:56:ac:51:
                    ca:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:2D:53:ED:C7:6E:C6:1D:0E:AC:09:73:45:54:57:07:E2:9A:B9:D8
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/5i1T7cduxh0OrAlzRVRXB-Kaudg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:630::/44

    Signature Algorithm: sha256WithRSAEncryption
         68:fc:6c:f6:94:d1:e3:21:74:14:5c:60:32:62:83:60:ed:98:
         75:93:fa:78:a9:78:61:3f:48:3e:1e:3c:13:aa:5b:1c:ae:3c:
         9a:b9:e8:1e:f3:7a:b2:0e:b2:65:32:5d:10:68:bf:af:25:d2:
         d8:ef:4e:de:64:6f:f2:5b:59:a2:d3:d0:c2:fa:d4:e0:fe:bd:
         05:74:d2:0b:d3:d2:e0:48:04:e0:74:f2:e7:bc:b7:69:16:c8:
         dc:8e:10:9e:86:24:34:6c:f1:06:30:e5:88:59:8f:cc:11:0b:
         1f:bc:7e:20:4b:fa:9f:8c:4d:4f:2a:ec:0b:66:ee:a1:21:81:
         cd:9c:9f:e7:95:29:8f:99:ba:2a:d9:77:0f:42:27:df:82:91:
         9f:8f:de:a2:a8:dc:c1:6b:45:f0:60:a8:af:c1:47:a9:04:c3:
         b3:ad:b5:9f:7a:6d:9a:c6:88:8c:c9:8e:3a:84:c8:6d:cd:55:
         91:c6:9e:21:f0:cd:92:4a:76:14:f6:4b:46:13:27:2f:84:12:
         a9:29:41:51:49:73:05:08:7f:7c:e7:39:31:04:c0:f3:dd:f4:
         92:6f:15:d7:57:1b:6e:ab:ed:0f:32:5d:eb:98:cc:91:30:d7:
         cf:0c:81:bc:dc:f7:20:7b:6f:05:11:7c:0b:32:75:d3:a5:2f:
         79:30:dc:7b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZfHicAnpEJolQ0NdpM0GrgdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwNzAxMTk0OTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjJkNTNlZGM3NmVjNjFkMGVhYzA5NzM0NTU0NTcwN2UyOWFiOWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArcTE3JsIGfmgFIyWAe4D1ygRe+DH
lO7x48Lvz4SiYCpfrgw9SHKbkwsJA/HW6BPimihzEMBwoSLgedM4H296UsPYJKzk
oaO123Mt0EwMAq2WOUA0AmGke+Y6HcigliK/DOJQIAsMY44oPceOhEpuXfDS9ivM
aVkoKUMmzsfKDbwBDdapcfIH99y/PLKkmRZh66bB+rCf3PGzirdbraea9u0olGDk
b0fBxGQSIQfp+KlQ1n8BYsKNh2Qqc38um0TE9X/W/8x/1jj3aJCn0QocEOqFAP7R
YXYDruvz/L0dvvT16litjXwNg+kwwMQ7vU4+r1LQuVq0HpY4cIRWrFHKcwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOYtU+3HbsYdDqwJc0VUVwfimrnYMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvNWkxVDdjZHV4aDBPckFselJWUlhCLUthdWRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQYw
MA0GCSqGSIb3DQEBCwUAA4IBAQBo/Gz2lNHjIXQUXGAyYoNg7Zh1k/p4qXhhP0g+
HjwTqlscrjyauege83qyDrJlMl0QaL+vJdLY707eZG/yW1mi09DC+tTg/r0FdNIL
09LgSATgdPLnvLdpFsjcjhCehiQ0bPEGMOWIWY/MEQsfvH4gS/qfjE1PKuwLZu6h
IYHNnJ/nlSmPmboq2XcPQiffgpGfj96iqNzBa0XwYKivwUepBMOzrbWfem2axoiM
yY46hMhtzVWRxp4h8M2SSnYU9ktGEycvhBKpKUFRSXMFCH985zkxBMDz3fSSbxXX
Vxtuq+0PMl3rmMyRMNfPDIG83Pcge28FEXwLMnXTpS95MNx7
-----END CERTIFICATE-----