Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/APa-EvvIq-Zn00xSF7P5Iepdrtg.roa
File:                     APa-EvvIq-Zn00xSF7P5Iepdrtg.roa (raw, json)
Hash identifier:          liL2fhNTmzSQS78pkV7yY3svZFD/13/NCLEkX2na1DI=
Subject key identifier:   00:F6:BE:12:FB:C8:AB:E6:67:D3:4C:52:17:B3:F9:21:EA:5D:AE:D8
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       0194835BEB335DD89CE514CC3B2689B7B6D9
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/APa-EvvIq-Zn00xSF7P5Iepdrtg.roa
Signing time:             Mon 20 Jan 2025 10:57:06 +0000
ROA not before:           Mon 20 Jan 2025 10:57:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        2a0c:b641:1d0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 02:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:83:5b:eb:33:5d:d8:9c:e5:14:cc:3b:26:89:b7:b6:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan 20 10:57:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=00f6be12fbc8abe667d34c5217b3f921ea5daed8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:b0:0b:b0:09:06:d4:7e:d4:2e:7c:46:d9:84:
                    e2:b4:48:68:45:e1:db:58:ad:3c:a8:cf:af:94:0b:
                    73:86:b4:a1:8d:9b:19:ea:4a:05:e8:15:68:53:a9:
                    50:4d:a5:52:3f:63:5e:5a:9e:fa:1c:4a:2c:e0:34:
                    4d:e1:c4:1c:56:fb:ce:e4:c7:92:87:ef:21:58:87:
                    25:51:90:87:b8:ef:3e:d0:d7:71:7e:a6:43:4c:de:
                    f8:c8:e4:57:52:9e:e0:cf:b9:98:e2:fa:47:4d:e3:
                    f5:19:3e:94:2e:63:a2:1e:7b:16:5e:41:11:b9:d5:
                    61:3b:ba:5b:22:f3:1b:c5:c4:02:8a:d2:8f:b7:93:
                    8f:53:6b:0f:93:4e:bf:20:82:b2:05:97:ea:93:61:
                    01:5d:84:6c:4b:e9:44:8e:ce:c1:e9:5e:9a:05:dd:
                    6b:e0:8a:af:86:cd:95:c6:48:be:37:4a:43:5a:18:
                    e0:46:97:bd:d1:ca:5e:70:5e:ff:85:36:1b:1b:ef:
                    7f:c8:25:d4:e2:87:23:ee:71:21:1c:b3:b2:f1:77:
                    c2:f7:57:ab:de:71:10:7d:01:5a:f8:db:36:e6:b4:
                    c9:47:8a:49:3b:9c:04:2e:63:7b:50:8a:73:2a:1f:
                    fa:bc:e8:45:0d:cd:24:5e:05:2c:97:0f:61:6d:32:
                    06:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:F6:BE:12:FB:C8:AB:E6:67:D3:4C:52:17:B3:F9:21:EA:5D:AE:D8
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/APa-EvvIq-Zn00xSF7P5Iepdrtg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:1d0::/44

    Signature Algorithm: sha256WithRSAEncryption
         32:76:e0:b3:29:e6:3e:77:71:23:95:d1:0b:30:42:56:11:ad:
         6a:91:0c:19:e8:ff:f4:fd:6e:e6:0d:40:33:91:a4:83:fc:5c:
         6f:c1:dd:54:0c:28:f1:6d:17:bb:c6:16:65:4a:44:5d:c1:1d:
         fc:fc:dc:e5:1e:c5:91:1f:41:89:d2:8c:36:ec:30:bc:cd:0b:
         d8:2a:a3:75:24:26:6b:1b:0e:6f:ed:9a:9e:80:cb:02:74:83:
         5e:57:6e:d3:9a:20:34:23:37:3d:58:cb:dc:06:fe:ae:70:ab:
         4a:8b:19:6d:0f:80:50:e6:df:8b:29:a5:e5:e0:00:ff:92:fd:
         a5:80:2e:26:bd:31:98:45:98:6b:8f:be:f5:e5:6c:ea:94:01:
         31:1f:e7:bb:01:26:c5:da:ba:7b:30:09:9a:39:32:de:37:d5:
         c8:68:b0:6a:37:f8:10:f3:1d:a2:0a:a9:18:3a:85:c7:5c:bb:
         0c:87:91:b7:af:43:f2:73:ca:62:f5:27:3a:54:b8:c6:7e:b5:
         1a:4d:0e:1b:77:79:3e:82:7a:64:26:88:34:ef:62:b4:ae:79:
         cc:92:90:48:77:ea:22:f5:2c:af:c7:ae:96:e3:7e:f1:0d:d1:
         7f:30:d4:b9:a4:8e:b9:b1:74:49:de:4d:5d:37:dd:20:97:a1:
         52:64:ee:af
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZSDW+szXdic5RTMOyaJt7bZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTIwMTA1NzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGY2YmUxMmZiYzhhYmU2NjdkMzRjNTIxN2IzZjkyMWVhNWRhZWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy7ALsAkG1H7ULnxG2YTitEhoReHb
WK08qM+vlAtzhrShjZsZ6koF6BVoU6lQTaVSP2NeWp76HEos4DRN4cQcVvvO5MeS
h+8hWIclUZCHuO8+0NdxfqZDTN74yORXUp7gz7mY4vpHTeP1GT6ULmOiHnsWXkER
udVhO7pbIvMbxcQCitKPt5OPU2sPk06/IIKyBZfqk2EBXYRsS+lEjs7B6V6aBd1r
4Iqvhs2Vxki+N0pDWhjgRpe90cpecF7/hTYbG+9/yCXU4ocj7nEhHLOy8XfC91er
3nEQfQFa+Ns25rTJR4pJO5wELmN7UIpzKh/6vOhFDc0kXgUslw9hbTIGAQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAD2vhL7yKvmZ9NMUhez+SHqXa7YMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvQVBhLUV2dklxLVpuMDB4U0Y3UDVJZXBkcnRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQHQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAyduCzKeY+d3EjldELMEJWEa1qkQwZ6P/0/W7m
DUAzkaSD/Fxvwd1UDCjxbRe7xhZlSkRdwR38/NzlHsWRH0GJ0ow27DC8zQvYKqN1
JCZrGw5v7ZqegMsCdINeV27TmiA0Izc9WMvcBv6ucKtKixltD4BQ5t+LKaXl4AD/
kv2lgC4mvTGYRZhrj7715WzqlAExH+e7ASbF2rp7MAmaOTLeN9XIaLBqN/gQ8x2i
CqkYOoXHXLsMh5G3r0Pyc8pi9Sc6VLjGfrUaTQ4bd3k+gnpkJog072K0rnnMkpBI
d+oi9Syvx66W437xDdF/MNS5pI65sXRJ3k1dN90gl6FSZO6v
-----END CERTIFICATE-----