Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/B2RKoKMf29vkubZnLS5WWQco8oo.roa
File:                     B2RKoKMf29vkubZnLS5WWQco8oo.roa (raw, json)
Hash identifier:          PWttxZlQm+2iNvI0MEmBkkHEenApTBYEHCkv8cdlm+I=
Subject key identifier:   07:64:4A:A0:A3:1F:DB:DB:E4:B9:B6:67:2D:2E:56:59:07:28:F2:8A
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       0197F3B6BD83BC697352A44316B4463AD50F
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/B2RKoKMf29vkubZnLS5WWQco8oo.roa
Signing time:             Thu 10 Jul 2025 09:42:08 +0000
ROA not before:           Thu 10 Jul 2025 09:42:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211640
IP address blocks:        2a0c:b641:670::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f3:b6:bd:83:bc:69:73:52:a4:43:16:b4:46:3a:d5:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jul 10 09:42:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=07644aa0a31fdbdbe4b9b6672d2e56590728f28a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:56:87:24:3f:eb:eb:be:bc:e1:5a:2d:dd:c8:
                    30:22:8e:c3:5f:19:3c:18:50:aa:fd:12:e3:87:ca:
                    ee:dd:5a:e6:b6:bf:22:5b:a0:79:db:b4:06:e3:96:
                    ee:eb:46:9a:22:f2:6b:60:e1:be:73:ea:8c:b4:c1:
                    32:31:3f:65:33:f5:bf:7a:ab:82:df:77:8d:ba:9a:
                    6a:0e:6a:5a:a6:f8:97:da:49:7b:0f:e0:17:e7:be:
                    ae:eb:9d:92:cd:b8:f4:0d:97:60:a2:19:39:5e:ef:
                    c4:ae:a8:24:5c:bd:c9:78:26:9e:0a:65:2a:f1:2b:
                    a9:e2:63:c6:62:bf:74:7c:4d:ba:fd:1e:a4:8e:35:
                    08:30:88:7f:04:c2:6b:e5:e1:4f:4b:93:96:50:b4:
                    f1:e3:77:9d:e8:36:3b:0b:7c:9c:26:cc:a8:e7:c2:
                    05:f9:7d:ef:d6:62:44:14:b5:88:6f:0d:23:62:13:
                    b6:dd:05:8f:ac:0e:f8:5b:b1:78:3a:64:9e:e2:46:
                    04:30:9c:76:9c:5e:4b:2d:2a:e0:74:f0:bb:6e:ef:
                    8c:bc:59:9b:c1:eb:3a:da:8d:48:1f:df:ee:a4:8c:
                    ce:b7:97:03:55:ae:19:1b:93:9b:fc:3d:88:b0:5f:
                    6b:8e:79:cd:d1:ae:38:8b:b7:50:6a:d1:8a:50:54:
                    be:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:64:4A:A0:A3:1F:DB:DB:E4:B9:B6:67:2D:2E:56:59:07:28:F2:8A
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/B2RKoKMf29vkubZnLS5WWQco8oo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:670::/44

    Signature Algorithm: sha256WithRSAEncryption
         13:9c:26:12:cc:c4:b1:c2:7c:18:bc:ea:8b:cb:97:fe:3e:18:
         9e:5f:05:b6:03:a5:b5:76:95:be:1b:08:75:35:29:af:98:34:
         1a:19:97:52:4a:4e:35:7f:b5:c6:71:2c:20:f2:00:58:33:7a:
         ad:ab:76:21:77:9f:3b:ec:6f:59:04:79:e2:f5:ef:79:24:56:
         5e:f2:e5:85:51:fd:41:53:02:97:75:65:2f:f6:2d:39:56:b8:
         e1:ea:0d:4a:32:55:fb:fb:17:47:97:c1:85:80:0c:d4:1d:c7:
         37:4f:66:20:0a:ca:2d:fa:57:de:88:0b:7c:8a:bb:c1:49:8e:
         a9:8d:e7:54:e8:a1:3d:67:be:ac:75:62:1e:3c:96:9a:c7:22:
         5c:b6:b8:44:6e:10:cd:d6:bb:71:78:60:5f:db:aa:11:5d:5e:
         7b:cf:df:86:3c:55:94:9d:93:97:60:40:5a:e1:e9:a7:5f:f2:
         e5:c4:91:22:7c:8c:ed:6e:7f:88:b9:fb:56:4a:9d:7f:30:70:
         3e:0e:3e:00:1f:af:56:aa:ba:fc:03:4a:d3:f0:eb:cb:cb:2f:
         24:14:e4:b9:75:05:75:53:4b:52:70:b6:c7:01:2b:ac:aa:c1:
         2f:9a:e0:4e:09:f0:0a:40:76:ca:80:e0:ed:9a:8f:af:f8:ca:
         9f:9b:67:57
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZfztr2DvGlzUqRDFrRGOtUPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwNzEwMDk0MjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzY0NGFhMGEzMWZkYmRiZTRiOWI2NjcyZDJlNTY1OTA3MjhmMjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA51aHJD/r67684Vot3cgwIo7DXxk8
GFCq/RLjh8ru3Vrmtr8iW6B527QG45bu60aaIvJrYOG+c+qMtMEyMT9lM/W/equC
33eNuppqDmpapviX2kl7D+AX576u652Szbj0DZdgohk5Xu/ErqgkXL3JeCaeCmUq
8Sup4mPGYr90fE26/R6kjjUIMIh/BMJr5eFPS5OWULTx43ed6DY7C3ycJsyo58IF
+X3v1mJEFLWIbw0jYhO23QWPrA74W7F4OmSe4kYEMJx2nF5LLSrgdPC7bu+MvFmb
wes62o1IH9/upIzOt5cDVa4ZG5Ob/D2IsF9rjnnN0a44i7dQatGKUFS+lQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAdkSqCjH9vb5Lm2Zy0uVlkHKPKKMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvQjJSS29LTWYyOXZrdWJabkxTNVdXUWNvOG9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQZw
MA0GCSqGSIb3DQEBCwUAA4IBAQATnCYSzMSxwnwYvOqLy5f+PhieXwW2A6W1dpW+
Gwh1NSmvmDQaGZdSSk41f7XGcSwg8gBYM3qtq3Yhd5877G9ZBHni9e95JFZe8uWF
Uf1BUwKXdWUv9i05Vrjh6g1KMlX7+xdHl8GFgAzUHcc3T2YgCsot+lfeiAt8irvB
SY6pjedU6KE9Z76sdWIePJaaxyJctrhEbhDN1rtxeGBf26oRXV57z9+GPFWUnZOX
YEBa4emnX/LlxJEifIztbn+IuftWSp1/MHA+Dj4AH69Wqrr8A0rT8OvLyy8kFOS5
dQV1U0tScLbHASusqsEvmuBOCfAKQHbKgODtmo+v+Mqfm2dX
-----END CERTIFICATE-----