Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/eSTVLXTHA74O9UiQUgB91CU3rME.roa
File:                     eSTVLXTHA74O9UiQUgB91CU3rME.roa (raw, json)
Hash identifier:          donlh+Ty9LzAHk2Oi9TLUnO+HZKG6TbuES+t+vY9DGs=
Subject key identifier:   79:24:D5:2D:74:C7:03:BE:0E:F5:48:90:52:00:7D:D4:25:37:AC:C1
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019841F2C28C29BF5CC7EC332189721C8633
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/eSTVLXTHA74O9UiQUgB91CU3rME.roa
Signing time:             Fri 25 Jul 2025 14:18:05 +0000
ROA not before:           Fri 25 Jul 2025 14:18:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215685
IP address blocks:        2a0c:b641:660::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 00:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:41:f2:c2:8c:29:bf:5c:c7:ec:33:21:89:72:1c:86:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jul 25 14:18:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7924d52d74c703be0ef5489052007dd42537acc1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:d3:14:c6:24:6a:b2:cb:4d:fc:b7:d0:1e:89:
                    e4:c8:3a:5b:f9:4a:13:37:fb:4f:95:b1:cc:b0:06:
                    bd:45:e8:bf:b5:52:fc:26:64:0b:ce:91:67:ba:35:
                    56:80:cf:35:41:48:ed:07:80:d7:d0:5d:7e:0c:e5:
                    bf:7e:d6:2c:d9:2f:b0:c8:b8:82:2f:6f:6e:9e:d9:
                    4a:b3:f3:1d:e1:1a:4b:89:d7:2b:9e:03:16:a5:cd:
                    d9:82:7d:51:3b:9a:2c:1d:8f:38:b6:8d:20:40:58:
                    bc:74:33:d2:6c:d4:84:07:40:af:d0:3f:a7:36:af:
                    7c:af:92:1f:ce:10:3a:8d:27:fd:ea:d4:7f:4b:97:
                    60:88:fe:46:98:73:a3:2d:13:49:27:61:e9:36:c2:
                    92:9c:fe:4f:31:2f:bd:35:8a:a9:c9:3a:13:94:31:
                    ce:09:11:d9:dd:fc:6f:af:75:88:29:bf:5c:a7:90:
                    fc:1a:f7:7e:29:3f:38:78:e5:7f:4f:6b:09:c1:95:
                    64:d5:a1:91:f9:db:4a:da:75:7b:c6:13:2a:76:e5:
                    6e:d6:85:e6:d6:70:0e:18:25:38:3a:8b:21:f2:47:
                    30:c1:df:58:f9:08:d6:aa:7b:89:b2:0c:c9:43:b8:
                    89:e1:80:91:9c:d5:e1:52:76:5a:c1:d3:34:29:b9:
                    14:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:24:D5:2D:74:C7:03:BE:0E:F5:48:90:52:00:7D:D4:25:37:AC:C1
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/eSTVLXTHA74O9UiQUgB91CU3rME.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:660::/44

    Signature Algorithm: sha256WithRSAEncryption
         50:f2:bd:f9:33:1e:34:ae:a0:a7:22:fc:7f:0b:8d:3d:f6:a4:
         68:ad:1e:a3:d3:ae:b6:21:17:29:e0:fd:3d:dd:01:22:73:16:
         90:7d:a0:fa:4c:27:06:fe:ac:58:d5:89:a9:d0:d2:fc:54:3d:
         79:9b:d0:9e:8b:8a:0e:15:97:20:7b:81:5b:88:4f:5d:3e:37:
         1f:7b:58:99:6d:23:a0:bd:6a:f0:cc:bb:26:8b:4e:6e:22:df:
         28:c9:4d:9b:26:c7:3c:8c:08:7e:67:df:65:2e:46:54:d5:17:
         df:b8:ab:59:4a:aa:d7:74:e5:7d:af:b5:6a:3e:eb:e7:6c:b8:
         bf:1b:d8:63:28:cf:d1:e3:3f:01:44:8a:e2:a8:45:a6:db:79:
         5f:98:2c:56:0a:c3:31:03:9a:a5:35:6c:63:36:20:f2:5f:c4:
         89:e2:6d:cf:ff:e9:72:9d:6d:42:5d:5a:6e:28:cb:13:a3:2e:
         a9:cb:f3:a1:dd:05:cf:f6:29:cb:91:87:d2:4e:ec:5e:bc:cb:
         02:7a:59:8b:f3:8b:b0:9e:37:c4:3f:03:cf:11:28:6a:24:84:
         14:06:70:c5:92:c3:ee:4b:c5:20:bf:a2:0c:e9:7d:01:3c:ef:
         34:f4:9a:d5:bc:0e:04:8c:ae:4d:7a:ac:68:ec:88:03:2e:01:
         ac:26:f9:e1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZhB8sKMKb9cx+wzIYlyHIYzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwNzI1MTQxODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTI0ZDUyZDc0YzcwM2JlMGVmNTQ4OTA1MjAwN2RkNDI1MzdhY2MxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs9MUxiRqsstN/LfQHonkyDpb+UoT
N/tPlbHMsAa9Rei/tVL8JmQLzpFnujVWgM81QUjtB4DX0F1+DOW/ftYs2S+wyLiC
L29untlKs/Md4RpLidcrngMWpc3Zgn1RO5osHY84to0gQFi8dDPSbNSEB0Cv0D+n
Nq98r5IfzhA6jSf96tR/S5dgiP5GmHOjLRNJJ2HpNsKSnP5PMS+9NYqpyToTlDHO
CRHZ3fxvr3WIKb9cp5D8Gvd+KT84eOV/T2sJwZVk1aGR+dtK2nV7xhMqduVu1oXm
1nAOGCU4Oosh8kcwwd9Y+QjWqnuJsgzJQ7iJ4YCRnNXhUnZawdM0KbkUSQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHkk1S10xwO+DvVIkFIAfdQlN6zBMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvZVNUVkxYVEhBNzRPOVVpUVVnQjkxQ1Uzck1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQZg
MA0GCSqGSIb3DQEBCwUAA4IBAQBQ8r35Mx40rqCnIvx/C4099qRorR6j0662IRcp
4P093QEicxaQfaD6TCcG/qxY1Ymp0NL8VD15m9Cei4oOFZcge4FbiE9dPjcfe1iZ
bSOgvWrwzLsmi05uIt8oyU2bJsc8jAh+Z99lLkZU1RffuKtZSqrXdOV9r7VqPuvn
bLi/G9hjKM/R4z8BRIriqEWm23lfmCxWCsMxA5qlNWxjNiDyX8SJ4m3P/+lynW1C
XVpuKMsToy6py/Oh3QXP9inLkYfSTuxevMsCelmL84uwnjfEPwPPEShqJIQUBnDF
ksPuS8Ugv6IM6X0BPO809JrVvA4EjK5Neqxo7IgDLgGsJvnh
-----END CERTIFICATE-----