Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/sMThYym1nzwlgT80XdJ19cJjtQ4.roa
File:                     sMThYym1nzwlgT80XdJ19cJjtQ4.roa (raw, json)
Hash identifier:          +io3r2TPtJ054aKea8oSBNRXTZ2IhzSv8l0ZuuDIsy4=
Subject key identifier:   B0:C4:E1:63:29:B5:9F:3C:25:81:3F:34:5D:D2:75:F5:C2:63:B5:0E
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       0198378B7D7C672F0060D3155081C36A621D
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/sMThYym1nzwlgT80XdJ19cJjtQ4.roa
Signing time:             Wed 23 Jul 2025 13:49:05 +0000
ROA not before:           Wed 23 Jul 2025 13:49:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211094
IP address blocks:        2a0c:b641:4c0::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Jul 2025 14:18:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:37:8b:7d:7c:67:2f:00:60:d3:15:50:81:c3:6a:62:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jul 23 13:49:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b0c4e16329b59f3c25813f345dd275f5c263b50e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:68:a2:d5:80:c3:1e:c7:65:35:b1:bb:66:2c:
                    e9:90:cf:91:2b:18:10:8e:04:de:b8:0c:8f:5f:af:
                    21:cb:be:d5:57:dc:57:57:97:c4:7a:ab:af:d7:31:
                    c9:53:60:9a:b0:38:7a:b0:31:58:5a:b1:3b:d4:62:
                    ca:da:df:b4:c9:59:83:e7:61:34:b3:1a:9b:70:2e:
                    2d:ea:5f:15:2b:aa:4c:1c:76:9c:78:16:ef:aa:59:
                    e4:9b:68:9b:eb:14:06:ec:04:6c:f1:18:83:0e:4e:
                    b9:6a:4c:d6:9e:55:91:82:97:60:b7:08:6b:bf:d3:
                    7f:a1:03:3e:9b:63:ca:e0:e5:74:ef:3d:e4:7f:6f:
                    db:3e:5d:65:15:0c:33:45:7a:fd:48:1d:77:a3:ff:
                    ba:a0:81:75:09:d0:af:61:e0:a2:95:4d:09:d4:07:
                    50:a0:08:4b:9c:6d:44:4a:35:8b:ee:f7:e0:dc:4c:
                    f3:d9:1a:ea:56:c8:8e:18:a2:c3:6a:02:89:b4:63:
                    04:89:52:b6:15:be:fe:34:ce:19:82:48:fb:6d:17:
                    24:4a:ff:3c:3e:f8:5b:58:56:c1:9e:fc:8f:2d:2e:
                    48:7d:32:16:82:7a:99:ca:c0:68:8b:8a:f3:37:03:
                    78:22:d8:c6:0b:39:89:aa:7c:ff:74:16:8d:10:b5:
                    07:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:C4:E1:63:29:B5:9F:3C:25:81:3F:34:5D:D2:75:F5:C2:63:B5:0E
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/sMThYym1nzwlgT80XdJ19cJjtQ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:4c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         36:18:c3:d9:ab:12:eb:7c:12:38:78:f9:e2:87:0d:79:5a:b4:
         8e:e7:de:8f:a4:53:04:c6:89:17:f0:92:44:e7:be:a0:49:60:
         b1:45:32:00:51:5e:0c:d7:6c:2e:3d:ce:e3:39:49:af:aa:4d:
         f7:d3:73:60:08:ff:db:c6:6a:7f:fd:aa:6b:78:55:a8:ac:70:
         16:4e:5c:fc:74:4b:4f:e8:f0:c2:e0:8f:45:66:c8:95:7f:40:
         69:3a:eb:c8:db:4f:d0:5d:42:1d:bc:c7:cd:83:3d:fa:79:3b:
         8b:0b:f0:37:0b:a0:da:20:9f:57:b4:1d:70:84:8b:ba:a6:9e:
         c9:52:03:4b:46:17:e8:4b:8d:b6:92:5c:48:90:c3:93:e2:92:
         7a:8b:d3:3c:f5:0d:18:08:cf:3f:4f:90:cd:48:76:d2:3c:1d:
         ef:20:8f:26:7c:bf:a3:01:70:7f:8d:d9:33:64:a4:31:66:19:
         10:be:d4:65:6b:3f:3c:81:9a:1f:5c:65:2a:70:d6:de:f0:8c:
         58:a9:d9:43:ab:94:12:ae:92:dc:2f:57:69:ca:78:97:4d:e8:
         df:b4:08:02:90:47:a9:04:68:76:06:18:c7:d1:2f:70:a5:e0:
         0d:4f:65:b7:e9:3b:8a:70:2a:9b:e4:93:03:7e:43:c5:95:b9:
         5a:e5:b1:30
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZg3i318Zy8AYNMVUIHDamIdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwNzIzMTM0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGM0ZTE2MzI5YjU5ZjNjMjU4MTNmMzQ1ZGQyNzVmNWMyNjNiNTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Wii1YDDHsdlNbG7ZizpkM+RKxgQ
jgTeuAyPX68hy77VV9xXV5fEequv1zHJU2CasDh6sDFYWrE71GLK2t+0yVmD52E0
sxqbcC4t6l8VK6pMHHaceBbvqlnkm2ib6xQG7ARs8RiDDk65akzWnlWRgpdgtwhr
v9N/oQM+m2PK4OV07z3kf2/bPl1lFQwzRXr9SB13o/+6oIF1CdCvYeCilU0J1AdQ
oAhLnG1ESjWL7vfg3Ezz2RrqVsiOGKLDagKJtGMEiVK2Fb7+NM4Zgkj7bRckSv88
PvhbWFbBnvyPLS5IfTIWgnqZysBoi4rzNwN4ItjGCzmJqnz/dBaNELUH8wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLDE4WMptZ88JYE/NF3SdfXCY7UOMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvc01UaFl5bTFuendsZ1Q4MFhkSjE5Y0pqdFE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQTA
MA0GCSqGSIb3DQEBCwUAA4IBAQA2GMPZqxLrfBI4ePnihw15WrSO596PpFMExokX
8JJE576gSWCxRTIAUV4M12wuPc7jOUmvqk3303NgCP/bxmp//apreFWorHAWTlz8
dEtP6PDC4I9FZsiVf0BpOuvI20/QXUIdvMfNgz36eTuLC/A3C6DaIJ9XtB1whIu6
pp7JUgNLRhfoS422klxIkMOT4pJ6i9M89Q0YCM8/T5DNSHbSPB3vII8mfL+jAXB/
jdkzZKQxZhkQvtRlaz88gZofXGUqcNbe8IxYqdlDq5QSrpLcL1dpyniXTejftAgC
kEepBGh2BhjH0S9wpeANT2W36TuKcCqb5JMDfkPFlbla5bEw
-----END CERTIFICATE-----