Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/BAVuwQSAqG_fT0xx_XfJKyWJKS4.roa
File:                     BAVuwQSAqG_fT0xx_XfJKyWJKS4.roa (raw, json)
Hash identifier:          /K7gF7dXOLw+pwgbc5jQ73NQaByTeDHvrO0dJufC/2g=
Subject key identifier:   04:05:6E:C1:04:80:A8:6F:DF:4F:4C:71:FD:77:C9:2B:25:89:29:2E
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019427482918E9F44C0CB8C432EFD3CBD6FE
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/BAVuwQSAqG_fT0xx_XfJKyWJKS4.roa
Signing time:             Thu 02 Jan 2025 13:50:28 +0000
ROA not before:           Thu 02 Jan 2025 13:50:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     152697
IP address blocks:        2a0e:9b00::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 16:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:29:18:e9:f4:4c:0c:b8:c4:32:ef:d3:cb:d6:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jan  2 13:50:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=04056ec10480a86fdf4f4c71fd77c92b2589292e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:09:be:f0:38:9e:8d:fa:99:9b:f5:18:06:52:
                    b5:d8:cc:8b:51:a1:c7:2f:c7:a8:a7:83:77:62:04:
                    6a:91:c5:2c:27:fa:e8:7a:e6:39:56:2c:13:87:ff:
                    9d:25:a1:01:a0:55:0d:c5:70:39:ab:cc:8b:1d:9b:
                    3d:5f:86:d0:20:9d:63:f4:05:71:e6:73:31:7e:eb:
                    77:f7:e7:df:09:cc:0f:f5:c0:6a:12:06:19:23:7f:
                    bf:4b:57:bd:be:43:a7:0c:c5:cf:c7:d6:5a:1c:85:
                    51:66:be:c7:83:0f:98:e5:6f:74:3d:a7:cd:39:46:
                    dc:0a:16:5e:88:e5:a6:75:73:47:45:5c:7a:08:be:
                    54:5b:a7:09:9c:c1:a2:d1:17:43:a1:08:96:3e:b3:
                    42:61:31:bc:0a:0c:e1:08:a7:fc:1b:df:5c:9e:4d:
                    2e:fc:01:f6:6b:21:24:40:fc:4b:5d:88:88:81:6b:
                    b6:b6:3c:5e:90:d1:a3:6a:de:59:1c:ec:bc:d1:84:
                    18:f6:8c:e8:b1:bc:85:68:3c:44:cb:ca:fd:04:dc:
                    52:82:9e:35:2f:70:62:f1:73:78:58:9e:69:ac:8b:
                    66:51:01:50:d2:6e:70:c3:6a:15:fa:04:a6:ad:4c:
                    dc:62:b8:5a:8d:d5:15:c5:74:73:98:f0:07:ab:25:
                    ea:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:05:6E:C1:04:80:A8:6F:DF:4F:4C:71:FD:77:C9:2B:25:89:29:2E
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/BAVuwQSAqG_fT0xx_XfJKyWJKS4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:9b00::/29

    Signature Algorithm: sha256WithRSAEncryption
         c2:85:bf:3b:1b:c1:48:ac:f2:13:00:71:62:ff:49:28:3c:d5:
         21:ef:6f:ee:b4:98:da:ed:6e:c5:b1:dd:ed:bd:c9:1d:a8:03:
         50:d7:ed:e3:93:a8:ff:77:27:22:67:5d:0b:95:cd:6c:e8:72:
         f4:5e:72:fa:2e:f0:e7:8c:1a:0c:1e:51:f8:a3:d1:e6:c5:5d:
         35:32:8c:1e:f5:6b:74:f0:c0:79:96:b9:be:c3:97:39:72:9f:
         0f:a1:e1:74:a4:6e:41:4a:b8:ff:81:98:ee:7b:b8:0b:87:7b:
         63:fb:ea:9b:bf:59:ff:97:11:8f:e1:fc:7e:db:b5:3d:00:05:
         e9:ea:53:69:48:c5:f8:0d:8a:61:f5:ef:0f:90:53:bd:a6:62:
         3b:95:16:86:79:19:79:e4:46:a8:72:22:b1:52:61:f4:df:a9:
         8e:46:4f:df:e2:24:e3:b8:c2:df:72:b6:05:40:65:da:4e:58:
         c8:5c:f2:a9:56:26:a8:eb:b2:d9:53:e8:75:02:47:79:da:9b:
         cb:8b:b6:99:56:4a:8e:cb:65:85:f2:2e:19:a5:7c:10:8e:07:
         08:73:1e:bd:ee:e7:51:06:49:b8:02:bd:f5:60:e2:2a:02:db:
         14:ba:30:6a:fb:82:04:33:32:48:ab:aa:7e:fe:20:8f:ba:f3:
         ed:14:26:7e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQnSCkY6fRMDLjEMu/Ty9b+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwMTAyMTM1MDI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDA1NmVjMTA0ODBhODZmZGY0ZjRjNzFmZDc3YzkyYjI1ODkyOTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzQm+8DiejfqZm/UYBlK12MyLUaHH
L8eop4N3YgRqkcUsJ/roeuY5ViwTh/+dJaEBoFUNxXA5q8yLHZs9X4bQIJ1j9AVx
5nMxfut39+ffCcwP9cBqEgYZI3+/S1e9vkOnDMXPx9ZaHIVRZr7Hgw+Y5W90PafN
OUbcChZeiOWmdXNHRVx6CL5UW6cJnMGi0RdDoQiWPrNCYTG8CgzhCKf8G99cnk0u
/AH2ayEkQPxLXYiIgWu2tjxekNGjat5ZHOy80YQY9ozosbyFaDxEy8r9BNxSgp41
L3Bi8XN4WJ5prItmUQFQ0m5ww2oV+gSmrUzcYrhajdUVxXRzmPAHqyXquwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFAQFbsEEgKhv309Mcf13ySsliSkuMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvQkFWdXdRU0FxR19mVDB4eF9YZkpLeVdKS1M0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg6bADAN
BgkqhkiG9w0BAQsFAAOCAQEAwoW/OxvBSKzyEwBxYv9JKDzVIe9v7rSY2u1uxbHd
7b3JHagDUNft45Oo/3cnImddC5XNbOhy9F5y+i7w54waDB5R+KPR5sVdNTKMHvVr
dPDAeZa5vsOXOXKfD6HhdKRuQUq4/4GY7nu4C4d7Y/vqm79Z/5cRj+H8ftu1PQAF
6epTaUjF+A2KYfXvD5BTvaZiO5UWhnkZeeRGqHIisVJh9N+pjkZP3+Ik47jC33K2
BUBl2k5YyFzyqVYmqOuy2VPodQJHedqby4u2mVZKjstlhfIuGaV8EI4HCHMeve7n
UQZJuAK99WDiKgLbFLowavuCBDMySKuqfv4gj7rz7RQmfg==
-----END CERTIFICATE-----