Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/25Oy5hJNQ2N3G79T-FqmXy1YyMU.roa
File:                     25Oy5hJNQ2N3G79T-FqmXy1YyMU.roa (raw, json)
Hash identifier:          gqZdBw38jRH4NjuK9D8F1eSnmdxZc4KpkwtoYyABIuI=
Subject key identifier:   DB:93:B2:E6:12:4D:43:63:77:1B:BF:53:F8:5A:A6:5F:2D:58:C8:C5
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019493AAB996177A22D4279DF4DBFFAC68FB
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/25Oy5hJNQ2N3G79T-FqmXy1YyMU.roa
Signing time:             Thu 23 Jan 2025 14:57:06 +0000
ROA not before:           Thu 23 Jan 2025 14:57:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200063
IP address blocks:        2a0c:b641:200::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 05:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:93:aa:b9:96:17:7a:22:d4:27:9d:f4:db:ff:ac:68:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan 23 14:57:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=db93b2e6124d4363771bbf53f85aa65f2d58c8c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:37:b8:01:2c:3a:44:c4:ab:7c:3a:8b:b3:53:
                    fa:7f:83:60:11:e0:68:58:fd:63:34:be:9e:94:eb:
                    e4:52:55:4b:51:59:8f:05:c2:39:14:e5:22:0e:9a:
                    6d:4d:30:fa:5a:ef:67:a3:f5:8a:23:eb:a0:f4:3f:
                    3e:84:ce:8b:50:36:66:35:d8:39:c9:80:2a:c5:24:
                    40:51:4d:65:b5:c8:2f:db:e2:e1:05:0b:52:ee:51:
                    dd:27:3f:65:7d:8d:c0:8d:83:bc:35:cf:93:de:7b:
                    d9:15:f6:d5:cb:8d:8a:18:51:fd:c6:4f:e4:b1:e9:
                    d7:7f:45:78:99:98:41:8b:bc:4e:56:7f:11:ac:f9:
                    44:5c:a4:f4:f5:d5:9a:f4:71:87:45:2e:18:e6:2f:
                    f2:10:b6:4a:5d:19:b5:9d:01:57:5b:0d:ca:39:ae:
                    8e:c9:42:33:76:ad:da:45:9d:e1:02:2e:48:eb:a1:
                    5e:da:08:75:6c:b5:ef:00:da:56:07:4f:1d:bb:bf:
                    4f:a8:48:b6:97:5d:fe:f3:e0:8a:02:8c:d1:47:48:
                    39:63:42:28:46:90:88:9b:3b:9a:61:86:85:bc:de:
                    f0:20:d5:b5:2e:cb:70:74:50:ab:08:bf:64:39:62:
                    3d:13:45:23:75:69:08:4b:a4:c3:ab:a5:01:ee:b0:
                    db:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:93:B2:E6:12:4D:43:63:77:1B:BF:53:F8:5A:A6:5F:2D:58:C8:C5
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/25Oy5hJNQ2N3G79T-FqmXy1YyMU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:200::/44

    Signature Algorithm: sha256WithRSAEncryption
         44:e0:22:c7:0c:d6:42:2c:a1:05:32:e6:2e:63:fd:65:4b:22:
         c8:a9:30:0d:64:a4:bc:98:3b:19:63:b5:3b:9b:f1:da:73:3b:
         90:be:19:a3:77:f9:27:cf:72:49:27:2e:42:f7:92:14:1c:88:
         a0:b5:30:60:fd:c8:4f:8f:57:47:63:ec:9e:ec:76:5c:a9:b6:
         03:32:9a:fc:1f:e3:09:1a:6a:bb:7d:36:ba:31:e5:c6:5f:93:
         d5:10:a0:ce:fe:c4:b9:77:e3:89:7f:6f:15:4d:f7:ed:12:c6:
         95:b3:a1:8a:f2:4e:61:04:76:cc:37:ed:00:23:a7:ba:e4:1b:
         25:c1:e8:fd:14:02:16:12:6a:dc:7f:a0:f4:8e:4b:55:53:22:
         88:0d:4c:d2:f1:0e:12:3d:da:8c:15:70:6c:df:46:84:eb:62:
         71:00:77:34:0d:e1:ca:7a:9f:f0:f8:72:ff:60:c4:55:97:0f:
         a7:32:f9:15:a5:ca:61:2d:b0:77:d1:fb:fc:d6:ae:2b:ec:3d:
         5c:3f:13:e9:0e:53:9e:d8:32:38:0a:8d:e0:bd:dd:78:39:9f:
         bb:13:07:52:53:1e:86:f6:87:39:4a:ca:c9:3a:ef:08:6b:7a:
         42:c3:8b:27:da:14:f6:3b:bc:55:6f:8e:aa:96:92:25:67:74:
         a2:5d:c8:4d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZSTqrmWF3oi1Ced9Nv/rGj7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTIzMTQ1NzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjkzYjJlNjEyNGQ0MzYzNzcxYmJmNTNmODVhYTY1ZjJkNThjOGM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsze4ASw6RMSrfDqLs1P6f4NgEeBo
WP1jNL6elOvkUlVLUVmPBcI5FOUiDpptTTD6Wu9no/WKI+ug9D8+hM6LUDZmNdg5
yYAqxSRAUU1ltcgv2+LhBQtS7lHdJz9lfY3AjYO8Nc+T3nvZFfbVy42KGFH9xk/k
senXf0V4mZhBi7xOVn8RrPlEXKT09dWa9HGHRS4Y5i/yELZKXRm1nQFXWw3KOa6O
yUIzdq3aRZ3hAi5I66Fe2gh1bLXvANpWB08du79PqEi2l13+8+CKAozRR0g5Y0Io
RpCImzuaYYaFvN7wINW1LstwdFCrCL9kOWI9E0UjdWkIS6TDq6UB7rDbUQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNuTsuYSTUNjdxu/U/hapl8tWMjFMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvMjVPeTVoSk5RMk4zRzc5VC1GcW1YeTFZeU1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQIA
MA0GCSqGSIb3DQEBCwUAA4IBAQBE4CLHDNZCLKEFMuYuY/1lSyLIqTANZKS8mDsZ
Y7U7m/HaczuQvhmjd/knz3JJJy5C95IUHIigtTBg/chPj1dHY+ye7HZcqbYDMpr8
H+MJGmq7fTa6MeXGX5PVEKDO/sS5d+OJf28VTfftEsaVs6GK8k5hBHbMN+0AI6e6
5Bslwej9FAIWEmrcf6D0jktVUyKIDUzS8Q4SPdqMFXBs30aE62JxAHc0DeHKep/w
+HL/YMRVlw+nMvkVpcphLbB30fv81q4r7D1cPxPpDlOe2DI4Co3gvd14OZ+7EwdS
Ux6G9oc5SsrJOu8Ia3pCw4sn2hT2O7xVb46qlpIlZ3SiXchN
-----END CERTIFICATE-----