Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/2XMc4HFPfppXrijuIXWS9x2gdX8.roa
File:                     2XMc4HFPfppXrijuIXWS9x2gdX8.roa (raw, json)
Hash identifier:          oqyAdFsjokYmKLeT3SuaUvKbmwJbwNdoy0isF4LOzdE=
Subject key identifier:   D9:73:1C:E0:71:4F:7E:9A:57:AE:28:EE:21:75:92:F7:1D:A0:75:7F
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01941FFAA56C9371275CEF19C7C48074C112
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/2XMc4HFPfppXrijuIXWS9x2gdX8.roa
Signing time:             Wed 01 Jan 2025 03:48:27 +0000
ROA not before:           Wed 01 Jan 2025 03:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213015
IP address blocks:        2a0c:b641:5b0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:a5:6c:93:71:27:5c:ef:19:c7:c4:80:74:c1:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  1 03:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d9731ce0714f7e9a57ae28ee217592f71da0757f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:23:db:0f:34:ce:a0:28:2f:9c:7b:92:81:19:
                    2a:ca:c4:7b:d2:61:f2:2e:ff:df:67:42:9c:0d:7f:
                    32:51:f8:bd:a8:d9:18:cd:c7:b0:81:b8:15:c7:9c:
                    d6:f2:bf:b4:7c:1d:92:cd:16:ef:98:fc:56:37:57:
                    83:49:8f:d1:e2:26:9c:4c:f3:05:3b:d6:a4:a3:92:
                    7e:2f:2b:63:65:d1:28:0b:03:67:eb:1c:fe:f8:ca:
                    4a:9f:92:3b:b0:40:4f:0a:a1:f7:ad:91:76:d9:81:
                    38:eb:c8:e2:a4:74:1a:f1:10:8e:e7:ba:96:56:05:
                    af:ae:ca:0d:66:f0:c2:1f:80:3b:61:74:f9:8e:72:
                    24:e3:15:d3:54:de:d1:23:79:72:93:6c:b1:b7:ab:
                    0b:d5:67:eb:8d:7a:db:71:dc:9b:ad:de:21:6a:80:
                    34:34:b7:41:ab:32:bd:18:6a:9d:fa:5d:4a:73:0f:
                    81:19:6c:d0:64:23:7a:84:f7:eb:cc:cc:a1:ab:d1:
                    98:12:05:d3:44:a2:ad:2e:cc:84:15:21:ea:ef:6d:
                    53:a4:8b:05:64:dc:fc:e7:16:47:f2:0d:47:30:cc:
                    be:23:ed:8b:95:a4:99:88:71:63:4b:c0:a4:82:40:
                    83:77:07:bb:d0:d5:34:a0:fc:0f:2f:88:4d:f7:13:
                    33:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:73:1C:E0:71:4F:7E:9A:57:AE:28:EE:21:75:92:F7:1D:A0:75:7F
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/2XMc4HFPfppXrijuIXWS9x2gdX8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:5b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         03:20:e2:5f:fd:5c:79:f1:2f:78:1a:fa:1f:a8:ab:de:31:e6:
         ac:ce:1d:7b:e9:7e:4b:5b:7b:8e:fd:c5:93:43:52:0e:3b:9e:
         47:50:08:4e:3c:b6:9a:53:12:bf:f5:65:c7:76:b3:3c:a8:81:
         9f:e0:cc:3b:38:03:7d:4e:a6:8b:01:82:1c:ed:27:e2:38:f5:
         d8:80:79:0d:e5:09:7e:9b:7c:58:95:15:b2:8b:45:d9:e1:86:
         33:82:a5:3e:f3:a1:5c:e1:d4:c3:79:cd:ac:9a:e4:49:01:81:
         c9:7a:1d:ae:28:aa:fc:b5:bc:5e:2d:66:a9:7c:4f:28:66:4c:
         5e:83:d8:4d:a4:df:c3:32:41:89:a6:3b:34:f4:27:c3:58:38:
         d0:81:9b:25:9a:96:2d:92:cc:fd:2a:6e:89:8c:11:73:39:ba:
         58:65:60:e5:16:b7:7e:bc:41:fd:b9:08:35:cb:d3:fa:de:a9:
         3f:48:1d:f4:60:7e:f8:56:f6:2e:59:3a:41:81:b2:74:8e:e5:
         4b:38:30:91:35:8e:89:89:e0:b5:ce:8a:8c:01:db:04:a1:46:
         86:3c:3a:30:39:10:75:34:1a:85:18:92:ca:73:59:e6:d5:fe:
         9b:31:61:c9:cb:30:99:ee:66:aa:9c:ea:ba:e9:c9:74:63:eb:
         87:e3:79:32
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQf+qVsk3EnXO8Zx8SAdMESMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTAxMDM0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTczMWNlMDcxNGY3ZTlhNTdhZTI4ZWUyMTc1OTJmNzFkYTA3NTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAviPbDzTOoCgvnHuSgRkqysR70mHy
Lv/fZ0KcDX8yUfi9qNkYzcewgbgVx5zW8r+0fB2SzRbvmPxWN1eDSY/R4iacTPMF
O9ako5J+LytjZdEoCwNn6xz++MpKn5I7sEBPCqH3rZF22YE468jipHQa8RCO57qW
VgWvrsoNZvDCH4A7YXT5jnIk4xXTVN7RI3lyk2yxt6sL1WfrjXrbcdybrd4haoA0
NLdBqzK9GGqd+l1Kcw+BGWzQZCN6hPfrzMyhq9GYEgXTRKKtLsyEFSHq721TpIsF
ZNz85xZH8g1HMMy+I+2LlaSZiHFjS8CkgkCDdwe70NU0oPwPL4hN9xMzRwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNlzHOBxT36aV64o7iF1kvcdoHV/MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvMlhNYzRIRlBmcHBYcmlqdUlYV1M5eDJnZFg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQWw
MA0GCSqGSIb3DQEBCwUAA4IBAQADIOJf/Vx58S94GvofqKveMeaszh176X5LW3uO
/cWTQ1IOO55HUAhOPLaaUxK/9WXHdrM8qIGf4Mw7OAN9TqaLAYIc7SfiOPXYgHkN
5Ql+m3xYlRWyi0XZ4YYzgqU+86Fc4dTDec2smuRJAYHJeh2uKKr8tbxeLWapfE8o
Zkxeg9hNpN/DMkGJpjs09CfDWDjQgZslmpYtksz9Km6JjBFzObpYZWDlFrd+vEH9
uQg1y9P63qk/SB30YH74VvYuWTpBgbJ0juVLODCRNY6JieC1zoqMAdsEoUaGPDow
ORB1NBqFGJLKc1nm1f6bMWHJyzCZ7maqnOq66cl0Y+uH43ky
-----END CERTIFICATE-----