Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/2vNKIiUsP1EWzA_ZPoJXSez6eA8.roa
File:                     2vNKIiUsP1EWzA_ZPoJXSez6eA8.roa (raw, json)
Hash identifier:          bItvFIxB3W/EFDCGLdvoUQVVt7clpcqKCNlJONahm5Y=
Subject key identifier:   DA:F3:4A:22:25:2C:3F:51:16:CC:0F:D9:3E:82:57:49:EC:FA:78:0F
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01941FFA7E23887BE98FE9F6AAF573C89199
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/2vNKIiUsP1EWzA_ZPoJXSez6eA8.roa
Signing time:             Wed 01 Jan 2025 03:48:17 +0000
ROA not before:           Wed 01 Jan 2025 03:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     64473
IP address blocks:        2a0c:b642:fc0::/43 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 05:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:7e:23:88:7b:e9:8f:e9:f6:aa:f5:73:c8:91:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  1 03:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=daf34a22252c3f5116cc0fd93e825749ecfa780f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:72:4d:0d:2b:15:66:8e:60:83:6c:54:86:de:
                    12:ad:07:ae:45:f1:f0:92:e5:6a:e4:db:1c:09:df:
                    4c:2c:69:0c:2b:ac:da:1e:6b:73:d7:13:55:a4:72:
                    96:32:9c:13:80:19:85:cd:9d:ed:eb:75:51:fc:42:
                    55:b2:00:c5:80:2c:cb:a0:b3:ca:29:4b:b8:cd:7a:
                    01:50:ac:95:6a:5c:4a:57:2a:ba:e6:90:ca:cf:02:
                    fa:dd:db:ab:36:99:97:7e:2b:6b:13:d2:1c:6b:dd:
                    97:2b:5e:21:e1:08:52:c1:48:16:73:1d:e5:d4:56:
                    cc:2f:38:70:e9:92:2e:19:70:8c:2b:07:eb:25:e7:
                    6a:29:4a:aa:21:9c:8a:05:b4:82:b0:b9:94:b9:44:
                    8a:d4:73:dc:38:08:f4:88:09:84:c1:60:03:4c:2b:
                    66:73:09:b2:f8:d0:60:98:77:d6:36:f9:5b:6e:34:
                    e4:fa:3c:6a:4c:73:52:23:b2:51:8c:8a:0a:d6:b0:
                    85:cc:8a:fe:f1:83:dd:35:29:a5:b2:21:1c:55:fb:
                    0c:cd:72:43:bc:56:5e:48:38:77:3a:c8:68:06:f7:
                    51:5d:4f:2d:bb:04:23:9a:51:3b:2a:b1:41:53:05:
                    63:5b:fe:a7:5b:34:fd:f7:d5:06:38:09:16:a1:29:
                    33:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:F3:4A:22:25:2C:3F:51:16:CC:0F:D9:3E:82:57:49:EC:FA:78:0F
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/2vNKIiUsP1EWzA_ZPoJXSez6eA8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b642:fc0::/43

    Signature Algorithm: sha256WithRSAEncryption
         29:0e:46:cb:b1:e5:1e:24:5b:b3:ff:f5:45:47:ec:fe:11:74:
         e3:e7:dd:5c:6c:9a:9a:a4:28:3a:e9:a9:66:61:61:b5:bd:bc:
         b0:31:b8:14:8c:0a:8b:f6:4b:99:e7:48:f1:fe:50:be:49:fe:
         d9:10:81:29:46:51:c0:dc:4e:a2:12:8e:17:71:0f:ea:41:0c:
         97:63:e3:43:b0:5c:14:ce:49:68:72:3d:fd:e0:01:de:65:85:
         c4:b6:3e:38:3a:12:d9:37:41:b1:a9:7f:70:41:e0:82:f9:d5:
         01:df:11:55:e9:c7:bb:00:7c:fe:94:aa:1e:9a:51:0e:c0:52:
         9c:e0:84:d3:3d:17:f0:41:0c:f6:b4:07:bf:fd:5d:d7:b1:1d:
         3e:24:63:ef:d8:19:de:01:4d:21:ac:d5:f0:1a:ba:b1:a0:d7:
         ed:0c:45:75:a3:37:ab:04:70:b4:b2:ce:96:45:bd:f6:f7:b7:
         fb:5a:ad:14:59:ef:e9:4d:ac:e0:f0:67:f1:e7:c2:cc:ed:12:
         a3:7a:0f:07:51:92:25:11:1e:0e:ed:de:99:23:1a:08:c4:c2:
         d6:91:48:4f:29:75:cc:62:18:86:40:4e:11:a7:5f:22:9d:98:
         50:79:34:1c:62:0c:24:b1:65:85:7f:a3:9c:19:b2:0d:5d:73:
         7c:1d:0c:4b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQf+n4jiHvpj+n2qvVzyJGZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTAxMDM0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWYzNGEyMjI1MmMzZjUxMTZjYzBmZDkzZTgyNTc0OWVjZmE3ODBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz3JNDSsVZo5gg2xUht4SrQeuRfHw
kuVq5NscCd9MLGkMK6zaHmtz1xNVpHKWMpwTgBmFzZ3t63VR/EJVsgDFgCzLoLPK
KUu4zXoBUKyValxKVyq65pDKzwL63durNpmXfitrE9Ica92XK14h4QhSwUgWcx3l
1FbMLzhw6ZIuGXCMKwfrJedqKUqqIZyKBbSCsLmUuUSK1HPcOAj0iAmEwWADTCtm
cwmy+NBgmHfWNvlbbjTk+jxqTHNSI7JRjIoK1rCFzIr+8YPdNSmlsiEcVfsMzXJD
vFZeSDh3OshoBvdRXU8tuwQjmlE7KrFBUwVjW/6nWzT999UGOAkWoSkzKwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNrzSiIlLD9RFswP2T6CV0ns+ngPMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvMnZOS0lpVXNQMUVXekFfWlBvSlhTZXo2ZUE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcFKgy2Qg/A
MA0GCSqGSIb3DQEBCwUAA4IBAQApDkbLseUeJFuz//VFR+z+EXTj591cbJqapCg6
6almYWG1vbywMbgUjAqL9kuZ50jx/lC+Sf7ZEIEpRlHA3E6iEo4XcQ/qQQyXY+ND
sFwUzklocj394AHeZYXEtj44OhLZN0GxqX9wQeCC+dUB3xFV6ce7AHz+lKoemlEO
wFKc4ITTPRfwQQz2tAe//V3XsR0+JGPv2BneAU0hrNXwGrqxoNftDEV1ozerBHC0
ss6WRb3297f7Wq0UWe/pTazg8Gfx58LM7RKjeg8HUZIlER4O7d6ZIxoIxMLWkUhP
KXXMYhiGQE4Rp18inZhQeTQcYgwksWWFf6OcGbINXXN8HQxL
-----END CERTIFICATE-----