Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/3EV7pElcolTze0I8XvPy_KzfOX4.roa
File:                     3EV7pElcolTze0I8XvPy_KzfOX4.roa (raw, json)
Hash identifier:          GIfkfU1qUkqoKqlkI4q1KP9HvjS0BfaHtMx72oZmAFI=
Subject key identifier:   DC:45:7B:A4:49:5C:A2:54:F3:7B:42:3C:5E:F3:F2:FC:AC:DF:39:7E
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01958EC379796EA8CE689923439FDE65E02F
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/3EV7pElcolTze0I8XvPy_KzfOX4.roa
Signing time:             Thu 13 Mar 2025 09:08:49 +0000
ROA not before:           Thu 13 Mar 2025 09:08:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50555
IP address blocks:        2a0c:b641:2e0::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:8e:c3:79:79:6e:a8:ce:68:99:23:43:9f:de:65:e0:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Mar 13 09:08:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dc457ba4495ca254f37b423c5ef3f2fcacdf397e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:9e:0d:81:21:21:3a:4d:c0:fb:3d:c8:c0:58:
                    91:5f:1a:a5:2b:15:da:81:da:3d:ed:85:79:6f:cf:
                    ef:36:a6:bb:8d:40:18:c5:f7:64:0d:2d:bf:9a:94:
                    fb:ee:19:f9:23:19:c6:51:ef:11:7c:4b:ef:35:61:
                    29:77:cb:67:37:31:4a:07:55:73:d4:42:1a:57:51:
                    94:20:00:db:6a:05:79:f3:c3:f1:65:d8:cc:e3:24:
                    ae:c4:2d:de:1f:d2:9c:81:42:50:09:c4:cb:09:d9:
                    b5:1b:5c:af:61:50:2d:c7:f2:85:ad:b9:b6:e9:f7:
                    3d:34:0d:42:87:b5:bf:9e:c6:95:7b:b4:12:f4:ab:
                    0e:25:b9:38:71:02:aa:48:65:7b:85:62:99:0e:8a:
                    6b:0e:5c:ac:12:dc:58:58:86:98:93:63:f9:bd:7e:
                    f0:05:da:a4:75:c7:48:ae:2f:5d:e2:cc:b3:dd:4a:
                    25:e2:9f:2e:64:cb:7b:c6:03:f5:9a:3a:04:0f:6b:
                    41:b4:10:ab:38:52:8b:ed:9e:af:46:05:77:13:d8:
                    23:53:1c:c5:15:12:2b:25:89:9c:39:b2:0e:76:89:
                    77:b3:6a:59:85:a2:3d:bf:69:52:be:ee:fb:64:c7:
                    06:69:5b:49:08:38:12:dd:3b:3e:4a:48:f1:78:c8:
                    7c:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:45:7B:A4:49:5C:A2:54:F3:7B:42:3C:5E:F3:F2:FC:AC:DF:39:7E
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/3EV7pElcolTze0I8XvPy_KzfOX4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:2e0::/44

    Signature Algorithm: sha256WithRSAEncryption
         19:61:6c:8a:48:08:68:d2:d7:08:01:b0:57:2b:30:52:88:b1:
         f4:ed:0e:a9:af:15:14:ee:56:5c:66:65:b3:dd:04:e2:1f:c7:
         12:5c:5d:81:02:59:a7:25:5e:a2:53:8c:1b:7f:09:f7:40:70:
         a9:3d:73:60:69:f0:20:42:7e:2d:49:53:5b:20:0a:6d:fd:b3:
         41:99:db:9d:8c:f1:8e:96:35:f5:54:5c:ed:07:a0:2e:76:6d:
         6a:46:af:76:72:2a:8b:fe:f8:96:5a:1a:db:f1:0c:4c:75:3b:
         03:c0:88:6f:9c:f9:be:c0:62:03:86:ae:61:0c:ba:76:86:64:
         54:36:e7:77:12:0c:17:3b:5a:7e:60:fb:6d:f4:bf:3f:8a:1e:
         e3:aa:f7:2e:8b:72:e8:ed:16:39:83:26:0f:8c:1d:5f:06:2d:
         88:39:95:4f:3d:a8:96:c7:00:95:e0:75:99:7b:a9:87:32:c5:
         1b:2a:80:ba:9b:31:09:da:a8:07:8c:57:0e:ee:15:d3:f2:b1:
         0a:1e:84:5f:5a:b2:c6:8f:a2:5e:71:bf:07:1a:00:92:75:ec:
         bf:91:8c:86:5d:d1:86:9c:bb:c1:7d:49:79:fc:b1:8b:43:25:
         f1:7d:f8:aa:0d:9c:74:c7:0e:b7:6d:49:54:7d:3b:46:cc:36:
         5a:0c:ca:e9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZWOw3l5bqjOaJkjQ5/eZeAvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMzEzMDkwODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzQ1N2JhNDQ5NWNhMjU0ZjM3YjQyM2M1ZWYzZjJmY2FjZGYzOTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZ4NgSEhOk3A+z3IwFiRXxqlKxXa
gdo97YV5b8/vNqa7jUAYxfdkDS2/mpT77hn5IxnGUe8RfEvvNWEpd8tnNzFKB1Vz
1EIaV1GUIADbagV588PxZdjM4ySuxC3eH9KcgUJQCcTLCdm1G1yvYVAtx/KFrbm2
6fc9NA1Ch7W/nsaVe7QS9KsOJbk4cQKqSGV7hWKZDoprDlysEtxYWIaYk2P5vX7w
BdqkdcdIri9d4syz3Uol4p8uZMt7xgP1mjoED2tBtBCrOFKL7Z6vRgV3E9gjUxzF
FRIrJYmcObIOdol3s2pZhaI9v2lSvu77ZMcGaVtJCDgS3Ts+SkjxeMh8BQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNxFe6RJXKJU83tCPF7z8vys3zl+MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvM0VWN3BFbGNvbFR6ZTBJOFh2UHlfS3pmT1g0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQLg
MA0GCSqGSIb3DQEBCwUAA4IBAQAZYWyKSAho0tcIAbBXKzBSiLH07Q6prxUU7lZc
ZmWz3QTiH8cSXF2BAlmnJV6iU4wbfwn3QHCpPXNgafAgQn4tSVNbIApt/bNBmdud
jPGOljX1VFztB6Audm1qRq92ciqL/viWWhrb8QxMdTsDwIhvnPm+wGIDhq5hDLp2
hmRUNud3EgwXO1p+YPtt9L8/ih7jqvcui3Lo7RY5gyYPjB1fBi2IOZVPPaiWxwCV
4HWZe6mHMsUbKoC6mzEJ2qgHjFcO7hXT8rEKHoRfWrLGj6Jecb8HGgCSdey/kYyG
XdGGnLvBfUl5/LGLQyXxffiqDZx0xw63bUlUfTtGzDZaDMrp
-----END CERTIFICATE-----