Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/3y54YWsOhpR71BaaDYNGYSB5T8w.roa
File:                     3y54YWsOhpR71BaaDYNGYSB5T8w.roa (raw, json)
Hash identifier:          PzeN+HxdpEO3IXJRKCFPke9VPrJ5ZVIvbGGOCd9t58M=
Subject key identifier:   DF:2E:78:61:6B:0E:86:94:7B:D4:16:9A:0D:83:46:61:20:79:4F:CC
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       0193BAF2022B85C64D1673DA1D7E212DE2C3
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/3y54YWsOhpR71BaaDYNGYSB5T8w.roa
Signing time:             Thu 12 Dec 2024 12:57:22 +0000
ROA not before:           Thu 12 Dec 2024 12:57:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213748
IP address blocks:        2a0c:b641:20::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:ba:f2:02:2b:85:c6:4d:16:73:da:1d:7e:21:2d:e2:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Dec 12 12:57:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=df2e78616b0e86947bd4169a0d83466120794fcc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:f8:95:7e:09:61:3a:b4:57:83:5a:ec:52:b8:
                    4d:74:ad:51:e7:a7:af:7f:c4:e3:ba:38:10:5a:f3:
                    96:c2:61:e1:b1:5e:07:06:91:a9:2b:a4:8c:20:2b:
                    1c:05:39:dc:e2:f7:0f:a5:e3:a2:1c:3f:57:91:f9:
                    1d:08:7b:64:21:67:3e:45:27:5e:0b:2f:75:9d:3b:
                    f6:96:e4:31:fc:2d:16:73:0d:94:88:8b:3f:41:c7:
                    19:b9:13:1b:29:3c:17:de:de:4c:64:f1:a8:bf:fd:
                    ef:24:81:ea:b9:8f:a4:d2:20:04:dc:f1:b3:2a:63:
                    0c:a3:08:9a:ad:5c:81:7e:11:07:28:95:82:d7:dd:
                    da:87:52:61:45:2c:f8:e1:38:74:d6:6a:08:c7:ed:
                    d8:06:01:6c:49:d6:dd:05:b7:d7:91:12:e1:f4:91:
                    4e:25:3e:f8:c2:7c:51:a6:5d:ed:4f:df:bc:56:e2:
                    f2:0b:dc:05:a7:a9:e2:65:94:18:ce:ec:0e:77:94:
                    5b:91:6c:80:10:6a:7a:4a:5b:67:13:a5:76:e9:0b:
                    e7:98:b9:e4:0a:d7:f0:8c:60:88:2a:70:97:b0:21:
                    da:2b:e1:63:37:ee:81:a7:0a:f4:86:af:7c:0d:60:
                    a5:84:a0:d2:84:c8:14:47:cc:d8:cf:9c:45:7d:04:
                    15:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:2E:78:61:6B:0E:86:94:7B:D4:16:9A:0D:83:46:61:20:79:4F:CC
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/3y54YWsOhpR71BaaDYNGYSB5T8w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:20::/44

    Signature Algorithm: sha256WithRSAEncryption
         62:8f:6c:7a:35:71:cb:88:62:74:18:35:6c:bc:e6:78:d6:73:
         10:ef:36:0f:08:c6:06:93:8c:05:cc:7d:b6:8e:14:b3:94:01:
         c1:7c:cb:84:60:91:62:e7:5f:2e:26:3a:c1:21:10:0d:6a:d9:
         6a:ea:38:84:cb:3b:be:85:80:1d:f1:4a:c2:e6:d7:52:a5:0e:
         8e:1c:68:af:ce:a9:4c:1a:09:f6:cd:c0:a2:99:22:3b:22:8a:
         5a:a7:03:c1:24:f9:0a:e0:fc:d0:d1:f7:bf:d9:82:35:d3:d8:
         d9:66:90:e5:94:1d:c3:fb:4a:23:0d:99:95:ed:e5:e5:5f:9e:
         31:6f:d4:8d:fe:96:f3:3e:e2:36:90:62:84:0b:94:df:fc:88:
         2d:0b:ec:08:9a:e3:17:84:96:e6:db:34:83:68:8d:b6:1e:b8:
         24:78:11:02:3e:d5:6f:19:65:ef:12:6c:89:f7:cf:04:73:c4:
         a4:92:f2:2a:2f:82:95:30:73:d7:a3:49:e4:fe:22:24:32:c2:
         bc:fc:2c:da:d5:12:e4:5b:ce:c6:da:7f:c9:a6:45:47:df:44:
         0a:9a:e2:eb:be:5a:0c:1a:05:2a:8a:56:00:05:5d:af:60:27:
         ff:1d:c9:bb:1b:57:9d:35:39:6d:6d:2c:13:02:37:73:77:06:
         69:d0:a8:15
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZO68gIrhcZNFnPaHX4hLeLDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQxMjEyMTI1NzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjJlNzg2MTZiMGU4Njk0N2JkNDE2OWEwZDgzNDY2MTIwNzk0ZmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuPiVfglhOrRXg1rsUrhNdK1R56ev
f8TjujgQWvOWwmHhsV4HBpGpK6SMICscBTnc4vcPpeOiHD9XkfkdCHtkIWc+RSde
Cy91nTv2luQx/C0Wcw2UiIs/QccZuRMbKTwX3t5MZPGov/3vJIHquY+k0iAE3PGz
KmMMowiarVyBfhEHKJWC193ah1JhRSz44Th01moIx+3YBgFsSdbdBbfXkRLh9JFO
JT74wnxRpl3tT9+8VuLyC9wFp6niZZQYzuwOd5RbkWyAEGp6SltnE6V26QvnmLnk
CtfwjGCIKnCXsCHaK+FjN+6Bpwr0hq98DWClhKDShMgUR8zYz5xFfQQVnQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFN8ueGFrDoaUe9QWmg2DRmEgeU/MMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvM3k1NFlXc09ocFI3MUJhYURZTkdZU0I1VDh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQAg
MA0GCSqGSIb3DQEBCwUAA4IBAQBij2x6NXHLiGJ0GDVsvOZ41nMQ7zYPCMYGk4wF
zH22jhSzlAHBfMuEYJFi518uJjrBIRANatlq6jiEyzu+hYAd8UrC5tdSpQ6OHGiv
zqlMGgn2zcCimSI7IopapwPBJPkK4PzQ0fe/2YI109jZZpDllB3D+0ojDZmV7eXl
X54xb9SN/pbzPuI2kGKEC5Tf/IgtC+wImuMXhJbm2zSDaI22HrgkeBECPtVvGWXv
EmyJ988Ec8SkkvIqL4KVMHPXo0nk/iIkMsK8/Cza1RLkW87G2n/JpkVH30QKmuLr
vloMGgUqilYABV2vYCf/Hcm7G1edNTltbSwTAjdzdwZp0KgV
-----END CERTIFICATE-----