Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/6D8WXPO-CXqHJP4L2RXE6XxwHCs.roa
File:                     6D8WXPO-CXqHJP4L2RXE6XxwHCs.roa (raw, json)
Hash identifier:          ctQryHwocVe0ew3ZPf4K3UifSz8fEyAtpyZyA27Wz7k=
Subject key identifier:   E8:3F:16:5C:F3:BE:09:7A:87:24:FE:0B:D9:15:C4:E9:7C:70:1C:2B
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01941FFA77CB3B023CF3A7F5148B053EBB3B
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/6D8WXPO-CXqHJP4L2RXE6XxwHCs.roa
Signing time:             Wed 01 Jan 2025 03:48:15 +0000
ROA not before:           Wed 01 Jan 2025 03:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41108
IP address blocks:        2a0c:b642:1a0f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 08:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:77:cb:3b:02:3c:f3:a7:f5:14:8b:05:3e:bb:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  1 03:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e83f165cf3be097a8724fe0bd915c4e97c701c2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:ed:e5:f9:60:a6:87:3f:c2:5a:83:4b:cb:c3:
                    bd:c8:91:d7:61:53:80:db:52:ca:d8:37:fa:e6:b3:
                    e0:e0:24:e7:b3:49:64:49:52:1e:ec:35:2c:aa:04:
                    3f:9b:05:27:3c:7d:6f:0d:4c:c2:cf:15:ba:ac:02:
                    63:b1:31:01:5f:03:70:06:01:fb:64:71:a9:ae:52:
                    c3:be:3c:08:f1:8b:cc:94:c0:72:f8:03:69:72:87:
                    7f:db:30:6c:b5:c9:32:b7:7a:05:0d:5d:04:61:79:
                    00:03:13:70:f1:e9:e5:34:a6:7a:32:53:d3:af:ae:
                    45:73:d8:2e:39:b7:a0:34:59:a7:c7:b3:56:05:9c:
                    a4:e6:97:85:6f:bd:4f:b8:96:19:52:b7:3c:ae:31:
                    81:d1:cc:5b:d8:74:dd:d0:d0:73:7f:95:b8:b4:57:
                    91:92:64:11:56:2a:03:6a:65:8c:5f:b8:49:50:02:
                    3a:7c:d0:df:a5:0c:39:62:1b:0e:be:5a:0d:74:4d:
                    08:53:9f:0e:3f:56:7c:20:02:be:c1:ca:00:86:b9:
                    53:85:77:b1:f0:00:95:78:d1:5e:96:84:b1:2b:43:
                    54:da:a5:71:d7:94:82:8a:1b:f5:94:ef:90:ce:dd:
                    cd:00:9d:3f:34:3f:a4:c3:a6:e7:8c:c7:9d:7f:82:
                    9a:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:3F:16:5C:F3:BE:09:7A:87:24:FE:0B:D9:15:C4:E9:7C:70:1C:2B
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/6D8WXPO-CXqHJP4L2RXE6XxwHCs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b642:1a0f::/48

    Signature Algorithm: sha256WithRSAEncryption
         12:94:55:d5:54:32:8f:60:56:3d:a4:68:da:c8:83:0b:07:c6:
         7f:7c:30:2e:9b:84:24:bc:b4:41:b2:00:72:f1:6f:62:10:34:
         aa:26:ee:12:97:b5:6e:cb:12:0a:ab:95:78:81:2a:7a:55:d1:
         fe:cc:3a:dc:08:41:48:e8:04:89:6a:30:55:14:7b:1a:e2:a0:
         d8:de:da:0b:31:3e:6b:d3:b2:0f:92:ed:4f:5e:3b:bd:51:7d:
         1a:c6:bb:48:0a:dd:08:4d:aa:bb:2e:2f:30:fe:60:5e:d8:e0:
         74:8a:41:d8:6a:d3:d1:1f:21:37:7c:f0:80:9f:e3:89:b1:31:
         5a:aa:aa:9c:51:c4:8e:06:af:83:31:87:be:49:65:a4:9f:ba:
         bc:09:96:1d:fa:04:09:0e:ca:ca:4e:a5:92:d7:ea:35:b3:7d:
         f7:65:ea:75:4a:5d:a1:4c:51:46:14:97:18:ba:e4:5e:1e:5d:
         fa:c3:62:47:ff:c2:db:34:39:4a:85:e2:1a:33:cb:8e:33:78:
         e2:be:7f:54:ef:72:6b:e7:be:2d:1f:1c:7a:64:cf:b1:77:1e:
         43:93:c2:23:ca:71:88:3c:ee:35:a4:f4:26:ed:bd:8d:3e:a2:
         11:e1:b4:6a:b1:72:fc:e0:8f:38:8d:e3:d4:10:3d:eb:1f:14:
         57:91:80:0b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQf+nfLOwI886f1FIsFPrs7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTAxMDM0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODNmMTY1Y2YzYmUwOTdhODcyNGZlMGJkOTE1YzRlOTdjNzAxYzJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxO3l+WCmhz/CWoNLy8O9yJHXYVOA
21LK2Df65rPg4CTns0lkSVIe7DUsqgQ/mwUnPH1vDUzCzxW6rAJjsTEBXwNwBgH7
ZHGprlLDvjwI8YvMlMBy+ANpcod/2zBstckyt3oFDV0EYXkAAxNw8enlNKZ6MlPT
r65Fc9guObegNFmnx7NWBZyk5peFb71PuJYZUrc8rjGB0cxb2HTd0NBzf5W4tFeR
kmQRVioDamWMX7hJUAI6fNDfpQw5YhsOvloNdE0IU58OP1Z8IAK+wcoAhrlThXex
8ACVeNFeloSxK0NU2qVx15SCihv1lO+Qzt3NAJ0/ND+kw6bnjMedf4Ka0QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOg/Flzzvgl6hyT+C9kVxOl8cBwrMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvNkQ4V1hQTy1DWHFISlA0TDJSWEU2WHh3SENzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgy2QhoP
MA0GCSqGSIb3DQEBCwUAA4IBAQASlFXVVDKPYFY9pGjayIMLB8Z/fDAum4QkvLRB
sgBy8W9iEDSqJu4Sl7VuyxIKq5V4gSp6VdH+zDrcCEFI6ASJajBVFHsa4qDY3toL
MT5r07IPku1PXju9UX0axrtICt0ITaq7Li8w/mBe2OB0ikHYatPRHyE3fPCAn+OJ
sTFaqqqcUcSOBq+DMYe+SWWkn7q8CZYd+gQJDsrKTqWS1+o1s333Zep1Sl2hTFFG
FJcYuuReHl36w2JH/8LbNDlKheIaM8uOM3jivn9U73Jr574tHxx6ZM+xdx5Dk8Ij
ynGIPO41pPQm7b2NPqIR4bRqsXL84I84jePUED3rHxRXkYAL
-----END CERTIFICATE-----