Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/7NzXppxg3SZ3uRGprdjthGds3Xg.roa
File:                     7NzXppxg3SZ3uRGprdjthGds3Xg.roa (raw, json)
Hash identifier:          OS103Rr/mHyOdLuqyBeqe9P9RRA9zJ3GxdbmREGvS8A=
Subject key identifier:   EC:DC:D7:A6:9C:60:DD:26:77:B9:11:A9:AD:D8:ED:84:67:6C:DD:78
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       0194EF47B2196E7C14CD6F7D386E08190BFC
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/7NzXppxg3SZ3uRGprdjthGds3Xg.roa
Signing time:             Mon 10 Feb 2025 09:54:00 +0000
ROA not before:           Mon 10 Feb 2025 09:54:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213449
IP address blocks:        2a0c:b641:260::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 05:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:ef:47:b2:19:6e:7c:14:cd:6f:7d:38:6e:08:19:0b:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Feb 10 09:54:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ecdcd7a69c60dd2677b911a9add8ed84676cdd78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:a2:36:7f:4a:34:ec:82:0d:3e:8f:66:0e:1f:
                    ff:5f:bf:5d:eb:16:ce:03:21:8c:dc:28:ca:ca:ab:
                    a2:85:aa:b3:a5:fd:3d:68:ba:ed:1d:92:3f:f9:57:
                    a8:22:9c:0b:71:d5:17:47:f9:a8:56:a6:14:36:c1:
                    2c:1d:5d:fe:01:0c:ce:04:3c:af:a4:69:3e:d0:1c:
                    2c:75:13:ea:4f:3a:55:fc:a6:54:7a:20:e5:5a:48:
                    4a:eb:c3:65:e1:87:75:a3:e8:06:80:83:40:fe:1f:
                    9d:a4:76:c6:76:ee:b7:2f:27:21:19:cb:eb:71:c7:
                    6f:7e:5f:5a:91:81:ed:67:a5:24:f4:db:bb:bb:f1:
                    a8:6e:15:66:90:82:aa:7d:41:95:af:82:85:23:ff:
                    6e:84:cf:ca:2d:b2:d9:10:8b:9f:76:6b:ea:e1:fa:
                    9f:9f:2f:63:ef:ca:d0:28:df:67:df:3d:19:2f:a1:
                    19:d5:3b:09:3e:a4:95:ee:21:b1:aa:b6:b9:50:1f:
                    e4:fc:0f:66:b9:e9:2e:d1:11:aa:9c:d4:85:f0:2d:
                    90:b1:fa:ba:44:42:65:32:0c:d9:76:68:cf:80:2c:
                    ef:06:c7:ec:c4:ad:c1:5c:7d:8a:09:5d:f5:54:00:
                    6e:e8:8f:8f:35:12:5d:22:cf:9a:20:01:79:74:dc:
                    53:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:DC:D7:A6:9C:60:DD:26:77:B9:11:A9:AD:D8:ED:84:67:6C:DD:78
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/7NzXppxg3SZ3uRGprdjthGds3Xg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:260::/44

    Signature Algorithm: sha256WithRSAEncryption
         1a:2d:33:49:cd:fb:3b:81:77:d8:c2:e4:ef:e6:53:6a:05:43:
         68:f1:37:3a:9c:35:3e:f7:9e:23:fa:c7:f0:f7:fc:f0:99:cc:
         dc:2e:bc:82:6d:4e:52:79:2e:0c:28:cb:44:bf:83:62:63:91:
         2d:73:ea:44:80:e7:82:31:73:37:fc:cb:6c:1f:a6:8d:46:70:
         80:33:8d:fe:79:c8:2d:33:9a:58:3e:78:5a:ae:16:b1:20:f7:
         75:cc:cf:55:27:5b:e0:47:0b:2b:ba:c7:47:14:62:26:99:89:
         0e:ce:97:78:c6:6a:96:22:9f:fe:bb:95:48:31:31:da:dd:b1:
         a4:2b:71:6c:b4:18:79:c5:2e:a5:ff:bc:7d:7b:fa:9f:dc:41:
         19:0c:13:9e:e2:cc:27:e1:fa:4d:2c:ae:8d:47:1a:81:c0:df:
         44:b2:10:78:7b:2c:1c:98:11:91:5a:c0:bc:e0:f8:69:a6:b4:
         aa:9f:4b:3b:b5:99:c0:d5:a2:a4:c5:72:d7:09:ee:e9:7f:69:
         6b:43:d4:78:72:f7:2a:c3:24:0a:9e:b8:b9:d7:ae:5d:88:55:
         8f:05:71:57:0d:ef:11:f3:52:d9:34:fa:e3:8b:cb:3c:9f:5a:
         0c:62:8c:fb:db:93:69:a7:de:39:08:a0:4a:6c:df:8f:17:29:
         11:da:a9:9a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZTvR7IZbnwUzW99OG4IGQv8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMjEwMDk1NDAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2RjZDdhNjljNjBkZDI2NzdiOTExYTlhZGQ4ZWQ4NDY3NmNkZDc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiqI2f0o07IINPo9mDh//X79d6xbO
AyGM3CjKyquihaqzpf09aLrtHZI/+VeoIpwLcdUXR/moVqYUNsEsHV3+AQzOBDyv
pGk+0BwsdRPqTzpV/KZUeiDlWkhK68Nl4Yd1o+gGgINA/h+dpHbGdu63LychGcvr
ccdvfl9akYHtZ6Uk9Nu7u/GobhVmkIKqfUGVr4KFI/9uhM/KLbLZEIufdmvq4fqf
ny9j78rQKN9n3z0ZL6EZ1TsJPqSV7iGxqra5UB/k/A9mueku0RGqnNSF8C2Qsfq6
REJlMgzZdmjPgCzvBsfsxK3BXH2KCV31VABu6I+PNRJdIs+aIAF5dNxTHwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOzc16acYN0md7kRqa3Y7YRnbN14MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvN056WHBweGczU1ozdVJHcHJkanRoR2RzM1hnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQJg
MA0GCSqGSIb3DQEBCwUAA4IBAQAaLTNJzfs7gXfYwuTv5lNqBUNo8Tc6nDU+954j
+sfw9/zwmczcLryCbU5SeS4MKMtEv4NiY5Etc+pEgOeCMXM3/MtsH6aNRnCAM43+
ecgtM5pYPnharhaxIPd1zM9VJ1vgRwsrusdHFGImmYkOzpd4xmqWIp/+u5VIMTHa
3bGkK3FstBh5xS6l/7x9e/qf3EEZDBOe4swn4fpNLK6NRxqBwN9EshB4eywcmBGR
WsC84PhpprSqn0s7tZnA1aKkxXLXCe7pf2lrQ9R4cvcqwyQKnri5165diFWPBXFX
De8R81LZNPrji8s8n1oMYoz725Npp945CKBKbN+PFykR2qma
-----END CERTIFICATE-----