Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/82DEbHCWB4JRNeTurzGmbvnHDLU.roa
File:                     82DEbHCWB4JRNeTurzGmbvnHDLU.roa (raw, json)
Hash identifier:          56RI+xbbKnPrqXSMwSHU+UdsWAFsJT4Y86N3Vt//F0A=
Subject key identifier:   F3:60:C4:6C:70:96:07:82:51:35:E4:EE:AF:31:A6:6E:F9:C7:0C:B5
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01941FFAB5C6823BFBC2A51B66FBC8070BFD
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/82DEbHCWB4JRNeTurzGmbvnHDLU.roa
Signing time:             Wed 01 Jan 2025 03:48:31 +0000
ROA not before:           Wed 01 Jan 2025 03:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215527
IP address blocks:        2a0c:b641:bd0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 14:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:b5:c6:82:3b:fb:c2:a5:1b:66:fb:c8:07:0b:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  1 03:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f360c46c709607825135e4eeaf31a66ef9c70cb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:a8:f5:67:b5:27:03:8f:bd:48:b2:a4:7b:d4:
                    cf:c1:6e:a3:76:36:65:4e:4c:60:d1:7a:a5:8d:57:
                    37:92:f0:f7:7c:61:be:93:93:03:0c:44:bf:49:35:
                    a9:3f:be:9b:50:ee:2c:be:61:0c:58:5d:7c:c3:f4:
                    e5:08:fa:9e:79:0d:ae:b9:02:d9:e8:99:b7:2e:d5:
                    5f:96:97:7b:86:d7:6a:28:6a:e6:f5:37:6b:2c:8d:
                    88:b6:b6:5b:b9:7a:9a:b1:fc:9f:18:9e:06:f2:1d:
                    cc:14:5a:37:d2:a8:d0:70:6a:00:3e:60:ac:dd:95:
                    19:a3:86:01:1b:99:a2:7b:16:2b:00:b6:78:e2:d4:
                    d0:38:d3:88:28:28:ce:ad:0b:c8:a3:b0:b2:9e:91:
                    f1:02:d7:ff:0a:90:8c:e1:ea:35:04:b0:3c:6f:a2:
                    01:f6:44:24:f2:dd:b1:4b:13:76:37:da:36:fe:df:
                    69:85:4e:df:d9:53:bf:98:f5:3c:ee:b5:cc:ad:7c:
                    83:10:b3:24:80:7f:1a:3c:e7:60:3c:b1:98:c6:65:
                    31:bc:fc:9e:c4:c9:6d:a7:13:e9:d5:06:c6:ac:7c:
                    e5:c2:65:37:91:bb:44:d7:52:4c:07:35:77:10:1c:
                    e9:75:9b:10:4c:77:c5:e7:33:69:21:78:64:ac:06:
                    20:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:60:C4:6C:70:96:07:82:51:35:E4:EE:AF:31:A6:6E:F9:C7:0C:B5
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/82DEbHCWB4JRNeTurzGmbvnHDLU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:bd0::/44

    Signature Algorithm: sha256WithRSAEncryption
         9d:ba:22:46:72:45:9d:26:0a:83:39:7d:c3:ba:5b:eb:f7:11:
         e4:b0:b9:e9:49:bd:39:79:c7:66:06:57:75:78:94:f4:b0:56:
         29:87:a5:2d:1f:bb:8d:56:1d:42:e6:e6:fa:b3:66:ea:0a:e8:
         97:54:73:74:f2:6d:fb:c5:58:a2:43:b7:b7:be:73:7e:d6:9c:
         04:b1:f7:48:dd:2a:b5:2f:d0:cb:56:07:ce:24:06:69:f0:51:
         84:5b:21:14:cd:18:5c:2e:72:86:1a:5a:bf:57:3e:f5:c1:ff:
         32:fc:5b:77:4a:2d:25:ed:83:89:35:da:c2:c1:73:c3:2b:41:
         73:62:9e:0b:73:c1:67:4a:2b:60:85:6b:53:94:04:a9:ea:72:
         24:93:87:dc:25:96:f2:37:83:af:d0:cd:80:a1:ac:ec:76:b4:
         89:2f:a3:23:de:78:3e:28:41:3c:ee:e8:ab:ad:01:41:a2:50:
         bc:82:1e:4d:bd:cf:6f:b7:d7:40:0e:d6:85:71:38:e0:09:e5:
         5c:a8:94:63:b4:ed:5d:29:7a:8c:b2:90:0e:ac:fc:2f:a2:a3:
         89:bc:74:c4:ef:66:a9:6e:94:6e:f1:5e:23:f3:15:a7:0f:4c:
         f7:7e:1e:13:73:0b:c5:65:c4:3d:68:cc:2e:dd:2a:6e:fd:ac:
         ba:dd:0b:0d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQf+rXGgjv7wqUbZvvIBwv9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTAxMDM0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzYwYzQ2YzcwOTYwNzgyNTEzNWU0ZWVhZjMxYTY2ZWY5YzcwY2I1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvKj1Z7UnA4+9SLKke9TPwW6jdjZl
Tkxg0XqljVc3kvD3fGG+k5MDDES/STWpP76bUO4svmEMWF18w/TlCPqeeQ2uuQLZ
6Jm3LtVflpd7htdqKGrm9TdrLI2ItrZbuXqasfyfGJ4G8h3MFFo30qjQcGoAPmCs
3ZUZo4YBG5miexYrALZ44tTQONOIKCjOrQvIo7CynpHxAtf/CpCM4eo1BLA8b6IB
9kQk8t2xSxN2N9o2/t9phU7f2VO/mPU87rXMrXyDELMkgH8aPOdgPLGYxmUxvPye
xMltpxPp1QbGrHzlwmU3kbtE11JMBzV3EBzpdZsQTHfF5zNpIXhkrAYgKQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPNgxGxwlgeCUTXk7q8xpm75xwy1MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvODJERWJIQ1dCNEpSTmVUdXJ6R21idm5IRExVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQvQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCduiJGckWdJgqDOX3Dulvr9xHksLnpSb05ecdm
Bld1eJT0sFYph6UtH7uNVh1C5ub6s2bqCuiXVHN08m37xViiQ7e3vnN+1pwEsfdI
3Sq1L9DLVgfOJAZp8FGEWyEUzRhcLnKGGlq/Vz71wf8y/Ft3Si0l7YOJNdrCwXPD
K0FzYp4Lc8FnSitghWtTlASp6nIkk4fcJZbyN4Ov0M2AoazsdrSJL6Mj3ng+KEE8
7uirrQFBolC8gh5Nvc9vt9dADtaFcTjgCeVcqJRjtO1dKXqMspAOrPwvoqOJvHTE
72apbpRu8V4j8xWnD0z3fh4TcwvFZcQ9aMwu3Spu/ay63QsN
-----END CERTIFICATE-----