Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/9BqnBLbRmoT2ynwGwuCZ_K76QFQ.roa
File:                     9BqnBLbRmoT2ynwGwuCZ_K76QFQ.roa (raw, json)
Hash identifier:          htTIgO1FEYuSg38i/iOgbl5kyXNbL2SNpfx/u/APIyw=
Subject key identifier:   F4:1A:A7:04:B6:D1:9A:84:F6:CA:7C:06:C2:E0:99:FC:AE:FA:40:54
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01941FFAA90BA5040DEB73A4B68C16D91843
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/9BqnBLbRmoT2ynwGwuCZ_K76QFQ.roa
Signing time:             Wed 01 Jan 2025 03:48:28 +0000
ROA not before:           Wed 01 Jan 2025 03:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213660
IP address blocks:        2a0c:b641:160::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 13:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:a9:0b:a5:04:0d:eb:73:a4:b6:8c:16:d9:18:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  1 03:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f41aa704b6d19a84f6ca7c06c2e099fcaefa4054
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:fd:fe:dd:5b:1d:b4:0c:aa:92:4c:ed:c2:5e:
                    58:84:aa:cf:24:ec:be:76:eb:6d:c0:d5:41:1a:5d:
                    f3:3f:a9:d3:77:34:79:9a:e9:74:00:c9:6f:d9:77:
                    ec:7c:65:51:b9:58:42:41:ed:ca:d7:1f:7c:e9:b4:
                    01:67:e0:40:74:54:77:a8:f4:87:a8:1c:10:7d:d9:
                    ec:c0:4c:02:6c:f6:59:e9:8a:d1:7c:39:56:dd:27:
                    40:a9:f6:ee:04:4c:f4:1b:7e:18:0b:ab:e6:78:b3:
                    4e:7a:13:aa:9e:4b:17:b3:32:5b:74:e3:72:87:a3:
                    10:9a:35:62:ee:8c:10:23:16:de:9e:94:88:1d:0f:
                    b5:47:91:78:51:e0:1d:18:14:b4:d0:85:0d:4b:3f:
                    ee:ad:4d:41:e6:07:0f:d4:be:3d:c5:61:70:0b:67:
                    ca:20:50:6c:f5:c3:9e:37:24:18:46:37:bc:29:2d:
                    74:0d:c3:cf:b3:fe:94:7b:82:20:2a:85:d0:53:3a:
                    ab:98:87:49:a1:ad:79:cf:63:dc:20:0e:5f:41:04:
                    e2:a8:72:f2:84:24:ee:00:55:ff:34:2a:5a:c6:c4:
                    69:65:cb:4c:a1:61:6f:eb:bd:ab:80:16:40:f7:bf:
                    c8:1a:4e:22:89:de:0c:51:3f:9f:2a:73:9e:b8:a4:
                    6e:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:1A:A7:04:B6:D1:9A:84:F6:CA:7C:06:C2:E0:99:FC:AE:FA:40:54
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/9BqnBLbRmoT2ynwGwuCZ_K76QFQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:160::/44

    Signature Algorithm: sha256WithRSAEncryption
         4e:01:61:0f:c3:93:4f:b6:45:5b:9e:6e:47:f4:56:e8:e4:36:
         8c:d5:1b:18:d8:14:87:d3:b0:fb:d9:f8:a5:79:d6:4e:ee:12:
         9f:6b:7f:34:98:27:63:71:a3:00:89:bc:08:b8:13:df:8b:4c:
         6d:da:f1:f7:1f:35:06:99:66:15:84:9d:67:4f:4f:71:76:59:
         56:32:34:db:b8:86:19:fb:f9:00:92:03:e0:10:95:7f:d1:a9:
         77:3c:de:91:63:4e:ad:21:46:14:6c:22:82:bc:c1:27:f5:3e:
         96:ec:95:0e:e7:7b:49:8f:65:49:90:40:81:37:8f:9c:a1:d9:
         8d:15:54:f1:82:7f:12:7b:3a:ea:c6:9f:2d:75:fb:a7:20:16:
         cb:1c:1a:23:30:4c:17:cc:f0:a5:3b:0b:d6:81:e6:50:bd:79:
         00:05:97:81:0b:28:06:18:cb:a8:6e:f9:0e:12:39:87:40:00:
         b6:be:8e:c6:ab:4c:11:a3:5b:e6:7f:a4:cd:65:84:b9:25:ac:
         99:e5:e6:5d:f2:e5:e1:a3:c1:90:76:f8:65:32:db:1c:82:81:
         d9:8e:57:6a:5f:f8:7c:5f:d9:d4:78:dd:0f:dd:74:cc:1b:4f:
         da:69:76:da:96:7e:a2:dd:58:b9:1d:7e:bd:6b:e4:bf:0c:36:
         9c:b0:bd:28
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQf+qkLpQQN63OktowW2RhDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTAxMDM0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDFhYTcwNGI2ZDE5YTg0ZjZjYTdjMDZjMmUwOTlmY2FlZmE0MDU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6v3+3VsdtAyqkkztwl5YhKrPJOy+
duttwNVBGl3zP6nTdzR5mul0AMlv2XfsfGVRuVhCQe3K1x986bQBZ+BAdFR3qPSH
qBwQfdnswEwCbPZZ6YrRfDlW3SdAqfbuBEz0G34YC6vmeLNOehOqnksXszJbdONy
h6MQmjVi7owQIxbenpSIHQ+1R5F4UeAdGBS00IUNSz/urU1B5gcP1L49xWFwC2fK
IFBs9cOeNyQYRje8KS10DcPPs/6Ue4IgKoXQUzqrmIdJoa15z2PcIA5fQQTiqHLy
hCTuAFX/NCpaxsRpZctMoWFv672rgBZA97/IGk4iid4MUT+fKnOeuKRu2wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPQapwS20ZqE9sp8BsLgmfyu+kBUMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvOUJxbkJMYlJtb1QyeW53R3d1Q1pfSzc2UUZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQFg
MA0GCSqGSIb3DQEBCwUAA4IBAQBOAWEPw5NPtkVbnm5H9Fbo5DaM1RsY2BSH07D7
2filedZO7hKfa380mCdjcaMAibwIuBPfi0xt2vH3HzUGmWYVhJ1nT09xdllWMjTb
uIYZ+/kAkgPgEJV/0al3PN6RY06tIUYUbCKCvMEn9T6W7JUO53tJj2VJkECBN4+c
odmNFVTxgn8Sezrqxp8tdfunIBbLHBojMEwXzPClOwvWgeZQvXkABZeBCygGGMuo
bvkOEjmHQAC2vo7Gq0wRo1vmf6TNZYS5JayZ5eZd8uXho8GQdvhlMtscgoHZjldq
X/h8X9nUeN0P3XTMG0/aaXbaln6i3Vi5HX69a+S/DDacsL0o
-----END CERTIFICATE-----