Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/CnWyQadywas-i76VssUUIQpbQSQ.roa
File:                     CnWyQadywas-i76VssUUIQpbQSQ.roa (raw, json)
Hash identifier:          5E/FNXFEL7qFC51xPwAkgJcfvG/fTSpN7pfZpsjX+zk=
Subject key identifier:   0A:75:B2:41:A7:72:C1:AB:3E:8B:BE:95:B2:C5:14:21:0A:5B:41:24
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01941FFAA46D645141FBD1E0CEF0D49227E5
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/CnWyQadywas-i76VssUUIQpbQSQ.roa
Signing time:             Wed 01 Jan 2025 03:48:27 +0000
ROA not before:           Wed 01 Jan 2025 03:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212963
IP address blocks:        2a0c:b641:650::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:a4:6d:64:51:41:fb:d1:e0:ce:f0:d4:92:27:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  1 03:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0a75b241a772c1ab3e8bbe95b2c514210a5b4124
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:86:24:71:ca:a8:f7:9e:91:20:1e:ad:45:db:
                    6d:a5:93:71:17:a3:c5:a5:0d:1e:8f:a9:29:74:7b:
                    43:b2:2c:a2:3e:9b:56:b7:a4:99:83:bc:2e:8a:7e:
                    22:1e:33:ef:ee:cc:66:0b:12:97:aa:f7:06:25:8e:
                    1b:6c:39:c0:d1:33:2a:95:06:6d:c6:99:bc:72:41:
                    74:18:d2:6a:ab:11:86:4c:02:85:c5:03:1d:cf:c2:
                    1f:d2:b7:a6:e7:e8:8c:3a:8b:09:eb:05:ad:23:31:
                    c4:c8:45:94:79:51:e6:6a:04:cf:84:c3:fd:99:97:
                    fe:f1:15:99:2e:ec:9d:7c:3c:5c:0d:97:cc:63:f4:
                    15:c9:b7:2a:72:53:f3:d1:63:be:22:7a:6b:b7:2d:
                    95:80:cb:f0:48:d1:23:04:06:1f:94:c2:d4:05:23:
                    3a:5c:32:2b:f2:10:80:f0:14:eb:6b:cf:3a:f1:6b:
                    d6:c8:98:aa:96:95:2b:b0:3a:03:bb:ff:f1:19:66:
                    4d:e0:70:d6:ee:e0:b3:b7:4d:3b:49:c0:36:79:ed:
                    ae:2b:63:54:8a:5c:98:18:49:11:ab:e8:6a:a9:8b:
                    53:bd:58:9e:72:b9:fd:de:2a:7a:d5:ee:e0:30:e7:
                    12:96:48:af:04:4c:28:b1:01:09:95:d2:fd:a8:b8:
                    58:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:75:B2:41:A7:72:C1:AB:3E:8B:BE:95:B2:C5:14:21:0A:5B:41:24
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/CnWyQadywas-i76VssUUIQpbQSQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:650::/44

    Signature Algorithm: sha256WithRSAEncryption
         24:b1:05:90:97:b0:16:37:64:b8:9c:3d:77:65:bd:31:ee:af:
         4c:a6:b0:36:83:a3:aa:3c:25:2e:79:51:2c:39:1a:86:ac:20:
         2d:16:ca:2b:8e:f6:bf:99:b5:3e:9f:b2:4b:7c:59:21:a6:a4:
         12:55:36:ab:ca:7b:cb:6f:c2:33:fd:37:b4:bc:21:c8:a5:ce:
         05:a7:c3:6b:41:db:fe:ce:f2:45:50:cf:75:fa:b8:e1:03:f6:
         31:33:fa:79:52:0b:33:e7:d6:c5:9f:3e:52:4c:c7:63:e2:cf:
         a4:6a:80:41:06:15:85:69:8c:d8:33:4f:b1:97:1b:0a:cc:e2:
         67:97:b4:a1:a5:79:54:ee:46:40:1b:1f:be:26:7b:8b:a6:a6:
         cd:0d:7b:1f:da:88:86:c4:82:a6:da:1e:0a:84:8a:cf:f0:4d:
         3f:af:f6:1f:6c:67:cd:02:b3:a6:7a:a4:71:9a:1c:c1:05:fd:
         65:60:c8:e6:bb:b1:1e:da:97:ae:e9:f6:44:b3:37:a8:13:84:
         62:3c:c0:26:3a:a1:5c:e3:d7:90:49:03:c4:a1:b7:a4:93:d6:
         27:d5:86:11:69:c5:84:7d:25:a3:db:50:77:07:c2:63:7c:1f:
         d7:8c:40:b6:5a:0b:5d:8c:10:73:a1:f9:cd:8a:92:51:cd:7f:
         4c:8a:d0:35
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQf+qRtZFFB+9HgzvDUkiflMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTAxMDM0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTc1YjI0MWE3NzJjMWFiM2U4YmJlOTViMmM1MTQyMTBhNWI0MTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1IYkccqo956RIB6tRdttpZNxF6PF
pQ0ej6kpdHtDsiyiPptWt6SZg7wuin4iHjPv7sxmCxKXqvcGJY4bbDnA0TMqlQZt
xpm8ckF0GNJqqxGGTAKFxQMdz8If0rem5+iMOosJ6wWtIzHEyEWUeVHmagTPhMP9
mZf+8RWZLuydfDxcDZfMY/QVybcqclPz0WO+Inprty2VgMvwSNEjBAYflMLUBSM6
XDIr8hCA8BTra8868WvWyJiqlpUrsDoDu//xGWZN4HDW7uCzt007ScA2ee2uK2NU
ilyYGEkRq+hqqYtTvViecrn93ip61e7gMOcSlkivBEwosQEJldL9qLhYPwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAp1skGncsGrPou+lbLFFCEKW0EkMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvQ25XeVFhZHl3YXMtaTc2VnNzVVVJUXBiUVNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQZQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAksQWQl7AWN2S4nD13Zb0x7q9MprA2g6OqPCUu
eVEsORqGrCAtFsorjva/mbU+n7JLfFkhpqQSVTarynvLb8Iz/Te0vCHIpc4Fp8Nr
Qdv+zvJFUM91+rjhA/YxM/p5Ugsz59bFnz5STMdj4s+kaoBBBhWFaYzYM0+xlxsK
zOJnl7ShpXlU7kZAGx++JnuLpqbNDXsf2oiGxIKm2h4KhIrP8E0/r/YfbGfNArOm
eqRxmhzBBf1lYMjmu7Ee2peu6fZEszeoE4RiPMAmOqFc49eQSQPEobekk9Yn1YYR
acWEfSWj21B3B8JjfB/XjEC2WgtdjBBzofnNipJRzX9MitA1
-----END CERTIFICATE-----