Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/D9rmzMKCf0suiGuVrWvR_C5b8HE.roa
File:                     D9rmzMKCf0suiGuVrWvR_C5b8HE.roa (raw, json)
Hash identifier:          FwPFHN+P9ABWOcZzNrAPk+Et2tb71sn/Ou+EBiSSzAw=
Subject key identifier:   0F:DA:E6:CC:C2:82:7F:4B:2E:88:6B:95:AD:6B:D1:FC:2E:5B:F0:71
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01941FFA7D8210E9885DB1021708D1E899E1
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/D9rmzMKCf0suiGuVrWvR_C5b8HE.roa
Signing time:             Wed 01 Jan 2025 03:48:17 +0000
ROA not before:           Wed 01 Jan 2025 03:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60404
IP address blocks:        2a0c:b642:1a01::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 05:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:7d:82:10:e9:88:5d:b1:02:17:08:d1:e8:99:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  1 03:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0fdae6ccc2827f4b2e886b95ad6bd1fc2e5bf071
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:a2:72:bb:69:76:77:79:01:71:6f:27:a6:b5:
                    58:0b:f2:fd:4e:12:d7:78:8c:ae:5e:36:71:62:e8:
                    ed:2b:c5:7e:d4:85:03:69:36:e1:1c:38:1a:50:ea:
                    fc:df:4d:48:7b:1c:5f:ca:48:31:2f:70:60:6e:6a:
                    94:81:e4:df:0e:6f:cb:18:b2:2f:82:ae:9c:1f:94:
                    33:e4:6b:cc:9b:b0:3b:58:69:64:7a:1e:dd:d1:9c:
                    cf:ee:30:5d:3a:80:7f:74:82:ef:c0:77:74:d8:55:
                    e8:fb:90:06:6c:33:61:a2:00:a7:a2:7f:cb:c6:32:
                    07:34:ff:3f:3f:5c:e3:59:57:9e:69:9d:c9:fd:d4:
                    37:49:3d:4a:f8:bd:d8:62:08:36:69:74:01:51:46:
                    da:51:ce:c8:92:cf:df:c8:8b:b9:be:4f:fa:6e:d2:
                    2e:93:20:4d:54:75:7f:4b:32:c6:59:15:d4:e1:dd:
                    08:ff:00:37:cc:a7:38:e2:66:57:f5:1a:8d:3b:55:
                    0f:86:cc:aa:53:28:e8:fd:cc:e8:3a:3c:e4:ad:8f:
                    06:e6:7e:a2:15:1f:1b:a9:41:fd:da:db:4a:53:97:
                    e7:59:3c:5a:2c:6d:26:9d:5f:a1:da:91:96:17:2e:
                    bf:84:5b:79:01:d2:97:14:8a:a6:93:23:5a:99:2c:
                    26:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:DA:E6:CC:C2:82:7F:4B:2E:88:6B:95:AD:6B:D1:FC:2E:5B:F0:71
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/D9rmzMKCf0suiGuVrWvR_C5b8HE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b642:1a01::/48

    Signature Algorithm: sha256WithRSAEncryption
         14:4d:d6:87:dd:9e:da:37:ec:93:b6:ec:d6:d3:12:18:81:a7:
         52:0f:4c:46:ed:6b:7c:bd:08:8f:24:20:0d:9e:66:00:03:1c:
         b5:79:be:72:05:30:53:1c:22:a2:60:ef:ed:c6:1b:5c:73:9d:
         08:4d:3c:b8:df:8e:6d:4c:02:05:d7:ab:8e:17:10:83:8a:0f:
         b0:4c:ee:f4:d1:e0:3d:d6:72:7e:35:0e:73:a7:a1:f0:0c:8d:
         2c:43:e3:05:ac:1c:67:38:cd:3d:6a:0d:42:fb:11:d9:6e:a7:
         65:32:44:47:9b:df:9a:80:e7:06:e7:5f:f2:50:63:73:dd:7e:
         67:bf:f2:54:67:61:48:72:4d:54:2a:ae:4e:c7:58:b0:97:50:
         e4:28:99:d4:24:c7:19:e0:f8:bd:31:69:0f:3f:1b:7e:91:96:
         1a:35:1b:d8:de:5f:b8:61:24:6f:6b:89:dc:b1:7d:e5:65:d0:
         d7:65:a7:f7:46:53:9d:5f:a4:05:fa:12:7f:6c:8c:92:f7:2a:
         69:e5:71:45:9f:18:5c:16:fb:ae:53:8d:41:3c:bc:f9:a4:b6:
         75:4e:0e:8a:bd:78:dd:d3:33:0a:da:57:8e:03:0f:62:2d:35:
         27:d2:c3:14:58:ed:e6:2f:aa:8d:41:42:ce:69:a5:21:2d:dd:
         28:87:ff:0b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQf+n2CEOmIXbECFwjR6JnhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTAxMDM0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmRhZTZjY2MyODI3ZjRiMmU4ODZiOTVhZDZiZDFmYzJlNWJmMDcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk6Jyu2l2d3kBcW8nprVYC/L9ThLX
eIyuXjZxYujtK8V+1IUDaTbhHDgaUOr8301IexxfykgxL3BgbmqUgeTfDm/LGLIv
gq6cH5Qz5GvMm7A7WGlkeh7d0ZzP7jBdOoB/dILvwHd02FXo+5AGbDNhogCnon/L
xjIHNP8/P1zjWVeeaZ3J/dQ3ST1K+L3YYgg2aXQBUUbaUc7Iks/fyIu5vk/6btIu
kyBNVHV/SzLGWRXU4d0I/wA3zKc44mZX9RqNO1UPhsyqUyjo/czoOjzkrY8G5n6i
FR8bqUH92ttKU5fnWTxaLG0mnV+h2pGWFy6/hFt5AdKXFIqmkyNamSwm4wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFA/a5szCgn9LLohrla1r0fwuW/BxMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvRDlybXpNS0NmMHN1aUd1VnJXdlJfQzViOEhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgy2QhoB
MA0GCSqGSIb3DQEBCwUAA4IBAQAUTdaH3Z7aN+yTtuzW0xIYgadSD0xG7Wt8vQiP
JCANnmYAAxy1eb5yBTBTHCKiYO/txhtcc50ITTy4345tTAIF16uOFxCDig+wTO70
0eA91nJ+NQ5zp6HwDI0sQ+MFrBxnOM09ag1C+xHZbqdlMkRHm9+agOcG51/yUGNz
3X5nv/JUZ2FIck1UKq5Ox1iwl1DkKJnUJMcZ4Pi9MWkPPxt+kZYaNRvY3l+4YSRv
a4ncsX3lZdDXZaf3RlOdX6QF+hJ/bIyS9ypp5XFFnxhcFvuuU41BPLz5pLZ1Tg6K
vXjd0zMK2leOAw9iLTUn0sMUWO3mL6qNQULOaaUhLd0oh/8L
-----END CERTIFICATE-----