Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/FOgYipPqLA6NWebqRfSwsTKCz6w.roa
File:                     FOgYipPqLA6NWebqRfSwsTKCz6w.roa (raw, json)
Hash identifier:          U0/VLscQnL0fHh7wvoRCGARL/gq8Ngmb1S7EXrUrprQ=
Subject key identifier:   14:E8:18:8A:93:EA:2C:0E:8D:59:E6:EA:45:F4:B0:B1:32:82:CF:AC
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01941FFA7A8478594630DFD07B349EC60EAE
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/FOgYipPqLA6NWebqRfSwsTKCz6w.roa
Signing time:             Wed 01 Jan 2025 03:48:16 +0000
ROA not before:           Wed 01 Jan 2025 03:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49367
IP address blocks:        2a0c:b642:1a05::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 08:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:7a:84:78:59:46:30:df:d0:7b:34:9e:c6:0e:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  1 03:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=14e8188a93ea2c0e8d59e6ea45f4b0b13282cfac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:88:3e:f5:b1:7f:8d:a0:f6:63:03:94:7a:d0:
                    0a:07:ed:95:61:0a:22:19:ec:ff:9d:a4:df:5c:2b:
                    3d:c4:1b:5f:71:0b:06:e5:4f:54:bf:93:91:68:ab:
                    7c:37:9e:70:c4:75:b2:dc:fe:71:dc:c1:1f:b8:5d:
                    f7:ec:25:eb:df:5e:fe:4c:b1:03:28:8e:e8:0c:f1:
                    c9:63:75:b5:0d:fb:b2:90:65:d5:fc:20:be:98:e5:
                    5d:1f:7f:42:ac:bb:bc:01:59:8b:23:b4:c2:ef:1d:
                    56:73:64:85:4b:27:07:a7:3b:a4:ba:ec:3e:9c:1e:
                    79:35:bc:ef:ab:70:b0:65:5b:3d:4b:06:de:48:36:
                    ec:b8:c1:13:c6:75:13:bd:a2:c0:21:b6:4b:e9:54:
                    af:2c:a2:9c:79:82:b7:34:1e:7e:cf:f1:c9:6a:1c:
                    ff:d1:45:4f:30:5c:ed:7c:03:4a:37:eb:3c:a7:26:
                    2c:6e:09:44:41:62:33:57:8d:33:79:74:48:20:d0:
                    3c:8d:32:5d:ef:10:37:dd:9e:ff:09:df:5b:b3:f4:
                    01:cf:da:ab:37:f3:fe:52:73:a8:58:7c:1e:52:06:
                    76:f7:a3:6e:59:8e:b5:e8:75:6e:fc:45:b6:41:ab:
                    6d:bb:83:13:01:04:33:fe:d7:ec:e8:88:74:96:10:
                    dd:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:E8:18:8A:93:EA:2C:0E:8D:59:E6:EA:45:F4:B0:B1:32:82:CF:AC
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/FOgYipPqLA6NWebqRfSwsTKCz6w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b642:1a05::/48

    Signature Algorithm: sha256WithRSAEncryption
         8c:cc:3c:c5:96:90:ea:b4:37:22:aa:b9:2f:5e:53:ba:9c:42:
         03:18:d1:72:a5:a4:da:5d:a6:fb:c5:ce:e7:d0:39:d1:da:31:
         3a:b7:d8:b6:fc:b8:2d:ae:a0:d9:54:d4:f9:6e:f4:7e:56:7b:
         a9:da:29:03:33:42:71:2e:00:43:94:f9:e3:52:60:c2:bf:eb:
         eb:62:c9:0c:78:e6:8a:15:55:1f:4d:23:e5:14:4a:16:06:90:
         98:9b:12:92:24:3f:72:b3:7d:1a:46:c3:61:11:9a:bc:39:d9:
         fa:20:61:c6:f6:c0:8e:9e:41:a9:a2:02:21:cd:60:34:c9:cf:
         fa:00:c1:d4:6c:b9:f7:16:66:ce:3f:f3:df:fb:69:81:76:7a:
         4e:f4:44:4e:6b:2d:b6:7e:9a:fe:6e:1f:57:d1:ce:e3:50:85:
         fc:fd:5b:b4:00:09:24:40:ae:a3:58:2d:82:57:a8:88:87:44:
         b0:36:ba:36:a6:bb:4d:bf:f9:8b:9e:0c:10:d4:f5:fb:aa:6f:
         d7:ee:72:f0:8d:12:37:11:2a:fc:ca:0d:97:43:a6:b5:4f:fe:
         d8:0e:5d:0f:fa:bf:dc:ff:74:5e:4f:39:42:f8:5d:16:fd:e9:
         54:ab:af:b9:21:62:7c:15:27:f4:ed:56:d8:35:18:3d:e4:9c:
         98:80:77:ee
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQf+nqEeFlGMN/QezSexg6uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTAxMDM0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGU4MTg4YTkzZWEyYzBlOGQ1OWU2ZWE0NWY0YjBiMTMyODJjZmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx4g+9bF/jaD2YwOUetAKB+2VYQoi
Gez/naTfXCs9xBtfcQsG5U9Uv5ORaKt8N55wxHWy3P5x3MEfuF337CXr317+TLED
KI7oDPHJY3W1DfuykGXV/CC+mOVdH39CrLu8AVmLI7TC7x1Wc2SFSycHpzukuuw+
nB55Nbzvq3CwZVs9SwbeSDbsuMETxnUTvaLAIbZL6VSvLKKceYK3NB5+z/HJahz/
0UVPMFztfANKN+s8pyYsbglEQWIzV40zeXRIINA8jTJd7xA33Z7/Cd9bs/QBz9qr
N/P+UnOoWHweUgZ296NuWY616HVu/EW2Qattu4MTAQQz/tfs6Ih0lhDdlQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBToGIqT6iwOjVnm6kX0sLEygs+sMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvRk9nWWlwUHFMQTZOV2VicVJmU3dzVEtDejZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgy2QhoF
MA0GCSqGSIb3DQEBCwUAA4IBAQCMzDzFlpDqtDciqrkvXlO6nEIDGNFypaTaXab7
xc7n0DnR2jE6t9i2/LgtrqDZVNT5bvR+Vnup2ikDM0JxLgBDlPnjUmDCv+vrYskM
eOaKFVUfTSPlFEoWBpCYmxKSJD9ys30aRsNhEZq8Odn6IGHG9sCOnkGpogIhzWA0
yc/6AMHUbLn3FmbOP/Pf+2mBdnpO9EROay22fpr+bh9X0c7jUIX8/Vu0AAkkQK6j
WC2CV6iIh0SwNro2prtNv/mLngwQ1PX7qm/X7nLwjRI3ESr8yg2XQ6a1T/7YDl0P
+r/c/3ReTzlC+F0W/elUq6+5IWJ8FSf07VbYNRg95JyYgHfu
-----END CERTIFICATE-----