Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/HL8t3m0bz1Pp3qLGIRajGf5GScA.roa
File:                     HL8t3m0bz1Pp3qLGIRajGf5GScA.roa (raw, json)
Hash identifier:          LDFv/q4ITuvaz0/IKC56BQjA5tRonnTCnW2rrSvQ5tA=
Subject key identifier:   1C:BF:2D:DE:6D:1B:CF:53:E9:DE:A2:C6:21:16:A3:19:FE:46:49:C0
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01941FFA817EF731439B1F011E8E983ECFC9
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/HL8t3m0bz1Pp3qLGIRajGf5GScA.roa
Signing time:             Wed 01 Jan 2025 03:48:18 +0000
ROA not before:           Wed 01 Jan 2025 03:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199426
IP address blocks:        2a0c:b641:9b0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:81:7e:f7:31:43:9b:1f:01:1e:8e:98:3e:cf:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  1 03:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1cbf2dde6d1bcf53e9dea2c62116a319fe4649c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:76:6d:55:36:1b:34:13:62:d2:f0:c3:98:42:
                    e0:db:1b:ea:33:3a:66:66:f7:cc:4f:8d:b1:7a:77:
                    5f:61:97:bb:57:6b:45:b4:3d:87:26:d7:15:47:29:
                    86:b5:25:67:ba:fb:2a:eb:c1:f5:91:ed:f1:c4:4a:
                    a3:fb:7f:98:9f:3f:ad:b3:6d:4b:dd:40:a9:23:4a:
                    c8:c9:ab:34:55:a4:fb:ed:60:89:1c:ef:90:c6:28:
                    05:ba:88:78:9c:64:d7:87:ab:4a:c3:48:24:39:3c:
                    72:9e:3b:0e:7e:01:3b:6b:18:32:f4:86:4b:50:50:
                    83:fa:48:30:4e:f8:56:7d:61:23:99:92:60:08:e8:
                    e5:da:a8:e0:ae:a4:26:42:50:38:33:8f:36:8e:7d:
                    5c:61:b8:0b:31:20:39:55:6c:6d:d3:47:84:12:bd:
                    d4:7e:2f:31:7e:15:7a:37:07:00:fe:06:ae:94:87:
                    11:bd:59:0f:7c:7a:a6:22:95:96:62:2d:76:4b:2f:
                    a9:a7:02:af:85:40:80:c7:3e:2c:6a:15:66:7c:a0:
                    d8:2b:f4:f2:d5:48:4e:ca:89:b7:0e:32:23:8f:fc:
                    0e:4c:75:b5:9d:a9:ee:e3:54:0d:70:3b:ff:50:35:
                    48:27:79:fb:6a:b7:36:d6:7b:35:10:13:93:47:c4:
                    c5:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:BF:2D:DE:6D:1B:CF:53:E9:DE:A2:C6:21:16:A3:19:FE:46:49:C0
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/HL8t3m0bz1Pp3qLGIRajGf5GScA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:9b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         21:25:dc:53:c7:8b:b6:15:8c:f9:f6:11:a1:e3:99:c5:9d:0a:
         d9:25:74:f7:59:e7:7e:09:e9:cd:44:3a:52:48:74:96:0a:d5:
         3a:eb:f8:02:86:d0:ba:fc:9a:e3:2b:90:9e:30:4e:0c:73:b3:
         08:0a:28:f8:ae:52:14:ba:f7:c7:c5:d4:ed:14:3c:9e:7d:0d:
         09:41:df:7d:9b:4c:ad:11:e7:4a:58:ed:fc:17:aa:37:9a:fa:
         87:e8:54:26:05:18:a1:b6:0e:d8:56:45:bc:d5:79:c0:81:ec:
         92:cf:47:1b:32:93:85:1e:1c:5e:5d:fe:3d:e2:b2:df:2a:c3:
         82:6c:3f:a6:6a:33:09:9a:57:2b:0b:22:89:f3:cc:13:e2:b3:
         83:58:31:2c:01:0d:35:ad:4c:52:18:e1:f8:22:2d:4e:f2:55:
         82:2f:d2:80:ae:74:20:0d:22:ef:18:27:2e:01:b9:27:0b:94:
         b8:e3:62:86:a1:4a:e6:96:08:3d:f6:c1:94:38:1f:92:54:c3:
         c6:81:78:f8:10:65:aa:c8:e5:48:a8:5b:de:ae:a0:9f:3c:28:
         88:b5:cf:5c:89:e0:d5:3c:b1:ed:2f:e8:af:cf:66:b5:74:1b:
         e1:5d:c6:db:d1:7a:c8:6b:dc:a9:cc:fa:83:a0:38:93:94:00:
         3c:55:4b:fc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQf+oF+9zFDmx8BHo6YPs/JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTAxMDM0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2JmMmRkZTZkMWJjZjUzZTlkZWEyYzYyMTE2YTMxOWZlNDY0OWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt3ZtVTYbNBNi0vDDmELg2xvqMzpm
ZvfMT42xendfYZe7V2tFtD2HJtcVRymGtSVnuvsq68H1ke3xxEqj+3+Ynz+ts21L
3UCpI0rIyas0VaT77WCJHO+QxigFuoh4nGTXh6tKw0gkOTxynjsOfgE7axgy9IZL
UFCD+kgwTvhWfWEjmZJgCOjl2qjgrqQmQlA4M482jn1cYbgLMSA5VWxt00eEEr3U
fi8xfhV6NwcA/gaulIcRvVkPfHqmIpWWYi12Sy+ppwKvhUCAxz4sahVmfKDYK/Ty
1UhOyom3DjIjj/wOTHW1nanu41QNcDv/UDVIJ3n7arc21ns1EBOTR8TFAQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBy/Ld5tG89T6d6ixiEWoxn+RknAMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvSEw4dDNtMGJ6MVBwM3FMR0lSYWpHZjVHU2NBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQmw
MA0GCSqGSIb3DQEBCwUAA4IBAQAhJdxTx4u2FYz59hGh45nFnQrZJXT3Wed+CenN
RDpSSHSWCtU66/gChtC6/JrjK5CeME4Mc7MICij4rlIUuvfHxdTtFDyefQ0JQd99
m0ytEedKWO38F6o3mvqH6FQmBRihtg7YVkW81XnAgeySz0cbMpOFHhxeXf494rLf
KsOCbD+majMJmlcrCyKJ88wT4rODWDEsAQ01rUxSGOH4Ii1O8lWCL9KArnQgDSLv
GCcuAbknC5S442KGoUrmlgg99sGUOB+SVMPGgXj4EGWqyOVIqFverqCfPCiItc9c
ieDVPLHtL+ivz2a1dBvhXcbb0XrIa9ypzPqDoDiTlAA8VUv8
-----END CERTIFICATE-----