Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/HM0wOKzh2HmXQdIq_aWIj1M28Jo.roa
File:                     HM0wOKzh2HmXQdIq_aWIj1M28Jo.roa (raw, json)
Hash identifier:          3b6c3zMWiIMSw3nfIJg/PGs89O+FiCsIKGIX63En0EM=
Subject key identifier:   1C:CD:30:38:AC:E1:D8:79:97:41:D2:2A:FD:A5:88:8F:53:36:F0:9A
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01941FFA8C14E4C25572B5E3598816F27566
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/HM0wOKzh2HmXQdIq_aWIj1M28Jo.roa
Signing time:             Wed 01 Jan 2025 03:48:21 +0000
ROA not before:           Wed 01 Jan 2025 03:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207301
IP address blocks:        2a0c:b641:780::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:8c:14:e4:c2:55:72:b5:e3:59:88:16:f2:75:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  1 03:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1ccd3038ace1d8799741d22afda5888f5336f09a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:06:f8:49:22:03:df:ab:4a:fd:4d:9b:77:85:
                    b8:c9:64:0e:38:76:72:c3:c8:38:a7:9d:26:ea:c9:
                    cc:db:47:fd:cc:9c:a5:6f:77:e6:b8:55:7d:bf:7f:
                    3f:64:fa:50:6e:9a:8a:48:b5:c0:5c:4d:8c:fc:30:
                    c0:83:1c:62:da:e3:8d:87:99:02:ad:80:88:9d:af:
                    a7:af:a0:d8:51:ed:89:d2:04:cb:51:27:9c:4c:54:
                    52:21:eb:a8:ff:76:b3:40:76:cf:b2:be:10:d1:85:
                    e8:e5:88:bd:4a:a8:e6:91:db:31:bd:37:bf:31:85:
                    51:36:15:f0:15:22:1e:6b:9c:ea:f2:b3:1d:1a:cc:
                    a3:35:15:ec:00:d5:0d:06:82:31:f0:a5:67:76:26:
                    1f:14:4f:d5:c4:ff:eb:f4:30:8f:34:d8:29:df:bc:
                    93:00:43:c9:aa:84:61:e9:58:b0:ae:49:c7:26:38:
                    6b:26:c9:38:85:d9:22:a2:31:41:16:bf:fb:70:58:
                    c3:65:ef:31:13:9e:c4:85:72:38:b1:15:b5:e4:4f:
                    ab:86:5c:cf:9f:24:b6:ef:9c:53:75:00:29:bd:e4:
                    a9:1b:42:49:51:f8:5f:83:61:97:7e:f3:54:96:4a:
                    51:25:d8:b5:c9:c6:37:a6:fa:8a:fe:8d:dc:3a:ed:
                    db:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:CD:30:38:AC:E1:D8:79:97:41:D2:2A:FD:A5:88:8F:53:36:F0:9A
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/HM0wOKzh2HmXQdIq_aWIj1M28Jo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:780::/44

    Signature Algorithm: sha256WithRSAEncryption
         3c:a0:d5:cb:b8:ae:02:e4:61:c7:79:3a:85:fb:d9:37:71:63:
         f0:9b:39:bf:3f:c6:e8:ce:72:82:fa:9a:61:5c:0a:62:ee:36:
         ef:1a:91:6e:2a:e1:f7:d6:99:ee:1e:9a:1c:ac:1c:2c:e3:03:
         24:86:8a:84:71:1e:ed:ae:2e:e0:84:4c:4a:d1:f4:4e:9b:68:
         9a:b1:dc:ff:d3:6f:59:f7:37:5a:13:be:f0:4d:0d:f3:40:38:
         6a:52:7f:96:d7:5b:ee:11:7f:ba:6f:50:23:b8:d6:e1:19:ca:
         ec:32:8d:ee:43:32:a7:75:8d:b6:88:21:51:6b:d9:5c:b7:a2:
         a8:af:7e:ba:b5:f4:dc:c3:0c:b5:5b:6c:e7:62:2c:0a:ea:7f:
         fd:7f:83:fb:45:fa:95:e5:f1:94:8b:21:2f:84:cf:bf:57:47:
         5f:9b:3c:2b:2d:39:a7:dc:ac:6f:19:87:45:66:92:ac:af:89:
         74:aa:e2:98:94:03:8d:43:d5:0b:32:a1:7f:ab:18:11:34:3c:
         05:36:b7:b9:39:3e:58:f4:54:96:a6:03:e2:51:5e:3f:c1:08:
         30:ee:83:9a:4d:27:a3:82:fe:f2:3d:e3:60:bd:50:4e:23:96:
         d6:c5:ea:a3:c5:4a:cd:9d:3c:f8:3a:b1:2b:86:0b:80:d1:e7:
         96:2c:52:14
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQf+owU5MJVcrXjWYgW8nVmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTAxMDM0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2NkMzAzOGFjZTFkODc5OTc0MWQyMmFmZGE1ODg4ZjUzMzZmMDlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1gb4SSID36tK/U2bd4W4yWQOOHZy
w8g4p50m6snM20f9zJylb3fmuFV9v38/ZPpQbpqKSLXAXE2M/DDAgxxi2uONh5kC
rYCIna+nr6DYUe2J0gTLUSecTFRSIeuo/3azQHbPsr4Q0YXo5Yi9SqjmkdsxvTe/
MYVRNhXwFSIea5zq8rMdGsyjNRXsANUNBoIx8KVndiYfFE/VxP/r9DCPNNgp37yT
AEPJqoRh6ViwrknHJjhrJsk4hdkiojFBFr/7cFjDZe8xE57EhXI4sRW15E+rhlzP
nyS275xTdQApveSpG0JJUfhfg2GXfvNUlkpRJdi1ycY3pvqK/o3cOu3blwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBzNMDis4dh5l0HSKv2liI9TNvCaMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvSE0wd09LemgySG1YUWRJcV9hV0lqMU0yOEpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQeA
MA0GCSqGSIb3DQEBCwUAA4IBAQA8oNXLuK4C5GHHeTqF+9k3cWPwmzm/P8boznKC
+pphXApi7jbvGpFuKuH31pnuHpocrBws4wMkhoqEcR7tri7ghExK0fROm2iasdz/
029Z9zdaE77wTQ3zQDhqUn+W11vuEX+6b1AjuNbhGcrsMo3uQzKndY22iCFRa9lc
t6Kor366tfTcwwy1W2znYiwK6n/9f4P7RfqV5fGUiyEvhM+/V0dfmzwrLTmn3Kxv
GYdFZpKsr4l0quKYlAONQ9ULMqF/qxgRNDwFNre5OT5Y9FSWpgPiUV4/wQgw7oOa
TSejgv7yPeNgvVBOI5bWxeqjxUrNnTz4OrErhguA0eeWLFIU
-----END CERTIFICATE-----