Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Hkx3xgLoJsgbS93U4eC3HNPhbXI.roa
File:                     Hkx3xgLoJsgbS93U4eC3HNPhbXI.roa (raw, json)
Hash identifier:          GZDSL7/cpB8IZVlr4/Z8ulprSCjoOmSIt8rgYmVxr3s=
Subject key identifier:   1E:4C:77:C6:02:E8:26:C8:1B:4B:DD:D4:E1:E0:B7:1C:D3:E1:6D:72
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01941FFAB65D90918C9C1F193ED8C9441A26
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Hkx3xgLoJsgbS93U4eC3HNPhbXI.roa
Signing time:             Wed 01 Jan 2025 03:48:31 +0000
ROA not before:           Wed 01 Jan 2025 03:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215637
IP address blocks:        2a0c:b641:bb0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 05:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:b6:5d:90:91:8c:9c:1f:19:3e:d8:c9:44:1a:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  1 03:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1e4c77c602e826c81b4bddd4e1e0b71cd3e16d72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:c3:09:10:b0:ee:59:ec:89:39:82:5f:6f:2d:
                    df:d5:75:96:0a:1f:5e:93:ec:32:1d:3a:57:81:9d:
                    26:f7:ca:44:07:58:06:65:f8:00:bc:a5:c4:a0:7c:
                    8b:26:74:11:0a:c3:66:8f:4b:27:e9:d4:c2:62:7c:
                    e7:80:88:b7:90:48:a5:21:96:f7:8e:d3:96:cc:78:
                    4a:38:82:11:24:6e:fa:d3:a9:00:af:c2:4e:fa:4d:
                    21:4a:e4:5a:5c:10:d1:06:b8:95:9d:e6:77:b7:6f:
                    ba:14:18:ad:f4:04:14:b9:7a:59:af:52:25:65:27:
                    98:73:af:9f:9a:fb:95:ce:77:68:8a:0b:5e:c2:03:
                    b0:45:cb:f6:a4:5c:c8:31:53:6c:07:84:b2:d7:e0:
                    d2:2f:bf:aa:23:3f:a2:95:60:b1:92:5d:0b:29:9a:
                    6d:f7:80:1f:8b:87:19:09:60:93:ee:aa:6b:18:95:
                    f5:9c:37:33:1e:1f:d0:d4:fe:92:d4:6f:2e:08:4f:
                    45:37:33:cb:22:9a:74:6c:1b:8e:65:84:95:c6:58:
                    f1:50:33:d0:60:76:fb:1d:81:e8:dc:94:1a:75:eb:
                    81:cf:4d:fe:c3:87:bb:2d:a2:7d:2a:44:90:91:ee:
                    e4:4e:44:a3:6c:9b:fc:f0:9f:f6:53:88:d2:5f:ba:
                    30:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:4C:77:C6:02:E8:26:C8:1B:4B:DD:D4:E1:E0:B7:1C:D3:E1:6D:72
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Hkx3xgLoJsgbS93U4eC3HNPhbXI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:bb0::/44

    Signature Algorithm: sha256WithRSAEncryption
         1d:74:eb:d5:93:02:ad:b1:28:86:0d:16:1e:d2:ba:29:db:b2:
         6b:5f:8a:4b:ae:9e:1c:62:58:01:21:76:94:b1:4d:45:80:93:
         af:0d:01:b6:66:9e:d6:7c:1d:ad:19:26:5e:44:28:5f:e8:2d:
         cf:3d:09:6b:3e:68:34:d4:71:7e:91:98:66:94:3c:07:6e:27:
         96:bd:d1:37:74:b2:0c:6e:d3:26:5f:4d:8d:55:4f:f6:2f:4d:
         72:00:a4:50:56:9b:56:26:a3:9f:e4:78:a6:cc:a3:f8:72:ea:
         21:22:7f:b8:ed:25:69:f8:68:dd:1c:b3:ff:37:0c:f7:2e:0f:
         7a:45:b5:72:95:61:93:2c:f1:d4:40:a5:c7:30:c7:2b:51:41:
         80:04:ed:1b:8d:e2:86:79:41:8d:b7:10:61:db:f5:55:4c:08:
         46:c2:82:c8:6e:4f:18:25:0e:59:7a:ba:3d:01:8b:c4:ae:00:
         1c:43:d7:99:25:87:3d:cb:f2:b8:a8:10:35:40:ae:b6:7a:47:
         87:7f:39:3f:cb:26:97:99:55:e2:ee:69:d1:1b:6d:96:61:52:
         9c:0e:d4:57:cd:b7:ff:69:1c:cf:0f:49:54:66:25:44:16:25:
         63:c5:6e:98:91:2e:96:97:2e:83:f6:12:68:fd:46:b7:6f:94:
         b3:78:98:b7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQf+rZdkJGMnB8ZPtjJRBomMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTAxMDM0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTRjNzdjNjAyZTgyNmM4MWI0YmRkZDRlMWUwYjcxY2QzZTE2ZDcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4sMJELDuWeyJOYJfby3f1XWWCh9e
k+wyHTpXgZ0m98pEB1gGZfgAvKXEoHyLJnQRCsNmj0sn6dTCYnzngIi3kEilIZb3
jtOWzHhKOIIRJG7606kAr8JO+k0hSuRaXBDRBriVneZ3t2+6FBit9AQUuXpZr1Il
ZSeYc6+fmvuVzndoigtewgOwRcv2pFzIMVNsB4Sy1+DSL7+qIz+ilWCxkl0LKZpt
94Afi4cZCWCT7qprGJX1nDczHh/Q1P6S1G8uCE9FNzPLIpp0bBuOZYSVxljxUDPQ
YHb7HYHo3JQadeuBz03+w4e7LaJ9KkSQke7kTkSjbJv88J/2U4jSX7owSQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFB5Md8YC6CbIG0vd1OHgtxzT4W1yMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvSGt4M3hnTG9Kc2diUzkzVTRlQzNITlBoYlhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQuw
MA0GCSqGSIb3DQEBCwUAA4IBAQAddOvVkwKtsSiGDRYe0rop27JrX4pLrp4cYlgB
IXaUsU1FgJOvDQG2Zp7WfB2tGSZeRChf6C3PPQlrPmg01HF+kZhmlDwHbieWvdE3
dLIMbtMmX02NVU/2L01yAKRQVptWJqOf5HimzKP4cuohIn+47SVp+GjdHLP/Nwz3
Lg96RbVylWGTLPHUQKXHMMcrUUGABO0bjeKGeUGNtxBh2/VVTAhGwoLIbk8YJQ5Z
ero9AYvErgAcQ9eZJYc9y/K4qBA1QK62ekeHfzk/yyaXmVXi7mnRG22WYVKcDtRX
zbf/aRzPD0lUZiVEFiVjxW6YkS6Wly6D9hJo/Ua3b5SzeJi3
-----END CERTIFICATE-----