Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/IC6MZ3SweIYquCEeeq_8bCRrxvE.roa
File:                     IC6MZ3SweIYquCEeeq_8bCRrxvE.roa (raw, json)
Hash identifier:          NHjnqPbKBgUdYv+2OOahzr++IZCENAlmcE3UBJm5dxU=
Subject key identifier:   20:2E:8C:67:74:B0:78:86:2A:B8:21:1E:7A:AF:FC:6C:24:6B:C6:F1
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       0194696F44E8489FB5174D331D60F487BF2B
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/IC6MZ3SweIYquCEeeq_8bCRrxvE.roa
Signing time:             Wed 15 Jan 2025 10:08:07 +0000
ROA not before:           Wed 15 Jan 2025 10:08:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216075
IP address blocks:        2a0c:b641:1a0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 05:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:69:6f:44:e8:48:9f:b5:17:4d:33:1d:60:f4:87:bf:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan 15 10:08:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=202e8c6774b078862ab8211e7aaffc6c246bc6f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:1c:f4:5d:f1:49:5e:31:0a:d8:9c:45:7a:77:
                    cb:f1:8f:42:a4:57:88:ad:56:c2:73:da:48:b5:e2:
                    d0:56:57:67:81:a8:42:21:67:1d:53:84:03:c6:ec:
                    fc:53:46:17:fb:05:69:86:2a:4d:a4:01:bb:20:91:
                    e6:18:9c:cf:f1:d3:fa:be:42:4c:0e:fc:b9:0b:75:
                    9c:7b:58:2f:00:b4:81:a3:52:63:3c:3e:50:39:cc:
                    3d:56:b1:c0:d4:11:46:42:bc:94:68:a5:90:e6:60:
                    90:a8:40:66:20:87:d6:4a:2e:27:64:7f:c2:57:22:
                    f0:35:02:27:fa:ef:df:4d:62:48:c1:8e:b0:d6:dd:
                    93:6b:a3:b6:50:a1:f2:0d:33:5d:cb:84:89:f8:c0:
                    3c:4e:10:1c:ee:f1:55:54:64:d5:ef:49:18:86:e0:
                    12:45:41:ef:6d:e8:32:79:e7:50:67:50:a6:27:44:
                    dd:85:87:cf:78:2b:7b:3a:a3:eb:fb:b3:78:70:3c:
                    4e:43:5e:1c:65:65:62:0f:b8:4e:84:04:2d:f7:08:
                    d3:ab:d9:4a:49:0d:cc:3a:08:7b:dd:71:f9:55:cd:
                    5b:05:6a:15:c4:70:d4:11:e2:89:42:9c:02:9e:c9:
                    70:f1:6b:43:fa:04:8c:75:a5:82:90:ae:7a:c1:88:
                    78:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:2E:8C:67:74:B0:78:86:2A:B8:21:1E:7A:AF:FC:6C:24:6B:C6:F1
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/IC6MZ3SweIYquCEeeq_8bCRrxvE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:1a0::/44

    Signature Algorithm: sha256WithRSAEncryption
         1d:36:04:bb:da:10:9a:5c:da:c8:96:58:16:6d:78:0b:1e:d9:
         1f:09:a8:d8:d1:bf:70:85:db:01:9a:c9:46:9e:92:04:d4:df:
         71:a0:3f:18:3e:ba:99:84:3e:03:ad:ad:37:5e:31:f6:35:2b:
         d0:c8:05:19:68:66:fd:35:6b:80:9e:57:ea:12:51:e7:4f:2b:
         fa:4e:06:79:f8:74:34:be:38:a1:fd:30:a7:47:4b:2d:ec:f6:
         f2:aa:69:91:42:e5:34:de:c7:46:21:41:35:6b:95:1f:df:86:
         32:10:bf:22:90:fa:4a:5e:66:8a:79:82:0f:36:17:85:a3:36:
         8d:8c:b5:7b:10:42:84:fb:b0:24:c5:3e:21:b6:bc:fe:17:dd:
         56:84:c0:f5:33:30:1a:1b:fd:94:96:98:aa:9a:42:db:9c:85:
         80:8b:e7:f8:a4:d1:15:49:91:d4:37:57:d3:7a:f6:e5:c4:c8:
         6b:bb:28:eb:26:67:3a:8e:d2:0e:a4:c7:d8:ff:fa:30:7a:80:
         e8:c9:fc:ab:9e:ab:24:d7:7a:f6:03:ea:80:9f:b3:9a:5c:7a:
         a9:9d:d5:f5:28:b6:e2:8b:1b:c6:df:7c:27:c8:90:51:f3:d7:
         19:f3:1b:eb:77:4c:c8:78:3c:e1:1b:c4:7e:26:f1:2a:0a:41:
         75:d9:3b:31
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZRpb0ToSJ+1F00zHWD0h78rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTE1MTAwODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDJlOGM2Nzc0YjA3ODg2MmFiODIxMWU3YWFmZmM2YzI0NmJjNmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzBz0XfFJXjEK2JxFenfL8Y9CpFeI
rVbCc9pIteLQVldngahCIWcdU4QDxuz8U0YX+wVphipNpAG7IJHmGJzP8dP6vkJM
Dvy5C3Wce1gvALSBo1JjPD5QOcw9VrHA1BFGQryUaKWQ5mCQqEBmIIfWSi4nZH/C
VyLwNQIn+u/fTWJIwY6w1t2Ta6O2UKHyDTNdy4SJ+MA8ThAc7vFVVGTV70kYhuAS
RUHvbegyeedQZ1CmJ0TdhYfPeCt7OqPr+7N4cDxOQ14cZWViD7hOhAQt9wjTq9lK
SQ3MOgh73XH5Vc1bBWoVxHDUEeKJQpwCnslw8WtD+gSMdaWCkK56wYh4iwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCAujGd0sHiGKrghHnqv/Gwka8bxMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvSUM2TVozU3dlSVlxdUNFZWVxXzhiQ1JyeHZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQGg
MA0GCSqGSIb3DQEBCwUAA4IBAQAdNgS72hCaXNrIllgWbXgLHtkfCajY0b9whdsB
mslGnpIE1N9xoD8YPrqZhD4Dra03XjH2NSvQyAUZaGb9NWuAnlfqElHnTyv6TgZ5
+HQ0vjih/TCnR0st7PbyqmmRQuU03sdGIUE1a5Uf34YyEL8ikPpKXmaKeYIPNheF
ozaNjLV7EEKE+7AkxT4htrz+F91WhMD1MzAaG/2UlpiqmkLbnIWAi+f4pNEVSZHU
N1fTevblxMhruyjrJmc6jtIOpMfY//oweoDoyfyrnqsk13r2A+qAn7OaXHqpndX1
KLbiixvG33wnyJBR89cZ8xvrd0zIeDzhG8R+JvEqCkF12Tsx
-----END CERTIFICATE-----