Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/JkjSV4aTPkLM3vjJHlAsMdc6bjg.roa
File:                     JkjSV4aTPkLM3vjJHlAsMdc6bjg.roa (raw, json)
Hash identifier:          KzICVsHT7/FvUkUnSaQSdW/UwhKvZSJWeHAG0hSdrLY=
Subject key identifier:   26:48:D2:57:86:93:3E:42:CC:DE:F8:C9:1E:50:2C:31:D7:3A:6E:38
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01941FFA80026AC8093E877CEA7DD92BA7FA
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/JkjSV4aTPkLM3vjJHlAsMdc6bjg.roa
Signing time:             Wed 01 Jan 2025 03:48:17 +0000
ROA not before:           Wed 01 Jan 2025 03:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198127
IP address blocks:        2a0c:b641:300::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 05:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:80:02:6a:c8:09:3e:87:7c:ea:7d:d9:2b:a7:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  1 03:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2648d25786933e42ccdef8c91e502c31d73a6e38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:de:85:0c:4c:d4:e8:02:3c:7e:7b:2f:40:3b:
                    31:37:26:31:6c:2c:b1:22:a4:eb:23:8b:d2:0a:bf:
                    5e:91:62:70:e0:d1:e6:88:10:23:aa:de:e7:0c:37:
                    14:e9:29:8a:d8:9a:c6:e1:ee:f4:e5:c6:34:f5:77:
                    38:d1:a1:cc:d1:35:6f:01:18:b9:06:58:55:0a:9e:
                    c8:f2:ea:db:24:f5:ac:60:5f:56:96:a6:14:07:a0:
                    01:a7:58:c5:75:c1:6e:1a:cd:01:d2:09:f0:19:67:
                    2d:b5:7b:64:7d:92:06:90:9a:5f:e8:42:07:1b:67:
                    cc:cb:90:46:27:5b:3f:4b:50:f2:9c:3b:98:f2:d7:
                    58:61:bc:04:d2:cf:9e:57:bc:bd:a6:7f:0e:ae:ce:
                    8a:e1:6f:6b:5a:fb:80:18:2f:0c:a3:8b:dd:9a:45:
                    6d:80:32:5c:90:0d:71:32:c1:db:96:67:29:49:12:
                    9b:e7:91:13:01:c7:e9:2c:11:f4:db:76:48:7f:94:
                    c4:b0:f9:7e:03:81:c1:c3:e9:81:59:6b:0b:f7:b7:
                    91:b7:d6:ba:b5:73:5a:69:b7:3c:1c:9e:97:d7:c0:
                    61:f2:0a:fe:fe:63:4a:7a:a3:6a:6a:6e:3e:92:03:
                    ae:a5:d4:7e:68:ef:b3:9b:52:2c:e5:a5:7e:0b:07:
                    96:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:48:D2:57:86:93:3E:42:CC:DE:F8:C9:1E:50:2C:31:D7:3A:6E:38
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/JkjSV4aTPkLM3vjJHlAsMdc6bjg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:300::/44

    Signature Algorithm: sha256WithRSAEncryption
         76:84:22:75:1a:67:83:b2:6f:e3:e1:75:52:06:73:23:8b:f3:
         d4:ad:1c:6a:da:ac:c3:f1:d6:e8:a6:b9:8b:25:ab:c6:ef:04:
         98:2f:69:3a:e7:60:cd:76:3f:dd:8e:3a:0f:29:1e:71:99:ed:
         3a:55:0f:e3:f0:ce:69:59:e0:3f:2b:be:1b:7f:95:7b:ae:6f:
         f3:72:e5:2b:e2:ef:3a:d8:c3:01:3d:88:bf:9d:69:70:05:5c:
         ce:4e:b3:2c:4b:31:05:c4:84:fb:2b:db:b3:9d:ec:9c:c7:36:
         1b:fb:eb:00:28:a3:f5:da:a4:28:ef:bb:e2:e5:c5:d1:20:88:
         55:3a:66:c6:99:b3:70:c1:7d:77:33:72:53:50:cf:a3:43:e6:
         ac:b3:32:74:99:40:75:b7:72:fc:51:51:bc:ef:18:a9:b6:c4:
         86:06:e4:4e:de:ec:3b:a3:1b:7c:f4:19:c8:2c:87:8a:68:b8:
         93:c1:d3:ce:b3:31:29:6f:33:6c:74:f3:4a:ed:48:36:1a:5d:
         a5:0e:3f:6c:bd:17:3e:41:66:81:f4:25:4e:04:ef:f9:c3:67:
         8d:27:64:43:36:4b:7d:66:0e:52:3f:7c:9e:ec:d7:b5:9e:c7:
         32:94:3b:92:f0:bc:56:42:6b:f6:89:c2:bb:82:ab:82:a7:df:
         52:b1:0c:f3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQf+oACasgJPod86n3ZK6f6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTAxMDM0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjQ4ZDI1Nzg2OTMzZTQyY2NkZWY4YzkxZTUwMmMzMWQ3M2E2ZTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArN6FDEzU6AI8fnsvQDsxNyYxbCyx
IqTrI4vSCr9ekWJw4NHmiBAjqt7nDDcU6SmK2JrG4e705cY09Xc40aHM0TVvARi5
BlhVCp7I8urbJPWsYF9WlqYUB6ABp1jFdcFuGs0B0gnwGWcttXtkfZIGkJpf6EIH
G2fMy5BGJ1s/S1DynDuY8tdYYbwE0s+eV7y9pn8Ors6K4W9rWvuAGC8Mo4vdmkVt
gDJckA1xMsHblmcpSRKb55ETAcfpLBH023ZIf5TEsPl+A4HBw+mBWWsL97eRt9a6
tXNaabc8HJ6X18Bh8gr+/mNKeqNqam4+kgOupdR+aO+zm1Is5aV+CweWdQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCZI0leGkz5CzN74yR5QLDHXOm44MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvSmtqU1Y0YVRQa0xNM3ZqSkhsQXNNZGM2YmpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQMA
MA0GCSqGSIb3DQEBCwUAA4IBAQB2hCJ1GmeDsm/j4XVSBnMji/PUrRxq2qzD8dbo
prmLJavG7wSYL2k652DNdj/djjoPKR5xme06VQ/j8M5pWeA/K74bf5V7rm/zcuUr
4u862MMBPYi/nWlwBVzOTrMsSzEFxIT7K9uzneycxzYb++sAKKP12qQo77vi5cXR
IIhVOmbGmbNwwX13M3JTUM+jQ+asszJ0mUB1t3L8UVG87xiptsSGBuRO3uw7oxt8
9BnILIeKaLiTwdPOszEpbzNsdPNK7Ug2Gl2lDj9svRc+QWaB9CVOBO/5w2eNJ2RD
Nkt9Zg5SP3ye7Ne1nscylDuS8LxWQmv2icK7gquCp99SsQzz
-----END CERTIFICATE-----