Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/L544sydWEw7r7tNiQZe0fYYLXto.roa
File:                     L544sydWEw7r7tNiQZe0fYYLXto.roa (raw, json)
Hash identifier:          Vw8uHcpc6JEXBzudJDIlkJ7ZFNztLVHlDo2WDaiVOJU=
Subject key identifier:   2F:9E:38:B3:27:56:13:0E:EB:EE:D3:62:41:97:B4:7D:86:0B:5E:DA
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01941FFA966DA5C3B9EAA0A9B587DC36F0CA
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/L544sydWEw7r7tNiQZe0fYYLXto.roa
Signing time:             Wed 01 Jan 2025 03:48:23 +0000
ROA not before:           Wed 01 Jan 2025 03:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210103
IP address blocks:        2a0c:b641:90::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:96:6d:a5:c3:b9:ea:a0:a9:b5:87:dc:36:f0:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  1 03:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2f9e38b32756130eebeed3624197b47d860b5eda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:cb:7d:be:48:75:ab:05:0f:f3:dd:58:6f:70:
                    06:e5:45:f7:9c:07:d0:31:99:b0:ce:f8:bb:c4:ce:
                    2e:08:76:5e:5f:95:dc:33:90:d4:6d:3d:f5:23:64:
                    f0:43:01:5d:14:88:0a:50:73:30:82:b5:55:9b:14:
                    f7:56:69:60:47:c3:60:1b:b9:ab:cb:ec:a2:a0:b5:
                    60:60:f2:24:e7:bf:df:c7:59:b5:ac:d5:b5:4f:72:
                    7c:27:29:81:41:4c:ea:04:f4:b4:d2:07:04:8f:2f:
                    9b:84:b2:3c:20:6f:b7:f5:a5:e0:46:f2:db:48:b8:
                    a1:fb:a4:e4:4f:e4:e6:e2:41:fc:c5:5d:1f:02:8d:
                    32:a6:43:2d:bf:6e:bf:d2:41:4a:2a:77:2a:51:69:
                    af:e1:a7:2a:ff:b3:12:34:47:ca:bd:6d:31:7a:b8:
                    98:aa:e8:2b:d2:83:68:95:3a:28:b4:1c:37:34:be:
                    6b:f2:92:0e:32:7a:79:40:a1:0b:f7:6f:92:c2:7c:
                    ec:b1:1d:b9:f3:1f:50:67:a6:00:62:2a:5f:d9:b9:
                    b1:00:06:59:22:ab:4c:79:53:e2:a0:3b:59:05:fc:
                    18:30:b7:51:78:ec:63:91:8a:9a:b5:89:e0:79:75:
                    6e:63:c8:b4:7b:92:78:07:f7:4c:dd:e1:20:07:af:
                    57:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:9E:38:B3:27:56:13:0E:EB:EE:D3:62:41:97:B4:7D:86:0B:5E:DA
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/L544sydWEw7r7tNiQZe0fYYLXto.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:90::/44

    Signature Algorithm: sha256WithRSAEncryption
         39:c6:d7:aa:19:4c:14:d9:42:21:b9:51:11:97:ab:1f:07:aa:
         47:99:ad:7c:6a:b1:99:d2:bf:b0:c9:b3:22:09:c6:dc:30:c9:
         1c:37:9a:65:30:ba:6f:0c:46:18:ae:b6:91:2e:49:a4:01:10:
         4b:54:62:2e:d9:92:64:5f:a2:c4:98:34:50:4b:66:d5:ba:c5:
         1e:f0:88:e0:8b:2b:d1:bd:31:d4:21:bb:a0:46:ac:62:5f:8b:
         02:4d:b5:0b:c7:9e:5a:4a:17:13:ad:60:66:f7:6e:1b:67:f7:
         59:ea:1a:72:b9:61:c9:57:8a:aa:72:b9:22:78:8d:c0:1a:3c:
         bd:c6:29:00:50:5e:a2:13:12:64:08:54:f8:05:a7:57:f7:4c:
         24:c5:f6:73:e9:c8:bb:32:dc:63:b8:60:b9:fd:2e:3c:d3:ca:
         35:72:69:47:ce:15:88:78:dd:bb:5a:15:4a:97:0e:b2:0b:7e:
         5d:13:ae:c6:39:ab:ce:b9:45:91:38:5d:5c:26:29:95:67:15:
         30:ac:81:12:b9:e4:fa:65:3f:6c:67:35:7a:92:e9:20:8b:f5:
         82:42:47:1a:43:b8:19:24:60:11:e1:61:06:0e:69:84:de:4e:
         9f:ea:41:b9:49:dd:04:54:a5:1a:c0:a1:fe:eb:66:9f:6e:54:
         98:b9:20:b5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQf+pZtpcO56qCptYfcNvDKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTAxMDM0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjllMzhiMzI3NTYxMzBlZWJlZWQzNjI0MTk3YjQ3ZDg2MGI1ZWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx8t9vkh1qwUP891Yb3AG5UX3nAfQ
MZmwzvi7xM4uCHZeX5XcM5DUbT31I2TwQwFdFIgKUHMwgrVVmxT3VmlgR8NgG7mr
y+yioLVgYPIk57/fx1m1rNW1T3J8JymBQUzqBPS00gcEjy+bhLI8IG+39aXgRvLb
SLih+6TkT+Tm4kH8xV0fAo0ypkMtv26/0kFKKncqUWmv4acq/7MSNEfKvW0xeriY
qugr0oNolTootBw3NL5r8pIOMnp5QKEL92+SwnzssR258x9QZ6YAYipf2bmxAAZZ
IqtMeVPioDtZBfwYMLdReOxjkYqatYngeXVuY8i0e5J4B/dM3eEgB69XRwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFC+eOLMnVhMO6+7TYkGXtH2GC17aMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvTDU0NHN5ZFdFdzdyN3ROaVFaZTBmWVlMWHRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQCQ
MA0GCSqGSIb3DQEBCwUAA4IBAQA5xteqGUwU2UIhuVERl6sfB6pHma18arGZ0r+w
ybMiCcbcMMkcN5plMLpvDEYYrraRLkmkARBLVGIu2ZJkX6LEmDRQS2bVusUe8Ijg
iyvRvTHUIbugRqxiX4sCTbULx55aShcTrWBm924bZ/dZ6hpyuWHJV4qqcrkieI3A
Gjy9xikAUF6iExJkCFT4BadX90wkxfZz6ci7MtxjuGC5/S4808o1cmlHzhWIeN27
WhVKlw6yC35dE67GOavOuUWROF1cJimVZxUwrIESueT6ZT9sZzV6kukgi/WCQkca
Q7gZJGAR4WEGDmmE3k6f6kG5Sd0EVKUawKH+62afblSYuSC1
-----END CERTIFICATE-----