Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/N3N88wDIduYT2wJNN4Ak0IEYYmU.roa
File:                     N3N88wDIduYT2wJNN4Ak0IEYYmU.roa (raw, json)
Hash identifier:          7fyG73ncyrfv51bssqU9ShETWARvcWn97sTcBsVbQ2U=
Subject key identifier:   37:73:7C:F3:00:C8:76:E6:13:DB:02:4D:37:80:24:D0:81:18:62:65
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01941FFA7B33C40284855D59345B718BCBBF
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/N3N88wDIduYT2wJNN4Ak0IEYYmU.roa
Signing time:             Wed 01 Jan 2025 03:48:16 +0000
ROA not before:           Wed 01 Jan 2025 03:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50124
IP address blocks:        2a0c:b641:8f0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:7b:33:c4:02:84:85:5d:59:34:5b:71:8b:cb:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  1 03:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=37737cf300c876e613db024d378024d081186265
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:00:19:de:59:d3:2b:a4:8d:66:08:db:41:8d:
                    60:6d:7c:8f:34:55:59:16:1d:8e:7a:80:57:09:cb:
                    f9:80:09:8f:b6:cb:16:e8:86:a1:28:eb:cb:08:ff:
                    6d:60:9a:72:0b:ad:b9:09:5e:a2:f7:51:dd:eb:6d:
                    5e:de:8c:5c:80:59:de:e2:85:f9:81:97:ef:12:2c:
                    23:73:07:4d:de:4e:01:f9:7b:26:9b:38:96:f1:ef:
                    b2:11:2d:a3:6c:9f:53:32:39:51:76:3a:1d:4e:7c:
                    63:da:52:c8:51:6d:4d:02:2e:b6:0a:34:47:e2:f2:
                    f7:36:d9:28:36:de:24:33:79:fb:3e:81:af:ca:62:
                    a8:2c:6f:b9:cc:7a:90:2e:11:7c:0f:41:b1:3b:30:
                    39:01:e9:cf:86:4b:77:44:e7:8f:25:92:df:b7:9c:
                    46:36:e8:52:a8:7b:27:d8:74:20:56:3c:70:81:a8:
                    59:a7:d0:96:b0:e8:c2:d3:6d:f1:77:37:fd:e4:2b:
                    9a:0b:52:83:5f:9d:43:0d:0c:a0:50:79:c5:31:0e:
                    39:87:75:83:95:81:07:68:c6:cb:ae:da:d6:e0:81:
                    d5:c6:ad:18:a8:b9:4b:18:13:80:c3:54:36:b4:96:
                    63:3e:fb:7a:dc:ee:e2:55:7c:42:59:cc:81:7a:55:
                    58:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:73:7C:F3:00:C8:76:E6:13:DB:02:4D:37:80:24:D0:81:18:62:65
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/N3N88wDIduYT2wJNN4Ak0IEYYmU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:8f0::/44

    Signature Algorithm: sha256WithRSAEncryption
         7c:10:05:9d:ea:6f:b9:5c:5c:d2:2b:68:af:82:49:71:54:0d:
         55:16:6b:f1:74:f3:87:d2:39:50:a3:27:c5:76:15:6f:25:3f:
         84:76:98:2a:b7:8c:6c:fd:af:56:56:94:25:f0:ab:63:1f:d0:
         4f:e7:48:4a:89:90:80:6f:04:40:46:e1:e7:78:3b:d0:74:06:
         89:7b:b0:bf:5e:bb:64:8f:c0:af:24:1c:20:77:75:71:10:5b:
         c1:91:b9:c3:5b:94:df:15:0e:93:f9:f5:e7:04:ec:ac:af:92:
         8a:17:44:aa:2e:d1:0b:2d:25:1a:27:59:fa:d6:64:02:13:dc:
         12:85:a7:ff:18:fd:e8:7e:f9:81:a2:8c:c7:0f:db:dd:96:5c:
         69:ef:c3:c4:de:e2:b7:d7:9a:3c:c6:49:51:17:03:d3:be:4f:
         8c:ad:7e:67:2a:48:61:8c:e0:15:3d:d5:d2:45:8d:43:47:4f:
         c4:57:55:57:7c:54:bc:fd:4f:76:e5:cf:e8:6b:39:52:3a:d1:
         58:52:fd:b6:0e:64:3e:1d:14:b4:e5:55:84:43:26:cb:78:a0:
         5b:6d:40:c0:81:3d:63:36:11:fd:31:8b:12:8a:f9:65:43:4f:
         0d:aa:c9:42:05:c4:1a:6b:03:0e:6b:d3:10:99:4d:e3:d0:c4:
         9d:c8:10:23
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQf+nszxAKEhV1ZNFtxi8u/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTAxMDM0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzczN2NmMzAwYzg3NmU2MTNkYjAyNGQzNzgwMjRkMDgxMTg2MjY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlwAZ3lnTK6SNZgjbQY1gbXyPNFVZ
Fh2OeoBXCcv5gAmPtssW6IahKOvLCP9tYJpyC625CV6i91Hd621e3oxcgFne4oX5
gZfvEiwjcwdN3k4B+XsmmziW8e+yES2jbJ9TMjlRdjodTnxj2lLIUW1NAi62CjRH
4vL3NtkoNt4kM3n7PoGvymKoLG+5zHqQLhF8D0GxOzA5AenPhkt3ROePJZLft5xG
NuhSqHsn2HQgVjxwgahZp9CWsOjC023xdzf95CuaC1KDX51DDQygUHnFMQ45h3WD
lYEHaMbLrtrW4IHVxq0YqLlLGBOAw1Q2tJZjPvt63O7iVXxCWcyBelVYsQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDdzfPMAyHbmE9sCTTeAJNCBGGJlMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvTjNOODh3RElkdVlUMndKTk40QWswSUVZWW1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQjw
MA0GCSqGSIb3DQEBCwUAA4IBAQB8EAWd6m+5XFzSK2ivgklxVA1VFmvxdPOH0jlQ
oyfFdhVvJT+Edpgqt4xs/a9WVpQl8KtjH9BP50hKiZCAbwRARuHneDvQdAaJe7C/
Xrtkj8CvJBwgd3VxEFvBkbnDW5TfFQ6T+fXnBOysr5KKF0SqLtELLSUaJ1n61mQC
E9wShaf/GP3ofvmBoozHD9vdllxp78PE3uK315o8xklRFwPTvk+MrX5nKkhhjOAV
PdXSRY1DR0/EV1VXfFS8/U925c/oazlSOtFYUv22DmQ+HRS05VWEQybLeKBbbUDA
gT1jNhH9MYsSivllQ08NqslCBcQaawMOa9MQmU3j0MSdyBAj
-----END CERTIFICATE-----