Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/N94nlec5_erR8ZtJnfdKHCerFYk.roa
File:                     N94nlec5_erR8ZtJnfdKHCerFYk.roa (raw, json)
Hash identifier:          hg0mXeJtYppJVITrJz+Hs9Kjy6oMwrWR8fi0pIP1ps4=
Subject key identifier:   37:DE:27:95:E7:39:FD:EA:D1:F1:9B:49:9D:F7:4A:1C:27:AB:15:89
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       0194277C3547EB776136EEE4F8F3709E5F3A
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/N94nlec5_erR8ZtJnfdKHCerFYk.roa
Signing time:             Thu 02 Jan 2025 14:47:19 +0000
ROA not before:           Thu 02 Jan 2025 14:47:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213638
IP address blocks:        2a0c:b641:180::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 05:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:7c:35:47:eb:77:61:36:ee:e4:f8:f3:70:9e:5f:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 14:47:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=37de2795e739fdead1f19b499df74a1c27ab1589
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:ee:38:9e:75:a2:39:d7:b6:80:66:cc:98:3a:
                    de:38:48:fe:56:71:e7:3c:08:3a:e5:ac:b6:bd:0d:
                    f7:38:1a:cb:a7:bb:8e:b3:03:4d:dd:07:79:39:05:
                    42:c4:cc:e7:c1:1d:50:4f:bc:69:35:69:80:cd:79:
                    87:56:2c:78:fe:8b:66:35:af:83:a1:89:21:98:2f:
                    19:12:8f:8b:18:a2:ac:db:5f:f1:80:c3:1b:61:fd:
                    d5:47:bf:0a:37:ee:55:46:43:39:3a:a9:16:2f:fc:
                    ca:2d:28:c1:04:31:5f:b3:41:df:1f:2c:40:57:b3:
                    fd:42:c5:81:5e:08:33:cb:be:12:63:b0:df:f9:af:
                    93:e3:01:3b:a2:7d:d7:26:bf:bd:01:62:d6:ac:9e:
                    72:9f:6c:f8:e7:37:3f:a3:10:bc:0e:1c:d3:56:5b:
                    dc:0a:51:50:4a:d1:c6:4a:34:cb:77:34:df:e9:91:
                    c6:8f:a8:e5:16:7d:55:aa:ec:78:f5:bc:1e:52:17:
                    82:6e:a5:da:bc:b6:0a:39:52:f6:de:70:af:ee:67:
                    3e:f0:77:f3:06:17:78:87:c6:52:c4:c5:99:a0:2e:
                    cf:12:e7:10:cc:44:2f:8c:c8:21:52:2f:40:5e:58:
                    f2:e9:cb:f2:b7:65:e0:34:31:f6:67:0c:c2:82:7b:
                    ea:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:DE:27:95:E7:39:FD:EA:D1:F1:9B:49:9D:F7:4A:1C:27:AB:15:89
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/N94nlec5_erR8ZtJnfdKHCerFYk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:180::/44

    Signature Algorithm: sha256WithRSAEncryption
         7f:a0:ec:cb:51:07:e1:10:6d:83:79:82:60:d0:4d:12:3d:5b:
         ba:bc:67:0e:8c:d2:d0:17:32:61:c9:b7:1b:6c:98:08:63:5a:
         ef:db:fa:8b:57:3c:80:11:0b:7d:cd:2e:a8:f4:ee:1d:78:95:
         4f:77:a6:76:9e:e5:aa:6c:b7:f7:ea:20:82:a2:ac:ce:c3:d8:
         d1:c8:b3:d3:4b:1e:1f:ba:9a:c8:9e:f8:58:cb:d4:c8:7e:a6:
         47:4b:55:6f:3c:a4:f3:0c:3e:91:0b:91:2c:e5:d8:af:a5:46:
         a6:ea:dc:16:67:7f:08:1e:f2:dd:2d:db:f4:71:8c:2a:ad:dc:
         35:a3:73:c8:80:52:72:cf:dc:74:db:ab:a0:62:c3:43:be:88:
         af:32:46:ba:b5:2f:4a:d3:1e:40:0b:14:61:6e:8f:a9:98:46:
         3e:39:05:a6:42:eb:9d:7f:06:21:25:02:3d:95:3a:51:32:7e:
         00:3f:b0:40:13:0c:6a:ef:a1:ff:51:57:9f:77:f3:ab:9e:3a:
         5c:19:d5:b3:13:63:73:17:8c:a6:4e:0b:c0:b5:80:90:ea:17:
         1a:06:55:72:97:58:d3:08:5c:91:19:6e:82:50:42:92:a8:ce:
         8f:e7:8f:9b:fb:d7:c9:ab:7c:04:29:fb:44:a2:93:fe:68:a3:
         86:30:14:b3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQnfDVH63dhNu7k+PNwnl86MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTAyMTQ0NzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2RlMjc5NWU3MzlmZGVhZDFmMTliNDk5ZGY3NGExYzI3YWIxNTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx+44nnWiOde2gGbMmDreOEj+VnHn
PAg65ay2vQ33OBrLp7uOswNN3Qd5OQVCxMznwR1QT7xpNWmAzXmHVix4/otmNa+D
oYkhmC8ZEo+LGKKs21/xgMMbYf3VR78KN+5VRkM5OqkWL/zKLSjBBDFfs0HfHyxA
V7P9QsWBXggzy74SY7Df+a+T4wE7on3XJr+9AWLWrJ5yn2z45zc/oxC8DhzTVlvc
ClFQStHGSjTLdzTf6ZHGj6jlFn1Vqux49bweUheCbqXavLYKOVL23nCv7mc+8Hfz
Bhd4h8ZSxMWZoC7PEucQzEQvjMghUi9AXljy6cvyt2XgNDH2ZwzCgnvqdQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDfeJ5XnOf3q0fGbSZ33ShwnqxWJMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvTjk0bmxlYzVfZXJSOFp0Sm5mZEtIQ2VyRllrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQGA
MA0GCSqGSIb3DQEBCwUAA4IBAQB/oOzLUQfhEG2DeYJg0E0SPVu6vGcOjNLQFzJh
ybcbbJgIY1rv2/qLVzyAEQt9zS6o9O4deJVPd6Z2nuWqbLf36iCCoqzOw9jRyLPT
Sx4fuprInvhYy9TIfqZHS1VvPKTzDD6RC5Es5divpUam6twWZ38IHvLdLdv0cYwq
rdw1o3PIgFJyz9x026ugYsNDvoivMka6tS9K0x5ACxRhbo+pmEY+OQWmQuudfwYh
JQI9lTpRMn4AP7BAEwxq76H/UVefd/OrnjpcGdWzE2NzF4ymTgvAtYCQ6hcaBlVy
l1jTCFyRGW6CUEKSqM6P54+b+9fJq3wEKftEopP+aKOGMBSz
-----END CERTIFICATE-----