Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/OYQqGxGxOrawPlmMPyaX-KH2vZU.roa
File:                     OYQqGxGxOrawPlmMPyaX-KH2vZU.roa (raw, json)
Hash identifier:          2ZeHwTW1Kc1RtndUnhB7z42aaqURCvb3PJBed+8Fb9s=
Subject key identifier:   39:84:2A:1B:11:B1:3A:B6:B0:3E:59:8C:3F:26:97:F8:A1:F6:BD:95
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01941FFA8F61BEE8AA3C3E5E7F2AE5F9A3AC
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/OYQqGxGxOrawPlmMPyaX-KH2vZU.roa
Signing time:             Wed 01 Jan 2025 03:48:21 +0000
ROA not before:           Wed 01 Jan 2025 03:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208753
IP address blocks:        2a0c:b642:a00::/44 maxlen: 48
                          2a0c:b642:ace::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 21:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:8f:61:be:e8:aa:3c:3e:5e:7f:2a:e5:f9:a3:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  1 03:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=39842a1b11b13ab6b03e598c3f2697f8a1f6bd95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:64:e8:ec:c5:c5:3f:83:10:20:dc:48:d6:16:
                    46:8f:1c:4e:c9:1b:9c:4d:4a:bc:2e:a8:e9:60:85:
                    2e:76:25:a4:93:45:ef:53:be:5c:5a:dd:39:10:e4:
                    80:72:48:26:52:7e:07:bd:78:c8:d8:d5:19:03:81:
                    e0:f4:71:b7:ee:77:3a:ee:fe:87:11:c4:7e:1a:9e:
                    b2:9f:36:09:54:0a:1b:92:21:d9:3c:fb:68:5b:2f:
                    94:6f:e0:11:21:88:91:ea:79:28:23:35:d4:4f:ba:
                    6f:ab:91:d5:34:57:85:08:e3:64:0e:12:a2:21:39:
                    0a:28:aa:82:5a:a2:02:dc:e6:71:8d:a7:10:f2:ca:
                    6c:d6:b4:9b:a5:cd:a5:4e:ad:dd:31:99:56:4c:07:
                    bb:15:16:74:2b:98:57:14:d2:88:3d:1c:6b:0a:66:
                    87:17:19:70:92:11:3c:8e:86:f3:74:75:6b:ac:80:
                    a4:cb:03:ab:0b:7f:1e:bb:46:86:27:23:08:34:7c:
                    6f:8e:6d:30:85:1d:ef:17:5f:20:e1:9e:be:e0:32:
                    0e:1e:bf:10:50:c4:49:05:30:ea:8f:6a:d9:d3:4d:
                    73:da:35:5e:c7:5d:61:d1:9c:9e:d8:46:cb:89:c3:
                    c6:a8:0a:dd:6d:3e:cf:89:b7:12:72:61:6c:31:b6:
                    67:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:84:2A:1B:11:B1:3A:B6:B0:3E:59:8C:3F:26:97:F8:A1:F6:BD:95
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/OYQqGxGxOrawPlmMPyaX-KH2vZU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b642:a00::/44
                  2a0c:b642:ace::/48

    Signature Algorithm: sha256WithRSAEncryption
         7d:98:c5:d6:80:a5:67:d4:86:9f:27:00:c1:2a:d5:f8:b9:b6:
         f9:73:1c:b4:e7:c2:b3:2f:e4:52:c0:d6:41:59:59:9d:cc:70:
         5f:16:9c:54:4a:30:9b:1e:2a:af:8d:0f:cb:2a:a1:de:85:db:
         7a:75:aa:fc:94:e6:59:1e:7b:b6:ec:e8:ac:2b:be:f8:c3:3b:
         0e:2c:f0:71:3e:d2:69:b1:63:77:28:6f:7b:24:6a:3e:8a:58:
         e7:66:26:57:ca:57:c4:57:5d:b3:09:f0:83:4c:83:d3:59:0e:
         e4:e2:ce:9c:e4:25:44:92:a9:df:9a:cb:2c:e1:d4:94:ce:83:
         c9:76:56:5b:cb:3f:de:55:23:a9:14:b0:f4:7a:08:b5:10:91:
         43:37:15:69:55:87:5d:27:c2:16:b1:05:98:10:cc:02:4b:a8:
         ad:9f:c6:eb:f8:ec:33:bd:2e:1f:85:37:18:8d:a0:e2:c6:2b:
         b6:85:b4:93:0f:6e:55:83:e9:72:50:86:2e:96:60:37:b6:0a:
         99:e5:b6:a9:c1:c9:b2:c8:f6:3a:f6:47:4e:12:84:34:f4:c4:
         3b:b4:2a:36:e7:23:55:6c:03:27:21:d4:d4:33:b5:93:54:ed:
         4a:f9:36:64:5f:5d:5a:57:22:df:bd:68:73:2e:5d:57:68:4c:
         08:8f:d5:00
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQf+o9hvuiqPD5efyrl+aOsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTAxMDM0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTg0MmExYjExYjEzYWI2YjAzZTU5OGMzZjI2OTdmOGExZjZiZDk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxGTo7MXFP4MQINxI1hZGjxxOyRuc
TUq8LqjpYIUudiWkk0XvU75cWt05EOSAckgmUn4HvXjI2NUZA4Hg9HG37nc67v6H
EcR+Gp6ynzYJVAobkiHZPPtoWy+Ub+ARIYiR6nkoIzXUT7pvq5HVNFeFCONkDhKi
ITkKKKqCWqIC3OZxjacQ8sps1rSbpc2lTq3dMZlWTAe7FRZ0K5hXFNKIPRxrCmaH
FxlwkhE8jobzdHVrrICkywOrC38eu0aGJyMINHxvjm0whR3vF18g4Z6+4DIOHr8Q
UMRJBTDqj2rZ001z2jVex11h0Zye2EbLicPGqArdbT7PibcScmFsMbZnxQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDmEKhsRsTq2sD5ZjD8ml/ih9r2VMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvT1lRcUd4R3hPcmF3UGxtTVB5YVgtS0gydlpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKgy2QgoA
AwcAKgy2QgrOMA0GCSqGSIb3DQEBCwUAA4IBAQB9mMXWgKVn1IafJwDBKtX4ubb5
cxy058KzL+RSwNZBWVmdzHBfFpxUSjCbHiqvjQ/LKqHehdt6dar8lOZZHnu27Ois
K774wzsOLPBxPtJpsWN3KG97JGo+iljnZiZXylfEV12zCfCDTIPTWQ7k4s6c5CVE
kqnfmsss4dSUzoPJdlZbyz/eVSOpFLD0egi1EJFDNxVpVYddJ8IWsQWYEMwCS6it
n8br+OwzvS4fhTcYjaDixiu2hbSTD25Vg+lyUIYulmA3tgqZ5bapwcmyyPY69kdO
EoQ09MQ7tCo25yNVbAMnIdTUM7WTVO1K+TZkX11aVyLfvWhzLl1XaEwIj9UA
-----END CERTIFICATE-----