Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/QDCNh-ypzA2ZbFJEAtLSNBW1MCU.roa
File:                     QDCNh-ypzA2ZbFJEAtLSNBW1MCU.roa (raw, json)
Hash identifier:          IZTypXUISmXRKz1fTCz9RBT6ws/lCvkEBJZ9SKVmcCo=
Subject key identifier:   40:30:8D:87:EC:A9:CC:0D:99:6C:52:44:02:D2:D2:34:15:B5:30:25
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01941FFA87A1099F899DFCC6E8AECEB7AEFB
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/QDCNh-ypzA2ZbFJEAtLSNBW1MCU.roa
Signing time:             Wed 01 Jan 2025 03:48:19 +0000
ROA not before:           Wed 01 Jan 2025 03:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205539
IP address blocks:        2a0c:b641:840::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 05:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:87:a1:09:9f:89:9d:fc:c6:e8:ae:ce:b7:ae:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  1 03:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=40308d87eca9cc0d996c524402d2d23415b53025
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:f7:da:c4:29:e5:64:32:b0:2e:e4:f0:03:e7:
                    d6:63:6e:45:ea:36:40:92:03:af:46:52:51:30:68:
                    11:52:4d:71:e9:14:75:1e:6f:e1:5a:6f:92:eb:71:
                    ec:8b:6f:0e:94:df:ca:d3:b0:f0:7b:17:f8:3f:41:
                    2c:09:55:29:fb:60:c6:9c:57:8b:4e:29:86:62:91:
                    88:0f:4c:6b:f5:47:66:4e:d4:56:52:9d:c4:5a:78:
                    72:c4:3a:8d:09:d1:ec:4a:a0:cc:37:46:86:fd:cb:
                    57:b6:cd:77:e4:42:3f:e3:e0:05:c2:a0:82:bf:9f:
                    b5:dd:b8:36:8c:bc:96:17:81:db:68:93:d7:dc:78:
                    b6:cd:de:00:01:25:13:a2:ef:43:9f:ce:84:34:3c:
                    ef:3d:06:72:0b:a1:55:d3:08:9b:34:05:f8:89:c0:
                    e4:29:ba:82:ea:0b:d6:14:54:b7:df:7d:73:90:a1:
                    d1:bb:6e:40:ac:2b:47:3a:e5:da:c7:07:c3:0d:90:
                    91:cc:60:c1:cd:76:cc:c0:84:f7:93:56:93:65:e7:
                    48:82:8a:b6:4e:2b:c2:25:ed:54:9e:2d:33:17:bd:
                    1a:9f:ef:27:da:c9:a1:ad:9a:7e:40:56:de:97:16:
                    f1:57:17:60:6e:00:ba:82:ca:53:02:db:64:fc:b1:
                    3e:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:30:8D:87:EC:A9:CC:0D:99:6C:52:44:02:D2:D2:34:15:B5:30:25
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/QDCNh-ypzA2ZbFJEAtLSNBW1MCU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:840::/44

    Signature Algorithm: sha256WithRSAEncryption
         50:56:41:41:dc:58:15:c4:90:96:e1:c8:6d:aa:c2:a4:65:89:
         14:9c:ad:9e:e6:33:73:3a:b0:f0:09:df:4e:d8:3e:98:58:f4:
         99:99:b0:fa:aa:23:ad:f2:5f:e1:d0:97:d0:a3:5e:aa:60:fd:
         70:53:e1:d8:64:c6:e8:ce:a2:0b:ad:22:30:f3:2e:31:d1:51:
         33:c8:c1:e0:c2:ca:29:3c:2b:fe:53:36:e3:f1:18:5a:a2:7a:
         0c:30:09:84:c8:fc:38:22:8c:03:4e:a4:50:20:c2:fc:6e:4c:
         1c:1c:48:bb:ae:78:2e:80:f8:14:d8:34:fa:29:ff:97:67:d9:
         76:5a:63:f1:71:e5:c5:d7:b2:1a:9d:31:5a:23:44:35:2c:ed:
         0b:73:10:57:d4:c1:43:c5:27:a4:80:88:65:a1:c9:d1:ee:23:
         34:1b:62:1d:80:79:dd:03:30:50:6c:79:11:ef:59:c6:bb:bb:
         54:87:44:58:bd:8d:4b:9c:b9:e5:10:a9:0f:2f:18:94:2c:4a:
         5c:af:7d:7b:d5:3a:d7:61:54:20:af:90:a2:35:ff:d2:f5:f9:
         c9:57:6a:2a:b7:97:5a:c9:aa:ef:46:3e:90:d3:3f:f3:95:89:
         d3:d9:54:ef:5a:d2:6d:e4:ae:fd:db:35:4c:da:26:cc:94:d6:
         4d:15:4f:66
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQf+oehCZ+JnfzG6K7Ot677MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTAxMDM0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDMwOGQ4N2VjYTljYzBkOTk2YzUyNDQwMmQyZDIzNDE1YjUzMDI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuffaxCnlZDKwLuTwA+fWY25F6jZA
kgOvRlJRMGgRUk1x6RR1Hm/hWm+S63Hsi28OlN/K07Dwexf4P0EsCVUp+2DGnFeL
TimGYpGID0xr9UdmTtRWUp3EWnhyxDqNCdHsSqDMN0aG/ctXts135EI/4+AFwqCC
v5+13bg2jLyWF4HbaJPX3Hi2zd4AASUTou9Dn86ENDzvPQZyC6FV0wibNAX4icDk
KbqC6gvWFFS3331zkKHRu25ArCtHOuXaxwfDDZCRzGDBzXbMwIT3k1aTZedIgoq2
TivCJe1Uni0zF70an+8n2smhrZp+QFbelxbxVxdgbgC6gspTAttk/LE+YQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEAwjYfsqcwNmWxSRALS0jQVtTAlMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvUURDTmgteXB6QTJaYkZKRUF0TFNOQlcxTUNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQhA
MA0GCSqGSIb3DQEBCwUAA4IBAQBQVkFB3FgVxJCW4chtqsKkZYkUnK2e5jNzOrDw
Cd9O2D6YWPSZmbD6qiOt8l/h0JfQo16qYP1wU+HYZMbozqILrSIw8y4x0VEzyMHg
wsopPCv+Uzbj8RhaonoMMAmEyPw4IowDTqRQIML8bkwcHEi7rngugPgU2DT6Kf+X
Z9l2WmPxceXF17IanTFaI0Q1LO0LcxBX1MFDxSekgIhlocnR7iM0G2IdgHndAzBQ
bHkR71nGu7tUh0RYvY1LnLnlEKkPLxiULEpcr3171TrXYVQgr5CiNf/S9fnJV2oq
t5dayarvRj6Q0z/zlYnT2VTvWtJt5K792zVM2ibMlNZNFU9m
-----END CERTIFICATE-----