Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/RC6SVaF_2lTekWLoKG35GuuAyDY.roa
File:                     RC6SVaF_2lTekWLoKG35GuuAyDY.roa (raw, json)
Hash identifier:          YvmvR0q1btntxscj24JF/E6VpSCXo9Y/ulz4EMrPmjI=
Subject key identifier:   44:2E:92:55:A1:7F:DA:54:DE:91:62:E8:28:6D:F9:1A:EB:80:C8:36
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01944BA171F5580ACA09804A667730BFB7CF
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/RC6SVaF_2lTekWLoKG35GuuAyDY.roa
Signing time:             Thu 09 Jan 2025 15:14:19 +0000
ROA not before:           Thu 09 Jan 2025 15:14:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213615
IP address blocks:        2a0c:b641:190::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 13:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:4b:a1:71:f5:58:0a:ca:09:80:4a:66:77:30:bf:b7:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  9 15:14:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=442e9255a17fda54de9162e8286df91aeb80c836
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:58:61:9e:7f:28:d2:1c:42:b6:99:15:41:49:
                    52:b1:d6:00:6f:d4:eb:86:d0:7d:71:b2:74:b9:46:
                    fb:86:75:ad:7a:cc:41:d9:c8:d4:f9:a7:c4:b4:c7:
                    15:9a:3d:98:69:3f:ac:8a:61:b8:7f:01:28:26:6c:
                    8e:3a:b9:b6:ed:7f:a9:32:f9:53:ac:96:5d:52:7e:
                    40:3e:34:60:12:bc:3a:43:e6:5d:c3:cd:ac:b1:71:
                    a8:cd:b7:eb:6e:b2:7d:f8:5c:f6:bb:c0:a3:0c:ba:
                    f4:02:66:9c:f9:70:af:c5:7f:66:dd:ba:b2:65:89:
                    75:d5:5b:95:9b:89:f2:36:5b:2d:e4:d4:52:0a:35:
                    50:11:0d:d2:1c:bc:8a:c8:31:2a:a5:4f:fd:53:1a:
                    3d:ee:08:cd:e3:42:34:52:4f:29:06:35:22:85:27:
                    63:af:b0:d3:39:f4:8f:c7:3f:ec:fc:09:04:7f:f1:
                    34:86:af:89:c7:0c:e3:53:31:a2:27:d3:95:16:64:
                    5c:c6:8d:79:0d:ed:e4:1f:b1:a7:83:43:bd:7a:4d:
                    c4:64:d2:08:65:80:e0:24:d5:d1:03:62:df:05:f0:
                    f1:cd:63:32:77:7f:27:95:12:c0:3e:ec:6e:8e:94:
                    fd:88:1a:2b:f9:9e:ed:6b:85:b9:24:5f:fd:d5:43:
                    36:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:2E:92:55:A1:7F:DA:54:DE:91:62:E8:28:6D:F9:1A:EB:80:C8:36
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/RC6SVaF_2lTekWLoKG35GuuAyDY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:190::/44

    Signature Algorithm: sha256WithRSAEncryption
         4c:95:98:72:4b:98:b0:13:17:39:d7:1b:c3:4c:c4:6e:14:fb:
         0f:11:6c:85:39:e6:04:a4:8a:26:28:fc:fd:39:8d:4b:69:a7:
         67:6a:57:5c:81:6c:8d:3c:30:a4:ff:10:37:71:43:b7:fb:30:
         1f:9e:41:55:d1:09:7f:b8:70:d5:f6:29:d1:da:28:a2:34:6a:
         c0:f8:76:46:00:06:cf:44:de:0c:ad:dc:e5:40:b9:62:bb:24:
         99:3d:cf:9c:37:8c:5d:a6:22:7d:07:8a:3b:45:57:0c:d4:3f:
         be:2d:ae:f4:77:fa:54:3c:51:fb:20:4e:75:e1:5f:f6:de:91:
         57:07:c2:a3:ed:ba:e8:b6:56:6b:55:d1:28:b6:c8:ac:66:90:
         99:13:de:74:5d:e4:b9:54:c3:3a:47:73:27:82:e4:fb:45:77:
         b5:b9:8b:f8:13:9b:35:77:b2:0c:9e:a6:fd:62:c0:ef:9c:54:
         3a:48:12:e9:ed:72:e4:bb:b0:aa:92:c5:c4:ad:43:64:5f:89:
         23:2e:e4:00:db:15:c6:a0:27:be:af:15:cf:20:69:cf:e6:2f:
         ee:91:18:78:68:04:50:36:55:df:d7:d9:b6:a5:ae:20:04:58:
         b0:23:06:d6:85:40:9c:b4:f9:21:3e:18:6c:02:72:f1:1d:b1:
         0a:e7:ad:57
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZRLoXH1WArKCYBKZncwv7fPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTA5MTUxNDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDJlOTI1NWExN2ZkYTU0ZGU5MTYyZTgyODZkZjkxYWViODBjODM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqlhhnn8o0hxCtpkVQUlSsdYAb9Tr
htB9cbJ0uUb7hnWtesxB2cjU+afEtMcVmj2YaT+simG4fwEoJmyOOrm27X+pMvlT
rJZdUn5APjRgErw6Q+Zdw82ssXGozbfrbrJ9+Fz2u8CjDLr0Amac+XCvxX9m3bqy
ZYl11VuVm4nyNlst5NRSCjVQEQ3SHLyKyDEqpU/9Uxo97gjN40I0Uk8pBjUihSdj
r7DTOfSPxz/s/AkEf/E0hq+JxwzjUzGiJ9OVFmRcxo15De3kH7Gng0O9ek3EZNII
ZYDgJNXRA2LfBfDxzWMyd38nlRLAPuxujpT9iBor+Z7ta4W5JF/91UM2gQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEQuklWhf9pU3pFi6Cht+RrrgMg2MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvUkM2U1ZhRl8ybFRla1dMb0tHMzVHdXVBeURZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQGQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBMlZhyS5iwExc51xvDTMRuFPsPEWyFOeYEpIom
KPz9OY1LaadnaldcgWyNPDCk/xA3cUO3+zAfnkFV0Ql/uHDV9inR2iiiNGrA+HZG
AAbPRN4MrdzlQLliuySZPc+cN4xdpiJ9B4o7RVcM1D++La70d/pUPFH7IE514V/2
3pFXB8Kj7brotlZrVdEotsisZpCZE950XeS5VMM6R3MnguT7RXe1uYv4E5s1d7IM
nqb9YsDvnFQ6SBLp7XLku7CqksXErUNkX4kjLuQA2xXGoCe+rxXPIGnP5i/ukRh4
aARQNlXf19m2pa4gBFiwIwbWhUCctPkhPhhsAnLxHbEK561X
-----END CERTIFICATE-----