Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/TVbGcwP9G1yJTJeZDpoiomQWPfA.roa
File:                     TVbGcwP9G1yJTJeZDpoiomQWPfA.roa (raw, json)
Hash identifier:          80/ZReju5bZOIDZnvXFKeqsp70iRQWW92QEj41lV/0s=
Subject key identifier:   4D:56:C6:73:03:FD:1B:5C:89:4C:97:99:0E:9A:22:A2:64:16:3D:F0
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01941FFAA7873A2D2B30AD9DA505E2456017
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/TVbGcwP9G1yJTJeZDpoiomQWPfA.roa
Signing time:             Wed 01 Jan 2025 03:48:28 +0000
ROA not before:           Wed 01 Jan 2025 03:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213219
IP address blocks:        2a0c:b641:9a0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 05:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:a7:87:3a:2d:2b:30:ad:9d:a5:05:e2:45:60:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  1 03:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4d56c67303fd1b5c894c97990e9a22a264163df0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:ee:71:77:80:7a:df:d5:67:37:59:11:22:17:
                    e2:3e:c8:e5:47:38:19:8e:a5:fa:8e:ad:76:aa:e6:
                    f8:23:fd:ca:b0:73:48:8e:a2:0c:57:55:ec:a6:34:
                    98:13:2d:15:c0:fe:7e:a7:4a:a5:4c:36:eb:5c:38:
                    a0:cd:98:3f:40:a2:2b:c5:46:7a:a9:77:5c:00:4e:
                    64:95:3a:78:0b:23:f5:49:48:b1:81:ef:17:c3:16:
                    f2:bf:2e:64:47:5e:ae:36:9b:c2:77:0f:bc:28:79:
                    59:65:b9:13:b3:a3:56:52:c7:13:5a:59:35:ff:3f:
                    4d:10:00:a9:31:32:7b:ec:93:c1:b3:7f:52:7f:5d:
                    ae:d4:39:ba:39:55:59:9b:3c:9b:54:7e:ae:e6:c6:
                    2f:6c:75:83:eb:3b:be:53:a3:d9:45:0d:e6:0b:1b:
                    d7:54:ca:1c:45:13:ad:4e:fe:b0:4a:41:01:2d:f2:
                    00:90:00:8a:3e:29:cc:1c:c4:66:57:21:b9:cf:84:
                    ae:d5:76:5e:83:b4:f3:8a:d8:6f:50:4b:b0:8b:03:
                    51:75:71:eb:fd:18:2b:2c:93:b9:de:df:8b:c5:f5:
                    a6:e9:7b:10:b0:4e:ba:e1:09:74:53:3a:1e:98:49:
                    86:69:cf:7b:48:01:3d:e7:dc:a0:a9:6f:73:39:81:
                    38:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:56:C6:73:03:FD:1B:5C:89:4C:97:99:0E:9A:22:A2:64:16:3D:F0
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/TVbGcwP9G1yJTJeZDpoiomQWPfA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:9a0::/44

    Signature Algorithm: sha256WithRSAEncryption
         62:f9:ed:63:93:10:84:76:51:1b:3a:7d:6a:4d:8f:cc:cb:e0:
         b6:72:4d:f8:29:26:10:e2:14:0b:b0:a9:c2:c5:31:3c:17:58:
         3d:64:ff:ab:7c:e4:61:50:88:1d:59:75:22:9d:e4:cc:1d:80:
         d7:43:53:45:6f:b2:f3:b5:a9:18:d3:8d:15:18:c3:ad:f1:a3:
         36:6a:52:c1:1c:2e:7a:f1:8f:20:94:8b:a6:89:9e:0a:4c:ed:
         bd:c3:2f:db:9f:8d:04:a6:d6:63:0a:34:db:d2:f8:e8:a1:20:
         ec:ba:64:76:ef:43:7e:75:77:0f:12:d6:18:5a:8e:69:d4:d1:
         d7:47:19:6b:fb:0f:17:e8:4f:36:c0:bb:fa:c5:59:ce:65:bc:
         29:32:a7:db:87:73:30:8f:2b:3f:13:87:a8:4b:c2:64:17:f8:
         45:43:34:ad:6e:88:e6:b2:1d:af:ee:e4:0a:a0:6c:58:0e:f9:
         b7:5b:e7:3c:2a:d9:d9:66:58:09:32:ba:26:ac:96:ef:a1:2c:
         b1:95:69:59:86:f5:82:78:12:83:f3:2a:92:40:7b:c1:c7:86:
         28:19:3b:96:51:d8:51:7c:47:2e:27:49:82:f8:98:37:d1:43:
         f6:60:77:82:10:84:60:53:be:58:52:d1:7d:ec:41:58:a7:83:
         66:34:91:eb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQf+qeHOi0rMK2dpQXiRWAXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTAxMDM0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDU2YzY3MzAzZmQxYjVjODk0Yzk3OTkwZTlhMjJhMjY0MTYzZGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9O5xd4B639VnN1kRIhfiPsjlRzgZ
jqX6jq12qub4I/3KsHNIjqIMV1XspjSYEy0VwP5+p0qlTDbrXDigzZg/QKIrxUZ6
qXdcAE5klTp4CyP1SUixge8Xwxbyvy5kR16uNpvCdw+8KHlZZbkTs6NWUscTWlk1
/z9NEACpMTJ77JPBs39Sf12u1Dm6OVVZmzybVH6u5sYvbHWD6zu+U6PZRQ3mCxvX
VMocRROtTv6wSkEBLfIAkACKPinMHMRmVyG5z4Su1XZeg7TzithvUEuwiwNRdXHr
/RgrLJO53t+LxfWm6XsQsE664Ql0UzoemEmGac97SAE959ygqW9zOYE4SQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFE1WxnMD/RtciUyXmQ6aIqJkFj3wMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvVFZiR2N3UDlHMXlKVEplWkRwb2lvbVFXUGZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQmg
MA0GCSqGSIb3DQEBCwUAA4IBAQBi+e1jkxCEdlEbOn1qTY/My+C2ck34KSYQ4hQL
sKnCxTE8F1g9ZP+rfORhUIgdWXUineTMHYDXQ1NFb7LztakY040VGMOt8aM2alLB
HC568Y8glIumiZ4KTO29wy/bn40EptZjCjTb0vjooSDsumR270N+dXcPEtYYWo5p
1NHXRxlr+w8X6E82wLv6xVnOZbwpMqfbh3Mwjys/E4eoS8JkF/hFQzStbojmsh2v
7uQKoGxYDvm3W+c8KtnZZlgJMromrJbvoSyxlWlZhvWCeBKD8yqSQHvBx4YoGTuW
UdhRfEcuJ0mC+Jg30UP2YHeCEIRgU75YUtF97EFYp4NmNJHr
-----END CERTIFICATE-----