Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/WDjCVN5CdVkTgW3B1C-1bfPV0QM.roa
File:                     WDjCVN5CdVkTgW3B1C-1bfPV0QM.roa (raw, json)
Hash identifier:          OxlbpcteYegmDHjRj1+Ab8KO5hE4jKa4PSByT9dPpiQ=
Subject key identifier:   58:38:C2:54:DE:42:75:59:13:81:6D:C1:D4:2F:B5:6D:F3:D5:D1:03
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01941FFAB77EB830756CB4030F3A6A65381B
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/WDjCVN5CdVkTgW3B1C-1bfPV0QM.roa
Signing time:             Wed 01 Jan 2025 03:48:32 +0000
ROA not before:           Wed 01 Jan 2025 03:48:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215789
IP address blocks:        2a0c:b641:b90::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:b7:7e:b8:30:75:6c:b4:03:0f:3a:6a:65:38:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  1 03:48:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5838c254de42755913816dc1d42fb56df3d5d103
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:4d:d9:15:43:36:74:f6:46:56:8d:f9:e0:67:
                    f1:e0:22:12:31:01:1c:dc:12:b6:b9:7e:e9:79:4d:
                    e6:0b:a3:1a:6d:15:13:8d:6c:c3:c5:37:09:af:45:
                    04:07:dc:b0:6a:1a:9e:1a:12:48:60:77:61:e7:81:
                    d1:e0:24:16:53:f8:39:ac:6e:82:88:2f:bc:d6:0d:
                    c3:5c:49:7c:27:0e:3f:ee:09:d9:14:d9:f2:48:f2:
                    f3:3e:5d:eb:38:7f:20:18:0b:a9:8c:c6:b0:0e:3f:
                    fc:06:50:76:c7:ed:f5:9a:ff:9f:62:5a:fe:08:50:
                    c2:48:c5:90:70:64:94:46:3a:fb:92:c2:1a:00:39:
                    7e:4e:56:cb:26:53:90:ea:eb:9a:7c:1f:11:1e:e5:
                    55:10:22:63:ee:5e:3a:c8:6c:2c:0d:7a:62:c3:99:
                    57:87:f6:95:31:ed:3d:76:51:0e:9d:95:52:0f:95:
                    38:27:a4:aa:53:c7:e4:1c:99:d4:3e:03:cc:4d:0e:
                    1b:81:e7:de:df:ad:88:9a:e7:0e:39:80:d9:28:dc:
                    0c:3f:b6:c2:14:04:35:79:28:f9:c7:aa:e5:80:20:
                    75:37:85:20:cf:b3:32:4b:db:f6:66:47:42:da:67:
                    4e:05:97:4d:f8:10:8f:63:6b:5e:ca:58:1e:43:16:
                    17:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:38:C2:54:DE:42:75:59:13:81:6D:C1:D4:2F:B5:6D:F3:D5:D1:03
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/WDjCVN5CdVkTgW3B1C-1bfPV0QM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:b90::/44

    Signature Algorithm: sha256WithRSAEncryption
         89:85:47:35:31:b8:26:31:0e:dc:1b:f9:b9:ab:31:60:ea:91:
         39:1d:90:67:eb:22:40:b3:f2:3a:94:51:38:e9:de:e1:b6:8a:
         71:51:56:86:a1:eb:db:a5:4b:ed:13:cc:85:57:f7:38:7b:9f:
         9f:ca:23:1f:46:f3:43:2a:e3:ff:aa:05:40:37:69:b3:61:c4:
         b7:b3:5e:cf:64:80:99:4b:f1:9d:53:45:e3:f5:65:ce:09:b9:
         17:90:c2:9e:ae:ee:dc:57:ac:95:12:63:15:10:45:80:d7:a4:
         09:34:fe:59:f1:3d:e5:0b:25:de:32:3e:24:16:a0:f3:f5:93:
         ca:8f:a0:e7:e9:a1:ed:23:cb:d2:ea:5f:e7:b1:2f:64:cf:14:
         2d:bb:42:31:c5:28:dc:7c:6a:6f:b4:b1:9f:9a:aa:6c:04:6d:
         c8:18:ff:06:b5:83:78:cc:ce:0e:14:c9:5c:a1:e4:55:03:8f:
         26:37:18:17:5a:fe:f4:8a:8b:c4:74:95:c4:0a:4d:5b:dc:68:
         26:ca:f8:f3:a9:cf:40:19:2e:9b:b3:1c:bf:e3:9e:b2:fa:32:
         a6:73:d3:57:5c:8d:93:10:21:4c:9a:fc:a3:2d:3c:11:b8:61:
         01:70:5d:26:70:30:2d:6c:a8:29:a1:9c:5f:fb:55:47:8a:4e:
         36:ac:63:7d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQf+rd+uDB1bLQDDzpqZTgbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTAxMDM0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODM4YzI1NGRlNDI3NTU5MTM4MTZkYzFkNDJmYjU2ZGYzZDVkMTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzE3ZFUM2dPZGVo354Gfx4CISMQEc
3BK2uX7peU3mC6MabRUTjWzDxTcJr0UEB9ywahqeGhJIYHdh54HR4CQWU/g5rG6C
iC+81g3DXEl8Jw4/7gnZFNnySPLzPl3rOH8gGAupjMawDj/8BlB2x+31mv+fYlr+
CFDCSMWQcGSURjr7ksIaADl+TlbLJlOQ6uuafB8RHuVVECJj7l46yGwsDXpiw5lX
h/aVMe09dlEOnZVSD5U4J6SqU8fkHJnUPgPMTQ4bgefe362ImucOOYDZKNwMP7bC
FAQ1eSj5x6rlgCB1N4Ugz7MyS9v2ZkdC2mdOBZdN+BCPY2teylgeQxYXzwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFg4wlTeQnVZE4FtwdQvtW3z1dEDMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvV0RqQ1ZONUNkVmtUZ1czQjFDLTFiZlBWMFFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQuQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCJhUc1MbgmMQ7cG/m5qzFg6pE5HZBn6yJAs/I6
lFE46d7htopxUVaGoevbpUvtE8yFV/c4e5+fyiMfRvNDKuP/qgVAN2mzYcS3s17P
ZICZS/GdU0Xj9WXOCbkXkMKeru7cV6yVEmMVEEWA16QJNP5Z8T3lCyXeMj4kFqDz
9ZPKj6Dn6aHtI8vS6l/nsS9kzxQtu0IxxSjcfGpvtLGfmqpsBG3IGP8GtYN4zM4O
FMlcoeRVA48mNxgXWv70iovEdJXECk1b3Ggmyvjzqc9AGS6bsxy/456y+jKmc9NX
XI2TECFMmvyjLTwRuGEBcF0mcDAtbKgpoZxf+1VHik42rGN9
-----END CERTIFICATE-----