Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Xo783V2vJX_6oq5aQdnROJHe-bk.roa
File:                     Xo783V2vJX_6oq5aQdnROJHe-bk.roa (raw, json)
Hash identifier:          1QDB95IikeMvoeaDkCvrYRSeIXj3xb3KDTOVsZOtC6c=
Subject key identifier:   5E:8E:FC:DD:5D:AF:25:7F:FA:A2:AE:5A:41:D9:D1:38:91:DE:F9:B9
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       0196BA891E5F8A894D60BB4643CEF53A1B81
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Xo783V2vJX_6oq5aQdnROJHe-bk.roa
Signing time:             Sat 10 May 2025 14:11:10 +0000
ROA not before:           Sat 10 May 2025 14:11:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31898
IP address blocks:        2a0c:b641:190::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 01 Jun 2025 22:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ba:89:1e:5f:8a:89:4d:60:bb:46:43:ce:f5:3a:1b:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: May 10 14:11:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5e8efcdd5daf257ffaa2ae5a41d9d13891def9b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:5a:35:ae:18:48:44:e2:1d:ac:75:ce:cd:6f:
                    1f:ce:e1:90:6c:c7:5f:ae:1c:c7:58:10:7e:52:1e:
                    35:ee:30:05:f8:9d:50:75:f4:cc:7a:29:07:17:61:
                    8e:06:c2:1a:e2:51:10:d8:6f:3e:2d:37:37:2d:33:
                    b3:9e:57:82:01:36:90:0e:16:22:6c:f9:3d:b3:62:
                    22:97:e4:fa:4b:0e:ea:c1:fc:9b:c6:0e:fc:65:38:
                    bd:9f:71:72:7d:40:9a:2a:96:43:b6:9b:8c:d7:e8:
                    cc:78:26:bd:f1:09:a6:e7:84:3a:64:bd:73:a8:e5:
                    e7:34:40:12:39:b7:b3:69:47:25:84:c3:63:f8:a1:
                    0a:8e:6b:06:2b:66:82:d8:02:10:e4:17:18:8d:51:
                    ff:27:ed:d4:31:96:bd:b1:6b:7f:d4:b0:08:fc:c3:
                    80:80:3b:73:36:a0:ab:28:74:13:fe:71:62:cc:e4:
                    61:6b:d7:64:23:25:18:4f:95:4b:46:01:67:dc:f1:
                    12:69:79:ee:ca:b4:b7:46:f6:7a:e0:26:ef:c4:98:
                    d0:04:07:e7:5d:b2:bd:8e:75:62:d3:5e:b1:d4:29:
                    d3:d5:39:2a:00:77:cf:90:b5:43:00:b8:33:cc:f0:
                    ea:e7:84:45:c1:fb:74:b9:f0:d7:67:1f:e8:dc:c5:
                    98:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:8E:FC:DD:5D:AF:25:7F:FA:A2:AE:5A:41:D9:D1:38:91:DE:F9:B9
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Xo783V2vJX_6oq5aQdnROJHe-bk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:190::/44

    Signature Algorithm: sha256WithRSAEncryption
         4d:f6:27:6e:c7:43:80:5d:8f:3b:34:58:3b:d7:d9:ef:84:7c:
         b1:91:e9:6e:29:65:ec:03:bf:83:f2:18:8b:27:42:eb:06:03:
         c8:f1:b7:bb:1f:0a:8c:37:cf:f7:03:12:d8:dc:a0:68:20:d4:
         69:9d:37:dd:2f:6c:e7:a3:43:22:91:77:e8:54:91:1b:f7:f5:
         21:40:25:b3:a5:72:96:ce:52:16:32:24:8c:9e:54:3e:5e:32:
         b7:97:d8:24:68:4b:1f:f4:da:ef:87:2d:3c:63:25:69:5f:f5:
         5c:2d:1d:2d:42:57:ee:23:d1:54:1f:1b:0d:d2:c9:f5:ee:a5:
         85:82:d8:27:7a:ff:73:35:1b:28:7a:8a:8e:a3:d7:06:9c:b3:
         0e:75:4c:a4:ea:a0:b5:a1:ac:d0:f1:7f:12:73:00:39:1d:f9:
         39:9f:0f:8a:bd:c6:0d:2f:1f:8f:b7:7e:e4:89:ec:52:e3:12:
         9c:b9:79:c0:d3:9b:3f:7e:b6:bf:fc:d1:c7:66:ea:a8:82:fa:
         59:48:63:bf:f2:7c:19:40:cf:dd:3c:eb:74:f8:d6:1b:06:6e:
         a9:6f:7c:e0:d9:ca:b1:58:38:f5:96:28:d9:cb:63:d8:8a:ef:
         c4:61:6a:99:ce:2e:87:e5:06:3a:d7:34:16:4d:d9:9c:12:57:
         29:2a:84:89
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZa6iR5fiolNYLtGQ871OhuBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwNTEwMTQxMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZThlZmNkZDVkYWYyNTdmZmFhMmFlNWE0MWQ5ZDEzODkxZGVmOWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx1o1rhhIROIdrHXOzW8fzuGQbMdf
rhzHWBB+Uh417jAF+J1QdfTMeikHF2GOBsIa4lEQ2G8+LTc3LTOznleCATaQDhYi
bPk9s2Iil+T6Sw7qwfybxg78ZTi9n3FyfUCaKpZDtpuM1+jMeCa98Qmm54Q6ZL1z
qOXnNEASObezaUclhMNj+KEKjmsGK2aC2AIQ5BcYjVH/J+3UMZa9sWt/1LAI/MOA
gDtzNqCrKHQT/nFizORha9dkIyUYT5VLRgFn3PESaXnuyrS3RvZ64CbvxJjQBAfn
XbK9jnVi016x1CnT1TkqAHfPkLVDALgzzPDq54RFwft0ufDXZx/o3MWYEwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFF6O/N1dryV/+qKuWkHZ0TiR3vm5MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvWG83ODNWMnZKWF82b3E1YVFkblJPSkhlLWJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQGQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBN9idux0OAXY87NFg719nvhHyxkeluKWXsA7+D
8hiLJ0LrBgPI8be7HwqMN8/3AxLY3KBoINRpnTfdL2zno0MikXfoVJEb9/UhQCWz
pXKWzlIWMiSMnlQ+XjK3l9gkaEsf9Nrvhy08YyVpX/VcLR0tQlfuI9FUHxsN0sn1
7qWFgtgnev9zNRsoeoqOo9cGnLMOdUyk6qC1oazQ8X8ScwA5Hfk5nw+KvcYNLx+P
t37kiexS4xKcuXnA05s/fra//NHHZuqogvpZSGO/8nwZQM/dPOt0+NYbBm6pb3zg
2cqxWDj1lijZy2PYiu/EYWqZzi6H5QY61zQWTdmcElcpKoSJ
-----END CERTIFICATE-----