Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Xx40aBgVlqB6hHvoXk0k8oh0QBU.roa
File:                     Xx40aBgVlqB6hHvoXk0k8oh0QBU.roa (raw, json)
Hash identifier:          XKE5obWqWTvMJrUgEd/i1iHxXmlPJBrgz8IitcL58SU=
Subject key identifier:   5F:1E:34:68:18:15:96:A0:7A:84:7B:E8:5E:4D:24:F2:88:74:40:15
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01941FFAB1BA2A1D4C7915E69A1210F01982
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Xx40aBgVlqB6hHvoXk0k8oh0QBU.roa
Signing time:             Wed 01 Jan 2025 03:48:30 +0000
ROA not before:           Wed 01 Jan 2025 03:48:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214753
IP address blocks:        2a0c:b641:c80::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:b1:ba:2a:1d:4c:79:15:e6:9a:12:10:f0:19:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  1 03:48:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5f1e3468181596a07a847be85e4d24f288744015
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:a6:f1:96:80:57:cc:ec:dc:8d:49:b7:77:f6:
                    a2:4e:74:5a:27:eb:79:40:aa:3c:f0:dd:50:d2:9a:
                    f3:88:7f:c8:e2:c8:2d:c7:1b:f8:d1:95:d1:e4:9b:
                    60:e4:72:09:e8:bc:67:fb:2b:1c:ff:74:34:9d:f3:
                    e0:81:2d:f6:a6:9f:1a:73:83:f6:01:f1:95:2b:bb:
                    d2:bc:73:57:7d:d0:63:66:0c:66:9e:08:58:84:1f:
                    98:c9:0e:d6:4a:7f:0e:4e:04:f1:d7:ce:ba:b3:29:
                    96:67:eb:d0:c2:84:9e:16:e3:06:e2:be:90:3e:a1:
                    ed:ee:61:0b:98:49:7d:bf:13:17:50:16:b4:64:0b:
                    0b:65:45:68:b2:2e:15:b7:fe:11:68:8f:c2:9a:0a:
                    e1:b1:8a:54:d2:8e:d6:ae:46:bd:34:64:6d:ad:12:
                    14:52:39:1c:47:30:f6:88:34:6c:5a:c6:58:07:5c:
                    f4:16:ba:0d:45:34:d6:41:26:95:52:33:5e:d8:bf:
                    20:71:38:42:91:8c:4c:63:3e:55:90:67:15:5f:51:
                    d2:a6:de:12:01:e3:a1:50:1b:11:93:17:68:3d:8f:
                    c5:bf:d5:79:0f:27:47:b2:dc:ae:62:80:e6:4f:f3:
                    b6:d9:1b:f6:c4:63:07:89:0f:da:c2:c9:7f:d7:5c:
                    de:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:1E:34:68:18:15:96:A0:7A:84:7B:E8:5E:4D:24:F2:88:74:40:15
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Xx40aBgVlqB6hHvoXk0k8oh0QBU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:c80::/44

    Signature Algorithm: sha256WithRSAEncryption
         90:f8:8d:0e:df:88:07:1f:46:6c:1d:37:9a:e9:c8:5f:72:36:
         98:de:30:c6:79:56:0d:bd:16:f0:c1:04:fe:4a:10:f3:cd:92:
         ef:3f:7d:58:81:60:e4:f9:76:9a:22:9a:6b:32:86:4a:e5:27:
         12:d0:2f:18:e6:22:6a:99:e9:83:ff:7c:d4:1d:9f:52:02:82:
         8f:c8:5b:3c:3a:32:07:29:06:43:66:92:6f:58:d3:da:0c:8f:
         92:2d:a4:e7:9a:32:08:2e:82:ec:c3:95:f1:9c:1c:60:70:c5:
         06:02:f7:11:4f:b8:ff:ac:7a:f2:da:12:4d:c1:f1:5f:31:1b:
         59:6a:63:3d:0a:07:4e:62:c1:78:dc:f6:98:ff:91:4d:48:83:
         b6:51:f8:95:d4:bb:63:b7:0f:fa:de:7d:bc:52:8b:47:cf:53:
         25:42:75:ed:f9:5b:9a:ce:2e:d0:10:b6:60:09:37:06:e3:a8:
         ef:b2:ab:c2:75:8b:4e:55:00:7d:b8:00:9e:e8:80:af:83:8f:
         ab:f5:e7:20:91:4a:d5:60:76:d3:ec:99:45:9a:96:c2:bb:89:
         71:07:85:87:09:15:9b:7c:4f:a7:91:eb:60:47:6e:dc:dd:63:
         84:52:a3:41:f3:e5:ee:7b:9c:b7:38:eb:49:20:78:36:3b:39:
         4e:8a:84:74
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQf+rG6Kh1MeRXmmhIQ8BmCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTAxMDM0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjFlMzQ2ODE4MTU5NmEwN2E4NDdiZTg1ZTRkMjRmMjg4NzQ0MDE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6bxloBXzOzcjUm3d/aiTnRaJ+t5
QKo88N1Q0prziH/I4sgtxxv40ZXR5Jtg5HIJ6Lxn+ysc/3Q0nfPggS32pp8ac4P2
AfGVK7vSvHNXfdBjZgxmnghYhB+YyQ7WSn8OTgTx1866symWZ+vQwoSeFuMG4r6Q
PqHt7mELmEl9vxMXUBa0ZAsLZUVosi4Vt/4RaI/CmgrhsYpU0o7Wrka9NGRtrRIU
UjkcRzD2iDRsWsZYB1z0FroNRTTWQSaVUjNe2L8gcThCkYxMYz5VkGcVX1HSpt4S
AeOhUBsRkxdoPY/Fv9V5DydHstyuYoDmT/O22Rv2xGMHiQ/awsl/11ze4QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFF8eNGgYFZageoR76F5NJPKIdEAVMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvWHg0MGFCZ1ZscUI2aEh2b1hrMGs4b2gwUUJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQyA
MA0GCSqGSIb3DQEBCwUAA4IBAQCQ+I0O34gHH0ZsHTea6chfcjaY3jDGeVYNvRbw
wQT+ShDzzZLvP31YgWDk+XaaIpprMoZK5ScS0C8Y5iJqmemD/3zUHZ9SAoKPyFs8
OjIHKQZDZpJvWNPaDI+SLaTnmjIILoLsw5XxnBxgcMUGAvcRT7j/rHry2hJNwfFf
MRtZamM9CgdOYsF43PaY/5FNSIO2UfiV1Ltjtw/63n28UotHz1MlQnXt+Vuazi7Q
ELZgCTcG46jvsqvCdYtOVQB9uACe6ICvg4+r9ecgkUrVYHbT7JlFmpbCu4lxB4WH
CRWbfE+nketgR27c3WOEUqNB8+Xue5y3OOtJIHg2OzlOioR0
-----END CERTIFICATE-----