Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/bVmwAybnmZBVxyWNmUqav_jGoUo.roa
File:                     bVmwAybnmZBVxyWNmUqav_jGoUo.roa (raw, json)
Hash identifier:          J+hqdYQapo+stRn2wGFRfZUmX+GLCgxMleQN+DxF7NQ=
Subject key identifier:   6D:59:B0:03:26:E7:99:90:55:C7:25:8D:99:4A:9A:BF:F8:C6:A1:4A
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01941FFA7F8B4058FCA77F0C5C5E4A9FF902
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/bVmwAybnmZBVxyWNmUqav_jGoUo.roa
Signing time:             Wed 01 Jan 2025 03:48:17 +0000
ROA not before:           Wed 01 Jan 2025 03:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197606
IP address blocks:        2a0c:b641:a70::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 05:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:7f:8b:40:58:fc:a7:7f:0c:5c:5e:4a:9f:f9:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  1 03:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6d59b00326e7999055c7258d994a9abff8c6a14a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:e4:75:8a:39:2f:77:1a:a0:96:0c:05:46:eb:
                    15:6a:1e:2a:a9:18:02:26:eb:b0:5c:0b:f1:fd:2e:
                    7c:1c:df:74:0f:1e:38:5b:5a:2e:aa:7b:40:7b:fa:
                    c8:69:6a:ad:2c:6a:55:34:2c:97:58:72:4d:43:c5:
                    34:84:97:bc:71:bd:32:89:8c:63:95:ea:99:3d:d3:
                    e1:6b:8b:77:32:7e:d0:8b:3d:aa:6b:64:11:ad:86:
                    0b:f2:93:08:fb:6b:1e:d1:68:c9:ac:6d:42:36:4c:
                    91:a0:a7:9d:34:09:ce:ff:85:4c:fa:65:76:52:57:
                    98:6d:45:83:17:8f:f6:25:36:ad:10:09:dc:f1:9c:
                    88:3c:c6:da:3a:12:62:70:5d:bb:5b:ca:e4:98:a3:
                    ff:ab:56:41:3c:9b:51:2f:49:f1:7c:d9:64:4d:50:
                    70:18:78:19:15:90:05:53:7c:e0:54:5b:e2:0b:04:
                    54:9a:1d:3c:9a:46:e4:98:b7:22:29:7a:bd:67:2f:
                    d9:38:93:7c:28:14:62:1f:7e:16:1f:6a:a2:a3:38:
                    84:25:fd:73:7b:22:c3:fa:dc:d4:b5:17:f7:39:a7:
                    57:0e:8a:d9:e6:9e:bb:3e:61:7f:ec:6a:21:8b:ae:
                    5e:67:11:5c:69:ab:99:70:6d:f8:23:c9:e1:02:73:
                    21:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:59:B0:03:26:E7:99:90:55:C7:25:8D:99:4A:9A:BF:F8:C6:A1:4A
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/bVmwAybnmZBVxyWNmUqav_jGoUo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:a70::/44

    Signature Algorithm: sha256WithRSAEncryption
         79:0c:6b:67:1e:6c:bc:7e:27:d8:7a:81:50:62:e7:68:35:db:
         33:1a:1a:bd:c8:66:ff:cf:d4:79:a1:85:67:77:1d:33:6e:e8:
         d0:bc:0e:9e:36:9f:d0:bc:17:2e:1d:15:ce:f4:55:23:20:f1:
         f0:fa:21:a8:86:a2:96:b9:84:ca:70:c0:4c:3b:64:30:de:7f:
         f5:c2:90:f7:61:12:84:9b:6b:b2:60:2e:60:bb:4b:26:66:9c:
         10:99:d4:40:74:5d:e7:2d:17:56:67:54:57:18:d2:d1:b0:46:
         44:f9:b2:a1:39:c6:c4:4f:86:c8:b7:86:74:6c:a2:94:dc:d2:
         a1:df:8e:d6:0f:01:b5:03:f2:12:2c:97:88:7a:f4:e9:3c:1a:
         ae:7c:52:54:aa:2f:d2:7c:4b:66:b0:24:c3:fe:40:11:47:b8:
         12:e5:d9:02:a4:38:b4:2c:8f:b9:ff:f1:62:85:eb:9a:6b:f9:
         8b:87:2b:89:ab:52:d9:a1:e2:93:43:be:64:2e:f3:e4:dd:49:
         9e:16:ac:51:d6:8f:16:d6:96:cc:c9:59:27:69:25:88:d7:fc:
         33:6f:46:2e:2e:80:fa:b9:2b:cb:28:10:bf:86:32:0a:18:b5:
         64:d3:47:db:97:83:92:90:4a:b9:f3:dd:ca:58:c8:49:cf:43:
         cc:4e:b3:2c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQf+n+LQFj8p38MXF5Kn/kCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTAxMDM0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDU5YjAwMzI2ZTc5OTkwNTVjNzI1OGQ5OTRhOWFiZmY4YzZhMTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0eR1ijkvdxqglgwFRusVah4qqRgC
JuuwXAvx/S58HN90Dx44W1ouqntAe/rIaWqtLGpVNCyXWHJNQ8U0hJe8cb0yiYxj
leqZPdPha4t3Mn7Qiz2qa2QRrYYL8pMI+2se0WjJrG1CNkyRoKedNAnO/4VM+mV2
UleYbUWDF4/2JTatEAnc8ZyIPMbaOhJicF27W8rkmKP/q1ZBPJtRL0nxfNlkTVBw
GHgZFZAFU3zgVFviCwRUmh08mkbkmLciKXq9Zy/ZOJN8KBRiH34WH2qioziEJf1z
eyLD+tzUtRf3OadXDorZ5p67PmF/7Gohi65eZxFcaauZcG34I8nhAnMhZwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFG1ZsAMm55mQVccljZlKmr/4xqFKMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvYlZtd0F5Ym5tWkJWeHlXTm1VcWF2X2pHb1VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQpw
MA0GCSqGSIb3DQEBCwUAA4IBAQB5DGtnHmy8fifYeoFQYudoNdszGhq9yGb/z9R5
oYVndx0zbujQvA6eNp/QvBcuHRXO9FUjIPHw+iGohqKWuYTKcMBMO2Qw3n/1wpD3
YRKEm2uyYC5gu0smZpwQmdRAdF3nLRdWZ1RXGNLRsEZE+bKhOcbET4bIt4Z0bKKU
3NKh347WDwG1A/ISLJeIevTpPBqufFJUqi/SfEtmsCTD/kARR7gS5dkCpDi0LI+5
//Fiheuaa/mLhyuJq1LZoeKTQ75kLvPk3UmeFqxR1o8W1pbMyVknaSWI1/wzb0Yu
LoD6uSvLKBC/hjIKGLVk00fbl4OSkEq5893KWMhJz0PMTrMs
-----END CERTIFICATE-----