Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/bb9MjJiwdOz_0rMYlChhGzWm9WI.roa
File:                     bb9MjJiwdOz_0rMYlChhGzWm9WI.roa (raw, json)
Hash identifier:          JctlNqToQPDdG+o8jQkRrGaDPofzxu6xAvAb65m8xlU=
Subject key identifier:   6D:BF:4C:8C:98:B0:74:EC:FF:D2:B3:18:94:28:61:1B:35:A6:F5:62
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01941FFAA753776A40E0E797B9ADBAB300D6
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/bb9MjJiwdOz_0rMYlChhGzWm9WI.roa
Signing time:             Wed 01 Jan 2025 03:48:28 +0000
ROA not before:           Wed 01 Jan 2025 03:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213201
IP address blocks:        2a0c:b641:6e0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 05:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:a7:53:77:6a:40:e0:e7:97:b9:ad:ba:b3:00:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  1 03:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6dbf4c8c98b074ecffd2b3189428611b35a6f562
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:5f:43:37:cc:9c:23:32:2d:a8:e0:df:a8:6d:
                    98:6e:bb:e4:00:9e:35:43:9b:38:1c:a9:72:55:7e:
                    a7:6b:54:49:d0:94:a6:56:41:1e:01:14:99:74:f1:
                    10:96:be:42:d4:f2:e2:f6:21:39:2f:64:72:db:0c:
                    ee:11:30:ed:cd:f6:0a:1a:21:d5:53:c3:75:06:c7:
                    3e:1c:cc:d2:ce:55:11:c4:61:af:64:0d:bf:6a:b5:
                    60:bc:ca:0c:f0:d7:95:2d:11:6e:8c:48:12:d3:ad:
                    be:31:da:cd:c2:01:5f:98:6b:12:6c:0f:a4:39:5c:
                    09:9a:c3:38:4c:dd:29:2c:64:a8:90:a5:19:62:89:
                    24:2e:14:80:d5:30:31:b2:0b:82:b1:f0:98:b9:16:
                    04:5c:43:54:44:89:4e:42:0a:71:75:4d:5b:76:fc:
                    56:c9:b3:1b:46:cd:56:e4:c6:93:00:61:2c:fb:ec:
                    c2:e7:88:bd:f0:50:d0:72:28:c9:c1:73:a8:21:80:
                    91:80:e6:dc:1d:ea:f2:a8:00:df:21:fd:4e:24:ff:
                    9b:5a:da:0c:2b:af:21:86:c6:bc:0d:39:d7:0f:5f:
                    68:73:ec:94:6c:da:bb:98:0a:fd:da:2e:94:d1:10:
                    4c:2d:17:71:66:62:d4:f4:35:68:0f:5d:df:24:a1:
                    73:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:BF:4C:8C:98:B0:74:EC:FF:D2:B3:18:94:28:61:1B:35:A6:F5:62
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/bb9MjJiwdOz_0rMYlChhGzWm9WI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:6e0::/44

    Signature Algorithm: sha256WithRSAEncryption
         0a:9e:9d:f8:1a:20:a4:32:4b:a2:99:9c:82:91:b8:1f:52:37:
         d5:d2:a2:4c:5c:e0:de:10:2f:f3:c0:87:82:b1:01:6b:c1:fd:
         16:d0:51:45:c4:85:4c:55:16:9a:18:00:54:c2:50:c1:9a:ae:
         fd:c4:39:58:18:70:fc:1a:af:75:37:a2:6b:82:bc:12:ff:88:
         20:ac:d5:10:12:98:3a:a6:c7:04:f7:7e:d9:1c:04:05:47:1b:
         a5:93:4a:0b:c3:be:8b:75:d3:ef:c4:35:13:1c:56:8c:21:d3:
         fb:a9:31:4e:5a:64:02:63:04:e0:f7:20:21:fa:be:38:1f:a3:
         e2:69:67:db:fd:71:a4:2f:17:95:94:b3:4c:d6:2f:c1:57:c4:
         4f:27:71:3d:e1:13:d8:88:da:0b:8f:32:7c:13:1b:e0:87:06:
         f1:13:2c:5c:08:b4:38:99:56:3c:cd:78:3a:d4:42:c7:5f:fe:
         15:1d:09:4e:e7:e2:98:04:5b:6d:c8:b1:4b:65:0a:30:91:bf:
         32:c6:74:53:ce:6e:46:75:42:e9:48:ca:a4:db:0d:1c:91:7d:
         63:29:d5:1b:41:ab:93:c0:67:03:0f:c4:49:4e:90:f2:17:c8:
         71:d0:cf:ce:7d:d8:f8:62:f2:54:ba:98:40:0f:93:61:05:37:
         3c:06:a7:2e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQf+qdTd2pA4OeXua26swDWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTAxMDM0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGJmNGM4Yzk4YjA3NGVjZmZkMmIzMTg5NDI4NjExYjM1YTZmNTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4l9DN8ycIzItqODfqG2YbrvkAJ41
Q5s4HKlyVX6na1RJ0JSmVkEeARSZdPEQlr5C1PLi9iE5L2Ry2wzuETDtzfYKGiHV
U8N1Bsc+HMzSzlURxGGvZA2/arVgvMoM8NeVLRFujEgS062+MdrNwgFfmGsSbA+k
OVwJmsM4TN0pLGSokKUZYokkLhSA1TAxsguCsfCYuRYEXENURIlOQgpxdU1bdvxW
ybMbRs1W5MaTAGEs++zC54i98FDQcijJwXOoIYCRgObcHeryqADfIf1OJP+bWtoM
K68hhsa8DTnXD19oc+yUbNq7mAr92i6U0RBMLRdxZmLU9DVoD13fJKFzDQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFG2/TIyYsHTs/9KzGJQoYRs1pvViMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvYmI5TWpKaXdkT3pfMHJNWWxDaGhHeldtOVdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQbg
MA0GCSqGSIb3DQEBCwUAA4IBAQAKnp34GiCkMkuimZyCkbgfUjfV0qJMXODeEC/z
wIeCsQFrwf0W0FFFxIVMVRaaGABUwlDBmq79xDlYGHD8Gq91N6JrgrwS/4ggrNUQ
Epg6pscE937ZHAQFRxulk0oLw76LddPvxDUTHFaMIdP7qTFOWmQCYwTg9yAh+r44
H6PiaWfb/XGkLxeVlLNM1i/BV8RPJ3E94RPYiNoLjzJ8ExvghwbxEyxcCLQ4mVY8
zXg61ELHX/4VHQlO5+KYBFttyLFLZQowkb8yxnRTzm5GdULpSMqk2w0ckX1jKdUb
QauTwGcDD8RJTpDyF8hx0M/Ofdj4YvJUuphAD5NhBTc8Bqcu
-----END CERTIFICATE-----