Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/ghvszKQyqiduoW9NTWho1xRGdmk.roa
File:                     ghvszKQyqiduoW9NTWho1xRGdmk.roa (raw, json)
Hash identifier:          o+NsjG+6PnUUPhuqXW/2cXFTwE2AgK6I97MBtXHwww8=
Subject key identifier:   82:1B:EC:CC:A4:32:AA:27:6E:A1:6F:4D:4D:68:68:D7:14:46:76:69
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01947543D2ACFF5E2820C4D67A89EA9B521A
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/ghvszKQyqiduoW9NTWho1xRGdmk.roa
Signing time:             Fri 17 Jan 2025 17:16:06 +0000
ROA not before:           Fri 17 Jan 2025 17:16:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213560
IP address blocks:        2a0c:b641:1d0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 17:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:75:43:d2:ac:ff:5e:28:20:c4:d6:7a:89:ea:9b:52:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan 17 17:16:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=821beccca432aa276ea16f4d4d6868d714467669
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:66:75:78:91:96:05:66:e7:70:5c:3b:ae:94:
                    1a:74:76:9d:64:63:7c:2a:6b:b1:5d:ae:37:bf:ad:
                    6a:6c:51:bf:c5:1c:f3:34:34:08:cb:45:18:60:33:
                    53:6c:fb:0b:c4:3e:f5:4a:70:6f:2e:3f:02:a3:72:
                    5a:14:cb:6b:a9:50:3f:1d:73:ed:c8:3e:f0:a6:d1:
                    02:7e:47:05:d8:f7:9c:e5:b7:5a:22:b5:06:de:9f:
                    c5:97:7e:ef:00:9b:3c:5a:fa:84:be:fe:fe:9a:98:
                    08:55:40:70:ab:1c:36:bc:14:cf:9e:ae:78:3f:8b:
                    0f:5c:47:9d:34:7b:aa:7a:9c:29:d0:a9:c1:ed:8f:
                    2a:b2:08:b7:2d:c3:6c:87:ab:43:24:7d:66:30:77:
                    5d:36:b2:91:21:8f:f9:67:ff:0c:41:8b:d1:d8:f0:
                    21:73:b8:11:31:02:5d:85:d0:71:b3:f4:34:95:da:
                    3d:9f:2c:48:c9:98:98:9b:07:34:35:98:8e:1d:07:
                    b6:ee:f6:71:ff:dc:d0:32:3e:ff:92:7c:1a:4c:32:
                    94:be:d8:0d:eb:26:23:62:a9:9f:61:a3:b6:c9:d0:
                    08:e0:23:e3:ef:a1:4e:13:b2:55:54:42:7d:7c:6f:
                    4d:ae:33:af:42:6a:41:7b:05:c6:08:07:94:7a:f1:
                    21:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:1B:EC:CC:A4:32:AA:27:6E:A1:6F:4D:4D:68:68:D7:14:46:76:69
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/ghvszKQyqiduoW9NTWho1xRGdmk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:1d0::/44

    Signature Algorithm: sha256WithRSAEncryption
         05:cc:73:ca:0f:9d:6a:7e:2d:f3:2d:7f:54:41:77:da:3d:41:
         1b:f3:99:66:c3:d1:b6:05:ad:a9:0c:3f:d8:dd:ec:d2:a3:41:
         64:7a:fe:e0:0d:35:bd:cb:1d:07:eb:c5:af:2b:41:96:e4:90:
         0a:a6:e9:05:95:42:bd:8f:ae:9f:fc:81:e3:f6:2d:04:b9:e6:
         b4:c2:ff:25:e9:e7:2d:6f:d5:a3:ca:21:9a:a4:70:4d:3c:18:
         4b:b8:a2:91:4c:73:01:f1:db:5f:75:60:1c:c9:13:37:0b:89:
         29:55:c4:2b:91:b6:f8:c2:b2:1a:38:26:bd:69:11:be:91:04:
         37:4f:4f:9e:21:b1:43:95:c0:b8:ec:e2:f0:a4:f2:e6:6e:9f:
         24:20:7f:6d:6d:4d:71:cf:eb:84:b9:61:14:54:09:54:02:30:
         67:da:8d:7f:70:6c:ba:61:53:58:2a:14:cf:16:a0:9f:13:d5:
         6e:39:5a:99:93:2a:31:14:3b:b6:db:88:73:56:4f:eb:64:30:
         75:28:6c:b3:92:1e:a0:96:58:73:fa:8e:1d:9c:68:67:2d:fe:
         49:09:5c:13:40:5a:13:cf:fb:0a:9c:21:68:98:cf:6e:85:78:
         50:61:3f:98:24:4f:a7:da:22:a5:42:8d:5a:27:98:fc:1d:7d:
         e1:42:79:09
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZR1Q9Ks/14oIMTWeonqm1IaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTE3MTcxNjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjFiZWNjY2E0MzJhYTI3NmVhMTZmNGQ0ZDY4NjhkNzE0NDY3NjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmWZ1eJGWBWbncFw7rpQadHadZGN8
KmuxXa43v61qbFG/xRzzNDQIy0UYYDNTbPsLxD71SnBvLj8Co3JaFMtrqVA/HXPt
yD7wptECfkcF2Pec5bdaIrUG3p/Fl37vAJs8WvqEvv7+mpgIVUBwqxw2vBTPnq54
P4sPXEedNHuqepwp0KnB7Y8qsgi3LcNsh6tDJH1mMHddNrKRIY/5Z/8MQYvR2PAh
c7gRMQJdhdBxs/Q0ldo9nyxIyZiYmwc0NZiOHQe27vZx/9zQMj7/knwaTDKUvtgN
6yYjYqmfYaO2ydAI4CPj76FOE7JVVEJ9fG9NrjOvQmpBewXGCAeUevEhEwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIIb7MykMqonbqFvTU1oaNcURnZpMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvZ2h2c3pLUXlxaWR1b1c5TlRXaG8xeFJHZG1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQHQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAFzHPKD51qfi3zLX9UQXfaPUEb85lmw9G2Ba2p
DD/Y3ezSo0Fkev7gDTW9yx0H68WvK0GW5JAKpukFlUK9j66f/IHj9i0Euea0wv8l
6ectb9WjyiGapHBNPBhLuKKRTHMB8dtfdWAcyRM3C4kpVcQrkbb4wrIaOCa9aRG+
kQQ3T0+eIbFDlcC47OLwpPLmbp8kIH9tbU1xz+uEuWEUVAlUAjBn2o1/cGy6YVNY
KhTPFqCfE9VuOVqZkyoxFDu224hzVk/rZDB1KGyzkh6gllhz+o4dnGhnLf5JCVwT
QFoTz/sKnCFomM9uhXhQYT+YJE+n2iKlQo1aJ5j8HX3hQnkJ
-----END CERTIFICATE-----