Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/l79Dexw-8WLsKmb3kmmddWboXro.roa
File:                     l79Dexw-8WLsKmb3kmmddWboXro.roa (raw, json)
Hash identifier:          fKb1AWF8Ol4OOzGjvRBF/2SYpNCVZuKB4H2he5soCdk=
Subject key identifier:   97:BF:43:7B:1C:3E:F1:62:EC:2A:66:F7:92:69:9D:75:66:E8:5E:BA
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01963EC5777CE190AA00B30ABD98B154B86D
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/l79Dexw-8WLsKmb3kmmddWboXro.roa
Signing time:             Wed 16 Apr 2025 13:24:10 +0000
ROA not before:           Wed 16 Apr 2025 13:24:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210349
IP address blocks:        2a0c:b641:3b0::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Jun 2025 00:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:3e:c5:77:7c:e1:90:aa:00:b3:0a:bd:98:b1:54:b8:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Apr 16 13:24:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=97bf437b1c3ef162ec2a66f792699d7566e85eba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:ad:ee:f4:e9:9c:eb:6f:96:d1:50:df:44:5b:
                    02:e1:32:08:71:71:f1:ed:44:b9:1e:53:42:93:77:
                    93:9a:cd:18:15:22:46:bc:19:67:87:55:f9:9f:c6:
                    aa:09:31:24:64:fc:58:68:87:bf:17:62:39:b6:3c:
                    72:fe:db:49:fc:75:33:7f:eb:07:36:2f:59:1d:94:
                    27:9a:a7:61:d6:a9:a7:be:21:06:a3:c7:c1:39:c8:
                    cd:75:05:8d:74:2d:15:66:a5:ff:75:a6:79:63:66:
                    0e:54:08:88:b0:3d:14:f9:3d:67:32:ed:c8:d1:e2:
                    f3:21:58:5d:c9:ed:67:e8:05:b5:39:e3:d7:3c:b4:
                    5f:11:91:b0:e6:e5:26:8e:55:3f:05:2f:a9:4e:4b:
                    dc:3d:dd:60:b9:a8:b0:0d:f5:e2:90:b2:96:f1:b1:
                    b4:47:9a:7f:bf:d0:ef:f6:25:df:d6:97:f4:8a:97:
                    b1:8d:d8:6d:f3:bb:db:4b:ec:04:3a:0f:d9:21:d2:
                    bb:7a:73:d0:9c:4a:87:0e:63:25:66:6a:8f:44:2c:
                    bd:dd:f5:fb:d3:c7:4f:5b:ff:68:5f:21:59:55:3b:
                    7d:b2:fe:0b:84:0f:8a:7d:c5:12:26:d9:88:60:e2:
                    b6:8d:15:17:b9:8c:4c:cd:c0:d9:35:52:5b:97:c9:
                    94:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:BF:43:7B:1C:3E:F1:62:EC:2A:66:F7:92:69:9D:75:66:E8:5E:BA
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/l79Dexw-8WLsKmb3kmmddWboXro.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:3b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         94:03:fa:a6:ea:e1:0e:f1:db:90:17:6d:48:9e:6b:05:11:25:
         17:ed:e0:a1:78:7a:8b:c2:cb:1b:c7:53:ee:f0:1c:98:05:c6:
         97:27:d8:cb:61:99:af:ff:d2:13:19:fc:da:dd:13:b2:0f:1f:
         d6:93:52:84:13:dc:48:0a:5e:6f:d8:cf:a9:17:88:4b:7f:0e:
         b4:2a:85:7f:f1:c9:c9:94:12:33:4c:04:11:31:e5:8f:62:1d:
         1f:68:9c:d3:c9:9a:78:b0:81:f9:4b:fb:93:f6:ea:cc:89:34:
         36:8e:f7:8a:ee:00:cd:fe:69:8c:88:dc:39:9b:f9:fb:d5:f0:
         c8:41:d2:e4:0d:7d:23:c5:39:e9:f2:6d:37:e8:db:d5:bf:b4:
         fb:90:78:0b:05:a6:fa:e8:8f:d5:59:7b:f7:c1:ef:b2:4b:b3:
         d9:d2:1c:54:09:77:a9:2a:c7:59:27:e9:82:9d:5a:dc:2a:ba:
         7a:40:0b:0d:de:4f:7a:6d:c1:35:ad:e5:ff:a9:55:5e:66:b6:
         8f:0d:94:e0:de:38:f3:12:b9:79:a6:b7:d6:fa:5b:44:11:6a:
         a6:be:27:30:03:9b:ba:02:9f:df:57:86:4d:6c:27:28:a0:f5:
         93:1f:4f:bd:a4:be:e2:8d:25:c6:9b:0f:69:0f:c5:3c:83:c6:
         f8:39:03:d0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZY+xXd84ZCqALMKvZixVLhtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwNDE2MTMyNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2JmNDM3YjFjM2VmMTYyZWMyYTY2Zjc5MjY5OWQ3NTY2ZTg1ZWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3K3u9Omc62+W0VDfRFsC4TIIcXHx
7US5HlNCk3eTms0YFSJGvBlnh1X5n8aqCTEkZPxYaIe/F2I5tjxy/ttJ/HUzf+sH
Ni9ZHZQnmqdh1qmnviEGo8fBOcjNdQWNdC0VZqX/daZ5Y2YOVAiIsD0U+T1nMu3I
0eLzIVhdye1n6AW1OePXPLRfEZGw5uUmjlU/BS+pTkvcPd1guaiwDfXikLKW8bG0
R5p/v9Dv9iXf1pf0ipexjdht87vbS+wEOg/ZIdK7enPQnEqHDmMlZmqPRCy93fX7
08dPW/9oXyFZVTt9sv4LhA+KfcUSJtmIYOK2jRUXuYxMzcDZNVJbl8mUIwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJe/Q3scPvFi7Cpm95JpnXVm6F66MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvbDc5RGV4dy04V0xzS21iM2ttbWRkV2JvWHJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQOw
MA0GCSqGSIb3DQEBCwUAA4IBAQCUA/qm6uEO8duQF21InmsFESUX7eCheHqLwssb
x1Pu8ByYBcaXJ9jLYZmv/9ITGfza3ROyDx/Wk1KEE9xICl5v2M+pF4hLfw60KoV/
8cnJlBIzTAQRMeWPYh0faJzTyZp4sIH5S/uT9urMiTQ2jveK7gDN/mmMiNw5m/n7
1fDIQdLkDX0jxTnp8m036NvVv7T7kHgLBab66I/VWXv3we+yS7PZ0hxUCXepKsdZ
J+mCnVrcKrp6QAsN3k96bcE1reX/qVVeZraPDZTg3jjzErl5prfW+ltEEWqmvicw
A5u6Ap/fV4ZNbCcooPWTH0+9pL7ijSXGmw9pD8U8g8b4OQPQ
-----END CERTIFICATE-----