Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/lwK4iQppq2OBByZOa6jB4QWAFbM.roa
File:                     lwK4iQppq2OBByZOa6jB4QWAFbM.roa (raw, json)
Hash identifier:          bMyc/mKX0go7op/FG0NKtJW055metsr42pQPx797uws=
Subject key identifier:   97:02:B8:89:0A:69:AB:63:81:07:26:4E:6B:A8:C1:E1:05:80:15:B3
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01941FFAAFA0CA9F5BDAF2759F75E4E39657
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/lwK4iQppq2OBByZOa6jB4QWAFbM.roa
Signing time:             Wed 01 Jan 2025 03:48:30 +0000
ROA not before:           Wed 01 Jan 2025 03:48:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214279
IP address blocks:        2a0c:b641:ce0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 05:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:af:a0:ca:9f:5b:da:f2:75:9f:75:e4:e3:96:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  1 03:48:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9702b8890a69ab638107264e6ba8c1e1058015b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:bd:84:c9:33:88:a8:f7:35:2a:8e:ef:90:bb:
                    e5:cb:c6:4c:98:8f:7b:f8:22:e5:a3:26:a3:48:54:
                    95:46:22:f3:7c:af:dd:8a:b0:1d:7f:8c:76:08:d8:
                    79:2e:8a:b2:b7:21:1d:7e:ea:cf:81:c1:6d:c4:54:
                    1e:b6:6b:7f:36:07:3b:81:f5:0e:8c:fb:b7:b3:94:
                    ec:c5:50:56:29:f9:f8:9e:0f:f0:e5:a3:be:2f:00:
                    c9:2d:d3:ae:38:0a:57:d5:6b:d5:31:27:73:a5:9d:
                    b3:31:fa:22:04:57:e9:ef:10:e5:a5:8c:07:eb:e7:
                    1a:8f:50:69:a5:eb:85:31:46:01:c1:ad:27:4c:d2:
                    a2:24:c2:03:d9:c4:f8:5c:b5:d8:ed:3a:e0:d2:af:
                    a0:47:a4:85:64:6f:4c:9d:70:a7:a0:55:df:03:ae:
                    7e:36:5d:7e:7c:96:7c:05:c3:00:9d:74:ed:cc:68:
                    9d:de:29:3a:9d:ea:90:02:c6:d1:c7:12:47:32:d2:
                    e7:af:18:de:84:f6:93:19:ea:b9:a5:d2:cc:7c:56:
                    7e:4e:cc:68:e6:6c:2f:41:35:8f:65:dd:db:81:56:
                    fe:9f:6a:34:2b:f6:a4:f2:a5:02:19:a0:b5:22:5c:
                    9a:4d:dd:d6:80:ef:ad:5d:31:f4:42:9b:eb:be:93:
                    eb:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:02:B8:89:0A:69:AB:63:81:07:26:4E:6B:A8:C1:E1:05:80:15:B3
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/lwK4iQppq2OBByZOa6jB4QWAFbM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:ce0::/44

    Signature Algorithm: sha256WithRSAEncryption
         8a:a3:c4:0a:d4:44:43:8c:ca:f1:d0:fd:d3:94:61:1f:71:bb:
         31:45:b0:67:7b:ed:e4:1f:07:80:b4:ca:60:ef:48:8b:25:1f:
         9d:44:43:a7:37:51:95:0d:f2:50:c6:7d:f5:3d:d1:ec:99:5f:
         2b:f3:92:8c:b2:70:39:2a:12:f7:92:d7:1c:34:db:0b:4e:a0:
         29:ab:84:75:ce:74:2d:96:ea:04:99:00:e4:0d:a4:20:0c:0f:
         9d:d4:66:70:e5:9d:d9:34:b8:de:89:55:3e:9a:36:0c:c7:55:
         9a:df:6c:b6:b4:01:41:08:3a:1a:3a:68:d5:88:05:47:9a:e8:
         e5:7c:fe:d3:19:d0:4b:2a:7c:b1:f3:a9:cb:d7:b7:e8:58:5e:
         2e:4b:c4:f7:7d:36:c7:0a:93:09:9a:b8:c2:5c:c3:4a:a2:54:
         28:19:1c:a9:dc:d4:47:a4:a6:5d:ca:64:b5:c3:8e:6e:8c:bc:
         23:7a:dd:a7:eb:01:fe:c4:e4:98:cc:3b:d3:02:b7:47:ab:bf:
         33:37:91:d5:bd:76:63:a4:88:4e:d1:f0:38:d2:da:d5:13:a3:
         96:9a:cd:83:22:db:a5:9a:16:b1:b4:38:2f:f5:32:85:5d:67:
         12:ce:0c:6a:aa:84:9f:58:85:10:a3:a0:34:af:37:0e:d7:d6:
         42:e0:57:96
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQf+q+gyp9b2vJ1n3Xk45ZXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTAxMDM0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzAyYjg4OTBhNjlhYjYzODEwNzI2NGU2YmE4YzFlMTA1ODAxNWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl72EyTOIqPc1Ko7vkLvly8ZMmI97
+CLloyajSFSVRiLzfK/dirAdf4x2CNh5LoqytyEdfurPgcFtxFQetmt/Ngc7gfUO
jPu3s5TsxVBWKfn4ng/w5aO+LwDJLdOuOApX1WvVMSdzpZ2zMfoiBFfp7xDlpYwH
6+caj1BppeuFMUYBwa0nTNKiJMID2cT4XLXY7Trg0q+gR6SFZG9MnXCnoFXfA65+
Nl1+fJZ8BcMAnXTtzGid3ik6neqQAsbRxxJHMtLnrxjehPaTGeq5pdLMfFZ+Tsxo
5mwvQTWPZd3bgVb+n2o0K/ak8qUCGaC1IlyaTd3WgO+tXTH0QpvrvpPrkQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJcCuIkKaatjgQcmTmuoweEFgBWzMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvbHdLNGlRcHBxMk9CQnlaT2E2akI0UVdBRmJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQzg
MA0GCSqGSIb3DQEBCwUAA4IBAQCKo8QK1ERDjMrx0P3TlGEfcbsxRbBne+3kHweA
tMpg70iLJR+dREOnN1GVDfJQxn31PdHsmV8r85KMsnA5KhL3ktccNNsLTqApq4R1
znQtluoEmQDkDaQgDA+d1GZw5Z3ZNLjeiVU+mjYMx1Wa32y2tAFBCDoaOmjViAVH
mujlfP7TGdBLKnyx86nL17foWF4uS8T3fTbHCpMJmrjCXMNKolQoGRyp3NRHpKZd
ymS1w45ujLwjet2n6wH+xOSYzDvTArdHq78zN5HVvXZjpIhO0fA40trVE6OWms2D
ItulmhaxtDgv9TKFXWcSzgxqqoSfWIUQo6A0rzcO19ZC4FeW
-----END CERTIFICATE-----