Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/n9FeLJQrzT8NdWDTCEJuMo_F2KQ.roa
File:                     n9FeLJQrzT8NdWDTCEJuMo_F2KQ.roa (raw, json)
Hash identifier:          Ng/+cPZAORqQ7EBxQpomZEHAzVj4hlQbhPTr25TwJwc=
Subject key identifier:   9F:D1:5E:2C:94:2B:CD:3F:0D:75:60:D3:08:42:6E:32:8F:C5:D8:A4
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       0198DB645F0E821D56C926B992104ADB2E7B
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/n9FeLJQrzT8NdWDTCEJuMo_F2KQ.roa
Signing time:             Sun 24 Aug 2025 09:24:04 +0000
ROA not before:           Sun 24 Aug 2025 09:24:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215230
IP address blocks:        2a0c:b641:710::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 05:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:db:64:5f:0e:82:1d:56:c9:26:b9:92:10:4a:db:2e:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Aug 24 09:24:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9fd15e2c942bcd3f0d7560d308426e328fc5d8a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:29:a5:64:e1:1a:5a:83:12:e2:9c:93:a8:32:
                    20:e1:ec:1e:eb:ca:93:10:34:43:6e:89:22:79:44:
                    73:bc:ee:8c:3c:4d:62:29:f7:8d:cb:bb:c9:2d:51:
                    c6:5c:95:76:10:a3:33:6d:d3:c7:a1:50:12:53:5b:
                    be:90:76:3e:a8:0f:e0:ca:32:d4:4a:37:a2:91:51:
                    5a:fa:06:88:48:37:e1:65:03:a1:ac:3d:78:95:4d:
                    a9:be:78:3b:13:48:e2:71:09:08:2d:4e:92:90:46:
                    43:c7:b6:90:26:85:e3:82:4c:60:d9:66:53:e6:18:
                    64:4d:8d:0e:20:85:9e:f0:6b:24:06:59:55:2c:b4:
                    0d:d1:ee:18:c6:e8:47:79:c2:01:70:1c:55:70:5d:
                    49:ef:f8:63:15:a6:6e:c8:e7:aa:fd:6c:8c:57:5b:
                    a9:08:a1:68:98:30:fa:43:0c:f0:e6:73:28:44:c5:
                    af:50:31:71:d1:7d:42:91:0e:05:1b:aa:65:2a:e8:
                    16:4f:06:36:ff:e2:5f:8d:35:1d:15:35:09:1a:b8:
                    f0:54:6c:e6:e7:60:8b:81:9f:98:27:70:28:87:49:
                    15:a2:75:8d:c2:f0:70:a8:15:c8:79:7a:14:2d:85:
                    e2:f9:b9:a6:de:86:e4:31:b0:11:91:94:52:8a:f7:
                    66:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:D1:5E:2C:94:2B:CD:3F:0D:75:60:D3:08:42:6E:32:8F:C5:D8:A4
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/n9FeLJQrzT8NdWDTCEJuMo_F2KQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:710::/44

    Signature Algorithm: sha256WithRSAEncryption
         1a:a0:2f:65:3e:45:4f:0b:d9:59:7e:c9:ca:bc:cb:45:c3:18:
         9a:48:61:ed:9e:d8:49:4e:51:98:ae:46:ad:88:0e:37:0b:9a:
         15:de:57:f5:f5:2e:be:72:00:8b:1f:5b:41:4e:75:fe:b2:5d:
         cc:87:4f:31:32:ad:2b:3f:e2:6c:cc:91:5f:25:42:06:47:3b:
         cb:6e:77:2d:be:8b:5a:7e:a7:9b:ce:de:dc:92:d2:6b:51:77:
         6e:37:2c:f7:da:47:fe:03:39:37:96:f8:50:47:82:17:17:3a:
         c4:fb:b7:30:15:89:6c:e7:4c:5b:bb:7e:00:79:6f:4a:b9:29:
         4a:8b:84:57:2c:f0:4b:0e:8f:cc:26:3b:43:44:3b:cc:d4:39:
         6b:30:4f:df:5d:0f:f0:36:0d:70:cb:54:1d:af:13:bc:22:3d:
         a8:0b:3d:98:91:23:2a:d0:f1:a6:5b:a4:45:80:f0:04:51:68:
         70:e8:2e:28:83:41:62:7f:84:38:72:08:a0:cb:98:82:08:4c:
         22:60:34:89:ef:5a:83:16:46:47:59:4c:6c:de:0d:1c:13:b2:
         2d:d2:98:86:43:80:1e:e5:a8:7c:5f:08:18:39:44:a2:c8:5d:
         52:74:59:58:20:57:4e:68:dc:32:ba:69:eb:32:c0:65:7a:f1:
         6c:a7:93:41
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZjbZF8Ogh1WySa5khBK2y57MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwODI0MDkyNDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmQxNWUyYzk0MmJjZDNmMGQ3NTYwZDMwODQyNmUzMjhmYzVkOGE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwSmlZOEaWoMS4pyTqDIg4ewe68qT
EDRDbokieURzvO6MPE1iKfeNy7vJLVHGXJV2EKMzbdPHoVASU1u+kHY+qA/gyjLU
SjeikVFa+gaISDfhZQOhrD14lU2pvng7E0jicQkILU6SkEZDx7aQJoXjgkxg2WZT
5hhkTY0OIIWe8GskBllVLLQN0e4YxuhHecIBcBxVcF1J7/hjFaZuyOeq/WyMV1up
CKFomDD6Qwzw5nMoRMWvUDFx0X1CkQ4FG6plKugWTwY2/+JfjTUdFTUJGrjwVGzm
52CLgZ+YJ3Aoh0kVonWNwvBwqBXIeXoULYXi+bmm3obkMbARkZRSivdmYwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJ/RXiyUK80/DXVg0whCbjKPxdikMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvbjlGZUxKUXJ6VDhOZFdEVENFSnVNb19GMktRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQcQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAaoC9lPkVPC9lZfsnKvMtFwxiaSGHtnthJTlGY
rkatiA43C5oV3lf19S6+cgCLH1tBTnX+sl3Mh08xMq0rP+JszJFfJUIGRzvLbnct
votafqebzt7cktJrUXduNyz32kf+Azk3lvhQR4IXFzrE+7cwFYls50xbu34AeW9K
uSlKi4RXLPBLDo/MJjtDRDvM1DlrME/fXQ/wNg1wy1QdrxO8Ij2oCz2YkSMq0PGm
W6RFgPAEUWhw6C4og0Fif4Q4cgigy5iCCEwiYDSJ71qDFkZHWUxs3g0cE7It0piG
Q4Ae5ah8XwgYOUSiyF1SdFlYIFdOaNwyumnrMsBlevFsp5NB
-----END CERTIFICATE-----