Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/nKfWY2ryg7EeQ6lclTjn2Kj36k8.roa
File:                     nKfWY2ryg7EeQ6lclTjn2Kj36k8.roa (raw, json)
Hash identifier:          uajk/iFdnZPw0tax8DA1AsfKKfkUEQgsL+6hkmqSHTo=
Subject key identifier:   9C:A7:D6:63:6A:F2:83:B1:1E:43:A9:5C:95:38:E7:D8:A8:F7:EA:4F
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01941FFA89FC64E811E61BC3497CC808116B
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/nKfWY2ryg7EeQ6lclTjn2Kj36k8.roa
Signing time:             Wed 01 Jan 2025 03:48:20 +0000
ROA not before:           Wed 01 Jan 2025 03:48:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206639
IP address blocks:        2a0c:b641:7c0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 05:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:89:fc:64:e8:11:e6:1b:c3:49:7c:c8:08:11:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  1 03:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9ca7d6636af283b11e43a95c9538e7d8a8f7ea4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:ef:e3:de:a4:aa:1b:00:86:99:bf:7d:a9:89:
                    06:8d:7e:cf:ba:4c:9e:fe:e7:04:7f:24:37:de:33:
                    62:68:1b:11:8d:16:c1:30:2d:69:a7:41:6d:e4:57:
                    88:09:02:83:1b:3a:93:62:18:1f:53:b9:20:00:2e:
                    c0:e6:b3:22:30:d7:64:c9:dc:89:31:7b:21:4d:48:
                    66:47:33:dc:03:49:b2:9b:22:f3:3f:32:22:9c:95:
                    09:28:a1:ab:c4:d9:45:07:8e:f7:c5:85:f0:02:da:
                    e1:f8:6a:7b:6d:82:40:a4:c7:58:42:71:11:72:9e:
                    db:4e:8a:9c:97:62:aa:00:f8:38:f1:f1:73:13:86:
                    e5:48:fe:15:4a:a9:f4:e9:2d:a1:dc:d6:3d:08:a0:
                    71:f6:7d:8e:f1:4d:04:d6:8c:5e:5d:1a:e1:6d:ef:
                    ef:fd:0e:0d:65:dc:55:40:88:57:0e:5e:8d:57:03:
                    04:f8:da:c9:da:e3:55:30:52:01:16:cd:12:99:7e:
                    7d:34:05:6d:79:e5:e6:99:62:8e:7a:f1:8d:22:34:
                    d0:13:50:7b:85:12:9e:18:0a:ae:03:ee:0b:07:c3:
                    35:28:83:63:70:d6:9a:f4:50:b5:ef:37:e1:83:6c:
                    60:d2:1d:de:aa:25:05:73:50:6c:5c:a7:cb:fa:f3:
                    e2:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:A7:D6:63:6A:F2:83:B1:1E:43:A9:5C:95:38:E7:D8:A8:F7:EA:4F
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/nKfWY2ryg7EeQ6lclTjn2Kj36k8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:7c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         33:e4:49:b2:0d:dc:64:9a:93:d0:db:13:ee:c0:0b:db:f0:6c:
         af:5d:18:1a:57:6b:3a:ec:c5:0a:e8:06:c2:c9:24:ef:b6:41:
         7d:88:b7:64:36:c4:e5:90:b3:ba:42:d8:ba:9f:17:6d:0a:48:
         98:0e:bc:65:91:15:f5:f5:1d:e3:da:37:e4:be:14:fa:74:04:
         b7:ee:79:ee:3d:95:47:f6:28:25:b3:85:74:d1:68:c5:57:3e:
         8c:b6:75:83:26:d6:47:8a:02:5f:23:dd:7e:3c:85:7b:ba:e4:
         cb:c9:d0:a5:86:f5:7b:3d:51:ea:0d:46:75:07:6d:c1:1a:3e:
         bb:a5:72:d6:9c:e9:32:44:72:c1:b0:74:5f:b7:d7:5b:a9:74:
         0a:56:2b:d5:3d:54:96:75:c1:21:96:d5:ef:7f:8f:40:05:56:
         c5:e7:38:ba:5a:40:6b:45:e6:cc:ab:5d:65:4c:87:08:71:1c:
         10:d2:c2:94:87:fb:75:0f:5e:11:fd:86:f5:9c:f6:8f:4a:75:
         83:f1:60:ca:65:b2:4a:0d:39:06:11:a1:61:43:8e:10:2f:bf:
         39:5d:94:d5:8b:c0:38:05:74:98:b7:d1:b4:9a:b8:6c:c6:7e:
         74:8c:61:99:8c:16:71:4a:4d:55:37:74:cc:1a:d2:9b:95:d4:
         5c:0e:32:4c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQf+on8ZOgR5hvDSXzICBFrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTAxMDM0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2E3ZDY2MzZhZjI4M2IxMWU0M2E5NWM5NTM4ZTdkOGE4ZjdlYTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3e/j3qSqGwCGmb99qYkGjX7Pukye
/ucEfyQ33jNiaBsRjRbBMC1pp0Ft5FeICQKDGzqTYhgfU7kgAC7A5rMiMNdkydyJ
MXshTUhmRzPcA0mymyLzPzIinJUJKKGrxNlFB473xYXwAtrh+Gp7bYJApMdYQnER
cp7bToqcl2KqAPg48fFzE4blSP4VSqn06S2h3NY9CKBx9n2O8U0E1oxeXRrhbe/v
/Q4NZdxVQIhXDl6NVwME+NrJ2uNVMFIBFs0SmX59NAVteeXmmWKOevGNIjTQE1B7
hRKeGAquA+4LB8M1KINjcNaa9FC17zfhg2xg0h3eqiUFc1BsXKfL+vPiuwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJyn1mNq8oOxHkOpXJU459io9+pPMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvbktmV1kycnlnN0VlUTZsY2xUam4yS2ozNms4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQfA
MA0GCSqGSIb3DQEBCwUAA4IBAQAz5EmyDdxkmpPQ2xPuwAvb8GyvXRgaV2s67MUK
6AbCySTvtkF9iLdkNsTlkLO6Qti6nxdtCkiYDrxlkRX19R3j2jfkvhT6dAS37nnu
PZVH9igls4V00WjFVz6MtnWDJtZHigJfI91+PIV7uuTLydClhvV7PVHqDUZ1B23B
Gj67pXLWnOkyRHLBsHRft9dbqXQKVivVPVSWdcEhltXvf49ABVbF5zi6WkBrRebM
q11lTIcIcRwQ0sKUh/t1D14R/Yb1nPaPSnWD8WDKZbJKDTkGEaFhQ44QL785XZTV
i8A4BXSYt9G0mrhsxn50jGGZjBZxSk1VN3TMGtKbldRcDjJM
-----END CERTIFICATE-----