Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/nsBDF99806z3BgTmyXtgY3To6_I.roa
File:                     nsBDF99806z3BgTmyXtgY3To6_I.roa (raw, json)
Hash identifier:          evJqXCL/Kbv8O88JFLYsDjx9uDQmt6q5VSiYhk5T4KM=
Subject key identifier:   9E:C0:43:17:DF:7C:D3:AC:F7:06:04:E6:C9:7B:60:63:74:E8:EB:F2
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01941FFAB13AC86E7A26E0B6C0E5FD3ED5B9
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/nsBDF99806z3BgTmyXtgY3To6_I.roa
Signing time:             Wed 01 Jan 2025 03:48:30 +0000
ROA not before:           Wed 01 Jan 2025 03:48:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214542
IP address blocks:        2a0c:b641:c90::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 20:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:b1:3a:c8:6e:7a:26:e0:b6:c0:e5:fd:3e:d5:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  1 03:48:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9ec04317df7cd3acf70604e6c97b606374e8ebf2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:ee:54:4d:7e:5a:4c:44:56:3c:9f:67:8f:41:
                    d5:0e:18:66:50:31:ac:3d:8c:27:50:e0:35:9a:1c:
                    82:0b:e1:2c:42:e6:ce:6a:3e:f7:e5:17:63:97:52:
                    a2:e1:32:cf:33:db:86:8f:74:73:23:57:d4:fa:dc:
                    77:78:51:61:2e:86:b3:3e:f9:b2:77:8d:eb:db:7d:
                    9a:82:32:3e:da:76:90:4b:e3:02:f4:5e:cf:30:c1:
                    c6:37:b2:f1:3c:fd:7d:03:9f:e4:1e:b3:5b:4d:20:
                    b6:9a:37:1a:97:ad:71:3d:fd:07:61:7d:30:46:59:
                    c2:89:82:d6:5a:4f:a4:98:8a:c6:74:3e:c3:c1:6a:
                    53:f5:d7:e8:fd:37:20:6a:62:24:ef:6a:2a:45:96:
                    e3:c4:1d:36:d3:70:0e:f7:00:06:2b:2e:07:08:c5:
                    14:39:c8:a3:80:11:ad:bb:ab:92:79:6b:42:c3:91:
                    eb:c1:ad:ad:fc:4f:e9:e1:75:63:ec:0a:03:68:d5:
                    5a:0e:2e:cc:9b:95:46:61:40:48:36:63:21:3f:a9:
                    2c:00:52:11:ee:cf:e2:38:ee:bd:cc:ce:c4:68:09:
                    76:ee:72:eb:f1:18:9f:3a:07:a1:72:a2:1c:3f:1d:
                    46:9f:90:68:d6:87:97:2b:aa:bf:f1:78:66:a6:07:
                    13:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:C0:43:17:DF:7C:D3:AC:F7:06:04:E6:C9:7B:60:63:74:E8:EB:F2
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/nsBDF99806z3BgTmyXtgY3To6_I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:c90::/44

    Signature Algorithm: sha256WithRSAEncryption
         16:5f:ff:66:c0:79:e2:df:e1:7e:4d:71:be:34:f2:d7:e6:ef:
         52:ea:21:82:14:b7:34:78:89:2a:cd:6e:0b:4b:5e:96:df:8c:
         15:73:cd:cd:dd:6d:50:92:fc:12:7a:9f:fb:46:a4:8e:9c:38:
         1a:18:af:89:ad:dd:e4:73:73:01:f3:76:a3:88:32:bd:d8:bf:
         17:8c:68:60:d8:6f:b5:2f:57:51:73:92:ec:2d:7a:42:42:36:
         71:da:33:e4:22:fe:c6:cf:bd:29:e1:bd:c8:34:40:0e:6e:8a:
         70:0b:cf:4f:34:c8:44:27:b3:78:51:6e:dc:c9:f1:65:97:c8:
         22:ac:56:bf:3b:80:30:1d:6e:26:16:8a:b5:84:05:cf:f8:cd:
         b1:7a:a3:d1:e3:22:11:d3:1a:dc:b1:b7:63:e5:6b:68:98:69:
         fd:83:0e:81:62:ef:ac:66:31:17:aa:4a:87:17:33:3a:19:65:
         d9:af:58:72:d3:b0:76:f7:1a:c4:ad:2a:fd:9b:76:f3:8f:4c:
         04:85:42:37:cd:c9:80:50:4d:3f:bb:33:be:33:37:86:ee:4b:
         b2:5f:95:ff:1f:82:76:3d:5a:da:e3:8a:a2:0e:2a:69:29:28:
         83:60:58:68:fe:36:a8:ae:07:47:4a:20:41:1d:70:68:b9:d5:
         21:fc:a4:60
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQf+rE6yG56JuC2wOX9PtW5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTAxMDM0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWMwNDMxN2RmN2NkM2FjZjcwNjA0ZTZjOTdiNjA2Mzc0ZThlYmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2O5UTX5aTERWPJ9nj0HVDhhmUDGs
PYwnUOA1mhyCC+EsQubOaj735Rdjl1Ki4TLPM9uGj3RzI1fU+tx3eFFhLoazPvmy
d43r232agjI+2naQS+MC9F7PMMHGN7LxPP19A5/kHrNbTSC2mjcal61xPf0HYX0w
RlnCiYLWWk+kmIrGdD7DwWpT9dfo/TcgamIk72oqRZbjxB0203AO9wAGKy4HCMUU
OcijgBGtu6uSeWtCw5Hrwa2t/E/p4XVj7AoDaNVaDi7Mm5VGYUBINmMhP6ksAFIR
7s/iOO69zM7EaAl27nLr8RifOgehcqIcPx1Gn5Bo1oeXK6q/8XhmpgcTeQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJ7AQxfffNOs9wYE5sl7YGN06OvyMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvbnNCREY5OTgwNnozQmdUbXlYdGdZM1RvNl9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQyQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAWX/9mwHni3+F+TXG+NPLX5u9S6iGCFLc0eIkq
zW4LS16W34wVc83N3W1QkvwSep/7RqSOnDgaGK+Jrd3kc3MB83ajiDK92L8XjGhg
2G+1L1dRc5LsLXpCQjZx2jPkIv7Gz70p4b3INEAObopwC89PNMhEJ7N4UW7cyfFl
l8girFa/O4AwHW4mFoq1hAXP+M2xeqPR4yIR0xrcsbdj5WtomGn9gw6BYu+sZjEX
qkqHFzM6GWXZr1hy07B29xrErSr9m3bzj0wEhUI3zcmAUE0/uzO+MzeG7kuyX5X/
H4J2PVra44qiDippKSiDYFho/jaorgdHSiBBHXBoudUh/KRg
-----END CERTIFICATE-----