Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/oW_oUpPGCYYv2XRBi8w8ozJfbaw.roa
File:                     oW_oUpPGCYYv2XRBi8w8ozJfbaw.roa (raw, json)
Hash identifier:          7uP+fM4Vm6U959y/1lwfYKUgzCuyTk72ewkCRMDVMaM=
Subject key identifier:   A1:6F:E8:52:93:C6:09:86:2F:D9:74:41:8B:CC:3C:A3:32:5F:6D:AC
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019905BBCB89068B20B93673F2CF2DD94F91
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/oW_oUpPGCYYv2XRBi8w8ozJfbaw.roa
Signing time:             Mon 01 Sep 2025 14:43:37 +0000
ROA not before:           Mon 01 Sep 2025 14:43:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205013
IP address blocks:        2a0c:b641:7b0::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 05:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:05:bb:cb:89:06:8b:20:b9:36:73:f2:cf:2d:d9:4f:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Sep  1 14:43:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a16fe85293c609862fd974418bcc3ca3325f6dac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:88:89:45:bd:c9:bf:e4:3f:a9:71:c2:4a:f2:
                    84:f0:4d:d7:f9:d8:89:61:32:21:08:06:4d:34:0a:
                    19:e8:3e:d4:ff:2d:c5:f4:e1:da:19:df:e7:17:f5:
                    73:18:6e:17:a0:12:42:07:46:d6:de:aa:20:b0:89:
                    60:f8:cb:73:87:43:3e:a3:5c:2d:6a:cc:52:fb:a5:
                    a4:89:2b:32:84:f0:a2:46:79:15:e5:fa:60:f6:86:
                    b0:ab:e1:f7:f0:6a:ae:af:4a:a8:21:dd:5e:f1:33:
                    22:b4:04:15:cc:10:ff:6a:d5:85:d5:a3:15:ec:c1:
                    ec:2d:14:98:04:53:e9:59:1e:5d:c6:d1:d2:bc:ec:
                    99:73:6d:8f:cf:9d:74:7f:57:6e:ac:54:02:33:6c:
                    0d:17:a4:75:0c:8b:d4:d8:82:17:c3:04:a9:59:08:
                    7e:1c:55:f5:1c:fa:9d:47:70:12:81:12:ea:c2:46:
                    1b:56:06:ed:77:3c:63:c6:4a:99:87:1b:3d:c9:ec:
                    15:13:28:1b:e5:11:c1:cf:da:66:76:d4:77:f1:55:
                    f6:9b:4c:3f:d3:eb:d4:2b:49:6b:e7:93:29:4f:58:
                    ee:19:52:25:2e:06:57:a3:fb:5d:08:33:e9:6a:e7:
                    46:f9:56:2e:c9:9d:a1:d0:a9:78:1a:34:c8:a5:25:
                    8a:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:6F:E8:52:93:C6:09:86:2F:D9:74:41:8B:CC:3C:A3:32:5F:6D:AC
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/oW_oUpPGCYYv2XRBi8w8ozJfbaw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:7b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         20:66:1d:88:51:47:1e:09:7e:30:26:ad:18:32:6d:f3:6d:64:
         51:9a:2f:1a:17:43:5e:36:b0:3b:6b:21:85:de:fb:36:4d:3b:
         0b:d8:f2:12:9a:4f:a1:0a:f3:f8:fb:8a:49:66:bb:a2:10:bf:
         cd:76:d1:74:9e:71:3e:8c:03:65:43:d2:04:fb:d3:07:c8:c5:
         0c:7d:95:10:cf:3b:63:19:fe:f6:29:f4:6a:33:0c:54:e6:d6:
         90:a1:82:af:c5:50:48:ed:f0:8f:e7:1a:5d:bc:0c:a2:80:79:
         d4:f7:eb:3d:9f:ec:b6:85:ca:ae:92:e2:7f:9c:1b:f9:2e:d1:
         58:3c:4f:8c:0a:ce:6e:c1:cc:18:bd:2a:be:31:e7:65:5c:25:
         48:07:07:a2:67:34:f5:d2:a1:9a:f8:c8:58:78:61:31:3c:5b:
         64:df:85:a0:39:fe:76:ee:0d:4e:a7:14:23:b7:92:c0:cc:54:
         e2:2b:ea:a6:4f:63:41:a1:82:37:c5:f9:d9:c2:a0:0e:8f:7b:
         88:7b:99:a1:27:9c:90:34:d0:19:50:2c:55:07:a8:94:91:d3:
         1a:82:65:36:c5:73:12:6e:be:5f:b2:0f:26:ca:ca:ae:7a:b6:
         a7:eb:5f:bc:b7:28:37:76:20:9b:bc:bb:59:e1:d7:45:fd:49:
         56:d5:21:40
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZkFu8uJBosguTZz8s8t2U+RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwOTAxMTQ0MzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTZmZTg1MjkzYzYwOTg2MmZkOTc0NDE4YmNjM2NhMzMyNWY2ZGFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq4iJRb3Jv+Q/qXHCSvKE8E3X+diJ
YTIhCAZNNAoZ6D7U/y3F9OHaGd/nF/VzGG4XoBJCB0bW3qogsIlg+Mtzh0M+o1wt
asxS+6WkiSsyhPCiRnkV5fpg9oawq+H38Gqur0qoId1e8TMitAQVzBD/atWF1aMV
7MHsLRSYBFPpWR5dxtHSvOyZc22Pz510f1durFQCM2wNF6R1DIvU2IIXwwSpWQh+
HFX1HPqdR3ASgRLqwkYbVgbtdzxjxkqZhxs9yewVEygb5RHBz9pmdtR38VX2m0w/
0+vUK0lr55MpT1juGVIlLgZXo/tdCDPpaudG+VYuyZ2h0Kl4GjTIpSWKnQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKFv6FKTxgmGL9l0QYvMPKMyX22sMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvb1dfb1VwUEdDWVl2MlhSQmk4dzhvekpmYmF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQew
MA0GCSqGSIb3DQEBCwUAA4IBAQAgZh2IUUceCX4wJq0YMm3zbWRRmi8aF0NeNrA7
ayGF3vs2TTsL2PISmk+hCvP4+4pJZruiEL/NdtF0nnE+jANlQ9IE+9MHyMUMfZUQ
zztjGf72KfRqMwxU5taQoYKvxVBI7fCP5xpdvAyigHnU9+s9n+y2hcqukuJ/nBv5
LtFYPE+MCs5uwcwYvSq+MedlXCVIBweiZzT10qGa+MhYeGExPFtk34WgOf527g1O
pxQjt5LAzFTiK+qmT2NBoYI3xfnZwqAOj3uIe5mhJ5yQNNAZUCxVB6iUkdMagmU2
xXMSbr5fsg8mysqueran61+8tyg3diCbvLtZ4ddF/UlW1SFA
-----END CERTIFICATE-----