Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/qfT2ucVVeQFI4A2dcW8G41khuGs.roa
File:                     qfT2ucVVeQFI4A2dcW8G41khuGs.roa (raw, json)
Hash identifier:          13jFgCAreVBjBBcjLxN1LTLhlNkVCxakPl3+PB/g0kw=
Subject key identifier:   A9:F4:F6:B9:C5:55:79:01:48:E0:0D:9D:71:6F:06:E3:59:21:B8:6B
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01941FFAB454ABE38B6BF0E42A819F4A4C17
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/qfT2ucVVeQFI4A2dcW8G41khuGs.roa
Signing time:             Wed 01 Jan 2025 03:48:31 +0000
ROA not before:           Wed 01 Jan 2025 03:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215097
IP address blocks:        2a0c:b641:c30::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 20:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:b4:54:ab:e3:8b:6b:f0:e4:2a:81:9f:4a:4c:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  1 03:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a9f4f6b9c555790148e00d9d716f06e35921b86b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:d9:92:b4:9b:12:40:89:95:99:06:12:76:55:
                    5b:74:e8:2e:79:ca:c0:2e:12:fc:b2:f7:66:4e:99:
                    54:8a:60:8f:95:e6:d2:d9:b3:e9:50:50:97:86:45:
                    47:36:29:07:02:f6:cf:c7:80:45:05:7e:86:0e:b3:
                    05:af:fd:1e:cb:53:b1:3c:16:b6:6d:01:47:c4:9b:
                    ac:19:bb:8e:34:ae:fa:13:4c:d2:a2:25:04:ad:fb:
                    93:70:37:47:8b:63:4d:7f:33:a7:d0:ea:a6:47:00:
                    b5:fd:ca:ea:be:3e:1a:51:6e:01:f9:ff:34:bd:bb:
                    c6:c3:32:c9:1f:a4:28:b1:5d:89:36:11:bd:da:53:
                    29:61:25:29:d0:6d:ec:00:06:48:e3:56:f2:2f:bb:
                    62:ae:6c:e2:8b:1b:b3:0e:7e:01:7b:4c:15:59:5e:
                    17:8e:ed:97:4a:77:83:7a:b7:26:60:c6:a9:69:a5:
                    60:47:18:67:da:2c:4d:f7:b3:c3:c5:94:9a:b7:fa:
                    7b:3b:d6:eb:62:8e:72:33:60:e8:c2:44:2f:56:34:
                    23:8e:be:6f:4b:6e:09:fa:ba:32:5b:60:d2:4e:18:
                    83:3f:3b:a1:09:8d:a6:a3:ce:49:7f:d4:ef:11:57:
                    1d:61:82:bb:fd:a4:82:73:b3:7e:cc:6d:44:50:bc:
                    65:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:F4:F6:B9:C5:55:79:01:48:E0:0D:9D:71:6F:06:E3:59:21:B8:6B
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/qfT2ucVVeQFI4A2dcW8G41khuGs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:c30::/44

    Signature Algorithm: sha256WithRSAEncryption
         78:8d:df:cc:bc:95:59:59:70:90:d8:54:99:db:99:8b:4e:17:
         af:2f:e8:e9:2a:97:08:4f:fc:71:25:a5:9b:c8:ff:82:5e:b0:
         fe:a1:eb:e7:62:ec:f1:79:2e:de:15:7d:cd:2e:56:bc:10:14:
         03:b0:92:5e:46:b2:13:cd:b1:bb:70:3d:fa:1f:cb:48:b5:e4:
         ce:39:2a:67:16:f3:6a:ba:54:e8:e6:57:f4:50:df:78:48:45:
         bc:d9:a4:26:ab:ec:5b:23:44:e5:d2:fe:17:12:c9:60:24:51:
         ea:3c:48:2b:e2:ba:30:55:11:81:0c:43:38:78:24:d0:7d:6c:
         b2:e0:a5:fd:1a:46:21:0f:e7:d8:3e:8b:05:69:b0:ad:88:78:
         0c:57:44:18:67:b6:fa:c4:7f:39:94:cb:a8:8b:d7:b5:64:fb:
         3a:d1:b5:b9:7f:6a:3c:ac:c3:b3:3e:10:a7:53:b3:79:8d:3d:
         5f:d1:7d:a6:90:0e:32:5c:0f:06:72:ca:e6:e7:14:21:9c:de:
         4d:1e:54:fb:86:77:7f:c6:85:c7:bd:5d:86:9f:77:1c:85:a0:
         90:14:7f:2d:e8:e9:84:a2:fd:88:3b:24:67:a4:24:f1:72:c8:
         a0:7b:86:f5:ad:96:ec:7d:b3:46:58:7a:1e:02:63:60:c2:01:
         7b:02:f8:f8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQf+rRUq+OLa/DkKoGfSkwXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTAxMDM0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWY0ZjZiOWM1NTU3OTAxNDhlMDBkOWQ3MTZmMDZlMzU5MjFiODZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyNmStJsSQImVmQYSdlVbdOguecrA
LhL8svdmTplUimCPlebS2bPpUFCXhkVHNikHAvbPx4BFBX6GDrMFr/0ey1OxPBa2
bQFHxJusGbuONK76E0zSoiUErfuTcDdHi2NNfzOn0OqmRwC1/crqvj4aUW4B+f80
vbvGwzLJH6QosV2JNhG92lMpYSUp0G3sAAZI41byL7tirmziixuzDn4Be0wVWV4X
ju2XSneDercmYMapaaVgRxhn2ixN97PDxZSat/p7O9brYo5yM2DowkQvVjQjjr5v
S24J+royW2DSThiDPzuhCY2mo85Jf9TvEVcdYYK7/aSCc7N+zG1EULxlsQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKn09rnFVXkBSOANnXFvBuNZIbhrMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvcWZUMnVjVlZlUUZJNEEyZGNXOEc0MWtodUdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQww
MA0GCSqGSIb3DQEBCwUAA4IBAQB4jd/MvJVZWXCQ2FSZ25mLThevL+jpKpcIT/xx
JaWbyP+CXrD+oevnYuzxeS7eFX3NLla8EBQDsJJeRrITzbG7cD36H8tIteTOOSpn
FvNqulTo5lf0UN94SEW82aQmq+xbI0Tl0v4XEslgJFHqPEgr4rowVRGBDEM4eCTQ
fWyy4KX9GkYhD+fYPosFabCtiHgMV0QYZ7b6xH85lMuoi9e1ZPs60bW5f2o8rMOz
PhCnU7N5jT1f0X2mkA4yXA8Gcsrm5xQhnN5NHlT7hnd/xoXHvV2Gn3cchaCQFH8t
6OmEov2IOyRnpCTxcsige4b1rZbsfbNGWHoeAmNgwgF7Avj4
-----END CERTIFICATE-----