Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/rHCQzgJ9GxoP9ORoH9mwTtZ2Uxo.roa
File:                     rHCQzgJ9GxoP9ORoH9mwTtZ2Uxo.roa (raw, json)
Hash identifier:          ANLUA/PFHdEB1B0zMPzAF8Aiov/7RXmZKayQDbDWpLg=
Subject key identifier:   AC:70:90:CE:02:7D:1B:1A:0F:F4:E4:68:1F:D9:B0:4E:D6:76:53:1A
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01941FFAB71C0AEFB1B2DB508CA3A2C321F0
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/rHCQzgJ9GxoP9ORoH9mwTtZ2Uxo.roa
Signing time:             Wed 01 Jan 2025 03:48:32 +0000
ROA not before:           Wed 01 Jan 2025 03:48:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215764
IP address blocks:        2a0c:b641:a70::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 08:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:b7:1c:0a:ef:b1:b2:db:50:8c:a3:a2:c3:21:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  1 03:48:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ac7090ce027d1b1a0ff4e4681fd9b04ed676531a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:e3:b4:06:6f:8a:38:e1:96:bc:90:66:ff:fd:
                    47:d6:2c:fe:d0:08:b7:f1:b5:25:88:c8:2a:bd:44:
                    1c:15:20:1e:7d:72:a1:df:f2:f2:d7:1e:d9:25:eb:
                    de:a5:58:7b:bc:b8:bb:d6:6b:1b:bd:0d:d0:46:5c:
                    2c:ca:62:83:8f:e0:f4:cf:6f:5e:f3:7c:2c:b7:ca:
                    2e:ce:ba:70:f8:b4:40:31:8a:06:38:bc:0f:14:47:
                    fa:5f:09:a1:f5:6d:79:5c:b8:93:ef:d6:9d:51:ee:
                    fa:e6:c9:1e:01:15:aa:a0:b9:a8:39:c2:2b:b6:50:
                    09:5f:23:9f:24:d0:99:b9:80:4d:c9:50:37:33:91:
                    8d:9e:a0:69:01:f0:70:f6:05:50:7f:a2:d2:4b:03:
                    a7:82:f0:17:ff:fa:91:6d:99:12:10:ae:35:a7:c5:
                    61:10:bc:a0:5e:65:b4:f4:a9:d7:ec:d6:f7:ab:a9:
                    f1:a2:7d:95:dd:53:ba:f7:ad:e3:63:a1:9a:16:b5:
                    80:ff:6d:c7:68:a7:87:74:89:93:67:4d:92:9b:ad:
                    96:b5:17:b8:32:4a:94:28:78:30:0c:b5:79:03:02:
                    8a:f7:37:85:eb:db:e0:4e:c0:45:82:f9:5a:56:64:
                    20:f3:e0:c7:40:cc:1b:2d:94:87:7b:3d:41:63:b2:
                    2d:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:70:90:CE:02:7D:1B:1A:0F:F4:E4:68:1F:D9:B0:4E:D6:76:53:1A
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/rHCQzgJ9GxoP9ORoH9mwTtZ2Uxo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:a70::/44

    Signature Algorithm: sha256WithRSAEncryption
         37:9c:1a:d0:c1:ca:a4:dc:8b:82:17:45:bc:7a:3a:73:69:da:
         e1:6c:ed:ea:3b:1e:4c:b7:27:54:06:3e:72:1f:9b:d8:77:bd:
         9b:46:f0:15:ea:87:d9:e0:76:81:0c:83:ad:a3:8c:f7:a9:91:
         cd:78:93:e8:fa:cb:a5:dc:90:3b:15:0e:df:64:ae:6a:60:d7:
         fa:5e:e4:79:a1:8b:7e:0d:42:7c:64:fb:3a:73:52:19:6a:b5:
         45:ac:eb:f4:f5:cd:8a:98:85:b9:f2:95:37:13:3b:eb:ce:88:
         bf:ed:2b:af:ce:89:93:fc:03:1d:e9:bc:12:5a:5f:e0:7f:d2:
         56:ab:da:38:44:23:14:17:ee:85:7a:34:23:95:f2:91:5f:5c:
         2e:bc:ea:e3:f4:ff:8a:2a:dd:f4:03:af:da:a5:94:45:65:27:
         43:78:7d:8a:16:e0:47:c9:d2:96:f5:d5:26:5d:7e:44:63:f2:
         64:20:68:44:35:b3:97:f7:8d:3e:eb:fd:82:c0:c6:05:62:cb:
         4f:1e:7b:e8:6e:61:c9:ae:92:76:6b:86:76:76:d4:74:6c:93:
         04:fb:54:92:58:26:fb:67:da:57:ae:b3:2d:28:7e:13:fc:a8:
         83:de:d3:23:62:8d:04:8a:8e:ca:4f:25:ff:f3:3e:6f:00:31:
         62:e2:fd:1e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQf+rccCu+xsttQjKOiwyHwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTAxMDM0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzcwOTBjZTAyN2QxYjFhMGZmNGU0NjgxZmQ5YjA0ZWQ2NzY1MzFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtOO0Bm+KOOGWvJBm//1H1iz+0Ai3
8bUliMgqvUQcFSAefXKh3/Ly1x7ZJevepVh7vLi71msbvQ3QRlwsymKDj+D0z29e
83wst8ouzrpw+LRAMYoGOLwPFEf6Xwmh9W15XLiT79adUe765skeARWqoLmoOcIr
tlAJXyOfJNCZuYBNyVA3M5GNnqBpAfBw9gVQf6LSSwOngvAX//qRbZkSEK41p8Vh
ELygXmW09KnX7Nb3q6nxon2V3VO6963jY6GaFrWA/23HaKeHdImTZ02Sm62WtRe4
MkqUKHgwDLV5AwKK9zeF69vgTsBFgvlaVmQg8+DHQMwbLZSHez1BY7ItDwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKxwkM4CfRsaD/TkaB/ZsE7WdlMaMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvckhDUXpnSjlHeG9QOU9Sb0g5bXdUdFoyVXhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQpw
MA0GCSqGSIb3DQEBCwUAA4IBAQA3nBrQwcqk3IuCF0W8ejpzadrhbO3qOx5MtydU
Bj5yH5vYd72bRvAV6ofZ4HaBDIOto4z3qZHNeJPo+sul3JA7FQ7fZK5qYNf6XuR5
oYt+DUJ8ZPs6c1IZarVFrOv09c2KmIW58pU3Ezvrzoi/7SuvzomT/AMd6bwSWl/g
f9JWq9o4RCMUF+6FejQjlfKRX1wuvOrj9P+KKt30A6/apZRFZSdDeH2KFuBHydKW
9dUmXX5EY/JkIGhENbOX940+6/2CwMYFYstPHnvobmHJrpJ2a4Z2dtR0bJME+1SS
WCb7Z9pXrrMtKH4T/KiD3tMjYo0Eio7KTyX/8z5vADFi4v0e
-----END CERTIFICATE-----