Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/rbPGJoV7gQ2H_cUNxA3oai-X-cE.roa
File:                     rbPGJoV7gQ2H_cUNxA3oai-X-cE.roa (raw, json)
Hash identifier:          xHT3MjUciKpd9uxCBSLtNsprnzcaHZCu0OVL/+JjErQ=
Subject key identifier:   AD:B3:C6:26:85:7B:81:0D:87:FD:C5:0D:C4:0D:E8:6A:2F:97:F9:C1
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019614BB2055F86C152613F37C182962443B
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/rbPGJoV7gQ2H_cUNxA3oai-X-cE.roa
Signing time:             Tue 08 Apr 2025 09:28:49 +0000
ROA not before:           Tue 08 Apr 2025 09:28:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211123
IP address blocks:        2a0c:b641:360::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:14:bb:20:55:f8:6c:15:26:13:f3:7c:18:29:62:44:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Apr  8 09:28:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=adb3c626857b810d87fdc50dc40de86a2f97f9c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:69:60:c8:7f:a6:a5:61:11:23:3b:07:d3:09:
                    97:c3:7c:31:a4:0a:bb:9f:b6:a7:c7:6f:b7:29:9b:
                    da:de:62:39:da:05:7e:6b:cf:13:92:87:cc:f9:89:
                    48:bb:ee:05:71:b1:fd:2a:3f:c9:2e:df:aa:49:10:
                    cc:be:1b:30:c4:03:ac:84:cf:04:9f:c5:b9:77:68:
                    dd:5e:d2:6f:ce:4a:52:30:a0:38:35:95:fd:cf:51:
                    7c:8b:65:f5:c7:ff:f7:33:cc:d6:16:b4:91:e8:33:
                    55:cc:59:97:7c:12:09:1f:9c:e0:0f:ca:47:6e:ff:
                    ca:fa:85:c2:b1:5f:ac:af:1c:e2:08:98:65:eb:51:
                    ae:f5:60:3e:77:68:4b:37:f1:d6:d0:54:71:f0:cd:
                    77:f6:f1:9d:a9:fa:d3:92:c0:ef:78:bd:b2:40:05:
                    30:4b:8b:4d:83:ed:64:6a:4d:40:2a:2d:7f:c1:ce:
                    fd:ca:be:e8:53:36:7c:59:c1:09:59:83:2e:a6:6d:
                    b0:70:81:ad:84:ab:be:8a:42:6c:98:c2:42:4d:16:
                    1f:57:4c:85:d5:d4:cd:5e:e0:bd:bf:08:bd:38:b8:
                    66:f5:59:88:13:3d:5f:74:a7:82:99:8f:57:bd:f5:
                    17:61:89:c0:0b:c7:5b:c3:1e:76:10:fb:60:65:f9:
                    cd:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:B3:C6:26:85:7B:81:0D:87:FD:C5:0D:C4:0D:E8:6A:2F:97:F9:C1
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/rbPGJoV7gQ2H_cUNxA3oai-X-cE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:360::/44

    Signature Algorithm: sha256WithRSAEncryption
         91:9f:03:a0:d5:04:5b:3a:4f:27:b7:8a:5f:52:75:3c:56:54:
         5c:a9:3b:54:5f:6d:c4:af:1e:1e:68:20:5b:2b:d0:66:45:63:
         35:e8:39:31:99:26:6b:65:c4:42:84:c2:5f:c4:e3:c4:3d:4f:
         4d:3b:3a:0c:df:cd:91:e2:d4:8d:70:a0:a6:18:77:d6:b2:83:
         7f:5d:6a:2c:ae:77:df:0e:ed:5d:b0:7b:02:7c:86:18:8e:41:
         09:5e:41:e9:2d:e4:ad:9a:20:8c:4c:b0:47:61:44:7c:84:b0:
         18:3a:1e:42:2f:58:00:2f:c6:87:c6:22:0a:cb:eb:6d:4d:2b:
         6a:41:e4:0b:31:1c:c6:db:ae:93:e0:d4:57:53:2a:75:1d:ab:
         7e:27:20:93:20:2c:20:4f:1e:12:b0:d0:c2:e1:d7:d7:59:47:
         0b:c6:aa:62:e0:d7:21:11:84:a9:bb:3c:4d:e3:96:ab:88:63:
         6f:51:6e:9b:d0:06:e8:46:f2:51:6f:d8:fd:1e:16:3b:1f:5d:
         e5:88:95:b9:89:ea:81:ce:18:db:5f:a4:a2:4a:fe:9a:12:5d:
         dd:16:8d:92:9e:96:c8:dc:bb:0c:0d:3c:e8:16:1c:58:b7:95:
         91:1d:3d:7c:5e:7f:b0:cb:ce:ed:c6:4f:d5:d7:b0:f5:ea:73:
         eb:ec:95:15
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZYUuyBV+GwVJhPzfBgpYkQ7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwNDA4MDkyODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGIzYzYyNjg1N2I4MTBkODdmZGM1MGRjNDBkZTg2YTJmOTdmOWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnmlgyH+mpWERIzsH0wmXw3wxpAq7
n7anx2+3KZva3mI52gV+a88TkofM+YlIu+4FcbH9Kj/JLt+qSRDMvhswxAOshM8E
n8W5d2jdXtJvzkpSMKA4NZX9z1F8i2X1x//3M8zWFrSR6DNVzFmXfBIJH5zgD8pH
bv/K+oXCsV+srxziCJhl61Gu9WA+d2hLN/HW0FRx8M139vGdqfrTksDveL2yQAUw
S4tNg+1kak1AKi1/wc79yr7oUzZ8WcEJWYMupm2wcIGthKu+ikJsmMJCTRYfV0yF
1dTNXuC9vwi9OLhm9VmIEz1fdKeCmY9XvfUXYYnAC8dbwx52EPtgZfnNawIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFK2zxiaFe4ENh/3FDcQN6Govl/nBMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvcmJQR0pvVjdnUTJIX2NVTnhBM29haS1YLWNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQNg
MA0GCSqGSIb3DQEBCwUAA4IBAQCRnwOg1QRbOk8nt4pfUnU8VlRcqTtUX23Erx4e
aCBbK9BmRWM16DkxmSZrZcRChMJfxOPEPU9NOzoM382R4tSNcKCmGHfWsoN/XWos
rnffDu1dsHsCfIYYjkEJXkHpLeStmiCMTLBHYUR8hLAYOh5CL1gAL8aHxiIKy+tt
TStqQeQLMRzG266T4NRXUyp1Hat+JyCTICwgTx4SsNDC4dfXWUcLxqpi4NchEYSp
uzxN45ariGNvUW6b0AboRvJRb9j9HhY7H13liJW5ieqBzhjbX6SiSv6aEl3dFo2S
npbI3LsMDTzoFhxYt5WRHT18Xn+wy87txk/V17D16nPr7JUV
-----END CERTIFICATE-----