Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/rbWhABUHiToYV3zVMS47JzdDX7I.roa
File:                     rbWhABUHiToYV3zVMS47JzdDX7I.roa (raw, json)
Hash identifier:          +QRbK/mvQFr6JcfBLWaKSmCbQBawz7q4Fx0kuV7XXqU=
Subject key identifier:   AD:B5:A1:00:15:07:89:3A:18:57:7C:D5:31:2E:3B:27:37:43:5F:B2
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019488815CA933A6E0AF7FDD3AF9783F19D4
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/rbWhABUHiToYV3zVMS47JzdDX7I.roa
Signing time:             Tue 21 Jan 2025 10:56:06 +0000
ROA not before:           Tue 21 Jan 2025 10:56:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213550
IP address blocks:        2a0c:b641:1e0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 19:14:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:88:81:5c:a9:33:a6:e0:af:7f:dd:3a:f9:78:3f:19:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan 21 10:56:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=adb5a1001507893a18577cd5312e3b2737435fb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:b5:50:ca:06:3b:74:aa:eb:99:e1:1d:c0:68:
                    ae:2b:1b:8e:aa:26:e1:f1:c8:5c:7b:e7:8b:38:21:
                    73:5d:19:05:a0:0b:89:8e:b9:43:d1:e3:eb:2c:f9:
                    0b:e3:9a:50:4e:cf:44:de:99:82:7c:ab:fd:f7:0b:
                    34:c2:8a:8a:08:70:d1:dc:62:45:c4:d5:52:f7:0e:
                    86:6b:f6:c8:56:d2:98:14:2f:fd:df:97:52:3e:d7:
                    d9:25:74:9c:ed:4a:95:8f:63:80:4e:a5:a8:ea:94:
                    d7:bc:b8:c7:21:da:da:23:a3:34:90:1b:9d:1c:c4:
                    85:99:f9:84:0f:96:3c:87:e9:cf:1f:ce:8f:cc:4f:
                    7d:31:44:4b:89:01:a2:10:47:72:8b:b9:b9:89:f2:
                    c7:df:42:c9:91:d3:c7:ab:bc:8a:10:5d:72:8b:c5:
                    0c:1e:ca:ac:21:c0:22:d9:09:37:4f:90:40:23:d6:
                    ae:e2:d7:28:38:37:6d:46:3d:78:89:a3:af:49:95:
                    82:8f:84:e9:77:26:52:da:35:ea:2a:ef:b3:5d:ff:
                    54:f6:d7:8a:08:76:85:58:06:27:2d:fa:38:67:42:
                    90:6d:dd:91:1e:02:b6:a2:0c:59:f7:a3:e1:15:8d:
                    3c:b2:9c:97:7e:02:b9:6e:da:a1:e3:01:f2:80:bc:
                    f5:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:B5:A1:00:15:07:89:3A:18:57:7C:D5:31:2E:3B:27:37:43:5F:B2
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/rbWhABUHiToYV3zVMS47JzdDX7I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:1e0::/44

    Signature Algorithm: sha256WithRSAEncryption
         0d:b5:fc:ae:4c:2f:6b:05:7b:b8:d6:9b:71:d8:b7:86:99:e3:
         4c:76:bb:ec:ea:d1:84:01:53:d8:d5:51:67:3a:39:8d:43:7b:
         68:3a:9d:d8:0c:b7:12:a1:af:68:67:11:fd:c4:f6:d2:f4:dc:
         0f:ab:4a:90:7d:c2:16:ff:a3:3c:7b:34:ac:ad:64:3e:05:04:
         83:a5:7e:5d:01:dd:62:08:8e:51:ba:6a:39:ad:d1:04:75:dc:
         ca:f4:f9:69:dd:37:4e:dc:3d:f6:e0:f5:76:0c:57:2a:4c:44:
         8f:97:35:cf:15:36:45:8f:f0:6c:30:07:79:0a:da:0e:da:e6:
         6e:e1:f2:20:18:65:a7:60:39:a5:b7:b9:9b:a9:22:1e:1c:3d:
         1a:9a:64:98:81:6f:bf:fc:ff:4d:0e:a0:c7:14:87:07:5e:d9:
         98:a2:29:21:5b:51:51:5a:a7:f9:76:23:67:5e:d0:89:c8:cd:
         db:e5:a3:48:d7:46:1b:8d:95:cc:67:6f:b0:b9:d4:c1:c1:b2:
         e9:19:3d:61:70:41:fc:7a:46:7c:06:33:4d:7d:26:42:e4:b6:
         17:fd:63:18:fb:4b:d5:7a:90:66:76:14:d7:97:b2:15:94:23:
         36:af:42:f3:1b:09:2f:b8:76:de:45:cb:dd:a4:7c:83:6e:fd:
         b5:81:c6:28
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZSIgVypM6bgr3/dOvl4PxnUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTIxMTA1NjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGI1YTEwMDE1MDc4OTNhMTg1NzdjZDUzMTJlM2IyNzM3NDM1ZmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApbVQygY7dKrrmeEdwGiuKxuOqibh
8chce+eLOCFzXRkFoAuJjrlD0ePrLPkL45pQTs9E3pmCfKv99ws0woqKCHDR3GJF
xNVS9w6Ga/bIVtKYFC/935dSPtfZJXSc7UqVj2OATqWo6pTXvLjHIdraI6M0kBud
HMSFmfmED5Y8h+nPH86PzE99MURLiQGiEEdyi7m5ifLH30LJkdPHq7yKEF1yi8UM
HsqsIcAi2Qk3T5BAI9au4tcoODdtRj14iaOvSZWCj4TpdyZS2jXqKu+zXf9U9teK
CHaFWAYnLfo4Z0KQbd2RHgK2ogxZ96PhFY08spyXfgK5btqh4wHygLz1swIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFK21oQAVB4k6GFd81TEuOyc3Q1+yMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvcmJXaEFCVUhpVG9ZVjN6Vk1TNDdKemREWDdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQHg
MA0GCSqGSIb3DQEBCwUAA4IBAQANtfyuTC9rBXu41ptx2LeGmeNMdrvs6tGEAVPY
1VFnOjmNQ3toOp3YDLcSoa9oZxH9xPbS9NwPq0qQfcIW/6M8ezSsrWQ+BQSDpX5d
Ad1iCI5Rumo5rdEEddzK9Plp3TdO3D324PV2DFcqTESPlzXPFTZFj/BsMAd5CtoO
2uZu4fIgGGWnYDmlt7mbqSIeHD0ammSYgW+//P9NDqDHFIcHXtmYoikhW1FRWqf5
diNnXtCJyM3b5aNI10YbjZXMZ2+wudTBwbLpGT1hcEH8ekZ8BjNNfSZC5LYX/WMY
+0vVepBmdhTXl7IVlCM2r0LzGwkvuHbeRcvdpHyDbv21gcYo
-----END CERTIFICATE-----