Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/tRfgCa5v0d2aFms13BaGdSZOUXc.roa
File:                     tRfgCa5v0d2aFms13BaGdSZOUXc.roa (raw, json)
Hash identifier:          9I2RlIlDhn2WeBIkvEwUx8FmsU8heB9niQPA9xbivQY=
Subject key identifier:   B5:17:E0:09:AE:6F:D1:DD:9A:16:6B:35:DC:16:86:75:26:4E:51:77
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01941FFAA677DB9810CF439798F8E4785AF1
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/tRfgCa5v0d2aFms13BaGdSZOUXc.roa
Signing time:             Wed 01 Jan 2025 03:48:27 +0000
ROA not before:           Wed 01 Jan 2025 03:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213154
IP address blocks:        2a0c:b641:100::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 18:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:a6:77:db:98:10:cf:43:97:98:f8:e4:78:5a:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  1 03:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b517e009ae6fd1dd9a166b35dc168675264e5177
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:b3:1f:f8:41:7e:b0:e0:46:42:55:00:9f:07:
                    2e:3c:27:7a:17:01:bf:76:5e:fb:26:7a:c8:6d:6d:
                    a0:7c:40:d8:13:bf:f0:28:20:7d:b3:aa:ee:8b:e7:
                    c3:a9:10:63:05:37:13:14:85:78:4b:ce:76:e2:1d:
                    e1:35:6c:7a:cd:04:85:fb:73:5e:23:a5:86:52:6a:
                    c4:8a:5d:18:a8:d3:c6:5a:28:f6:7d:0a:e9:db:e6:
                    60:8d:c5:a4:13:ff:9c:5e:13:23:67:1e:e0:7e:86:
                    8a:84:44:fe:42:04:5d:f8:b2:29:2c:31:92:7a:ca:
                    11:73:d5:cc:78:7b:0e:82:6c:c6:4a:7a:f7:3a:7f:
                    20:4d:75:38:7c:6c:9d:41:d9:10:26:e3:80:da:78:
                    ce:13:ae:b3:4f:ce:67:9a:51:b2:64:e3:89:22:a7:
                    ff:dc:b9:b6:d3:9d:fe:80:ce:f8:1b:0c:9c:3c:03:
                    92:e9:8a:e3:a0:06:86:6c:df:55:dd:6d:e0:cc:22:
                    b5:8d:d2:34:30:b8:eb:94:b9:b0:d5:d9:0c:d0:85:
                    b2:91:e3:c6:1d:a1:2e:ec:57:b5:82:53:b2:1d:08:
                    f9:89:8d:e5:81:cb:78:e6:a0:f5:78:ae:88:cd:0c:
                    66:f0:c5:73:5b:37:49:96:d8:a8:38:71:cd:47:fa:
                    bc:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:17:E0:09:AE:6F:D1:DD:9A:16:6B:35:DC:16:86:75:26:4E:51:77
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/tRfgCa5v0d2aFms13BaGdSZOUXc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:100::/44

    Signature Algorithm: sha256WithRSAEncryption
         3f:76:0a:4d:4c:6a:37:d3:be:a6:dd:4c:8e:a2:55:b1:52:44:
         6f:9c:44:17:fa:11:7a:30:09:f7:f9:36:9d:0b:63:c9:d2:de:
         98:39:68:46:c6:03:c9:a7:4a:18:71:f4:77:01:f5:41:ca:f6:
         c5:aa:f7:7c:2b:80:98:b2:fd:d7:da:79:d7:e7:a6:61:53:92:
         c4:ed:ea:75:a9:0b:56:1a:38:41:a0:18:4e:d5:d9:68:0e:1a:
         57:4b:86:5e:43:b5:da:e7:a8:45:6c:0a:a6:c3:42:86:d7:04:
         17:3e:76:06:55:6b:e1:50:7d:fd:c4:5c:fd:38:50:09:e7:24:
         9b:4c:7a:24:79:c0:e4:8f:8a:ad:98:04:6f:e5:37:e1:ba:54:
         f8:a7:97:a5:94:05:4b:13:f6:ec:56:8e:27:2a:89:9f:a2:7d:
         62:89:e1:71:81:4c:8e:3d:6d:5d:ef:b0:15:5a:0a:5c:df:89:
         d6:7b:9b:bb:00:5e:3c:12:65:ff:f9:40:08:96:90:fa:6c:d0:
         ab:84:f1:5f:68:21:b2:30:48:72:cc:9b:15:41:f9:e9:07:f1:
         0d:4f:1c:72:fc:71:44:73:93:bd:c7:67:b3:98:42:2a:2d:7e:
         c7:5f:d5:eb:ae:b0:f7:1c:90:ad:96:ab:ce:41:cc:68:9c:f9:
         b2:69:24:4f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQf+qZ325gQz0OXmPjkeFrxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTAxMDM0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTE3ZTAwOWFlNmZkMWRkOWExNjZiMzVkYzE2ODY3NTI2NGU1MTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLMf+EF+sOBGQlUAnwcuPCd6FwG/
dl77JnrIbW2gfEDYE7/wKCB9s6rui+fDqRBjBTcTFIV4S8524h3hNWx6zQSF+3Ne
I6WGUmrEil0YqNPGWij2fQrp2+ZgjcWkE/+cXhMjZx7gfoaKhET+QgRd+LIpLDGS
esoRc9XMeHsOgmzGSnr3On8gTXU4fGydQdkQJuOA2njOE66zT85nmlGyZOOJIqf/
3Lm2053+gM74GwycPAOS6YrjoAaGbN9V3W3gzCK1jdI0MLjrlLmw1dkM0IWykePG
HaEu7Fe1glOyHQj5iY3lgct45qD1eK6IzQxm8MVzWzdJltioOHHNR/q8tQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLUX4Amub9HdmhZrNdwWhnUmTlF3MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvdFJmZ0NhNXYwZDJhRm1zMTNCYUdkU1pPVVhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQEA
MA0GCSqGSIb3DQEBCwUAA4IBAQA/dgpNTGo3076m3UyOolWxUkRvnEQX+hF6MAn3
+TadC2PJ0t6YOWhGxgPJp0oYcfR3AfVByvbFqvd8K4CYsv3X2nnX56ZhU5LE7ep1
qQtWGjhBoBhO1dloDhpXS4ZeQ7Xa56hFbAqmw0KG1wQXPnYGVWvhUH39xFz9OFAJ
5ySbTHokecDkj4qtmARv5TfhulT4p5ellAVLE/bsVo4nKomfon1iieFxgUyOPW1d
77AVWgpc34nWe5u7AF48EmX/+UAIlpD6bNCrhPFfaCGyMEhyzJsVQfnpB/ENTxxy
/HFEc5O9x2ezmEIqLX7HX9XrrrD3HJCtlqvOQcxonPmyaSRP
-----END CERTIFICATE-----