Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/tV2d261SP1BYL_tdjSHOkBmoOtg.roa
File:                     tV2d261SP1BYL_tdjSHOkBmoOtg.roa (raw, json)
Hash identifier:          YWOQXISg7oAF2p9RNejb98iFefe43KU5G0uiOwS6NTs=
Subject key identifier:   B5:5D:9D:DB:AD:52:3F:50:58:2F:FB:5D:8D:21:CE:90:19:A8:3A:D8
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01941FFAB015EB58B42D0F1D7A24CFCA7389
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/tV2d261SP1BYL_tdjSHOkBmoOtg.roa
Signing time:             Wed 01 Jan 2025 03:48:30 +0000
ROA not before:           Wed 01 Jan 2025 03:48:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214508
IP address blocks:        2a0c:b641:ca0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:b0:15:eb:58:b4:2d:0f:1d:7a:24:cf:ca:73:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  1 03:48:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b55d9ddbad523f50582ffb5d8d21ce9019a83ad8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:84:9c:2d:99:20:1c:5f:54:a2:4f:17:17:b6:
                    58:33:02:38:b6:4c:74:43:d7:4a:73:5d:b8:9c:6c:
                    03:7d:c4:cc:70:81:c9:71:33:f5:02:0f:7a:a3:de:
                    06:90:01:1e:7b:cf:7c:5a:67:3b:e7:70:ce:01:39:
                    31:46:12:b4:09:78:d2:37:5a:a4:0e:4c:ab:5e:93:
                    d9:dc:08:fc:3b:e3:5a:b3:f0:9a:06:d3:34:54:4f:
                    0f:ff:85:bc:13:4c:b9:fb:d2:7e:6a:61:0b:bd:78:
                    ad:dc:d6:17:76:cc:7a:05:3d:48:2e:e5:e0:a2:4b:
                    0f:98:68:8c:09:eb:5d:d2:b4:f7:4e:db:ed:81:f6:
                    40:e2:35:9b:57:e7:76:59:ea:f7:f7:2a:9e:8a:e8:
                    aa:35:15:21:3e:40:28:5d:b8:02:91:04:16:fd:ce:
                    b3:82:35:26:2f:d4:62:bf:5a:85:96:7d:b6:46:cf:
                    03:10:a1:c5:b4:dd:ce:6f:d1:16:e4:17:8d:ba:c6:
                    bf:3f:6b:06:05:b5:19:22:38:e1:fb:e1:5d:7c:14:
                    88:e9:7c:f3:b1:33:d8:2a:f2:64:6a:6c:38:95:d9:
                    5b:9e:8e:bc:7f:79:80:67:81:0f:d6:74:b4:6f:26:
                    e0:ac:3a:88:40:f9:f0:56:ed:c4:ed:9e:d9:69:cd:
                    2e:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:5D:9D:DB:AD:52:3F:50:58:2F:FB:5D:8D:21:CE:90:19:A8:3A:D8
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/tV2d261SP1BYL_tdjSHOkBmoOtg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:ca0::/44

    Signature Algorithm: sha256WithRSAEncryption
         6a:d9:59:a9:c4:ea:c8:1f:f2:0a:b3:52:fc:3b:be:fb:45:81:
         32:65:eb:77:e3:e1:e0:59:c6:75:b1:cb:85:ad:dc:53:23:f9:
         0f:1d:fc:7e:ea:ab:2b:85:0e:65:f7:b2:9b:03:80:6a:81:41:
         07:01:51:32:82:8f:bf:2c:c2:44:bf:a9:23:bd:c5:3f:af:5d:
         5f:c4:16:8a:0e:31:b8:09:bb:62:43:03:06:cf:77:92:f3:76:
         dc:a3:1c:d7:e6:af:b4:9a:34:08:48:5d:97:4f:61:e3:6d:39:
         04:d6:c9:1b:10:76:57:50:48:31:04:c9:84:4e:3a:68:23:dc:
         01:e7:e8:ff:e4:9b:04:6d:24:01:a5:59:33:d7:3c:75:14:52:
         a7:22:0f:a2:4e:bb:05:72:ab:a3:c1:0a:28:b2:5e:e3:1e:c8:
         13:7e:d2:4b:c6:4f:14:94:e2:8f:c1:ef:8e:13:7c:61:79:ef:
         ed:01:e6:11:a5:45:b4:3c:6e:48:f9:70:c6:56:33:1d:d0:51:
         4c:3c:bb:95:30:68:cf:82:ca:0e:74:5e:26:57:86:a9:c3:37:
         16:8b:32:83:8f:8b:fa:33:f1:a2:e6:6b:82:90:ac:49:49:a4:
         6c:c6:67:c1:fd:84:35:f9:0e:e4:f7:37:6d:14:ed:18:5a:4f:
         71:ff:1a:65
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQf+rAV61i0LQ8deiTPynOJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTAxMDM0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTVkOWRkYmFkNTIzZjUwNTgyZmZiNWQ4ZDIxY2U5MDE5YTgzYWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA24ScLZkgHF9Uok8XF7ZYMwI4tkx0
Q9dKc124nGwDfcTMcIHJcTP1Ag96o94GkAEee898Wmc753DOATkxRhK0CXjSN1qk
DkyrXpPZ3Aj8O+Nas/CaBtM0VE8P/4W8E0y5+9J+amELvXit3NYXdsx6BT1ILuXg
oksPmGiMCetd0rT3TtvtgfZA4jWbV+d2Wer39yqeiuiqNRUhPkAoXbgCkQQW/c6z
gjUmL9Riv1qFln22Rs8DEKHFtN3Ob9EW5BeNusa/P2sGBbUZIjjh++FdfBSI6Xzz
sTPYKvJkamw4ldlbno68f3mAZ4EP1nS0bybgrDqIQPnwVu3E7Z7Zac0uOwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLVdndutUj9QWC/7XY0hzpAZqDrYMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvdFYyZDI2MVNQMUJZTF90ZGpTSE9rQm1vT3RnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQyg
MA0GCSqGSIb3DQEBCwUAA4IBAQBq2VmpxOrIH/IKs1L8O777RYEyZet34+HgWcZ1
scuFrdxTI/kPHfx+6qsrhQ5l97KbA4BqgUEHAVEygo+/LMJEv6kjvcU/r11fxBaK
DjG4CbtiQwMGz3eS83bcoxzX5q+0mjQISF2XT2HjbTkE1skbEHZXUEgxBMmETjpo
I9wB5+j/5JsEbSQBpVkz1zx1FFKnIg+iTrsFcqujwQoosl7jHsgTftJLxk8UlOKP
we+OE3xhee/tAeYRpUW0PG5I+XDGVjMd0FFMPLuVMGjPgsoOdF4mV4apwzcWizKD
j4v6M/Gi5muCkKxJSaRsxmfB/YQ1+Q7k9zdtFO0YWk9x/xpl
-----END CERTIFICATE-----