Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/tgc4pRINFr4GbzL87zwKOUjA2hs.roa
File:                     tgc4pRINFr4GbzL87zwKOUjA2hs.roa (raw, json)
Hash identifier:          HMRGM7uyQ+MPLVW4v73TOFYQFm0mF8ylHb9RePPAq+w=
Subject key identifier:   B6:07:38:A5:12:0D:16:BE:06:6F:32:FC:EF:3C:0A:39:48:C0:DA:1B
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01941FFA9B6357429190FC531006C572D1FF
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/tgc4pRINFr4GbzL87zwKOUjA2hs.roa
Signing time:             Wed 01 Jan 2025 03:48:24 +0000
ROA not before:           Wed 01 Jan 2025 03:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210800
IP address blocks:        2a0c:b641:430::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 05:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:9b:63:57:42:91:90:fc:53:10:06:c5:72:d1:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  1 03:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b60738a5120d16be066f32fcef3c0a3948c0da1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:3d:0e:cd:24:c5:c2:a6:6d:32:c0:4c:a6:28:
                    55:93:35:a2:8c:cb:0a:ee:ca:03:71:68:c7:c9:9d:
                    47:e5:d1:a2:14:81:71:31:2a:e2:80:e5:77:52:4d:
                    1f:c8:5d:2b:78:09:b5:0d:67:a8:08:94:1b:0e:af:
                    fb:57:ac:4d:62:9d:4a:37:85:73:3a:32:0d:a5:d0:
                    db:d6:04:9a:76:dc:9f:cb:0f:34:fa:b8:25:f3:d7:
                    2a:f5:f7:e3:be:ae:d1:a9:08:f0:0f:df:f9:38:03:
                    d5:fd:7c:7a:68:d9:ff:01:48:a4:df:61:2f:24:a3:
                    9e:b1:96:56:fb:8e:2f:1c:4b:2d:a1:a1:4f:08:cf:
                    10:11:d1:8d:45:5d:14:49:99:40:ed:a9:80:ba:2f:
                    f0:1c:c9:85:0f:ef:6d:6a:a3:61:46:1a:bc:db:93:
                    aa:a9:eb:94:4a:5c:e0:08:01:28:93:d2:ce:9b:10:
                    fb:10:4b:69:d9:3e:46:01:95:32:95:79:52:4f:01:
                    2b:08:6a:26:62:f4:85:59:29:58:d4:60:32:e0:4e:
                    63:7b:eb:65:6c:1c:4b:81:45:10:20:98:11:47:b1:
                    69:28:fa:ac:f3:87:44:c9:46:a4:cc:a9:54:25:d5:
                    b5:c5:04:31:15:35:49:94:c2:2a:e5:42:df:80:e7:
                    48:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:07:38:A5:12:0D:16:BE:06:6F:32:FC:EF:3C:0A:39:48:C0:DA:1B
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/tgc4pRINFr4GbzL87zwKOUjA2hs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:430::/44

    Signature Algorithm: sha256WithRSAEncryption
         95:c5:99:91:30:09:86:d4:06:d7:3f:d6:77:79:48:82:1e:61:
         d0:ed:50:3a:04:1f:3a:ed:93:6b:f2:23:8c:b8:b4:cf:a2:47:
         c0:b2:a6:57:f7:89:6e:46:82:de:df:c7:9f:31:16:b5:31:f9:
         8a:30:c2:87:83:e6:aa:8e:db:21:e6:aa:60:5b:ca:e8:98:54:
         74:cc:bc:48:5e:61:b2:4b:91:5b:6b:6c:f1:af:bc:7b:32:cf:
         07:14:25:74:a2:25:20:e4:45:73:4a:3f:92:0b:82:56:f4:a2:
         2b:14:06:e3:7b:41:2a:4b:5c:a7:20:3b:ed:81:6a:fb:ac:a7:
         fc:ab:10:40:43:3c:9c:01:92:4b:a9:02:80:65:eb:ac:38:06:
         4d:48:84:fb:d7:0e:93:6c:8d:3e:aa:a5:01:3f:5e:88:1f:a5:
         0d:73:65:31:d5:b4:b7:9c:27:6f:22:f8:27:c6:4d:32:ae:1a:
         b7:79:05:61:fe:30:11:d2:08:ea:f8:51:2f:a3:60:b3:93:0a:
         73:8f:b5:2d:7b:96:1d:03:62:62:38:4a:51:fa:4c:60:88:16:
         d6:5a:ad:ce:1d:75:48:2b:d1:7d:2d:2b:21:ea:d0:90:ce:e5:
         09:dc:e5:84:53:33:64:09:8c:d6:18:ef:ad:24:4a:89:ea:31:
         1c:03:6c:fb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQf+ptjV0KRkPxTEAbFctH/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTAxMDM0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjA3MzhhNTEyMGQxNmJlMDY2ZjMyZmNlZjNjMGEzOTQ4YzBkYTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4D0OzSTFwqZtMsBMpihVkzWijMsK
7soDcWjHyZ1H5dGiFIFxMSrigOV3Uk0fyF0reAm1DWeoCJQbDq/7V6xNYp1KN4Vz
OjINpdDb1gSadtyfyw80+rgl89cq9ffjvq7RqQjwD9/5OAPV/Xx6aNn/AUik32Ev
JKOesZZW+44vHEstoaFPCM8QEdGNRV0USZlA7amAui/wHMmFD+9taqNhRhq825Oq
qeuUSlzgCAEok9LOmxD7EEtp2T5GAZUylXlSTwErCGomYvSFWSlY1GAy4E5je+tl
bBxLgUUQIJgRR7FpKPqs84dEyUakzKlUJdW1xQQxFTVJlMIq5ULfgOdIdQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLYHOKUSDRa+Bm8y/O88CjlIwNobMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvdGdjNHBSSU5GcjRHYnpMODd6d0tPVWpBMmhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQQw
MA0GCSqGSIb3DQEBCwUAA4IBAQCVxZmRMAmG1AbXP9Z3eUiCHmHQ7VA6BB867ZNr
8iOMuLTPokfAsqZX94luRoLe38efMRa1MfmKMMKHg+aqjtsh5qpgW8romFR0zLxI
XmGyS5Fba2zxr7x7Ms8HFCV0oiUg5EVzSj+SC4JW9KIrFAbje0EqS1ynIDvtgWr7
rKf8qxBAQzycAZJLqQKAZeusOAZNSIT71w6TbI0+qqUBP16IH6UNc2Ux1bS3nCdv
Ivgnxk0yrhq3eQVh/jAR0gjq+FEvo2Czkwpzj7Ute5YdA2JiOEpR+kxgiBbWWq3O
HXVIK9F9LSsh6tCQzuUJ3OWEUzNkCYzWGO+tJEqJ6jEcA2z7
-----END CERTIFICATE-----