Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/v4CZAkuptBMan5eKcDa5wgnRm_Q.roa
File:                     v4CZAkuptBMan5eKcDa5wgnRm_Q.roa (raw, json)
Hash identifier:          wt6c/nlAlbx6E6T7jQ2tEiKEMONsO9aH4H+Lg71bwHk=
Subject key identifier:   BF:80:99:02:4B:A9:B4:13:1A:9F:97:8A:70:36:B9:C2:09:D1:9B:F4
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01941FFAA96BA1DF48C205E2C0369D637010
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/v4CZAkuptBMan5eKcDa5wgnRm_Q.roa
Signing time:             Wed 01 Jan 2025 03:48:28 +0000
ROA not before:           Wed 01 Jan 2025 03:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213661
IP address blocks:        2a0c:b641:150::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 05:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:a9:6b:a1:df:48:c2:05:e2:c0:36:9d:63:70:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  1 03:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bf8099024ba9b4131a9f978a7036b9c209d19bf4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:cd:0b:3f:2d:93:0b:7e:f5:51:c0:17:e1:1e:
                    02:6d:ae:cb:0b:de:c8:b1:a3:ff:e4:c0:21:01:e8:
                    1b:45:9a:07:bc:5b:90:6f:f4:fa:b6:f6:1f:6d:5c:
                    f3:8d:a7:64:9a:b7:e6:81:e5:47:9e:1e:d2:a7:51:
                    65:06:3f:f4:98:78:d8:10:67:33:0b:30:99:e9:de:
                    6d:d7:0a:85:1d:2d:f1:af:f2:54:a2:bd:5f:d2:3a:
                    e1:74:d1:2f:84:71:cd:4a:dd:6d:14:81:db:be:af:
                    b3:69:6e:5c:bf:e7:5e:8a:f7:ef:56:e8:8a:2a:eb:
                    1f:34:3d:67:a9:de:06:54:15:99:47:43:f1:70:f8:
                    f0:28:ef:a0:6c:c7:66:9e:73:de:9c:b2:af:0f:ba:
                    45:73:fa:d8:f4:be:e2:97:fd:2f:cc:a6:2b:91:cb:
                    a1:81:cf:71:f1:f8:07:68:34:ee:13:2b:e2:78:da:
                    76:8a:24:0b:71:d0:64:4e:f3:65:e8:85:2e:7f:87:
                    77:e2:9e:3f:4d:1d:6b:03:37:d3:bb:fd:0b:8d:70:
                    08:75:b5:dc:92:26:1d:34:1b:17:1e:5f:89:95:01:
                    e0:11:5b:07:9e:03:b7:c3:1a:e8:a7:d8:33:0e:26:
                    d2:4b:4b:a2:2c:6a:28:d8:a7:a1:bf:72:7c:fc:ee:
                    fd:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:80:99:02:4B:A9:B4:13:1A:9F:97:8A:70:36:B9:C2:09:D1:9B:F4
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/v4CZAkuptBMan5eKcDa5wgnRm_Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:150::/44

    Signature Algorithm: sha256WithRSAEncryption
         71:3b:10:95:9b:9d:9b:64:7d:8e:9c:40:8e:13:a0:f6:c7:6a:
         9e:05:94:b4:b5:0b:db:32:de:c0:31:01:c5:fc:b5:53:71:3f:
         a9:b8:8d:6e:07:81:9b:8b:62:f5:f1:60:a1:11:88:e6:64:38:
         b0:ef:a1:a1:95:32:e8:b8:17:68:d3:58:2d:54:4a:e9:ec:1e:
         77:9f:a6:b5:fd:29:b5:84:d3:39:ad:3b:22:81:ac:ea:ee:ce:
         a8:15:ee:65:11:df:49:fb:cc:3d:14:c4:56:84:08:c3:9e:92:
         88:78:ae:3c:86:92:f5:9f:b1:59:83:59:60:72:f7:51:1b:a4:
         fb:85:40:d6:8e:da:70:73:cd:37:30:25:3b:b8:c8:83:ad:79:
         0e:58:c2:7a:2b:41:07:cb:af:49:e8:cc:d0:23:71:94:8e:d1:
         bc:94:6f:fe:53:18:0c:4c:a8:bc:07:1d:26:95:fe:bd:81:df:
         39:28:41:a9:b1:81:a4:e3:d3:6f:e8:a4:ca:29:63:ca:1d:13:
         80:7d:61:e9:7e:22:6e:a2:cd:0e:26:ad:35:6f:a4:09:98:8c:
         c4:81:3f:64:b7:ee:3b:a2:89:35:44:c5:5a:f5:f4:f1:43:d8:
         11:cc:f5:d5:ce:96:48:0c:de:73:18:17:30:74:f4:35:3d:75:
         5a:51:c7:ab
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQf+qlrod9IwgXiwDadY3AQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTAxMDM0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjgwOTkwMjRiYTliNDEzMWE5Zjk3OGE3MDM2YjljMjA5ZDE5YmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1M0LPy2TC371UcAX4R4Cba7LC97I
saP/5MAhAegbRZoHvFuQb/T6tvYfbVzzjadkmrfmgeVHnh7Sp1FlBj/0mHjYEGcz
CzCZ6d5t1wqFHS3xr/JUor1f0jrhdNEvhHHNSt1tFIHbvq+zaW5cv+deivfvVuiK
KusfND1nqd4GVBWZR0PxcPjwKO+gbMdmnnPenLKvD7pFc/rY9L7il/0vzKYrkcuh
gc9x8fgHaDTuEyvieNp2iiQLcdBkTvNl6IUuf4d34p4/TR1rAzfTu/0LjXAIdbXc
kiYdNBsXHl+JlQHgEVsHngO3wxrop9gzDibSS0uiLGoo2Kehv3J8/O79pwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFL+AmQJLqbQTGp+XinA2ucIJ0Zv0MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvdjRDWkFrdXB0Qk1hbjVlS2NEYTV3Z25SbV9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQFQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBxOxCVm52bZH2OnECOE6D2x2qeBZS0tQvbMt7A
MQHF/LVTcT+puI1uB4Gbi2L18WChEYjmZDiw76GhlTLouBdo01gtVErp7B53n6a1
/Sm1hNM5rTsigazq7s6oFe5lEd9J+8w9FMRWhAjDnpKIeK48hpL1n7FZg1lgcvdR
G6T7hUDWjtpwc803MCU7uMiDrXkOWMJ6K0EHy69J6MzQI3GUjtG8lG/+UxgMTKi8
Bx0mlf69gd85KEGpsYGk49Nv6KTKKWPKHROAfWHpfiJuos0OJq01b6QJmIzEgT9k
t+47ook1RMVa9fTxQ9gRzPXVzpZIDN5zGBcwdPQ1PXVaUcer
-----END CERTIFICATE-----