Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/weaGMCf4OMqMkEy4Kk5211UvgPk.roa
File:                     weaGMCf4OMqMkEy4Kk5211UvgPk.roa (raw, json)
Hash identifier:          877TWMsJ4+oMeJeY8uYQyRzzTia4mPWqRto61CWk3tM=
Subject key identifier:   C1:E6:86:30:27:F8:38:CA:8C:90:4C:B8:2A:4E:76:D7:55:2F:80:F9
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01941FFAA127D3760B4B930A7F3CB2B967DF
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/weaGMCf4OMqMkEy4Kk5211UvgPk.roa
Signing time:             Wed 01 Jan 2025 03:48:26 +0000
ROA not before:           Wed 01 Jan 2025 03:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212653
IP address blocks:        2a0c:b641:4f0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 05:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:a1:27:d3:76:0b:4b:93:0a:7f:3c:b2:b9:67:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  1 03:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c1e6863027f838ca8c904cb82a4e76d7552f80f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:e3:cc:3f:f6:ba:69:21:23:43:14:8c:4c:29:
                    1f:c4:16:1a:39:e6:99:28:8d:1a:a3:b8:01:5d:fa:
                    fa:46:d8:c9:90:16:2c:5e:ee:ee:66:17:e8:38:e1:
                    49:96:6c:f8:46:54:f6:a0:1c:a7:25:45:24:42:ae:
                    d2:ec:d5:9c:d9:0d:75:b2:29:2a:cd:5f:f9:87:86:
                    46:36:af:71:54:c4:46:b9:32:ee:cf:cb:25:e0:3e:
                    87:30:38:8c:9b:09:b7:7f:d0:d5:c6:3e:16:c5:e7:
                    e1:e2:48:8f:c3:cd:5d:fe:4d:ca:18:5f:82:18:ba:
                    84:ae:29:89:54:33:1c:90:b6:2b:86:a0:35:09:f3:
                    08:8d:66:79:0a:f5:95:4c:0a:f7:0b:f3:54:ca:06:
                    ab:a8:1c:88:b9:fc:f5:b6:46:c3:28:1e:d8:65:37:
                    d3:8e:bd:c4:73:ae:57:b5:84:d2:9c:72:51:7d:c0:
                    82:26:3b:4c:16:d3:3d:01:f0:64:9a:39:e6:6e:b7:
                    70:98:9d:82:f7:b9:8b:d2:cd:59:64:26:cc:b0:3e:
                    b2:88:c6:ef:46:a3:4e:74:b1:c5:9d:cd:21:db:6a:
                    70:a2:2f:0b:db:aa:f8:4d:35:0d:f4:ed:05:f2:37:
                    54:d3:fb:8c:36:d9:09:0e:2d:a6:9e:0d:3e:89:c5:
                    2a:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:E6:86:30:27:F8:38:CA:8C:90:4C:B8:2A:4E:76:D7:55:2F:80:F9
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/weaGMCf4OMqMkEy4Kk5211UvgPk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:4f0::/44

    Signature Algorithm: sha256WithRSAEncryption
         94:38:fe:c2:2a:f4:08:24:e5:2d:05:82:66:27:79:fc:6b:c8:
         31:30:c5:89:23:20:34:e5:be:47:d5:4a:c9:34:5c:2a:cf:bf:
         3c:18:fb:64:1f:d4:8f:63:02:4e:2f:6a:4b:90:97:f0:33:30:
         57:0a:f4:7d:e4:3d:43:cb:7e:fb:bd:ae:9b:a9:78:5c:e6:81:
         9b:df:43:70:71:90:b4:af:41:6d:c8:17:c9:e6:52:18:35:9b:
         6e:82:95:38:ac:57:c8:d2:45:14:19:f3:73:95:9d:1e:26:a4:
         0a:a9:88:b7:e6:a5:ef:1f:aa:bf:dc:7d:e7:d2:9f:24:c2:d9:
         e0:8e:dc:40:dc:ae:89:8f:3a:14:3c:47:b5:29:15:e0:e1:be:
         ed:80:94:98:48:53:b2:9a:24:a5:f5:f0:06:b4:1a:5a:b8:be:
         3d:1b:4c:0c:02:f5:18:8a:8d:a6:c8:d5:b4:52:21:85:8e:22:
         10:49:f7:25:47:ab:cd:7c:99:4f:9d:b6:81:b7:d9:a2:99:04:
         db:8c:c8:49:85:bb:f7:58:dc:30:1f:bf:35:ce:f9:74:c2:d0:
         88:11:66:f4:fe:5a:de:12:1e:b9:c5:bc:9d:c2:aa:5d:01:f6:
         aa:e6:49:89:fd:f6:2b:f2:67:f7:16:d0:7e:ab:a3:73:0a:76:
         b1:e7:50:83
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQf+qEn03YLS5MKfzyyuWffMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTAxMDM0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWU2ODYzMDI3ZjgzOGNhOGM5MDRjYjgyYTRlNzZkNzU1MmY4MGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo+PMP/a6aSEjQxSMTCkfxBYaOeaZ
KI0ao7gBXfr6RtjJkBYsXu7uZhfoOOFJlmz4RlT2oBynJUUkQq7S7NWc2Q11sikq
zV/5h4ZGNq9xVMRGuTLuz8sl4D6HMDiMmwm3f9DVxj4Wxefh4kiPw81d/k3KGF+C
GLqErimJVDMckLYrhqA1CfMIjWZ5CvWVTAr3C/NUygarqByIufz1tkbDKB7YZTfT
jr3Ec65XtYTSnHJRfcCCJjtMFtM9AfBkmjnmbrdwmJ2C97mL0s1ZZCbMsD6yiMbv
RqNOdLHFnc0h22pwoi8L26r4TTUN9O0F8jdU0/uMNtkJDi2mng0+icUqywIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMHmhjAn+DjKjJBMuCpOdtdVL4D5MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvd2VhR01DZjRPTXFNa0V5NEtrNTIxMVV2Z1BrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQTw
MA0GCSqGSIb3DQEBCwUAA4IBAQCUOP7CKvQIJOUtBYJmJ3n8a8gxMMWJIyA05b5H
1UrJNFwqz788GPtkH9SPYwJOL2pLkJfwMzBXCvR95D1Dy377va6bqXhc5oGb30Nw
cZC0r0FtyBfJ5lIYNZtugpU4rFfI0kUUGfNzlZ0eJqQKqYi35qXvH6q/3H3n0p8k
wtngjtxA3K6JjzoUPEe1KRXg4b7tgJSYSFOymiSl9fAGtBpauL49G0wMAvUYio2m
yNW0UiGFjiIQSfclR6vNfJlPnbaBt9mimQTbjMhJhbv3WNwwH781zvl0wtCIEWb0
/lreEh65xbydwqpdAfaq5kmJ/fYr8mf3FtB+q6NzCnax51CD
-----END CERTIFICATE-----