Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/xmopVdKtKJ5ra46QYmM3fPY9Vr4.roa
File:                     xmopVdKtKJ5ra46QYmM3fPY9Vr4.roa (raw, json)
Hash identifier:          WvscaTzlR0MgEGio4mLPOMWBPQX1VS+LeTY4veXJkZM=
Subject key identifier:   C6:6A:29:55:D2:AD:28:9E:6B:6B:8E:90:62:63:37:7C:F6:3D:56:BE
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01941FFA929FDBC952BBDC5360ADA00280D8
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/xmopVdKtKJ5ra46QYmM3fPY9Vr4.roa
Signing time:             Wed 01 Jan 2025 03:48:22 +0000
ROA not before:           Wed 01 Jan 2025 03:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209300
IP address blocks:        2a0c:b641:570::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 05:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:92:9f:db:c9:52:bb:dc:53:60:ad:a0:02:80:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  1 03:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c66a2955d2ad289e6b6b8e906263377cf63d56be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:66:64:fa:5c:d3:52:7c:66:dc:e9:2f:94:07:
                    e1:c5:37:e1:21:3a:23:05:22:db:29:1c:cb:95:b3:
                    52:ea:7a:3b:38:69:35:53:fa:46:b8:1e:4b:e1:fd:
                    82:eb:98:2c:47:7b:3c:f5:5f:10:c7:ba:25:f0:4e:
                    32:a7:11:c7:a7:77:da:2d:39:d6:b0:b3:7d:92:ef:
                    40:de:9b:8a:9b:a7:b6:a1:47:1b:38:69:f7:5a:33:
                    39:7f:ac:94:2f:2c:d5:84:19:18:d0:0b:c2:73:ab:
                    52:42:5b:be:d3:ac:a8:4f:d3:a9:c5:a6:a0:c3:c4:
                    9c:9e:a7:35:ca:34:25:79:af:6e:49:11:8f:86:1b:
                    05:d1:bb:fc:c3:fd:a1:24:d0:75:c1:8e:36:69:ef:
                    75:47:44:0b:35:22:7a:62:7d:e3:62:0e:88:4a:47:
                    37:41:7b:72:ac:b3:1d:68:ab:2f:2c:07:cc:e0:1a:
                    ef:de:59:f7:37:2c:cd:80:ce:38:a2:3d:d4:bf:3e:
                    17:33:87:03:10:75:1e:eb:5e:16:75:5f:eb:4b:d6:
                    03:d1:7c:59:0e:54:03:1c:28:57:ea:6c:00:a4:35:
                    48:09:0c:87:ba:3c:c6:2a:ed:f4:9f:b7:a6:f7:2b:
                    2d:09:5b:de:26:7b:10:28:a5:6a:cc:ad:0c:51:93:
                    af:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:6A:29:55:D2:AD:28:9E:6B:6B:8E:90:62:63:37:7C:F6:3D:56:BE
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/xmopVdKtKJ5ra46QYmM3fPY9Vr4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:570::/44

    Signature Algorithm: sha256WithRSAEncryption
         3b:51:d1:82:89:44:ed:f4:e9:bd:ae:19:52:4b:2c:65:49:f5:
         85:a3:2c:17:6d:02:fb:d5:db:03:c9:72:d8:c1:fa:8f:9c:9e:
         98:d9:d4:cf:34:cf:1a:0d:ac:05:f4:82:ba:e1:6e:de:83:ea:
         c1:39:a5:6c:4b:0c:8e:3f:49:b7:d7:2d:f3:81:70:c0:fe:5a:
         a5:8e:6e:3e:28:d9:a8:1e:b7:0b:33:8c:72:45:3c:66:91:d1:
         21:ff:66:18:54:4c:2e:ba:53:a5:8d:cc:9b:41:2b:9f:60:50:
         c2:3b:ec:ce:a5:7f:f7:2a:e2:c8:09:49:39:d4:93:33:b9:ab:
         ff:9b:01:fd:87:c7:0d:cd:53:1a:92:6a:69:81:0d:59:42:49:
         75:03:dd:60:c1:f0:c5:e2:e5:7e:98:39:0d:99:e7:2a:23:34:
         69:99:00:a8:38:17:c8:b3:6b:af:75:3c:24:b2:6c:ff:e8:57:
         9e:03:38:5a:c4:25:51:bb:62:28:7e:c1:e0:46:3b:7b:13:0f:
         86:f0:a4:3f:bd:c6:99:8a:25:6f:de:7e:45:8a:98:f0:80:b5:
         6e:dd:e2:49:db:b1:d6:99:99:1f:fd:b4:51:38:22:31:c6:c9:
         24:95:c1:8a:dc:03:23:fd:73:0d:a7:65:31:14:84:32:6d:36:
         20:02:f8:d1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQf+pKf28lSu9xTYK2gAoDYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTAxMDM0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjZhMjk1NWQyYWQyODllNmI2YjhlOTA2MjYzMzc3Y2Y2M2Q1NmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsGZk+lzTUnxm3OkvlAfhxTfhIToj
BSLbKRzLlbNS6no7OGk1U/pGuB5L4f2C65gsR3s89V8Qx7ol8E4ypxHHp3faLTnW
sLN9ku9A3puKm6e2oUcbOGn3WjM5f6yULyzVhBkY0AvCc6tSQlu+06yoT9Opxaag
w8Scnqc1yjQlea9uSRGPhhsF0bv8w/2hJNB1wY42ae91R0QLNSJ6Yn3jYg6ISkc3
QXtyrLMdaKsvLAfM4Brv3ln3NyzNgM44oj3Uvz4XM4cDEHUe614WdV/rS9YD0XxZ
DlQDHChX6mwApDVICQyHujzGKu30n7em9ystCVveJnsQKKVqzK0MUZOvHQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMZqKVXSrSiea2uOkGJjN3z2PVa+MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEveG1vcFZkS3RLSjVyYTQ2UVltTTNmUFk5VnI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQVw
MA0GCSqGSIb3DQEBCwUAA4IBAQA7UdGCiUTt9Om9rhlSSyxlSfWFoywXbQL71dsD
yXLYwfqPnJ6Y2dTPNM8aDawF9IK64W7eg+rBOaVsSwyOP0m31y3zgXDA/lqljm4+
KNmoHrcLM4xyRTxmkdEh/2YYVEwuulOljcybQSufYFDCO+zOpX/3KuLICUk51JMz
uav/mwH9h8cNzVMakmppgQ1ZQkl1A91gwfDF4uV+mDkNmecqIzRpmQCoOBfIs2uv
dTwksmz/6FeeAzhaxCVRu2IofsHgRjt7Ew+G8KQ/vcaZiiVv3n5FipjwgLVu3eJJ
27HWmZkf/bRROCIxxskklcGK3AMj/XMNp2UxFIQybTYgAvjR
-----END CERTIFICATE-----