Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/ydONXm7eszVfANRd4yKIfc87gW8.roa
File:                     ydONXm7eszVfANRd4yKIfc87gW8.roa (raw, json)
Hash identifier:          iI/G50714EanIl9KpbQRZS6MBAHCwSs3QpBedjpbedo=
Subject key identifier:   C9:D3:8D:5E:6E:DE:B3:35:5F:00:D4:5D:E3:22:88:7D:CF:3B:81:6F
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01941FFA7645A4070CBF547A1201783F63FA
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/ydONXm7eszVfANRd4yKIfc87gW8.roa
Signing time:             Wed 01 Jan 2025 03:48:15 +0000
ROA not before:           Wed 01 Jan 2025 03:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34641
IP address blocks:        2a0c:b642:2000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:76:45:a4:07:0c:bf:54:7a:12:01:78:3f:63:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  1 03:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c9d38d5e6edeb3355f00d45de322887dcf3b816f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:f2:89:6f:32:77:35:d1:9d:74:53:40:fe:2c:
                    22:e5:f4:f7:c9:fa:a6:81:e4:13:cb:5f:2b:c0:d6:
                    5a:fa:90:69:53:9a:ec:aa:57:1f:95:11:c1:e0:2b:
                    f3:bb:4a:4f:eb:fb:50:44:34:dd:2c:a6:31:3f:03:
                    b9:f2:00:87:44:30:90:9b:02:26:00:c9:82:58:a8:
                    db:38:09:b4:80:26:97:e1:b9:c6:e5:07:c8:28:6d:
                    c6:be:fd:a2:df:21:5a:08:4d:76:3d:66:69:d1:ea:
                    03:b8:e2:1d:fe:f5:c3:b5:17:e7:d4:44:cb:01:3a:
                    7d:90:19:3d:9a:31:fc:63:24:be:59:56:da:8f:0b:
                    98:99:9e:3c:ef:2f:95:e0:72:56:a5:63:45:cb:3b:
                    d3:71:2a:fe:c0:ad:d6:41:9d:24:db:c7:37:fb:35:
                    f3:18:d7:5f:35:dc:43:be:5f:64:50:ee:9d:46:1b:
                    8f:ad:19:46:30:a4:51:48:68:32:d3:93:60:01:4f:
                    fe:1f:8b:95:c5:95:9c:34:cc:b0:95:9a:a9:4f:54:
                    e3:a0:96:07:aa:d3:43:84:7d:a1:8f:0d:e8:41:b4:
                    d5:6d:a9:87:9e:af:c7:81:e0:b3:f1:a6:86:15:82:
                    c2:27:dd:0e:b2:07:aa:60:b5:74:02:b2:21:6d:af:
                    9d:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:D3:8D:5E:6E:DE:B3:35:5F:00:D4:5D:E3:22:88:7D:CF:3B:81:6F
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/ydONXm7eszVfANRd4yKIfc87gW8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b642:2000::/36

    Signature Algorithm: sha256WithRSAEncryption
         11:02:e6:94:20:c3:ca:23:c1:8f:6a:b8:27:74:99:55:be:31:
         4b:78:b5:3c:2a:60:be:fa:fc:18:28:1c:a6:f8:7e:2b:43:9a:
         73:90:a6:41:ad:8f:fa:13:b6:35:0d:f2:b9:f3:4d:2b:11:c8:
         d7:02:b9:56:1a:0e:63:84:64:6e:69:97:6c:2b:ea:01:5e:e6:
         88:33:b0:b0:08:04:a9:5c:7d:79:ec:a4:b0:a9:b8:c6:bf:80:
         be:e8:d0:83:d1:0c:86:54:ba:df:d3:e1:d2:f8:7d:2f:8f:9a:
         4d:0c:3f:a1:33:28:70:0d:dd:78:ca:b9:34:8f:6b:e8:0c:ca:
         d2:3a:3a:79:0d:c1:75:e9:61:d1:66:6a:e9:77:39:8e:e6:9b:
         79:21:36:3d:bf:3a:2e:06:f4:27:27:38:b2:04:69:c7:a0:b2:
         e9:65:d1:ef:97:88:4f:29:e2:14:6d:3e:88:3e:bd:10:82:d0:
         e1:fc:54:91:19:39:71:93:06:80:33:ed:bf:64:4f:b8:f8:72:
         d1:dc:58:e7:b7:3d:b5:f2:4a:11:8d:ec:8c:6d:d2:ac:93:b8:
         44:e4:f8:f7:eb:a3:d2:ac:6a:d7:6b:02:d0:b8:06:32:82:bc:
         15:9f:eb:70:9f:ae:5d:89:f3:34:83:73:63:c8:da:2a:82:5f:
         7a:d9:8c:ee
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQf+nZFpAcMv1R6EgF4P2P6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTAxMDM0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWQzOGQ1ZTZlZGViMzM1NWYwMGQ0NWRlMzIyODg3ZGNmM2I4MTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPKJbzJ3NdGddFNA/iwi5fT3yfqm
geQTy18rwNZa+pBpU5rsqlcflRHB4Cvzu0pP6/tQRDTdLKYxPwO58gCHRDCQmwIm
AMmCWKjbOAm0gCaX4bnG5QfIKG3Gvv2i3yFaCE12PWZp0eoDuOId/vXDtRfn1ETL
ATp9kBk9mjH8YyS+WVbajwuYmZ487y+V4HJWpWNFyzvTcSr+wK3WQZ0k28c3+zXz
GNdfNdxDvl9kUO6dRhuPrRlGMKRRSGgy05NgAU/+H4uVxZWcNMywlZqpT1TjoJYH
qtNDhH2hjw3oQbTVbamHnq/HgeCz8aaGFYLCJ90OsgeqYLV0ArIhba+d7QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFMnTjV5u3rM1XwDUXeMiiH3PO4FvMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEveWRPTlhtN2VzelZmQU5SZDR5S0lmYzg3Z1c4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKgy2QiAw
DQYJKoZIhvcNAQELBQADggEBABEC5pQgw8ojwY9quCd0mVW+MUt4tTwqYL76/Bgo
HKb4fitDmnOQpkGtj/oTtjUN8rnzTSsRyNcCuVYaDmOEZG5pl2wr6gFe5ogzsLAI
BKlcfXnspLCpuMa/gL7o0IPRDIZUut/T4dL4fS+Pmk0MP6EzKHAN3XjKuTSPa+gM
ytI6OnkNwXXpYdFmaul3OY7mm3khNj2/Oi4G9CcnOLIEacegsull0e+XiE8p4hRt
Pog+vRCC0OH8VJEZOXGTBoAz7b9kT7j4ctHcWOe3PbXyShGN7Ixt0qyTuETk+Pfr
o9KsatdrAtC4BjKCvBWf63Cfrl2J8zSDc2PI2iqCX3rZjO4=
-----END CERTIFICATE-----