Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/ykf0hBHhVbQFQGj_tF3YbNumXbs.roa
File:                     ykf0hBHhVbQFQGj_tF3YbNumXbs.roa (raw, json)
Hash identifier:          zZYSwZhcrUjaq3VFUp8DApZwp7qMq3j6HfXbz0O2tkg=
Subject key identifier:   CA:47:F4:84:11:E1:55:B4:05:40:68:FF:B4:5D:D8:6C:DB:A6:5D:BB
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01941FFA8CE21BA25F095C4C051ED1B0C653
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/ykf0hBHhVbQFQGj_tF3YbNumXbs.roa
Signing time:             Wed 01 Jan 2025 03:48:21 +0000
ROA not before:           Wed 01 Jan 2025 03:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208029
IP address blocks:        2a0c:b642:5000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:8c:e2:1b:a2:5f:09:5c:4c:05:1e:d1:b0:c6:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  1 03:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ca47f48411e155b4054068ffb45dd86cdba65dbb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:33:9e:18:ac:9c:aa:6f:9e:6e:5f:6c:7d:b2:
                    dd:c2:77:a8:fe:7d:6c:1a:c6:f5:41:06:eb:a2:94:
                    ce:16:e1:00:a6:4c:79:2f:32:f7:e2:77:ca:bc:59:
                    04:9e:fa:5c:04:1f:85:86:67:7f:59:c9:85:f3:49:
                    c1:ce:c1:9a:76:19:b6:fd:e0:61:f0:df:dd:e3:3e:
                    98:2e:9f:f4:3a:c5:ee:d3:a1:a9:61:c3:7c:85:27:
                    5e:59:1d:e8:ab:5a:86:6e:bd:95:38:15:5b:b6:22:
                    85:71:5b:3c:8b:c0:76:b9:76:51:51:0e:cb:2d:3a:
                    f5:e1:c0:bb:35:cc:8f:eb:be:7f:be:9f:e8:1d:cd:
                    de:0e:57:66:5e:ba:0f:eb:21:0b:5c:7f:02:76:b1:
                    11:da:56:26:27:59:79:91:25:74:b8:03:89:d2:1d:
                    bd:9e:b9:fa:ed:ed:c2:2b:8b:9c:ae:f2:67:0a:d4:
                    d0:90:0b:a8:34:2b:ad:24:e3:e4:83:3f:f6:7a:1e:
                    2a:af:8c:64:9a:ae:57:41:58:42:7c:a0:b3:e0:30:
                    d5:fc:ab:4d:11:7d:36:83:4d:86:43:1c:80:a5:2a:
                    81:b3:5a:c5:7f:f9:5c:f4:12:76:34:66:f1:39:b9:
                    18:a2:ef:0d:20:66:b5:cd:65:b4:b1:66:05:a7:30:
                    50:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:47:F4:84:11:E1:55:B4:05:40:68:FF:B4:5D:D8:6C:DB:A6:5D:BB
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/ykf0hBHhVbQFQGj_tF3YbNumXbs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b642:5000::/36

    Signature Algorithm: sha256WithRSAEncryption
         92:2e:68:26:b2:ae:dd:cc:a8:fe:00:2c:61:66:fb:35:db:58:
         b2:1b:e7:80:9e:f7:1a:f0:01:12:a1:c6:80:c2:0b:a1:6a:a6:
         2d:58:be:7c:ee:b9:26:2e:30:7c:29:7c:46:24:92:5f:07:52:
         11:90:61:cb:12:a2:b8:52:55:51:0d:47:9a:e2:7a:6d:5d:e5:
         86:1f:0c:7d:9c:42:5f:21:df:87:2f:2c:e9:53:85:e0:92:6d:
         b8:e7:b2:63:dd:be:56:fa:2f:77:81:d4:2b:00:a0:d2:23:ae:
         f3:73:8f:94:5b:c2:09:97:7e:5c:89:10:4e:48:82:4e:4f:e1:
         11:9f:7b:14:91:97:77:77:5b:64:38:b6:47:9a:00:80:ff:53:
         b1:89:d8:67:aa:94:64:38:fe:26:96:49:7c:4f:b0:82:14:6f:
         ba:2c:5a:18:e0:bc:96:e0:ae:9f:71:7a:d1:b6:c1:ec:94:94:
         5a:c1:40:80:df:a2:80:d6:7e:e6:f7:4f:e3:fb:fc:3e:62:85:
         48:01:9a:b2:aa:3b:b7:22:d3:ff:e5:74:ad:38:59:8d:67:65:
         56:9e:5b:fc:85:d0:d0:c4:40:fc:1d:f0:f6:1a:8d:61:b0:b7:
         07:fc:3e:8a:19:c6:60:01:26:cc:b3:f9:b5:7c:f6:7d:33:b4:
         93:d3:b4:8b
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQf+oziG6JfCVxMBR7RsMZTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTAxMDM0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTQ3ZjQ4NDExZTE1NWI0MDU0MDY4ZmZiNDVkZDg2Y2RiYTY1ZGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsDOeGKycqm+ebl9sfbLdwneo/n1s
Gsb1QQbropTOFuEApkx5LzL34nfKvFkEnvpcBB+Fhmd/WcmF80nBzsGadhm2/eBh
8N/d4z6YLp/0OsXu06GpYcN8hSdeWR3oq1qGbr2VOBVbtiKFcVs8i8B2uXZRUQ7L
LTr14cC7NcyP675/vp/oHc3eDldmXroP6yELXH8CdrER2lYmJ1l5kSV0uAOJ0h29
nrn67e3CK4ucrvJnCtTQkAuoNCutJOPkgz/2eh4qr4xkmq5XQVhCfKCz4DDV/KtN
EX02g02GQxyApSqBs1rFf/lc9BJ2NGbxObkYou8NIGa1zWW0sWYFpzBQDQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFMpH9IQR4VW0BUBo/7Rd2Gzbpl27MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEveWtmMGhCSGhWYlFGUUdqX3RGM1liTnVtWGJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKgy2QlAw
DQYJKoZIhvcNAQELBQADggEBAJIuaCayrt3MqP4ALGFm+zXbWLIb54Ce9xrwARKh
xoDCC6Fqpi1YvnzuuSYuMHwpfEYkkl8HUhGQYcsSorhSVVENR5riem1d5YYfDH2c
Ql8h34cvLOlTheCSbbjnsmPdvlb6L3eB1CsAoNIjrvNzj5RbwgmXflyJEE5Igk5P
4RGfexSRl3d3W2Q4tkeaAID/U7GJ2GeqlGQ4/iaWSXxPsIIUb7osWhjgvJbgrp9x
etG2weyUlFrBQIDfooDWfub3T+P7/D5ihUgBmrKqO7ci0//ldK04WY1nZVaeW/yF
0NDEQPwd8PYajWGwtwf8PooZxmABJsyz+bV89n0ztJPTtIs=
-----END CERTIFICATE-----