Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/f4b8e9-686d-41be-9891-df1e95d7edd9/1/BW3A__rx2CbIUTDEiMn83o5J6Rc.roa
File:                     BW3A__rx2CbIUTDEiMn83o5J6Rc.roa (raw, json)
Hash identifier:          +W0IBSEcBlBjIDnc0zQLUrT47ugJKv3Fw0kJeub5rgs=
Subject key identifier:   05:6D:C0:FF:FA:F1:D8:26:C8:51:30:C4:88:C9:FC:DE:8E:49:E9:17
Certificate issuer:       /CN=0b5caf262fdbfcc5ff30e28a5104646e27a89262
Certificate serial:       0194228D0C852594B1B5556659D01F3F6C72
Authority key identifier: 0B:5C:AF:26:2F:DB:FC:C5:FF:30:E2:8A:51:04:64:6E:27:A8:92:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C1yvJi_b_MX_MOKKUQRkbieokmI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/f4b8e9-686d-41be-9891-df1e95d7edd9/1/BW3A__rx2CbIUTDEiMn83o5J6Rc.roa
Signing time:             Wed 01 Jan 2025 15:47:36 +0000
ROA not before:           Wed 01 Jan 2025 15:47:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12414
IP address blocks:        2a05:b2c2::/31 maxlen: 31
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/f4b8e9-686d-41be-9891-df1e95d7edd9/1/C1yvJi_b_MX_MOKKUQRkbieokmI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/f4b8e9-686d-41be-9891-df1e95d7edd9/1/C1yvJi_b_MX_MOKKUQRkbieokmI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C1yvJi_b_MX_MOKKUQRkbieokmI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 18:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:0c:85:25:94:b1:b5:55:66:59:d0:1f:3f:6c:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b5caf262fdbfcc5ff30e28a5104646e27a89262
        Validity
            Not Before: Jan  1 15:47:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=056dc0fffaf1d826c85130c488c9fcde8e49e917
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:e7:5f:b6:28:13:d2:c3:c1:de:5e:69:4e:ff:
                    70:2e:fb:03:45:24:3c:fe:d1:5a:e2:69:12:fe:c7:
                    47:19:74:f1:64:6f:35:16:56:e7:e7:9b:bd:e3:f5:
                    6c:f9:75:3b:5a:29:df:c7:d9:cb:25:91:ef:ad:7c:
                    1e:03:90:dd:71:30:2a:86:24:fb:35:d7:4a:3e:09:
                    6e:a8:4b:fb:26:53:ba:f4:d0:c2:1a:3e:5c:58:e4:
                    fb:23:b3:63:fe:40:70:20:3b:27:4a:d6:5d:62:c3:
                    3f:23:fd:6a:01:51:e0:a8:a1:7b:1b:71:e8:48:20:
                    9a:cb:c3:fa:2b:39:08:a0:7a:9c:8e:bb:c6:95:2b:
                    ce:eb:54:1a:d4:07:5c:a5:0f:43:52:10:c2:87:dc:
                    b9:3b:cf:7e:1d:dd:7d:c8:7c:f5:18:6d:a8:07:21:
                    8a:0b:4d:76:33:70:14:e7:d5:73:25:33:96:60:fe:
                    c2:e6:af:da:db:a2:aa:7e:50:28:12:c6:22:de:6e:
                    c1:29:5d:94:99:95:ca:eb:fd:2b:07:85:ca:ed:59:
                    6d:37:b6:4d:72:9c:2d:87:8f:09:70:36:12:17:98:
                    85:0d:db:bc:ca:8e:8b:0f:e0:9c:be:69:c0:f5:45:
                    1b:ab:48:ce:a3:39:99:2e:cd:0e:04:1c:37:d8:75:
                    6d:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:6D:C0:FF:FA:F1:D8:26:C8:51:30:C4:88:C9:FC:DE:8E:49:E9:17
            X509v3 Authority Key Identifier:
                keyid:0B:5C:AF:26:2F:DB:FC:C5:FF:30:E2:8A:51:04:64:6E:27:A8:92:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C1yvJi_b_MX_MOKKUQRkbieokmI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/f4b8e9-686d-41be-9891-df1e95d7edd9/1/BW3A__rx2CbIUTDEiMn83o5J6Rc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/f4b8e9-686d-41be-9891-df1e95d7edd9/1/C1yvJi_b_MX_MOKKUQRkbieokmI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:b2c2::/31

    Signature Algorithm: sha256WithRSAEncryption
         4e:4a:b0:bf:88:28:25:78:02:c5:f6:01:5a:2f:6b:9c:06:bc:
         ee:e1:a6:79:a7:07:0e:67:d3:04:fd:a6:da:0a:45:4b:7d:94:
         d0:b8:f6:d4:c4:69:f6:0b:60:35:94:3d:5f:d8:c4:0d:31:2f:
         f8:25:30:3d:37:16:33:48:4b:21:65:c9:2b:d9:40:eb:c1:a7:
         39:76:5b:40:46:8c:22:3f:ee:50:3d:02:42:69:93:9b:ac:f5:
         65:07:ad:be:3b:f3:2a:09:a3:ad:3d:2c:92:16:ab:0f:58:45:
         df:62:78:0e:a0:01:b4:b4:da:9b:a5:d6:45:17:fe:66:91:97:
         24:b1:33:be:fb:3c:7c:ed:bf:0d:b6:3a:ae:bd:96:0d:53:b4:
         d8:49:f7:88:f9:4f:27:ca:38:38:58:09:a1:fc:33:86:74:1b:
         a8:ad:26:4c:39:4d:7e:5f:e5:c5:8c:01:07:5c:61:da:0a:4d:
         eb:ed:08:0d:5f:1a:47:70:fb:cf:f3:8c:e9:ea:be:44:e8:86:
         49:6c:7b:83:f1:38:43:77:42:d7:b2:33:e7:9e:df:49:cd:95:
         ce:24:4a:3f:c6:c4:d5:fc:35:4f:de:73:c1:ae:fb:c4:ce:b9:
         b2:30:65:d6:47:60:c0:ba:ef:7a:c0:d5:3c:08:a2:de:59:36:
         3e:1c:4f:af
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQijQyFJZSxtVVmWdAfP2xyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNWNhZjI2MmZkYmZjYzVmZjMwZTI4YTUxMDQ2NDZlMjdh
ODkyNjIwHhcNMjUwMTAxMTU0NzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTZkYzBmZmZhZjFkODI2Yzg1MTMwYzQ4OGM5ZmNkZThlNDllOTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw+dftigT0sPB3l5pTv9wLvsDRSQ8
/tFa4mkS/sdHGXTxZG81Flbn55u94/Vs+XU7Winfx9nLJZHvrXweA5DdcTAqhiT7
NddKPgluqEv7JlO69NDCGj5cWOT7I7Nj/kBwIDsnStZdYsM/I/1qAVHgqKF7G3Ho
SCCay8P6KzkIoHqcjrvGlSvO61Qa1AdcpQ9DUhDCh9y5O89+Hd19yHz1GG2oByGK
C012M3AU59VzJTOWYP7C5q/a26KqflAoEsYi3m7BKV2UmZXK6/0rB4XK7VltN7ZN
cpwth48JcDYSF5iFDdu8yo6LD+CcvmnA9UUbq0jOozmZLs0OBBw32HVt7QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFAVtwP/68dgmyFEwxIjJ/N6OSekXMB8GA1UdIwQY
MBaAFAtcryYv2/zF/zDiilEEZG4nqJJiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzF5dkppX2JfTVhfTU9LS1VRUmtiaWVva21JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mNGI4ZTktNjg2ZC00MWJlLTk4OTEt
ZGYxZTk1ZDdlZGQ5LzEvQlczQV9fcngyQ2JJVVRERWlNbjgzbzVKNlJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mNGI4ZTktNjg2ZC00MWJlLTk4OTEtZGYxZTk1ZDdlZGQ5
LzEvQzF5dkppX2JfTVhfTU9LS1VRUmtiaWVva21JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUBKgWywjAN
BgkqhkiG9w0BAQsFAAOCAQEATkqwv4goJXgCxfYBWi9rnAa87uGmeacHDmfTBP2m
2gpFS32U0Lj21MRp9gtgNZQ9X9jEDTEv+CUwPTcWM0hLIWXJK9lA68GnOXZbQEaM
Ij/uUD0CQmmTm6z1ZQetvjvzKgmjrT0skharD1hF32J4DqABtLTam6XWRRf+ZpGX
JLEzvvs8fO2/DbY6rr2WDVO02En3iPlPJ8o4OFgJofwzhnQbqK0mTDlNfl/lxYwB
B1xh2gpN6+0IDV8aR3D7z/OM6eq+ROiGSWx7g/E4Q3dC17Iz557fSc2VziRKP8bE
1fw1T95zwa77xM65sjBl1kdgwLrvesDVPAii3lk2PhxPrw==
-----END CERTIFICATE-----