Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/bYPfKSp3uay7u1IBGQCfz9PB7s8.roa
File:                     bYPfKSp3uay7u1IBGQCfz9PB7s8.roa (raw, json)
Hash identifier:          cQdCPGlvEZyuveyWWb2XndmUwLnId4QzQGpaXozykOM=
Subject key identifier:   6D:83:DF:29:2A:77:B9:AC:BB:BB:52:01:19:00:9F:CF:D3:C1:EE:CF
Certificate issuer:       /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial:       0194258F0EC02F46EC35F130EB6A69B76699
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/bYPfKSp3uay7u1IBGQCfz9PB7s8.roa
Signing time:             Thu 02 Jan 2025 05:48:39 +0000
ROA not before:           Thu 02 Jan 2025 05:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30788
IP address blocks:        2a0e:4780::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 20:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:0e:c0:2f:46:ec:35:f1:30:eb:6a:69:b7:66:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
        Validity
            Not Before: Jan  2 05:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6d83df292a77b9acbbbb520119009fcfd3c1eecf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:14:fb:9b:39:13:20:3d:dd:fe:7f:cd:88:cc:
                    1b:31:c7:15:aa:4b:b7:7d:34:e4:e0:4f:91:ef:5d:
                    c7:ed:9a:78:81:69:e6:11:b1:dd:e7:34:fe:fe:9e:
                    71:dd:64:39:93:f6:44:e3:26:1f:bd:df:b9:93:a7:
                    73:5d:0c:45:02:4b:f7:71:81:be:5d:c1:8c:5f:ca:
                    45:4b:d2:ea:26:0d:fd:cb:9a:23:e6:b5:f3:84:18:
                    39:bb:8e:d3:72:4b:1c:98:e5:ba:b9:28:51:d6:e2:
                    f7:80:ad:88:64:0e:9e:32:57:f4:9d:72:00:74:49:
                    c7:d5:25:05:f7:42:77:00:a1:62:23:39:c0:b9:d3:
                    9b:73:64:ff:44:a6:65:ba:f2:1e:c6:10:ab:a2:94:
                    da:bd:13:93:1c:e1:89:1b:4e:48:3f:da:18:0d:5c:
                    0c:52:ca:1a:f4:6e:13:09:d4:a8:5f:f6:07:50:0d:
                    26:eb:3b:5c:91:4e:30:9a:dd:69:2f:8f:6d:20:49:
                    36:af:12:62:84:e8:61:f9:3c:79:87:10:3d:bd:44:
                    28:ec:f4:7a:aa:ae:b1:c4:20:06:79:42:0c:34:3a:
                    73:ec:fd:1c:2f:7e:e6:70:9f:4f:00:7d:97:98:76:
                    fb:51:9d:1f:10:12:58:67:48:62:3b:1f:24:47:06:
                    97:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:83:DF:29:2A:77:B9:AC:BB:BB:52:01:19:00:9F:CF:D3:C1:EE:CF
            X509v3 Authority Key Identifier:
                keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/bYPfKSp3uay7u1IBGQCfz9PB7s8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:4780::/29

    Signature Algorithm: sha256WithRSAEncryption
         70:7e:a1:c8:4d:2e:d8:ae:64:40:09:14:2c:bb:66:7b:b1:a2:
         d1:9a:d6:df:ec:d6:f9:04:9a:7e:52:35:69:37:13:c5:aa:54:
         99:83:60:eb:56:01:7b:bf:83:9a:3a:bf:7e:30:e4:b1:e7:42:
         52:51:fe:39:7b:61:5b:21:e9:84:be:4b:68:61:54:48:58:cb:
         f1:b0:77:28:07:28:c0:bf:ab:54:6c:5b:60:44:38:49:57:99:
         3d:0f:91:90:57:7b:3b:59:c1:6a:5b:cc:f8:a2:e7:af:33:b7:
         3c:ca:62:dd:95:fa:64:b6:2f:29:ae:91:0e:16:98:28:6b:c9:
         d7:70:77:07:7b:08:f0:a0:46:41:e9:f4:22:72:7a:73:45:58:
         8d:ce:cd:8f:76:53:64:6d:af:81:33:6e:74:d3:34:18:bd:a1:
         92:96:6d:56:54:4b:90:81:c0:91:99:2c:9e:73:f5:3f:b1:f2:
         0f:d6:ee:67:1b:49:89:b4:fe:9b:52:04:bb:4a:f0:b3:51:01:
         ac:c9:8d:46:04:a7:a4:62:dd:38:9c:a2:1f:84:9b:c8:7c:27:
         3d:60:57:9a:d8:13:3c:c9:fa:1c:a8:84:57:96:5a:79:15:fb:
         30:9b:c6:12:6e:5c:07:b3:12:e1:3a:4d:fa:52:4f:35:6e:ab:
         3e:4e:9c:63
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQljw7AL0bsNfEw62ppt2aZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjUwMTAyMDU0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDgzZGYyOTJhNzdiOWFjYmJiYjUyMDExOTAwOWZjZmQzYzFlZWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqxT7mzkTID3d/n/NiMwbMccVqku3
fTTk4E+R713H7Zp4gWnmEbHd5zT+/p5x3WQ5k/ZE4yYfvd+5k6dzXQxFAkv3cYG+
XcGMX8pFS9LqJg39y5oj5rXzhBg5u47TckscmOW6uShR1uL3gK2IZA6eMlf0nXIA
dEnH1SUF90J3AKFiIznAudObc2T/RKZluvIexhCropTavROTHOGJG05IP9oYDVwM
Usoa9G4TCdSoX/YHUA0m6ztckU4wmt1pL49tIEk2rxJihOhh+Tx5hxA9vUQo7PR6
qq6xxCAGeUIMNDpz7P0cL37mcJ9PAH2XmHb7UZ0fEBJYZ0hiOx8kRwaXhwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFG2D3ykqd7msu7tSARkAn8/Twe7PMB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEvYllQZktTcDN1YXk3dTFJQkdRQ2Z6OVBCN3M4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg5HgDAN
BgkqhkiG9w0BAQsFAAOCAQEAcH6hyE0u2K5kQAkULLtme7Gi0ZrW3+zW+QSaflI1
aTcTxapUmYNg61YBe7+Dmjq/fjDksedCUlH+OXthWyHphL5LaGFUSFjL8bB3KAco
wL+rVGxbYEQ4SVeZPQ+RkFd7O1nBalvM+KLnrzO3PMpi3ZX6ZLYvKa6RDhaYKGvJ
13B3B3sI8KBGQen0InJ6c0VYjc7Nj3ZTZG2vgTNudNM0GL2hkpZtVlRLkIHAkZks
nnP1P7HyD9buZxtJibT+m1IEu0rws1EBrMmNRgSnpGLdOJyiH4SbyHwnPWBXmtgT
PMn6HKiEV5ZaeRX7MJvGEm5cB7MS4TpN+lJPNW6rPk6cYw==
-----END CERTIFICATE-----