Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/BLtDltDcRGj0HtF3SpV20yLYGaw.roa
File:                     BLtDltDcRGj0HtF3SpV20yLYGaw.roa (raw, json)
Hash identifier:          Tk1eO4HYXlQvNGjZV2Vfqss5Ms8m6buo5uUAsIBKs6g=
Subject key identifier:   04:BB:43:96:D0:DC:44:68:F4:1E:D1:77:4A:95:76:D3:22:D8:19:AC
Certificate issuer:       /CN=b05d28d16626bc5dcabf2e915435782b96e14071
Certificate serial:       019425FDBADDA4A161B60A9A914471096C01
Authority key identifier: B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/BLtDltDcRGj0HtF3SpV20yLYGaw.roa
Signing time:             Thu 02 Jan 2025 07:49:32 +0000
ROA not before:           Thu 02 Jan 2025 07:49:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29311
IP address blocks:        2a04:9a04::/32 maxlen: 36
                          2a07:3506:4c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:ba:dd:a4:a1:61:b6:0a:9a:91:44:71:09:6c:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b05d28d16626bc5dcabf2e915435782b96e14071
        Validity
            Not Before: Jan  2 07:49:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=04bb4396d0dc4468f41ed1774a9576d322d819ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:9e:84:ce:05:21:d0:19:53:1d:e3:7b:40:49:
                    91:c0:e6:0d:22:b6:5b:14:7f:21:92:ef:7a:15:8a:
                    55:01:eb:09:41:da:a8:52:91:85:01:93:68:04:76:
                    a5:b4:8b:db:b1:57:e8:54:65:7d:fa:05:80:94:2a:
                    6a:41:ce:b2:23:23:8a:a9:7f:93:97:8b:4f:e2:a2:
                    4d:26:9b:1c:e2:a7:67:ef:f1:9b:1f:c9:bc:00:65:
                    06:7f:13:b6:50:8e:4b:7f:e6:d2:af:e0:5a:f0:9a:
                    f1:74:98:ac:44:d8:14:f1:1d:89:e6:ef:e8:71:cf:
                    7c:88:3f:ea:0a:72:68:a5:9e:e1:7c:e5:18:2e:fe:
                    5e:26:4c:1f:5d:82:c9:e4:13:e1:df:98:50:ca:32:
                    48:c2:3f:ce:d1:cb:e1:95:f8:e9:5e:75:e2:b3:aa:
                    85:9b:a7:c9:b6:82:6d:cb:20:93:96:6a:cc:a8:0b:
                    71:17:87:15:47:77:27:40:b1:1d:70:16:7c:16:ff:
                    2b:8d:80:1a:1d:ca:d8:7b:50:9a:c9:27:04:bf:7d:
                    86:dc:32:a1:87:3e:2e:bd:59:40:6f:7f:b1:3c:c8:
                    b8:a6:fa:b8:bf:a1:fd:aa:fa:82:b3:54:a2:fb:e2:
                    0b:ae:8a:d4:04:e5:68:2a:66:08:93:91:70:92:65:
                    02:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:BB:43:96:D0:DC:44:68:F4:1E:D1:77:4A:95:76:D3:22:D8:19:AC
            X509v3 Authority Key Identifier:
                keyid:B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/BLtDltDcRGj0HtF3SpV20yLYGaw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:9a04::/32
                  2a07:3506:4c::/48

    Signature Algorithm: sha256WithRSAEncryption
         76:82:12:92:be:52:30:df:ab:c8:3f:22:50:ad:80:df:83:86:
         0a:11:c0:17:58:a0:0c:3c:1a:d3:63:6e:fb:27:bf:2d:1d:e7:
         67:37:21:e5:b2:d2:40:83:84:c2:86:0c:4d:d4:6c:34:6c:a5:
         ac:3b:63:03:58:06:11:44:6d:39:40:21:f7:16:06:82:98:60:
         0a:60:b9:9b:0b:f0:34:7c:f9:6f:d4:e1:ba:63:a2:64:16:12:
         9a:18:6a:54:71:6a:7a:ab:e5:fc:f4:a9:5b:5b:c7:f1:80:d8:
         25:d2:31:1e:3b:05:8b:37:1d:62:84:22:89:d5:f0:e6:06:88:
         e5:d8:34:14:bf:85:34:3a:7a:8b:53:80:59:eb:60:ec:04:49:
         d7:23:c4:36:65:cc:c0:63:4e:4f:51:80:d4:2b:2b:4f:06:8a:
         07:d8:04:d5:11:1a:22:d7:f6:c6:95:aa:49:c2:f6:b3:e0:a9:
         b6:99:00:23:5a:bb:ad:b7:1b:ce:59:da:52:00:64:9b:2b:c4:
         36:ac:e6:16:a3:00:d2:d7:00:45:48:e0:f4:8d:0f:c3:93:71:
         77:4b:e2:f6:20:18:4e:40:36:e2:d6:6a:15:af:1e:c8:f8:70:
         50:ca:92:64:3c:a0:7b:03:d3:58:f9:86:b7:d6:91:12:45:77:
         2b:c6:3d:8e
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAZQl/brdpKFhtgqakURxCWwBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwNWQyOGQxNjYyNmJjNWRjYWJmMmU5MTU0MzU3ODJiOTZl
MTQwNzEwHhcNMjUwMTAyMDc0OTMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGJiNDM5NmQwZGM0NDY4ZjQxZWQxNzc0YTk1NzZkMzIyZDgxOWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt56EzgUh0BlTHeN7QEmRwOYNIrZb
FH8hku96FYpVAesJQdqoUpGFAZNoBHaltIvbsVfoVGV9+gWAlCpqQc6yIyOKqX+T
l4tP4qJNJpsc4qdn7/GbH8m8AGUGfxO2UI5Lf+bSr+Ba8JrxdJisRNgU8R2J5u/o
cc98iD/qCnJopZ7hfOUYLv5eJkwfXYLJ5BPh35hQyjJIwj/O0cvhlfjpXnXis6qF
m6fJtoJtyyCTlmrMqAtxF4cVR3cnQLEdcBZ8Fv8rjYAaHcrYe1CayScEv32G3DKh
hz4uvVlAb3+xPMi4pvq4v6H9qvqCs1Si++ILrorUBOVoKmYIk5FwkmUCqQIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFAS7Q5bQ3ERo9B7Rd0qVdtMi2BmsMB8GA1UdIwQY
MBaAFLBdKNFmJrxdyr8ukVQ1eCuW4UBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEt
YWQ1NzU1MjJiMzY1LzEvQkx0RGx0RGNSR2owSHRGM1NwVjIweUxZR2F3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEtYWQ1NzU1MjJiMzY1
LzEvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwUAKgSaBAMH
ACoHNQYATDANBgkqhkiG9w0BAQsFAAOCAQEAdoISkr5SMN+ryD8iUK2A34OGChHA
F1igDDwa02Nu+ye/LR3nZzch5bLSQIOEwoYMTdRsNGylrDtjA1gGEURtOUAh9xYG
gphgCmC5mwvwNHz5b9ThumOiZBYSmhhqVHFqeqvl/PSpW1vH8YDYJdIxHjsFizcd
YoQiidXw5gaI5dg0FL+FNDp6i1OAWetg7ARJ1yPENmXMwGNOT1GA1CsrTwaKB9gE
1REaItf2xpWqScL2s+CptpkAI1q7rbcbzlnaUgBkmyvENqzmFqMA0tcARUjg9I0P
w5Nxd0vi9iAYTkA24tZqFa8eyPhwUMqSZDygewPTWPmGt9aREkV3K8Y9jg==
-----END CERTIFICATE-----