Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/8Wng1S3-p5A6clwhfe-GnJ53AV4.roa
File:                     8Wng1S3-p5A6clwhfe-GnJ53AV4.roa (raw, json)
Hash identifier:          woDt/qT2TXAxgVgeibNyGkk/jbPusWIF/85lws01a6k=
Subject key identifier:   F1:69:E0:D5:2D:FE:A7:90:3A:72:5C:21:7D:EF:86:9C:9E:77:01:5E
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01966CDAF3C20E3CBDC4E9AE44F4F11F1B23
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/8Wng1S3-p5A6clwhfe-GnJ53AV4.roa
Signing time:             Fri 25 Apr 2025 12:10:10 +0000
ROA not before:           Fri 25 Apr 2025 12:10:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209764
IP address blocks:        2a0c:b641:3e0::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:6c:da:f3:c2:0e:3c:bd:c4:e9:ae:44:f4:f1:1f:1b:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Apr 25 12:10:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f169e0d52dfea7903a725c217def869c9e77015e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:51:6a:fa:6c:42:44:e2:d4:ea:a7:74:41:d1:
                    82:98:b4:06:9e:03:1f:33:d0:66:82:57:60:c4:aa:
                    93:45:44:ac:49:7e:0c:ff:9f:0a:51:41:21:bf:1a:
                    01:de:75:71:f3:17:90:a0:0d:f9:17:bb:63:11:74:
                    10:a0:59:33:80:88:5f:69:d4:90:e6:b4:2a:1d:3e:
                    68:24:7f:bb:cf:52:44:53:3e:1f:30:21:a6:a6:ba:
                    38:d1:66:b5:50:7b:9b:cb:b2:87:49:f3:4d:ff:d1:
                    fb:b8:60:50:cc:81:ed:88:86:c9:c6:34:cd:47:ef:
                    b1:b3:ce:4c:4c:c2:a3:04:0f:fb:91:ed:82:a2:cd:
                    8f:93:c6:27:65:43:ad:fb:e5:06:75:3e:d5:e4:a0:
                    3e:ac:2f:08:78:1c:0e:29:d6:9d:4a:71:f9:7c:e4:
                    db:d0:63:e4:19:44:c8:2f:6e:c5:70:74:02:39:23:
                    2a:a0:83:c3:5d:ed:9e:b9:4a:c0:05:e5:c2:15:0b:
                    e8:a1:17:9c:30:9f:b4:46:76:b5:f9:28:20:2b:6b:
                    49:c3:b2:07:f5:cf:5d:68:f9:89:a6:42:ef:c3:28:
                    28:14:c2:f8:04:46:44:fd:a3:a2:16:a3:1e:67:78:
                    13:62:2b:2c:12:0a:5e:77:c0:bc:40:c1:dd:65:79:
                    d6:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:69:E0:D5:2D:FE:A7:90:3A:72:5C:21:7D:EF:86:9C:9E:77:01:5E
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/8Wng1S3-p5A6clwhfe-GnJ53AV4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:3e0::/44

    Signature Algorithm: sha256WithRSAEncryption
         1f:fc:09:39:27:9f:03:12:58:6c:c4:2f:78:22:f4:c3:bb:93:
         d6:09:38:8a:36:b2:22:e7:70:b0:f1:ab:0c:57:0f:ac:6e:d2:
         96:5d:04:07:03:aa:11:c8:fd:30:5c:ea:74:ae:91:f2:74:a6:
         98:cd:50:21:a9:c8:11:f5:93:8a:50:4e:22:48:1e:71:e4:45:
         80:60:d5:c9:35:a5:27:02:be:44:4a:c1:92:0f:ad:38:df:56:
         f3:bf:2c:9b:ae:e8:33:7f:be:ea:6d:18:53:20:f2:29:ce:f8:
         7d:de:77:a6:64:7d:86:6b:da:dd:b0:da:0f:ec:b0:06:b9:eb:
         d1:f5:f3:cd:24:5a:18:d9:ba:36:66:2b:89:6b:c6:14:05:0d:
         51:c2:3f:b5:dd:b8:04:1d:41:22:b3:52:2e:5e:27:6b:5f:4f:
         a3:df:0c:a7:0b:aa:ad:fb:3e:4c:30:3e:4b:78:86:b9:6a:5a:
         e2:ad:94:60:b8:35:ca:c1:6b:b3:4f:bf:c4:93:bb:72:04:19:
         86:06:98:4a:cc:b3:be:ec:9b:29:a1:ff:f6:b2:9e:0e:32:b3:
         83:54:0f:ee:49:e4:89:2e:37:39:36:22:09:42:4f:86:4f:39:
         05:d0:43:b1:29:60:62:27:74:79:8c:a8:00:8d:5e:0f:22:bc:
         98:46:c1:11
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZZs2vPCDjy9xOmuRPTxHxsjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwNDI1MTIxMDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTY5ZTBkNTJkZmVhNzkwM2E3MjVjMjE3ZGVmODY5YzllNzcwMTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqFFq+mxCROLU6qd0QdGCmLQGngMf
M9BmgldgxKqTRUSsSX4M/58KUUEhvxoB3nVx8xeQoA35F7tjEXQQoFkzgIhfadSQ
5rQqHT5oJH+7z1JEUz4fMCGmpro40Wa1UHuby7KHSfNN/9H7uGBQzIHtiIbJxjTN
R++xs85MTMKjBA/7ke2Cos2Pk8YnZUOt++UGdT7V5KA+rC8IeBwOKdadSnH5fOTb
0GPkGUTIL27FcHQCOSMqoIPDXe2euUrABeXCFQvooRecMJ+0Rna1+SggK2tJw7IH
9c9daPmJpkLvwygoFML4BEZE/aOiFqMeZ3gTYissEgped8C8QMHdZXnWeQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPFp4NUt/qeQOnJcIX3vhpyedwFeMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvOFduZzFTMy1wNUE2Y2x3aGZlLUduSjUzQVY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQPg
MA0GCSqGSIb3DQEBCwUAA4IBAQAf/Ak5J58DElhsxC94IvTDu5PWCTiKNrIi53Cw
8asMVw+sbtKWXQQHA6oRyP0wXOp0rpHydKaYzVAhqcgR9ZOKUE4iSB5x5EWAYNXJ
NaUnAr5ESsGSD60431bzvyybrugzf77qbRhTIPIpzvh93nemZH2Ga9rdsNoP7LAG
uevR9fPNJFoY2bo2ZiuJa8YUBQ1Rwj+13bgEHUEis1IuXidrX0+j3wynC6qt+z5M
MD5LeIa5alrirZRguDXKwWuzT7/Ek7tyBBmGBphKzLO+7Jspof/2sp4OMrODVA/u
SeSJLjc5NiIJQk+GTzkF0EOxKWBiJ3R5jKgAjV4PIryYRsER
-----END CERTIFICATE-----