Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/_xMiWxZDm68qsAVdCTCL0lsCV50.roa
File:                     _xMiWxZDm68qsAVdCTCL0lsCV50.roa (raw, json)
Hash identifier:          W9n0DIoqhW+zhTpzpmei4nm7mtMAVcd5YJogWpncXJM=
Subject key identifier:   FF:13:22:5B:16:43:9B:AF:2A:B0:05:5D:09:30:8B:D2:5B:02:57:9D
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019763151F2540E44E442B060C7CC293FA7F
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/_xMiWxZDm68qsAVdCTCL0lsCV50.roa
Signing time:             Thu 12 Jun 2025 07:40:17 +0000
ROA not before:           Thu 12 Jun 2025 07:40:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44445
IP address blocks:        2a0c:b641:560::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 13:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:63:15:1f:25:40:e4:4e:44:2b:06:0c:7c:c2:93:fa:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jun 12 07:40:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ff13225b16439baf2ab0055d09308bd25b02579d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:b1:c8:40:3c:0d:08:a0:11:30:60:99:c2:da:
                    10:d6:70:22:67:c8:4f:bb:14:ae:aa:a3:7e:e7:30:
                    a5:b1:0f:b2:b6:b6:83:8f:61:01:85:51:53:dd:a6:
                    09:4d:ab:87:a4:ce:60:ce:03:94:4a:95:fd:3e:24:
                    7f:95:58:62:9d:a3:2f:88:07:04:69:a9:03:5d:3b:
                    9e:02:5f:a1:bc:c3:d0:d3:6e:7c:56:95:2b:84:39:
                    75:c9:fa:b3:21:58:dc:5c:b2:39:0b:a4:7e:74:fd:
                    a4:8b:bd:12:54:f3:36:3c:94:2d:ab:b6:13:f3:46:
                    74:7e:0a:23:0c:84:6d:cc:1c:65:09:30:9e:87:14:
                    34:7c:49:2a:02:4f:19:21:b3:59:a4:a3:13:a5:26:
                    a8:06:72:f5:83:c7:a3:af:04:a9:24:ab:c8:b1:40:
                    f0:5e:a0:01:d4:6e:ae:ee:2e:02:dc:af:07:9a:03:
                    4f:4f:24:dd:e4:86:41:70:df:be:22:e0:f1:2d:3e:
                    8d:f9:2c:74:8b:54:6c:35:6e:67:cf:3d:38:2f:d1:
                    ea:0e:ca:5d:c4:f7:84:53:e3:72:5a:d9:e6:44:51:
                    34:f8:e6:f7:36:e3:1f:5c:5f:c4:3b:3e:23:83:1c:
                    f9:d1:fc:9f:7a:51:91:06:12:a3:ec:35:e6:8e:11:
                    4a:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:13:22:5B:16:43:9B:AF:2A:B0:05:5D:09:30:8B:D2:5B:02:57:9D
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/_xMiWxZDm68qsAVdCTCL0lsCV50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:560::/44

    Signature Algorithm: sha256WithRSAEncryption
         44:b4:35:8f:b8:65:a4:4e:f3:21:00:10:e8:97:77:11:a2:88:
         78:82:8f:32:69:22:3f:8d:a3:82:c8:1b:cf:db:f8:df:5d:1a:
         99:01:88:38:d9:ee:4e:0e:19:d2:b1:52:29:df:ea:c2:15:6f:
         ff:19:6f:50:0e:08:bb:cb:e9:a3:e2:fd:dd:cc:2b:3f:58:60:
         85:85:4f:a7:2d:44:df:e7:f1:66:dc:95:d6:b8:6c:b2:de:1a:
         a4:c7:0e:06:a4:0a:3f:1f:d6:f1:9c:45:ce:11:d8:db:f5:60:
         03:4e:ff:8b:ad:57:1e:1e:fe:ae:0b:fd:da:c1:76:4c:18:ba:
         a0:c8:81:30:95:3c:51:89:d5:9e:8a:1c:97:71:10:9e:0b:6b:
         e2:19:ec:e4:d6:fb:3f:64:a3:1b:8b:37:b9:00:88:45:5f:8c:
         26:2e:ad:d8:1b:4c:42:b8:67:3a:13:83:3e:93:7d:9a:5f:93:
         4d:27:9c:eb:3a:2d:03:18:e2:48:f4:9f:63:84:ed:89:00:96:
         5a:e0:bd:67:e8:64:49:df:52:65:d9:8e:89:24:6d:53:09:3e:
         64:18:65:ce:1d:92:dc:75:28:7b:01:35:70:d6:7b:83:4f:37:
         01:12:7f:3c:aa:c6:32:42:76:33:39:c6:8a:a0:9e:6c:c5:73:
         39:ad:42:ef
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZdjFR8lQORORCsGDHzCk/p/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwNjEyMDc0MDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjEzMjI1YjE2NDM5YmFmMmFiMDA1NWQwOTMwOGJkMjViMDI1NzlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi7HIQDwNCKARMGCZwtoQ1nAiZ8hP
uxSuqqN+5zClsQ+ytraDj2EBhVFT3aYJTauHpM5gzgOUSpX9PiR/lVhinaMviAcE
aakDXTueAl+hvMPQ0258VpUrhDl1yfqzIVjcXLI5C6R+dP2ki70SVPM2PJQtq7YT
80Z0fgojDIRtzBxlCTCehxQ0fEkqAk8ZIbNZpKMTpSaoBnL1g8ejrwSpJKvIsUDw
XqAB1G6u7i4C3K8HmgNPTyTd5IZBcN++IuDxLT6N+Sx0i1RsNW5nzz04L9HqDspd
xPeEU+NyWtnmRFE0+Ob3NuMfXF/EOz4jgxz50fyfelGRBhKj7DXmjhFKIQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFP8TIlsWQ5uvKrAFXQkwi9JbAledMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvX3hNaVd4WkRtNjhxc0FWZENUQ0wwbHNDVjUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQVg
MA0GCSqGSIb3DQEBCwUAA4IBAQBEtDWPuGWkTvMhABDol3cRooh4go8yaSI/jaOC
yBvP2/jfXRqZAYg42e5ODhnSsVIp3+rCFW//GW9QDgi7y+mj4v3dzCs/WGCFhU+n
LUTf5/Fm3JXWuGyy3hqkxw4GpAo/H9bxnEXOEdjb9WADTv+LrVceHv6uC/3awXZM
GLqgyIEwlTxRidWeihyXcRCeC2viGezk1vs/ZKMbize5AIhFX4wmLq3YG0xCuGc6
E4M+k32aX5NNJ5zrOi0DGOJI9J9jhO2JAJZa4L1n6GRJ31Jl2Y6JJG1TCT5kGGXO
HZLcdSh7ATVw1nuDTzcBEn88qsYyQnYzOcaKoJ5sxXM5rULv
-----END CERTIFICATE-----