Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/AXo_jOnTlL0IjqjqQeZTY7LABHA.roa
File:                     AXo_jOnTlL0IjqjqQeZTY7LABHA.roa (raw, json)
Hash identifier:          jQQc2PRgS8L2Ei22YVQ/h4wXzzBq0u3kT7qBo8RzUHU=
Subject key identifier:   01:7A:3F:8C:E9:D3:94:BD:08:8E:A8:EA:41:E6:53:63:B2:C0:04:70
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019A01D0F73EB7F8DA655BC9BDE564C23B42
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/AXo_jOnTlL0IjqjqQeZTY7LABHA.roa
Signing time:             Mon 20 Oct 2025 13:31:03 +0000
ROA not before:           Mon 20 Oct 2025 13:31:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209542
IP address blocks:        2a0c:b641:470::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 22:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:01:d0:f7:3e:b7:f8:da:65:5b:c9:bd:e5:64:c2:3b:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Oct 20 13:31:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=017a3f8ce9d394bd088ea8ea41e65363b2c00470
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:9c:f4:61:45:37:0a:f9:6b:dd:65:ad:87:a7:
                    71:ea:93:15:b6:9a:79:bb:99:ca:97:f7:e0:ba:03:
                    2c:7c:1a:8b:95:27:c6:05:9f:e0:09:df:b1:89:c7:
                    a6:8b:d7:92:59:b1:a0:3b:1e:99:b1:61:cb:f2:c1:
                    18:be:8c:d9:e5:db:a1:72:c0:57:c2:75:6d:87:f7:
                    a5:cb:48:98:38:d4:ba:6d:26:77:04:6e:2b:2a:01:
                    73:36:f5:f4:ec:9c:87:2a:9f:92:3c:02:ff:ba:15:
                    58:eb:d6:b7:5d:ba:a7:78:d8:e1:10:df:85:47:31:
                    b2:7c:9b:3a:0e:f1:b0:c9:b3:2f:34:9a:b3:e3:2c:
                    7d:1c:6a:27:97:a8:08:92:29:e1:8b:7f:8c:15:43:
                    38:a2:4b:12:a2:42:35:b0:a5:7d:a5:86:f4:a3:f0:
                    1e:23:8a:4e:65:bc:fd:2d:66:a7:31:0f:4f:26:0a:
                    a1:41:6b:2d:34:36:9f:b5:6f:8e:7c:17:e7:88:cf:
                    44:b1:cc:dc:9f:6c:a4:fd:78:99:98:44:b7:1a:01:
                    42:5e:25:88:f2:ff:53:1d:42:e5:a2:a8:f6:07:e5:
                    64:8e:64:a4:6f:f0:39:35:12:60:92:5d:42:b8:0c:
                    b4:e3:5d:c1:eb:95:2f:44:5a:e0:57:80:f7:d7:31:
                    ab:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:7A:3F:8C:E9:D3:94:BD:08:8E:A8:EA:41:E6:53:63:B2:C0:04:70
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/AXo_jOnTlL0IjqjqQeZTY7LABHA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:470::/44

    Signature Algorithm: sha256WithRSAEncryption
         5c:d0:74:3c:6d:78:88:34:52:ca:77:b3:de:bc:4e:53:90:67:
         38:c1:04:21:7c:e1:2d:d0:58:18:8a:dc:3b:36:67:64:6b:4c:
         dd:55:6f:8c:88:27:88:5a:22:2d:5b:a9:dd:7f:8c:62:94:5f:
         45:6f:14:91:b2:06:99:aa:f1:fb:2c:60:95:16:5d:01:12:9d:
         82:0c:fb:2a:47:88:94:ef:46:93:96:1f:21:04:6c:15:de:9f:
         2d:98:77:fa:88:35:8a:eb:31:af:74:bc:3d:f7:bc:83:ab:d2:
         1d:95:af:d4:a3:9b:5f:f4:df:14:80:37:94:be:a9:cb:04:86:
         1d:26:60:9a:99:58:ff:20:27:a2:9f:0e:40:f6:28:c5:7b:ad:
         1d:cf:1a:47:32:1e:4a:d2:23:57:43:e0:3d:d3:fb:b3:6d:8e:
         ff:87:1d:0d:b9:51:41:94:fd:5d:bc:2d:fc:3a:9e:2a:db:8d:
         78:27:06:71:ec:29:5d:50:67:5b:ab:51:a8:10:c7:62:d2:6e:
         b0:12:0e:a7:61:e1:3e:76:ab:03:11:7c:2f:6f:39:12:c9:78:
         56:94:d6:81:4e:f0:5d:e2:92:7e:63:89:2a:2a:0b:12:48:c8:
         a6:6a:1c:34:8f:7a:ad:df:9a:0d:68:d2:85:73:79:00:78:14:
         60:59:2f:a7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZoB0Pc+t/jaZVvJveVkwjtCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUxMDIwMTMzMTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTdhM2Y4Y2U5ZDM5NGJkMDg4ZWE4ZWE0MWU2NTM2M2IyYzAwNDcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtpz0YUU3Cvlr3WWth6dx6pMVtpp5
u5nKl/fgugMsfBqLlSfGBZ/gCd+xicemi9eSWbGgOx6ZsWHL8sEYvozZ5duhcsBX
wnVth/ely0iYONS6bSZ3BG4rKgFzNvX07JyHKp+SPAL/uhVY69a3XbqneNjhEN+F
RzGyfJs6DvGwybMvNJqz4yx9HGonl6gIkinhi3+MFUM4oksSokI1sKV9pYb0o/Ae
I4pOZbz9LWanMQ9PJgqhQWstNDaftW+OfBfniM9Esczcn2yk/XiZmES3GgFCXiWI
8v9THULloqj2B+VkjmSkb/A5NRJgkl1CuAy0413B65UvRFrgV4D31zGrDQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAF6P4zp05S9CI6o6kHmU2OywARwMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvQVhvX2pPblRsTDBJanFqcVFlWlRZN0xBQkhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQRw
MA0GCSqGSIb3DQEBCwUAA4IBAQBc0HQ8bXiINFLKd7PevE5TkGc4wQQhfOEt0FgY
itw7Nmdka0zdVW+MiCeIWiItW6ndf4xilF9FbxSRsgaZqvH7LGCVFl0BEp2CDPsq
R4iU70aTlh8hBGwV3p8tmHf6iDWK6zGvdLw997yDq9Idla/Uo5tf9N8UgDeUvqnL
BIYdJmCamVj/ICeinw5A9ijFe60dzxpHMh5K0iNXQ+A90/uzbY7/hx0NuVFBlP1d
vC38Op4q2414JwZx7CldUGdbq1GoEMdi0m6wEg6nYeE+dqsDEXwvbzkSyXhWlNaB
TvBd4pJ+Y4kqKgsSSMimahw0j3qt35oNaNKFc3kAeBRgWS+n
-----END CERTIFICATE-----