Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/UQuoGZO6Pp_5AaApI3SVqwy7cg0.roa
File:                     UQuoGZO6Pp_5AaApI3SVqwy7cg0.roa (raw, json)
Hash identifier:          kZ4PoqBwZj0veVJw6WwPOsWY9BwrtlsTOk/Oi9QysuM=
Subject key identifier:   51:0B:A8:19:93:BA:3E:9F:F9:01:A0:29:23:74:95:AB:0C:BB:72:0D
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       0196A5FAABE4C9CD26FB9E50D2E46D1A410C
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/UQuoGZO6Pp_5AaApI3SVqwy7cg0.roa
Signing time:             Tue 06 May 2025 14:23:10 +0000
ROA not before:           Tue 06 May 2025 14:23:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209238
IP address blocks:        2a0c:b641:460::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a5:fa:ab:e4:c9:cd:26:fb:9e:50:d2:e4:6d:1a:41:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: May  6 14:23:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=510ba81993ba3e9ff901a029237495ab0cbb720d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:cf:ac:4e:f7:32:c1:1c:88:d9:c3:a6:db:8c:
                    65:c6:0f:81:15:6c:7b:dc:79:d9:6e:5c:71:b1:50:
                    54:84:2b:27:9d:f0:fe:e3:24:c1:a6:5c:6d:38:64:
                    d1:b8:a9:96:5e:03:90:bc:c4:4d:97:94:d6:39:7a:
                    73:d2:70:cf:25:86:b6:73:ac:b7:31:19:f9:05:3b:
                    5a:58:4a:aa:92:bf:c6:e1:d4:2c:8e:21:f5:05:77:
                    51:03:46:31:78:e2:c5:e0:d3:30:9f:79:bf:6f:4e:
                    cb:d3:f9:5a:85:9a:02:85:58:89:e6:f8:4f:89:f7:
                    01:cb:ab:fb:6f:06:fe:1a:10:a8:7f:28:b4:38:8e:
                    b1:15:02:be:58:c4:07:fb:e1:13:65:cb:28:a9:dc:
                    05:16:9b:a7:9c:3e:44:9b:4e:06:61:9b:30:05:1b:
                    0e:98:ac:66:fc:22:23:d3:86:81:a5:c0:8a:9f:ad:
                    c6:64:7d:d1:36:31:02:eb:dd:84:55:d9:3b:9a:9b:
                    ba:53:81:e8:e9:94:94:aa:98:ce:3b:a8:76:ca:3f:
                    8b:d4:2c:ac:21:eb:79:39:3c:38:83:b0:f2:31:3a:
                    8a:3e:4a:ab:ad:fc:e2:3b:3a:1f:c9:44:5c:07:85:
                    13:84:7b:bc:f7:8f:ac:32:ec:b1:a4:fc:6e:72:c7:
                    b8:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:0B:A8:19:93:BA:3E:9F:F9:01:A0:29:23:74:95:AB:0C:BB:72:0D
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/UQuoGZO6Pp_5AaApI3SVqwy7cg0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:460::/44

    Signature Algorithm: sha256WithRSAEncryption
         27:ca:55:84:8d:18:5e:1c:9d:3f:5d:ad:81:0f:b8:03:db:b1:
         e9:41:5e:97:a1:71:4e:03:25:78:96:31:1b:d6:1f:73:7f:24:
         63:01:36:15:75:5d:08:4a:92:d9:7e:44:97:88:5d:05:ec:fe:
         a7:d2:98:9d:33:56:f9:80:6e:7c:58:b6:19:29:49:9f:98:3b:
         e4:7f:75:6f:7f:45:ad:12:54:aa:8d:ec:d3:68:af:94:fb:ba:
         2a:e3:aa:72:43:94:53:2e:22:12:aa:e2:cb:08:f9:b8:39:d8:
         de:56:90:3b:0b:ef:a6:10:6e:e9:2b:64:e0:59:c1:dc:f1:5f:
         4a:6d:13:75:07:32:5a:f9:05:77:14:d7:b4:a8:6a:18:8c:d3:
         b2:c2:4b:e3:07:78:fb:cb:a5:14:cd:17:d7:87:c7:73:eb:75:
         ab:72:3e:15:d7:8c:7c:2e:4c:46:1a:70:00:93:87:5b:c3:54:
         17:f8:74:d6:80:0a:a4:48:c6:c1:9d:44:49:41:ef:fa:b2:a6:
         00:3d:c3:d5:37:0b:06:16:56:4c:04:b0:ac:be:eb:f8:31:1f:
         f5:c7:2d:c4:7f:cd:d0:14:0a:2a:25:31:a1:d9:17:8a:f9:e9:
         df:ae:36:bc:95:e0:35:97:ec:2e:39:de:ec:68:5d:55:88:a8:
         ca:bb:b1:b5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZal+qvkyc0m+55Q0uRtGkEMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwNTA2MTQyMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTBiYTgxOTkzYmEzZTlmZjkwMWEwMjkyMzc0OTVhYjBjYmI3MjBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvs+sTvcywRyI2cOm24xlxg+BFWx7
3HnZblxxsVBUhCsnnfD+4yTBplxtOGTRuKmWXgOQvMRNl5TWOXpz0nDPJYa2c6y3
MRn5BTtaWEqqkr/G4dQsjiH1BXdRA0YxeOLF4NMwn3m/b07L0/lahZoChViJ5vhP
ifcBy6v7bwb+GhCofyi0OI6xFQK+WMQH++ETZcsoqdwFFpunnD5Em04GYZswBRsO
mKxm/CIj04aBpcCKn63GZH3RNjEC692EVdk7mpu6U4Ho6ZSUqpjOO6h2yj+L1Cys
Iet5OTw4g7DyMTqKPkqrrfziOzofyURcB4UThHu894+sMuyxpPxucse4EwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFELqBmTuj6f+QGgKSN0lasMu3INMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvVVF1b0daTzZQcF81QWFBcEkzU1Zxd3k3Y2cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQRg
MA0GCSqGSIb3DQEBCwUAA4IBAQAnylWEjRheHJ0/Xa2BD7gD27HpQV6XoXFOAyV4
ljEb1h9zfyRjATYVdV0ISpLZfkSXiF0F7P6n0pidM1b5gG58WLYZKUmfmDvkf3Vv
f0WtElSqjezTaK+U+7oq46pyQ5RTLiISquLLCPm4OdjeVpA7C++mEG7pK2TgWcHc
8V9KbRN1BzJa+QV3FNe0qGoYjNOywkvjB3j7y6UUzRfXh8dz63Wrcj4V14x8LkxG
GnAAk4dbw1QX+HTWgAqkSMbBnURJQe/6sqYAPcPVNwsGFlZMBLCsvuv4MR/1xy3E
f83QFAoqJTGh2ReK+enfrja8leA1l+wuOd7saF1ViKjKu7G1
-----END CERTIFICATE-----