Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/j0DSYM77RMbOnOKxj02LwG6E8bM.roa
File:                     j0DSYM77RMbOnOKxj02LwG6E8bM.roa (raw, json)
Hash identifier:          GOlq248P/ZWtTPLHjZSb+fhiBks0uDbKokEpM5cmpqE=
Subject key identifier:   8F:40:D2:60:CE:FB:44:C6:CE:9C:E2:B1:8F:4D:8B:C0:6E:84:F1:B3
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01967CEB1A1E9C3334A46238DE5D0EE92A92
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/j0DSYM77RMbOnOKxj02LwG6E8bM.roa
Signing time:             Mon 28 Apr 2025 15:01:44 +0000
ROA not before:           Mon 28 Apr 2025 15:01:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        2a0c:b641:420::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:7c:eb:1a:1e:9c:33:34:a4:62:38:de:5d:0e:e9:2a:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Apr 28 15:01:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8f40d260cefb44c6ce9ce2b18f4d8bc06e84f1b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:d6:47:05:0a:8e:41:1e:f4:9b:e2:18:f3:2e:
                    c5:b8:06:c1:4b:95:bc:22:a5:a8:56:0c:16:10:13:
                    73:22:a1:88:4f:03:e7:85:a2:fa:f0:cb:16:5a:01:
                    3a:04:6a:4f:3b:f8:94:c4:d6:00:1c:c3:11:fd:c3:
                    93:0d:4b:c3:97:9f:34:0f:5b:74:e2:e0:14:bf:09:
                    92:8b:4a:bd:a7:b1:63:2e:30:37:9a:88:95:eb:fd:
                    bd:e9:d8:85:03:d7:77:e0:49:03:d7:a8:cf:b1:a7:
                    c8:a1:79:13:b5:f4:5c:03:7c:df:fb:ed:dc:cf:e4:
                    fa:df:16:1d:15:f2:a7:d5:3c:86:be:03:7b:ce:31:
                    98:82:57:e3:9c:11:0a:20:ee:8e:22:93:eb:bf:cc:
                    7b:b0:ce:6c:1f:72:9c:4e:65:85:71:e5:20:99:54:
                    92:d8:79:40:6b:55:63:da:62:0f:0c:e5:f4:8e:0f:
                    24:b8:b9:d4:e5:5b:13:58:28:94:64:6a:2c:ed:3b:
                    19:31:d2:03:e7:60:2e:e3:e5:89:8e:7e:a7:f9:f7:
                    3d:c9:eb:0f:80:30:90:9c:77:87:83:af:19:7a:a9:
                    a5:d3:e3:33:0a:08:a3:1e:0a:ff:ea:ab:bb:e9:fa:
                    e3:95:0e:ce:de:ed:77:18:79:96:b8:76:21:05:e9:
                    ad:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:40:D2:60:CE:FB:44:C6:CE:9C:E2:B1:8F:4D:8B:C0:6E:84:F1:B3
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/j0DSYM77RMbOnOKxj02LwG6E8bM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:420::/44

    Signature Algorithm: sha256WithRSAEncryption
         75:0f:9c:a0:71:42:d8:fb:6c:69:f9:06:37:bb:8b:16:a3:0a:
         3a:09:ca:d7:84:5e:25:13:42:2a:97:c2:4e:74:8d:19:95:b6:
         84:fb:0a:d4:44:c2:ff:f9:bb:cb:9d:49:08:1a:7b:1d:9b:ae:
         03:75:3a:0e:ae:dc:f2:c5:16:71:f3:bb:97:ff:58:57:b6:b1:
         88:bd:f7:92:97:7f:fa:01:e8:fc:66:b0:59:18:92:b3:65:7e:
         ab:99:4b:4a:ec:3e:5a:19:0a:2e:5d:ca:2c:5d:f2:f5:4a:e4:
         08:8d:e3:cf:20:55:e4:20:b8:73:ed:20:e6:99:e7:e8:0d:70:
         2a:a3:b6:6a:bb:75:94:a7:84:87:0f:df:17:70:47:72:1c:7b:
         fc:8d:74:57:0d:cc:3f:88:49:af:59:6f:5d:2c:3a:8a:3d:5c:
         9b:59:11:65:4b:df:a6:42:51:d4:e5:9a:38:82:95:cd:04:0f:
         68:35:de:d4:23:6e:72:76:27:5c:fb:cf:5d:cb:df:b2:19:0b:
         a9:44:ca:cc:a8:77:d8:8a:5a:05:52:53:82:9e:20:71:cf:14:
         b3:52:fb:83:d3:b9:52:b1:73:9a:83:81:59:17:79:38:6d:30:
         f6:e7:99:0b:46:28:16:36:e9:c1:bd:a3:3e:0b:bb:36:0e:a1:
         cf:b8:ad:c5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZZ86xoenDM0pGI43l0O6SqSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwNDI4MTUwMTQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjQwZDI2MGNlZmI0NGM2Y2U5Y2UyYjE4ZjRkOGJjMDZlODRmMWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAutZHBQqOQR70m+IY8y7FuAbBS5W8
IqWoVgwWEBNzIqGITwPnhaL68MsWWgE6BGpPO/iUxNYAHMMR/cOTDUvDl580D1t0
4uAUvwmSi0q9p7FjLjA3moiV6/296diFA9d34EkD16jPsafIoXkTtfRcA3zf++3c
z+T63xYdFfKn1TyGvgN7zjGYglfjnBEKIO6OIpPrv8x7sM5sH3KcTmWFceUgmVSS
2HlAa1Vj2mIPDOX0jg8kuLnU5VsTWCiUZGos7TsZMdID52Au4+WJjn6n+fc9yesP
gDCQnHeHg68Zeqml0+MzCgijHgr/6qu76frjlQ7O3u13GHmWuHYhBemtnQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFI9A0mDO+0TGzpzisY9Ni8BuhPGzMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvajBEU1lNNzdSTWJPbk9LeGowMkx3RzZFOGJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQQg
MA0GCSqGSIb3DQEBCwUAA4IBAQB1D5ygcULY+2xp+QY3u4sWowo6CcrXhF4lE0Iq
l8JOdI0ZlbaE+wrURML/+bvLnUkIGnsdm64DdToOrtzyxRZx87uX/1hXtrGIvfeS
l3/6Aej8ZrBZGJKzZX6rmUtK7D5aGQouXcosXfL1SuQIjePPIFXkILhz7SDmmefo
DXAqo7Zqu3WUp4SHD98XcEdyHHv8jXRXDcw/iEmvWW9dLDqKPVybWRFlS9+mQlHU
5Zo4gpXNBA9oNd7UI25ydidc+89dy9+yGQupRMrMqHfYiloFUlOCniBxzxSzUvuD
07lSsXOag4FZF3k4bTD255kLRigWNunBvaM+C7s2DqHPuK3F
-----END CERTIFICATE-----