Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/mvcicLqkXTdt446y9B3JAJyFHWo.roa
File:                     mvcicLqkXTdt446y9B3JAJyFHWo.roa (raw, json)
Hash identifier:          6taweATyrhfC9jbv/pQzi44PD9DAUJqvNbqIjGCE9Co=
Subject key identifier:   9A:F7:22:70:BA:A4:5D:37:6D:E3:8E:B2:F4:1D:C9:00:9C:85:1D:6A
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       0198AEAE3E4B78C8FF7D2BA795E7C98A96F7
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/mvcicLqkXTdt446y9B3JAJyFHWo.roa
Signing time:             Fri 15 Aug 2025 17:01:51 +0000
ROA not before:           Fri 15 Aug 2025 17:01:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205380
IP address blocks:        2a0c:b641:6a0::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:50:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:ae:ae:3e:4b:78:c8:ff:7d:2b:a7:95:e7:c9:8a:96:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Aug 15 17:01:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9af72270baa45d376de38eb2f41dc9009c851d6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:37:37:59:15:47:1c:3f:1d:9f:65:75:56:19:
                    4e:11:81:e6:00:86:c6:99:0c:dc:df:b0:32:a8:69:
                    2f:93:70:81:34:7e:cb:6b:ff:48:b8:5f:0e:3e:f9:
                    d1:07:7c:13:25:fb:84:df:a2:d1:91:56:b4:6c:14:
                    4e:58:95:9a:12:21:ef:f0:2a:aa:33:5f:41:3d:81:
                    1e:e2:b8:99:35:1f:e9:c4:96:9e:22:2d:90:7e:57:
                    23:65:1a:51:85:fc:eb:8b:1b:a0:41:00:57:87:d3:
                    fd:35:ef:cc:73:1c:31:67:1e:a6:0b:71:22:57:b0:
                    46:c5:0b:27:b3:fd:bc:b3:78:87:3d:35:79:c3:d8:
                    32:b6:39:c8:a4:5b:0a:4c:fb:97:86:ed:39:b4:8f:
                    f0:44:a0:a4:d3:d1:6f:d8:1c:d4:92:29:3e:e7:ad:
                    de:1e:4d:a9:f7:12:2b:88:24:f8:20:86:41:dc:6d:
                    1f:c9:77:ce:d1:74:a7:8a:60:af:31:90:83:56:81:
                    2a:07:b3:0b:0d:00:d9:78:10:cb:e8:ed:eb:96:ae:
                    bc:c4:1a:d6:c8:e1:3e:56:9b:ab:e5:97:57:c7:d0:
                    4e:dc:22:3c:cb:07:df:10:61:b7:fb:6c:48:a8:63:
                    e2:7b:ec:96:eb:5e:af:e4:73:94:0e:96:ea:21:37:
                    db:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:F7:22:70:BA:A4:5D:37:6D:E3:8E:B2:F4:1D:C9:00:9C:85:1D:6A
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/mvcicLqkXTdt446y9B3JAJyFHWo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:6a0::/44

    Signature Algorithm: sha256WithRSAEncryption
         27:87:36:31:a9:db:53:1f:d3:e5:29:6f:03:fe:3e:65:1e:85:
         0c:fd:a6:c2:15:c7:55:50:e1:ac:98:0a:71:cd:54:ed:3f:e3:
         6d:69:85:b1:24:fc:92:37:74:c4:ec:92:af:76:f2:68:92:1f:
         87:0e:15:02:b6:9e:a0:37:81:bb:80:30:a1:a8:79:9a:64:33:
         91:1e:da:89:a9:34:ff:f6:cc:bb:cc:fc:eb:f8:7e:8a:71:87:
         76:19:03:07:08:f2:16:6d:56:47:b1:8f:d2:bc:fc:be:ed:74:
         24:74:c1:8a:6c:c6:c4:0d:7d:6c:81:1a:8e:e1:93:e7:7f:7e:
         24:b0:2c:2d:05:66:d0:0a:27:2b:e8:9e:9e:55:db:d1:76:89:
         60:ef:62:06:de:1d:1c:9c:71:69:7e:1b:61:60:ef:34:b0:b0:
         dd:5e:2a:d5:1a:2c:02:e6:5e:35:8d:fb:d8:e3:47:90:66:ea:
         fb:a7:6f:59:e5:4a:c6:f7:47:67:c7:f9:82:d9:74:14:ad:6d:
         8b:16:6b:d2:19:b6:8a:7d:f1:64:3a:0a:65:dd:17:e5:f3:6b:
         c6:c3:67:a6:72:71:44:a0:f7:f2:de:16:6e:0c:d0:6b:e7:17:
         d7:b7:17:d9:8f:3a:9d:f8:d3:a0:ec:33:b3:69:b9:8c:8d:73:
         e2:75:5d:c8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZiurj5LeMj/fSunlefJipb3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwODE1MTcwMTUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWY3MjI3MGJhYTQ1ZDM3NmRlMzhlYjJmNDFkYzkwMDljODUxZDZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1zc3WRVHHD8dn2V1VhlOEYHmAIbG
mQzc37AyqGkvk3CBNH7La/9IuF8OPvnRB3wTJfuE36LRkVa0bBROWJWaEiHv8Cqq
M19BPYEe4riZNR/pxJaeIi2QflcjZRpRhfzrixugQQBXh9P9Ne/McxwxZx6mC3Ei
V7BGxQsns/28s3iHPTV5w9gytjnIpFsKTPuXhu05tI/wRKCk09Fv2BzUkik+563e
Hk2p9xIriCT4IIZB3G0fyXfO0XSnimCvMZCDVoEqB7MLDQDZeBDL6O3rlq68xBrW
yOE+Vpur5ZdXx9BO3CI8ywffEGG3+2xIqGPie+yW616v5HOUDpbqITfbAQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJr3InC6pF03beOOsvQdyQCchR1qMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvbXZjaWNMcWtYVGR0NDQ2eTlCM0pBSnlGSFdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQag
MA0GCSqGSIb3DQEBCwUAA4IBAQAnhzYxqdtTH9PlKW8D/j5lHoUM/abCFcdVUOGs
mApxzVTtP+NtaYWxJPySN3TE7JKvdvJokh+HDhUCtp6gN4G7gDChqHmaZDORHtqJ
qTT/9sy7zPzr+H6KcYd2GQMHCPIWbVZHsY/SvPy+7XQkdMGKbMbEDX1sgRqO4ZPn
f34ksCwtBWbQCicr6J6eVdvRdolg72IG3h0cnHFpfhthYO80sLDdXirVGiwC5l41
jfvY40eQZur7p29Z5UrG90dnx/mC2XQUrW2LFmvSGbaKffFkOgpl3Rfl82vGw2em
cnFEoPfy3hZuDNBr5xfXtxfZjzqd+NOg7DOzabmMjXPidV3I
-----END CERTIFICATE-----