Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/whAkmRw3tVbuG37XR-ORy1j2coE.roa
File:                     whAkmRw3tVbuG37XR-ORy1j2coE.roa (raw, json)
Hash identifier:          Ven7BYvudYxd5p8a+7AOJn/cy38s5wV44wL2lAenWhM=
Subject key identifier:   C2:10:24:99:1C:37:B5:56:EE:1B:7E:D7:47:E3:91:CB:58:F6:72:81
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01967CA7C0C70619E6327AE2DA16EB21D095
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/whAkmRw3tVbuG37XR-ORy1j2coE.roa
Signing time:             Mon 28 Apr 2025 13:48:10 +0000
ROA not before:           Mon 28 Apr 2025 13:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209612
IP address blocks:        2a0c:b641:3f0::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:7c:a7:c0:c7:06:19:e6:32:7a:e2:da:16:eb:21:d0:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Apr 28 13:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c21024991c37b556ee1b7ed747e391cb58f67281
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:38:b5:fd:41:00:b8:a7:78:eb:62:fe:ff:42:
                    e1:b4:36:b2:c9:d7:6a:b2:d6:1c:df:7d:a5:8d:03:
                    33:c3:d4:f5:fb:6e:97:1d:53:5e:28:33:b6:ba:88:
                    fe:eb:02:85:6d:e3:24:ec:41:1f:00:0e:06:71:6b:
                    fa:09:3f:f8:7a:d1:0d:92:49:5d:1a:6e:b7:a7:6e:
                    e9:7d:c3:bd:ac:5f:b4:65:73:64:2a:46:7a:d5:01:
                    0e:7a:55:9c:fe:58:0a:4e:61:00:8a:d9:39:08:eb:
                    ac:db:75:bd:a3:08:84:e8:06:c9:d1:eb:8c:6d:7e:
                    50:75:77:e6:26:87:04:eb:6f:ed:a7:c2:f6:16:8c:
                    39:87:df:b3:de:a0:8c:32:2b:4e:35:d3:43:4f:dc:
                    be:2c:6c:4c:f1:cb:89:1c:9e:2d:10:a4:78:c2:70:
                    ed:25:8a:fe:43:c5:96:08:0c:b5:be:8e:cb:50:6d:
                    23:6b:11:c6:2f:b5:6c:4d:c1:e4:7b:7d:8a:8a:36:
                    33:d1:c9:64:c4:d5:32:f2:cf:d3:a8:57:a4:c2:c6:
                    8f:e2:ce:ac:a7:20:3f:6e:bf:00:d9:7d:72:70:d0:
                    88:f8:46:5f:b0:a7:92:6c:86:37:a8:74:b5:c6:64:
                    5f:32:1b:21:4d:a4:c7:4f:67:c7:43:d1:47:3b:72:
                    1c:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:10:24:99:1C:37:B5:56:EE:1B:7E:D7:47:E3:91:CB:58:F6:72:81
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/whAkmRw3tVbuG37XR-ORy1j2coE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:3f0::/44

    Signature Algorithm: sha256WithRSAEncryption
         15:ef:69:e0:c4:26:1e:f9:12:6a:0a:9d:4e:d9:f2:2e:d9:12:
         ef:f5:b4:10:96:da:a2:cc:ad:c8:d4:3e:36:cd:d8:80:8e:65:
         cb:63:51:44:45:b8:71:a6:fc:1b:c8:a8:56:40:d9:41:8e:ec:
         0d:2e:aa:48:52:7d:ff:3c:36:8c:32:b3:56:25:44:52:bb:8c:
         6b:a1:ea:bb:1e:94:20:9a:bf:2c:20:b7:ef:8e:32:7d:92:28:
         65:76:29:c1:3d:30:69:d9:91:36:ca:57:da:65:f3:26:66:94:
         0c:d4:c9:89:ff:34:2a:df:b0:6c:c3:24:9e:a7:02:7c:c7:ad:
         59:2d:69:fb:ee:14:4b:c7:74:eb:49:a3:ea:d0:3d:9a:e9:36:
         d3:e4:37:9f:07:06:91:13:8b:d5:e0:9c:84:93:60:ec:e3:e0:
         f2:75:bd:97:cd:f9:99:8e:c2:0c:97:3b:8c:43:49:21:2c:7a:
         76:39:df:1a:c3:30:c7:ae:94:51:aa:fe:be:0c:43:0d:65:38:
         8b:d4:90:ac:39:31:eb:56:4d:0f:c2:f4:63:e3:63:04:e1:46:
         7f:b1:22:ec:db:d6:11:47:5a:37:55:f6:3d:01:33:60:e1:da:
         42:89:be:8f:d2:76:58:3f:16:dc:34:f9:c7:ad:09:26:a7:a7:
         8a:1d:fb:b6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZZ8p8DHBhnmMnri2hbrIdCVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwNDI4MTM0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjEwMjQ5OTFjMzdiNTU2ZWUxYjdlZDc0N2UzOTFjYjU4ZjY3MjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkDi1/UEAuKd462L+/0LhtDayyddq
stYc332ljQMzw9T1+26XHVNeKDO2uoj+6wKFbeMk7EEfAA4GcWv6CT/4etENkkld
Gm63p27pfcO9rF+0ZXNkKkZ61QEOelWc/lgKTmEAitk5COus23W9owiE6AbJ0euM
bX5QdXfmJocE62/tp8L2Fow5h9+z3qCMMitONdNDT9y+LGxM8cuJHJ4tEKR4wnDt
JYr+Q8WWCAy1vo7LUG0jaxHGL7VsTcHke32KijYz0clkxNUy8s/TqFekwsaP4s6s
pyA/br8A2X1ycNCI+EZfsKeSbIY3qHS1xmRfMhshTaTHT2fHQ9FHO3IcEQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMIQJJkcN7VW7ht+10fjkctY9nKBMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvd2hBa21SdzN0VmJ1RzM3WFItT1J5MWoyY29FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQPw
MA0GCSqGSIb3DQEBCwUAA4IBAQAV72ngxCYe+RJqCp1O2fIu2RLv9bQQltqizK3I
1D42zdiAjmXLY1FERbhxpvwbyKhWQNlBjuwNLqpIUn3/PDaMMrNWJURSu4xroeq7
HpQgmr8sILfvjjJ9kihldinBPTBp2ZE2ylfaZfMmZpQM1MmJ/zQq37BswySepwJ8
x61ZLWn77hRLx3TrSaPq0D2a6TbT5DefBwaRE4vV4JyEk2Ds4+Dydb2XzfmZjsIM
lzuMQ0khLHp2Od8awzDHrpRRqv6+DEMNZTiL1JCsOTHrVk0PwvRj42ME4UZ/sSLs
29YRR1o3VfY9ATNg4dpCib6P0nZYPxbcNPnHrQkmp6eKHfu2
-----END CERTIFICATE-----