Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/0nJK-sDwzEH_IjXJf1REdUXAa7A.roa
File:                     0nJK-sDwzEH_IjXJf1REdUXAa7A.roa (raw, json)
Hash identifier:          SSvXaQZPEjzyQK0OeaWqY97b/cQRCIqF4nU0dqjupA8=
Subject key identifier:   D2:72:4A:FA:C0:F0:CC:41:FF:22:35:C9:7F:54:44:75:45:C0:6B:B0
Certificate issuer:       /CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
Certificate serial:       018CC8013EA23FA4E08666975A16D27A5764
Authority key identifier: BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/0nJK-sDwzEH_IjXJf1REdUXAa7A.roa
Signing time:             Tue 02 Jan 2024 02:29:33 +0000
ROA not before:           Tue 02 Jan 2024 02:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     398107
IP address blocks:        2a01:488:bb0d::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 19:51:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:3e:a2:3f:a4:e0:86:66:97:5a:16:d2:7a:57:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
        Validity
            Not Before: Jan  2 02:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d2724afac0f0cc41ff2235c97f54447545c06bb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:98:31:34:71:19:f6:ab:94:2e:b1:fa:7d:e4:
                    a4:06:f3:ac:38:3f:d7:bf:e4:9c:ac:75:ba:8e:87:
                    95:c3:67:9b:f6:c9:83:a8:53:95:d8:df:99:f2:1d:
                    9c:24:10:88:1a:42:ef:ad:c7:19:e5:3d:1c:0e:1e:
                    66:92:cc:7a:8f:1f:b9:a3:b9:84:93:28:21:de:7e:
                    60:46:e1:0b:a0:a5:8e:af:a3:3a:28:7d:70:be:52:
                    84:b0:1e:8c:08:a1:4c:7c:5a:fa:ce:e9:a6:03:61:
                    36:30:a2:96:ed:8a:17:53:67:f2:2b:93:cf:6e:aa:
                    9d:18:42:6d:ed:af:35:0f:d3:a3:4e:68:76:92:45:
                    af:9b:76:74:13:f1:1a:05:90:11:62:46:da:d6:65:
                    e4:88:ef:04:18:04:86:76:da:6c:7c:2c:ac:f6:6e:
                    d4:d5:75:5f:93:4f:6b:ea:eb:40:36:1f:93:93:dd:
                    1e:6b:06:2b:c5:6f:f8:99:af:fe:f0:6a:1a:b9:19:
                    d1:f6:4f:d7:c8:32:fd:f6:cf:88:a3:34:b4:1f:46:
                    cd:61:23:3c:61:c0:71:bf:a3:db:68:9c:dc:22:99:
                    84:f0:b0:ce:db:1e:4e:8a:2b:00:85:4b:35:e8:52:
                    ce:63:ab:19:ac:5b:c0:fe:5e:3f:b6:f3:d2:b4:2c:
                    e7:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:72:4A:FA:C0:F0:CC:41:FF:22:35:C9:7F:54:44:75:45:C0:6B:B0
            X509v3 Authority Key Identifier:
                keyid:BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/0nJK-sDwzEH_IjXJf1REdUXAa7A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:488:bb0d::/48

    Signature Algorithm: sha256WithRSAEncryption
         02:da:c5:5b:21:89:b0:99:1d:10:ec:25:43:42:5f:e8:0e:3c:
         0a:3e:16:df:81:63:fa:7e:af:1f:cc:e7:4a:a9:9b:e3:3d:8d:
         81:1b:17:c5:86:03:f9:4e:2d:da:61:0f:34:44:9c:64:89:1c:
         e0:6c:fd:9a:a8:e8:e3:a4:b3:5c:2c:e1:21:89:6d:7f:1d:31:
         83:84:5d:fe:31:ad:f0:f5:39:c5:c0:c8:9b:b7:f9:18:07:54:
         60:d2:62:9a:12:94:f5:13:40:e2:69:f1:47:0c:b5:da:cd:9f:
         f5:a2:81:ce:95:48:91:7d:83:6a:42:65:e3:b0:b7:08:72:de:
         7b:89:5f:eb:23:18:f0:bc:b2:aa:3c:20:e3:cd:79:0e:4d:00:
         f7:79:5a:a9:0a:58:2c:23:e4:91:15:5a:18:06:13:af:f7:ba:
         d7:fa:d0:a9:4a:78:2a:6d:7e:3d:96:53:94:54:8b:2f:2b:3b:
         be:cf:c2:cb:70:67:c7:3b:c6:5a:56:b0:a2:8b:8b:47:49:d9:
         66:79:51:f4:b5:f7:64:13:cc:5d:76:4f:0d:c3:93:00:44:73:
         3e:05:8c:d3:1c:4b:1c:78:ec:2f:ff:b0:51:21:80:5a:e5:19:
         63:38:1a:e5:a0:76:79:4d:5c:63:4a:9f:98:f2:47:6c:bb:cf:
         71:39:42:0b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAT6iP6TghmaXWhbSeldkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNmVkMGZiN2IzMjA4MzJhYzE1ODA1MzRjN2IyNjNmMzA0
ZTk4MWIwHhcNMjQwMTAyMDIyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjcyNGFmYWMwZjBjYzQxZmYyMjM1Yzk3ZjU0NDQ3NTQ1YzA2YmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhpgxNHEZ9quULrH6feSkBvOsOD/X
v+ScrHW6joeVw2eb9smDqFOV2N+Z8h2cJBCIGkLvrccZ5T0cDh5mksx6jx+5o7mE
kygh3n5gRuELoKWOr6M6KH1wvlKEsB6MCKFMfFr6zummA2E2MKKW7YoXU2fyK5PP
bqqdGEJt7a81D9OjTmh2kkWvm3Z0E/EaBZARYkba1mXkiO8EGASGdtpsfCys9m7U
1XVfk09r6utANh+Tk90eawYrxW/4ma/+8GoauRnR9k/XyDL99s+IozS0H0bNYSM8
YcBxv6PbaJzcIpmE8LDO2x5OiisAhUs16FLOY6sZrFvA/l4/tvPStCznZwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNJySvrA8MxB/yI1yX9URHVFwGuwMB8GA1UdIwQY
MBaAFLpu0Pt7MggyrBWAU0x7Jj8wTpgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQt
MTYxZjM0MjM4N2QxLzEvMG5KSy1zRHd6RUhfSWpYSmYxUkVkVVhBYTdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQtMTYxZjM0MjM4N2Qx
LzEvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgEEiLsN
MA0GCSqGSIb3DQEBCwUAA4IBAQAC2sVbIYmwmR0Q7CVDQl/oDjwKPhbfgWP6fq8f
zOdKqZvjPY2BGxfFhgP5Ti3aYQ80RJxkiRzgbP2aqOjjpLNcLOEhiW1/HTGDhF3+
Ma3w9TnFwMibt/kYB1Rg0mKaEpT1E0DiafFHDLXazZ/1ooHOlUiRfYNqQmXjsLcI
ct57iV/rIxjwvLKqPCDjzXkOTQD3eVqpClgsI+SRFVoYBhOv97rX+tCpSngqbX49
llOUVIsvKzu+z8LLcGfHO8ZaVrCii4tHSdlmeVH0tfdkE8xddk8Nw5MARHM+BYzT
HEsceOwv/7BRIYBa5RljOBrloHZ5TVxjSp+Y8kdsu89xOUIL
-----END CERTIFICATE-----