Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/1-q6Gx7_Jx0RNixfVCpKaDeY8lmo.roa
File:                     1-q6Gx7_Jx0RNixfVCpKaDeY8lmo.roa (raw, json)
Hash identifier:          oJlfwPWRmIAmSHoNmAWggqzgU1+wvYLox6YQ/PzNY+M=
Subject key identifier:   FA:AE:86:C7:BF:C9:C7:44:4D:8B:17:D5:0A:92:9A:0D:E6:3C:96:6A
Certificate issuer:       /CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
Certificate serial:       018CC8013F2007AB4F1AE130C49A6E0A701C
Authority key identifier: BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/1-q6Gx7_Jx0RNixfVCpKaDeY8lmo.roa
Signing time:             Tue 02 Jan 2024 02:29:34 +0000
ROA not before:           Tue 02 Jan 2024 02:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     398788
IP address blocks:        2a01:488:bb12::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:3f:20:07:ab:4f:1a:e1:30:c4:9a:6e:0a:70:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
        Validity
            Not Before: Jan  2 02:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=faae86c7bfc9c7444d8b17d50a929a0de63c966a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:f6:78:b0:9d:06:af:99:02:0b:5f:1a:58:e5:
                    c0:cf:18:4d:19:ec:da:dd:a9:7a:2f:f3:02:0e:f7:
                    b5:ab:b2:80:28:b4:08:8c:6d:99:10:9d:a9:2e:68:
                    ef:75:76:29:de:7b:be:65:35:99:8f:93:6a:84:4e:
                    1b:c1:67:ae:27:0c:77:b7:64:99:ff:76:d9:bc:97:
                    72:13:38:7c:67:44:ba:05:76:2e:93:a2:27:f0:21:
                    07:47:d7:26:2d:5d:0e:ae:02:57:44:49:13:0d:18:
                    64:8c:a7:90:75:bf:75:9d:3e:0c:92:70:37:96:ad:
                    75:39:3d:af:3e:1c:d9:dd:d2:9d:74:54:01:2a:17:
                    a3:87:b7:16:d0:e8:d1:97:27:93:92:92:06:a2:c2:
                    62:56:ee:77:0a:c9:47:85:ce:56:26:77:6a:97:b3:
                    29:86:21:9b:fb:b7:b4:42:7d:14:29:ad:36:37:9d:
                    8b:c1:cb:d0:21:6c:6c:2e:f1:a8:55:9e:a7:3a:31:
                    9d:a5:09:e7:3f:d8:54:45:63:21:be:23:0f:ee:e3:
                    83:fa:44:11:6e:00:6b:e2:97:1a:a3:6a:1e:ee:dc:
                    ae:9c:57:13:3c:12:7d:87:96:ad:0a:fd:9a:01:c7:
                    90:03:4e:b4:bd:63:d8:47:de:72:ca:b0:39:2b:b4:
                    46:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:AE:86:C7:BF:C9:C7:44:4D:8B:17:D5:0A:92:9A:0D:E6:3C:96:6A
            X509v3 Authority Key Identifier:
                keyid:BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/1-q6Gx7_Jx0RNixfVCpKaDeY8lmo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:488:bb12::/48

    Signature Algorithm: sha256WithRSAEncryption
         95:1c:e2:4e:44:84:49:61:12:af:12:70:14:05:94:f8:0b:ad:
         8b:5e:b8:20:bb:cc:5c:ac:52:4d:71:60:d8:1f:2f:b2:8b:20:
         a1:b5:2c:22:5e:cc:27:03:59:75:15:14:7d:d4:84:19:0b:45:
         99:82:2a:76:20:45:22:42:24:a3:f7:04:d4:72:02:7d:aa:1a:
         1e:7b:fc:d4:b8:3d:46:d5:d8:3e:4f:42:3e:ac:be:22:13:1c:
         98:cf:57:d8:23:0b:89:25:13:3f:ca:3f:89:b8:43:53:6a:54:
         27:68:e7:17:e6:7d:a8:da:36:6b:da:45:56:98:9c:7f:f1:7f:
         d0:87:cb:48:bd:79:da:4b:1c:92:89:75:4e:d6:5e:21:5d:be:
         7f:ba:e4:1a:5a:de:05:31:a7:a7:51:0f:df:bd:3d:cd:99:4f:
         74:d8:d1:50:56:75:4b:a6:cd:c5:9a:f6:94:28:0d:9c:44:41:
         02:01:1d:77:ee:59:16:2e:6c:5a:76:be:00:1b:78:b7:63:69:
         cf:40:a3:dd:8c:5c:85:be:6b:0f:d2:47:ca:da:8c:fc:0c:00:
         f9:9f:10:d9:1c:a1:e7:19:e6:ac:1a:b7:a3:47:f3:41:52:2f:
         d1:5f:15:af:38:87:4e:df:d1:6f:5d:47:eb:29:f3:83:ff:ea:
         19:ee:df:37
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAYzIAT8gB6tPGuEwxJpuCnAcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNmVkMGZiN2IzMjA4MzJhYzE1ODA1MzRjN2IyNjNmMzA0
ZTk4MWIwHhcNMjQwMTAyMDIyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWFlODZjN2JmYzljNzQ0NGQ4YjE3ZDUwYTkyOWEwZGU2M2M5NjZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/Z4sJ0Gr5kCC18aWOXAzxhNGeza
3al6L/MCDve1q7KAKLQIjG2ZEJ2pLmjvdXYp3nu+ZTWZj5NqhE4bwWeuJwx3t2SZ
/3bZvJdyEzh8Z0S6BXYuk6In8CEHR9cmLV0OrgJXREkTDRhkjKeQdb91nT4MknA3
lq11OT2vPhzZ3dKddFQBKhejh7cW0OjRlyeTkpIGosJiVu53CslHhc5WJndql7Mp
hiGb+7e0Qn0UKa02N52LwcvQIWxsLvGoVZ6nOjGdpQnnP9hURWMhviMP7uOD+kQR
bgBr4pcao2oe7tyunFcTPBJ9h5atCv2aAceQA060vWPYR95yyrA5K7RG7QIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFPquhse/ycdETYsX1QqSmg3mPJZqMB8GA1UdIwQY
MBaAFLpu0Pt7MggyrBWAU0x7Jj8wTpgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQt
MTYxZjM0MjM4N2QxLzEvMS1xNkd4N19KeDBSTml4ZlZDcEthRGVZOGxtby5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjAvNDIwNDFkLTU5MzEtNDgyNC05MjU0LTE2MWYzNDIzODdk
MS8xL3VtN1EtM3N5Q0RLc0ZZQlRUSHNtUHpCT21Ccy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoBBIi7
EjANBgkqhkiG9w0BAQsFAAOCAQEAlRziTkSESWESrxJwFAWU+Auti164ILvMXKxS
TXFg2B8vsosgobUsIl7MJwNZdRUUfdSEGQtFmYIqdiBFIkIko/cE1HICfaoaHnv8
1Lg9RtXYPk9CPqy+IhMcmM9X2CMLiSUTP8o/ibhDU2pUJ2jnF+Z9qNo2a9pFVpic
f/F/0IfLSL152ksckol1TtZeIV2+f7rkGlreBTGnp1EP3709zZlPdNjRUFZ1S6bN
xZr2lCgNnERBAgEdd+5ZFi5sWna+ABt4t2Npz0Cj3Yxchb5rD9JHytqM/AwA+Z8Q
2Ryh5xnmrBq3o0fzQVIv0V8VrziHTt/Rb11H6ynzg//qGe7fNw==
-----END CERTIFICATE-----