Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/3ozxe3eCXT9JC_ZIJyhtuinyln4.roa
File:                     3ozxe3eCXT9JC_ZIJyhtuinyln4.roa (raw, json)
Hash identifier:          gufLQO5o7Tk7ZZaE8OE4ZmY4rKilts70/MIEHSYdQtw=
Subject key identifier:   DE:8C:F1:7B:77:82:5D:3F:49:0B:F6:48:27:28:6D:BA:29:F2:96:7E
Certificate issuer:       /CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
Certificate serial:       019427B65B4148318DD52A396EE7572576B3
Authority key identifier: BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/3ozxe3eCXT9JC_ZIJyhtuinyln4.roa
Signing time:             Thu 02 Jan 2025 15:50:49 +0000
ROA not before:           Thu 02 Jan 2025 15:50:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     398788
IP address blocks:        2a01:488:bb12::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:5b:41:48:31:8d:d5:2a:39:6e:e7:57:25:76:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
        Validity
            Not Before: Jan  2 15:50:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=de8cf17b77825d3f490bf64827286dba29f2967e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:1c:ae:14:71:33:16:c7:db:79:95:dc:72:d0:
                    99:8b:2d:ab:68:6b:c7:9f:1a:2f:01:69:f6:08:13:
                    4c:48:4c:11:e8:53:85:c1:09:05:11:04:ba:9d:8a:
                    d3:d8:82:91:20:be:de:be:10:d7:b4:41:14:d0:2d:
                    a3:c7:29:d5:78:1d:cd:b6:e8:4f:b6:c6:78:77:0c:
                    80:8d:7a:05:ad:11:39:f5:64:11:b7:4d:3b:d3:c0:
                    5b:b9:3a:15:45:a3:f5:02:f6:20:8c:1b:57:76:bc:
                    06:fd:ed:f7:77:b2:af:29:2e:6d:ac:f7:bd:1b:1f:
                    86:d8:76:77:e7:5f:47:7b:97:b3:7c:b7:06:c1:db:
                    fa:e3:18:d7:7d:ac:03:53:08:07:a1:15:09:07:f0:
                    95:84:f9:b7:64:1a:83:e7:32:0d:8d:fe:47:c5:03:
                    92:36:c5:51:62:01:e7:0d:b4:7d:39:41:8b:d4:d8:
                    ef:02:51:0b:a9:aa:58:19:a4:15:96:6b:8f:74:f5:
                    d6:2c:fb:b7:f4:9f:cd:fa:56:ff:a2:03:68:f8:bc:
                    20:1a:6f:a0:a5:f1:2f:8c:86:fa:9b:73:e2:98:35:
                    cf:31:c3:ef:d5:c7:ec:37:f9:14:a3:89:79:61:55:
                    c3:c4:dd:98:b8:8b:98:4c:79:39:f6:94:bb:d2:37:
                    e7:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:8C:F1:7B:77:82:5D:3F:49:0B:F6:48:27:28:6D:BA:29:F2:96:7E
            X509v3 Authority Key Identifier:
                keyid:BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/3ozxe3eCXT9JC_ZIJyhtuinyln4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:488:bb12::/48

    Signature Algorithm: sha256WithRSAEncryption
         82:89:c5:ae:aa:d8:75:c8:90:65:7f:b8:96:c7:91:b5:98:3e:
         39:e0:4c:be:19:21:ac:7e:3d:65:c2:3b:0d:7a:aa:65:05:09:
         ee:1b:79:41:ee:8b:ef:aa:27:29:73:fd:d5:6c:e9:e7:5c:df:
         e8:88:c9:77:3a:08:13:0b:ca:6e:30:68:c6:7f:8e:f7:f9:f2:
         fc:87:0c:af:01:ec:e5:9e:49:ea:c6:51:1f:13:2f:29:86:9e:
         00:5e:15:f2:a3:c7:65:c4:f3:5a:73:6f:48:56:28:5e:66:ed:
         49:db:a3:9a:c0:e7:21:68:78:99:2d:01:0b:57:09:98:dd:b6:
         6a:4e:9e:9a:b9:73:89:2e:96:e4:a5:9d:89:7b:d1:2f:81:54:
         3d:7e:11:9a:b5:d6:2a:f3:ed:6c:e4:b0:86:7c:fb:94:30:d4:
         15:44:c5:6a:4c:67:e6:f3:51:0e:f7:b8:f7:e0:7a:94:36:91:
         bb:52:93:eb:38:9a:e2:df:63:96:97:11:5b:a9:ec:12:b1:41:
         eb:b8:1f:60:cd:2b:6d:65:4b:51:eb:9d:e0:3e:ba:82:dd:0f:
         3e:3d:b5:63:99:c4:91:7d:a5:2c:d0:0c:6f:72:11:2d:fc:1d:
         75:77:c0:56:ec:ae:79:9a:33:3b:15:96:f3:0c:57:36:79:6b:
         a3:27:6d:59
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQntltBSDGN1So5budXJXazMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNmVkMGZiN2IzMjA4MzJhYzE1ODA1MzRjN2IyNjNmMzA0
ZTk4MWIwHhcNMjUwMTAyMTU1MDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZThjZjE3Yjc3ODI1ZDNmNDkwYmY2NDgyNzI4NmRiYTI5ZjI5NjdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnByuFHEzFsfbeZXcctCZiy2raGvH
nxovAWn2CBNMSEwR6FOFwQkFEQS6nYrT2IKRIL7evhDXtEEU0C2jxynVeB3NtuhP
tsZ4dwyAjXoFrRE59WQRt00708BbuToVRaP1AvYgjBtXdrwG/e33d7KvKS5trPe9
Gx+G2HZ3519He5ezfLcGwdv64xjXfawDUwgHoRUJB/CVhPm3ZBqD5zINjf5HxQOS
NsVRYgHnDbR9OUGL1NjvAlELqapYGaQVlmuPdPXWLPu39J/N+lb/ogNo+LwgGm+g
pfEvjIb6m3PimDXPMcPv1cfsN/kUo4l5YVXDxN2YuIuYTHk59pS70jfnzwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFN6M8Xt3gl0/SQv2SCcobbop8pZ+MB8GA1UdIwQY
MBaAFLpu0Pt7MggyrBWAU0x7Jj8wTpgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQt
MTYxZjM0MjM4N2QxLzEvM296eGUzZUNYVDlKQ19aSUp5aHR1aW55bG40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQtMTYxZjM0MjM4N2Qx
LzEvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgEEiLsS
MA0GCSqGSIb3DQEBCwUAA4IBAQCCicWuqth1yJBlf7iWx5G1mD454Ey+GSGsfj1l
wjsNeqplBQnuG3lB7ovvqicpc/3VbOnnXN/oiMl3OggTC8puMGjGf473+fL8hwyv
AezlnknqxlEfEy8php4AXhXyo8dlxPNac29IViheZu1J26OawOchaHiZLQELVwmY
3bZqTp6auXOJLpbkpZ2Je9EvgVQ9fhGatdYq8+1s5LCGfPuUMNQVRMVqTGfm81EO
97j34HqUNpG7UpPrOJri32OWlxFbqewSsUHruB9gzSttZUtR653gPrqC3Q8+PbVj
mcSRfaUs0AxvchEt/B11d8BW7K55mjM7FZbzDFc2eWujJ21Z
-----END CERTIFICATE-----