Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/64gE8QPMrs_f4Qskgk_7FN3799M.roa
File:                     64gE8QPMrs_f4Qskgk_7FN3799M.roa (raw, json)
Hash identifier:          6mf2kcZQ1WBBLyqa+mauXErucjGP2b0D9TcIPwDHVy8=
Subject key identifier:   EB:88:04:F1:03:CC:AE:CF:DF:E1:0B:24:82:4F:FB:14:DD:FB:F7:D3
Certificate issuer:       /CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
Certificate serial:       018CC8013C996E9ED89B1E3544E6827CD669
Authority key identifier: BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/64gE8QPMrs_f4Qskgk_7FN3799M.roa
Signing time:             Tue 02 Jan 2024 02:29:33 +0000
ROA not before:           Tue 02 Jan 2024 02:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     398102
IP address blocks:        2a01:488:bb05::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:02:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:3c:99:6e:9e:d8:9b:1e:35:44:e6:82:7c:d6:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
        Validity
            Not Before: Jan  2 02:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eb8804f103ccaecfdfe10b24824ffb14ddfbf7d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:b7:a3:a1:b3:78:9a:a0:b7:8c:3c:4a:3b:03:
                    36:a7:a9:02:77:20:12:6d:94:16:e6:7a:bf:ed:ea:
                    67:38:ac:d0:42:7e:36:30:fc:60:89:92:fc:39:68:
                    01:c8:da:1a:d3:04:a5:37:65:83:8d:c8:20:85:09:
                    fa:56:d6:fb:a1:2d:20:ee:d8:f2:13:e2:38:ae:9f:
                    5c:b1:a4:54:be:96:a5:1b:69:94:b0:a6:32:94:73:
                    fd:43:94:6b:77:d0:86:77:93:3a:7a:b2:28:97:62:
                    dc:f7:ed:a0:2a:e1:3b:91:07:fe:df:06:7e:34:69:
                    54:0b:b2:3a:22:29:12:37:58:7f:a9:02:fc:44:41:
                    59:b7:54:42:f9:39:a3:85:f1:b6:ce:70:a4:f1:b8:
                    8c:9b:cc:da:6e:f2:ae:79:21:16:08:ee:85:db:2e:
                    d6:7c:41:9a:76:aa:fb:6b:e2:f4:7f:45:54:f0:66:
                    dd:0a:76:28:79:f0:d7:c9:34:cd:2f:57:5f:ee:6d:
                    60:3f:c1:4b:cf:13:37:ad:38:4d:55:4e:7c:0b:83:
                    02:e3:6c:65:b1:da:b4:16:80:04:8e:66:6c:ae:d7:
                    0b:09:05:13:98:79:aa:60:44:b5:55:6c:64:62:13:
                    03:77:04:fd:b4:b0:82:98:af:17:87:3e:57:f4:b2:
                    7e:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:88:04:F1:03:CC:AE:CF:DF:E1:0B:24:82:4F:FB:14:DD:FB:F7:D3
            X509v3 Authority Key Identifier:
                keyid:BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/64gE8QPMrs_f4Qskgk_7FN3799M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:488:bb05::/48

    Signature Algorithm: sha256WithRSAEncryption
         6d:91:8d:fe:c1:34:32:a8:17:e7:7a:ef:3a:33:17:7c:38:d4:
         ba:ec:40:62:21:c6:7b:85:3b:17:38:53:dc:be:03:a4:aa:63:
         cd:b8:77:f2:b9:bf:ca:42:d1:42:9a:51:6f:05:e8:8b:1f:42:
         3f:f2:1e:71:41:77:98:35:4f:df:51:40:ea:15:aa:a4:a5:03:
         99:13:35:0b:99:35:97:94:4d:6c:23:ca:b1:f5:80:1c:2a:3a:
         2b:e2:01:31:b9:7e:50:25:5f:f1:fe:a2:18:73:91:55:c6:ea:
         84:95:24:88:e6:fb:24:43:b6:40:5c:bb:34:25:87:72:49:82:
         0d:ad:43:a4:70:8f:6a:22:0d:63:1c:00:f0:37:45:ef:47:94:
         e1:b5:20:a7:82:31:2f:29:0d:58:ca:f2:77:4d:d4:97:11:93:
         8c:a9:23:81:78:22:ea:c8:ac:21:74:b5:87:8c:ee:db:da:6d:
         90:f7:6c:31:49:bf:dc:6a:05:0f:13:29:ee:7d:e9:e6:32:9d:
         5a:f9:21:fa:e6:a4:32:20:54:a9:32:44:6b:cf:58:03:ab:a7:
         ee:82:e3:48:5e:1e:c7:70:90:4b:a7:4d:b0:fe:37:66:e6:6c:
         05:8e:2b:89:fe:54:f9:d4:1a:c1:2e:0e:3c:78:e6:07:7e:f6:
         27:4f:0e:a2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIATyZbp7Ymx41ROaCfNZpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNmVkMGZiN2IzMjA4MzJhYzE1ODA1MzRjN2IyNjNmMzA0
ZTk4MWIwHhcNMjQwMTAyMDIyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjg4MDRmMTAzY2NhZWNmZGZlMTBiMjQ4MjRmZmIxNGRkZmJmN2QzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzLejobN4mqC3jDxKOwM2p6kCdyAS
bZQW5nq/7epnOKzQQn42MPxgiZL8OWgByNoa0wSlN2WDjcgghQn6Vtb7oS0g7tjy
E+I4rp9csaRUvpalG2mUsKYylHP9Q5Rrd9CGd5M6erIol2Lc9+2gKuE7kQf+3wZ+
NGlUC7I6IikSN1h/qQL8REFZt1RC+TmjhfG2znCk8biMm8zabvKueSEWCO6F2y7W
fEGadqr7a+L0f0VU8GbdCnYoefDXyTTNL1df7m1gP8FLzxM3rThNVU58C4MC42xl
sdq0FoAEjmZsrtcLCQUTmHmqYES1VWxkYhMDdwT9tLCCmK8Xhz5X9LJ+MQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOuIBPEDzK7P3+ELJIJP+xTd+/fTMB8GA1UdIwQY
MBaAFLpu0Pt7MggyrBWAU0x7Jj8wTpgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQt
MTYxZjM0MjM4N2QxLzEvNjRnRThRUE1yc19mNFFza2drXzdGTjM3OTlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQtMTYxZjM0MjM4N2Qx
LzEvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgEEiLsF
MA0GCSqGSIb3DQEBCwUAA4IBAQBtkY3+wTQyqBfneu86Mxd8ONS67EBiIcZ7hTsX
OFPcvgOkqmPNuHfyub/KQtFCmlFvBeiLH0I/8h5xQXeYNU/fUUDqFaqkpQOZEzUL
mTWXlE1sI8qx9YAcKjor4gExuX5QJV/x/qIYc5FVxuqElSSI5vskQ7ZAXLs0JYdy
SYINrUOkcI9qIg1jHADwN0XvR5ThtSCngjEvKQ1YyvJ3TdSXEZOMqSOBeCLqyKwh
dLWHjO7b2m2Q92wxSb/cagUPEynufenmMp1a+SH65qQyIFSpMkRrz1gDq6fuguNI
Xh7HcJBLp02w/jdm5mwFjiuJ/lT51BrBLg48eOYHfvYnTw6i
-----END CERTIFICATE-----