Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/C5Bd8VWsABcOSIK7iAaVbeAto74.roa
File:                     C5Bd8VWsABcOSIK7iAaVbeAto74.roa (raw, json)
Hash identifier:          UFtvFbnPksU3f32VZVDCvar4F34zLCv2m0EpLitoWn4=
Subject key identifier:   0B:90:5D:F1:55:AC:00:17:0E:48:82:BB:88:06:95:6D:E0:2D:A3:BE
Certificate issuer:       /CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
Certificate serial:       019427B655A618B8827F59C8F619A3DA2868
Authority key identifier: BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/C5Bd8VWsABcOSIK7iAaVbeAto74.roa
Signing time:             Thu 02 Jan 2025 15:50:48 +0000
ROA not before:           Thu 02 Jan 2025 15:50:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     398102
IP address blocks:        2a01:488:bb05::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:55:a6:18:b8:82:7f:59:c8:f6:19:a3:da:28:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
        Validity
            Not Before: Jan  2 15:50:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0b905df155ac00170e4882bb8806956de02da3be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:69:f5:e6:20:d6:bc:a8:b9:dc:25:a7:cd:b5:
                    99:a6:16:dc:24:88:7e:0f:ec:8b:c4:56:2c:64:90:
                    40:7d:5b:e3:49:6b:f3:a7:23:6d:87:25:90:a7:c5:
                    9c:f6:25:0d:c3:86:76:5f:74:c5:15:da:83:31:5d:
                    58:0b:14:e6:b4:5c:41:a5:c7:59:1b:f4:c0:e1:b4:
                    7f:24:95:e2:e8:bf:d2:9b:1f:29:40:04:22:c7:fe:
                    6c:e9:06:e1:fe:3d:34:a7:7e:2d:9b:a2:c0:3a:b9:
                    78:aa:cc:b7:c6:b3:34:29:28:ad:2a:66:21:ee:31:
                    f3:5b:f7:a5:a8:f7:f1:cf:78:91:6c:60:cd:c2:b0:
                    df:0c:49:ec:12:d9:87:f3:be:b1:7b:8a:b0:f2:ca:
                    4e:75:c3:49:9c:cb:d4:e9:84:b8:26:7c:a2:c7:53:
                    cc:c8:d1:1f:d1:77:f9:2e:3f:d0:2e:0b:43:42:bd:
                    f5:5f:d9:23:69:58:d9:0c:21:7d:1e:c8:76:ae:e5:
                    c0:8f:fc:10:0f:ac:5b:f4:90:84:c4:01:96:17:ef:
                    af:17:7f:fc:36:1e:5e:82:bb:cb:0e:2f:d2:03:86:
                    5d:c1:7f:07:30:40:48:01:af:1b:6f:60:46:ea:3d:
                    fa:37:d3:95:89:b3:15:32:3a:e2:80:81:10:d7:27:
                    db:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:90:5D:F1:55:AC:00:17:0E:48:82:BB:88:06:95:6D:E0:2D:A3:BE
            X509v3 Authority Key Identifier:
                keyid:BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/C5Bd8VWsABcOSIK7iAaVbeAto74.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:488:bb05::/48

    Signature Algorithm: sha256WithRSAEncryption
         a8:cf:1c:eb:68:62:24:e8:89:45:ee:65:c7:27:7a:a1:ee:0a:
         92:44:b2:9b:c7:6b:3a:b6:0b:cc:6c:39:3e:4d:da:d0:e2:ca:
         76:ff:42:5f:6b:ce:f8:e9:46:6c:8e:b8:e0:2f:33:e3:54:09:
         32:4e:61:87:25:86:43:1a:5c:4c:89:50:56:cb:4c:69:43:5e:
         48:3e:c1:9c:a5:47:9e:53:13:30:9f:b1:29:ad:c2:cc:d8:6c:
         65:03:15:c2:f7:f1:0f:4d:2c:68:68:18:7b:27:e7:fe:88:39:
         58:7b:09:b6:e4:db:2e:fe:9f:b3:5d:84:99:36:a3:70:47:24:
         5d:8a:c9:5b:77:92:6d:3e:a1:65:1b:09:4a:b7:d3:2f:1e:16:
         b3:1e:88:58:12:c8:a6:49:85:f4:10:14:2e:5f:26:d1:6e:b4:
         e9:a6:45:f8:c4:60:e9:36:20:d2:54:f4:c2:9b:31:f6:7a:11:
         9e:15:3d:a1:07:8d:8d:f6:da:a0:c2:d3:b5:e9:de:c5:a0:3e:
         50:9b:44:ee:93:a9:6f:07:21:d2:d0:2f:1f:c5:ed:95:96:ef:
         a3:35:b0:8f:51:8b:39:70:62:69:ea:e6:ba:64:f5:34:90:3e:
         55:90:4a:82:b9:0b:4a:af:59:b4:5c:e1:f7:f8:06:ec:61:04:
         b7:55:57:1e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQntlWmGLiCf1nI9hmj2ihoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNmVkMGZiN2IzMjA4MzJhYzE1ODA1MzRjN2IyNjNmMzA0
ZTk4MWIwHhcNMjUwMTAyMTU1MDQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjkwNWRmMTU1YWMwMDE3MGU0ODgyYmI4ODA2OTU2ZGUwMmRhM2JlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjWn15iDWvKi53CWnzbWZphbcJIh+
D+yLxFYsZJBAfVvjSWvzpyNthyWQp8Wc9iUNw4Z2X3TFFdqDMV1YCxTmtFxBpcdZ
G/TA4bR/JJXi6L/Smx8pQAQix/5s6Qbh/j00p34tm6LAOrl4qsy3xrM0KSitKmYh
7jHzW/elqPfxz3iRbGDNwrDfDEnsEtmH876xe4qw8spOdcNJnMvU6YS4Jnyix1PM
yNEf0Xf5Lj/QLgtDQr31X9kjaVjZDCF9Hsh2ruXAj/wQD6xb9JCExAGWF++vF3/8
Nh5egrvLDi/SA4ZdwX8HMEBIAa8bb2BG6j36N9OVibMVMjrigIEQ1yfbPQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAuQXfFVrAAXDkiCu4gGlW3gLaO+MB8GA1UdIwQY
MBaAFLpu0Pt7MggyrBWAU0x7Jj8wTpgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQt
MTYxZjM0MjM4N2QxLzEvQzVCZDhWV3NBQmNPU0lLN2lBYVZiZUF0bzc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQtMTYxZjM0MjM4N2Qx
LzEvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgEEiLsF
MA0GCSqGSIb3DQEBCwUAA4IBAQCozxzraGIk6IlF7mXHJ3qh7gqSRLKbx2s6tgvM
bDk+TdrQ4sp2/0Jfa8746UZsjrjgLzPjVAkyTmGHJYZDGlxMiVBWy0xpQ15IPsGc
pUeeUxMwn7EprcLM2GxlAxXC9/EPTSxoaBh7J+f+iDlYewm25Nsu/p+zXYSZNqNw
RyRdislbd5JtPqFlGwlKt9MvHhazHohYEsimSYX0EBQuXybRbrTppkX4xGDpNiDS
VPTCmzH2ehGeFT2hB42N9tqgwtO16d7FoD5Qm0Tuk6lvByHS0C8fxe2Vlu+jNbCP
UYs5cGJp6ua6ZPU0kD5VkEqCuQtKr1m0XOH3+AbsYQS3VVce
-----END CERTIFICATE-----