Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/C6LT-Ff1dGOSfpn24KGTry44-MY.roa
File:                     C6LT-Ff1dGOSfpn24KGTry44-MY.roa (raw, json)
Hash identifier:          IKCSXVHUk0HcTOnNmLtWqk4b3TEnH9Wu4aNKgT6ndb4=
Subject key identifier:   0B:A2:D3:F8:57:F5:74:63:92:7E:99:F6:E0:A1:93:AF:2E:38:F8:C6
Certificate issuer:       /CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
Certificate serial:       018CC801383BC9BDFA80CEF7BB37AA2A3D00
Authority key identifier: BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/C6LT-Ff1dGOSfpn24KGTry44-MY.roa
Signing time:             Tue 02 Jan 2024 02:29:32 +0000
ROA not before:           Tue 02 Jan 2024 02:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     397513
IP address blocks:        2a01:488:bb0e::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:38:3b:c9:bd:fa:80:ce:f7:bb:37:aa:2a:3d:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
        Validity
            Not Before: Jan  2 02:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0ba2d3f857f57463927e99f6e0a193af2e38f8c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:80:5d:4d:02:1f:cf:0b:6c:ae:7e:18:00:81:
                    ef:94:5d:52:87:4b:2b:cc:6d:b9:9e:16:76:db:35:
                    2c:71:65:7b:93:dc:04:59:68:ec:1d:dc:fa:20:a6:
                    c9:f0:ee:4a:2a:4d:ca:f5:87:40:0b:a0:d6:f3:db:
                    59:cd:8a:c0:98:1b:9c:6b:22:38:13:5a:2a:f3:4e:
                    e7:8d:77:29:c3:f5:78:df:57:82:30:ea:7c:a6:62:
                    ea:55:bb:9e:d3:e8:2f:98:1f:3a:32:23:2f:0d:a7:
                    83:0b:d1:13:35:15:70:7b:b7:9b:9d:fc:3e:0b:03:
                    82:83:68:9d:18:28:c7:fe:b9:d0:95:47:4e:d0:b1:
                    05:85:60:15:00:f7:1f:12:66:89:ab:31:40:39:2c:
                    b4:2b:e9:65:3a:b6:84:f4:75:2d:b3:94:48:d4:7a:
                    fb:d8:f7:2e:eb:a3:70:c7:17:13:28:a1:2a:61:a0:
                    bc:a3:d7:7b:4b:f9:33:c5:ce:3a:a9:94:1e:16:e7:
                    d4:d2:b6:49:a1:60:c7:26:1a:b0:c7:31:2d:1c:03:
                    94:9e:33:fc:18:bd:b0:31:dd:a3:82:b0:c7:ab:73:
                    10:bf:e4:34:9d:06:ec:19:96:55:81:07:bb:37:5b:
                    cd:f5:14:51:72:b8:16:21:09:b0:e4:0d:f0:0d:4e:
                    54:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:A2:D3:F8:57:F5:74:63:92:7E:99:F6:E0:A1:93:AF:2E:38:F8:C6
            X509v3 Authority Key Identifier:
                keyid:BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/C6LT-Ff1dGOSfpn24KGTry44-MY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:488:bb0e::/48

    Signature Algorithm: sha256WithRSAEncryption
         35:28:d0:50:0f:c2:8d:07:f6:61:09:46:5f:d5:04:66:6e:a9:
         d8:9f:cf:30:28:4b:91:3d:87:bf:c7:7f:d1:45:47:cd:77:e6:
         6e:1c:f7:f6:4a:a7:e1:6c:cf:9f:fa:be:55:63:f4:cd:d2:1f:
         ed:40:43:2a:3e:f8:ba:84:a8:82:09:1b:ca:93:77:6b:ee:8d:
         43:1e:c3:9a:a6:6f:0e:67:4d:4e:23:7e:f4:54:e2:3a:77:63:
         11:94:37:12:d6:70:2f:7e:e8:96:02:4c:14:e5:f9:0f:c7:98:
         a5:46:3a:d5:e7:27:41:1d:71:79:31:06:31:64:02:79:16:00:
         77:de:22:1c:f4:97:9e:2e:b1:d2:31:6a:e9:ed:8c:eb:e2:fc:
         8c:08:3a:35:cb:e7:44:2f:34:21:9d:69:59:cb:77:a7:dc:7f:
         e8:a4:5e:5d:6d:b7:a5:9f:ee:7b:c8:ba:0d:ea:f0:79:ee:32:
         dd:b9:22:d2:ca:57:fa:b9:7e:9e:41:65:e0:b6:1c:c5:51:aa:
         d0:2f:ba:2a:9e:be:3f:81:b5:9c:ac:d9:40:12:5a:11:8f:52:
         9e:fd:20:58:c9:d7:4d:c7:63:3b:38:c4:75:24:b3:ba:38:69:
         36:6a:5b:30:68:5d:03:7a:0f:d8:2b:ea:6d:18:9a:fd:7f:b7:
         30:b6:a4:db
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIATg7yb36gM73uzeqKj0AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNmVkMGZiN2IzMjA4MzJhYzE1ODA1MzRjN2IyNjNmMzA0
ZTk4MWIwHhcNMjQwMTAyMDIyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmEyZDNmODU3ZjU3NDYzOTI3ZTk5ZjZlMGExOTNhZjJlMzhmOGM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp4BdTQIfzwtsrn4YAIHvlF1Sh0sr
zG25nhZ22zUscWV7k9wEWWjsHdz6IKbJ8O5KKk3K9YdAC6DW89tZzYrAmBucayI4
E1oq807njXcpw/V431eCMOp8pmLqVbue0+gvmB86MiMvDaeDC9ETNRVwe7ebnfw+
CwOCg2idGCjH/rnQlUdO0LEFhWAVAPcfEmaJqzFAOSy0K+llOraE9HUts5RI1Hr7
2Pcu66NwxxcTKKEqYaC8o9d7S/kzxc46qZQeFufU0rZJoWDHJhqwxzEtHAOUnjP8
GL2wMd2jgrDHq3MQv+Q0nQbsGZZVgQe7N1vN9RRRcrgWIQmw5A3wDU5U3QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAui0/hX9XRjkn6Z9uChk68uOPjGMB8GA1UdIwQY
MBaAFLpu0Pt7MggyrBWAU0x7Jj8wTpgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQt
MTYxZjM0MjM4N2QxLzEvQzZMVC1GZjFkR09TZnBuMjRLR1RyeTQ0LU1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQtMTYxZjM0MjM4N2Qx
LzEvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgEEiLsO
MA0GCSqGSIb3DQEBCwUAA4IBAQA1KNBQD8KNB/ZhCUZf1QRmbqnYn88wKEuRPYe/
x3/RRUfNd+ZuHPf2SqfhbM+f+r5VY/TN0h/tQEMqPvi6hKiCCRvKk3dr7o1DHsOa
pm8OZ01OI370VOI6d2MRlDcS1nAvfuiWAkwU5fkPx5ilRjrV5ydBHXF5MQYxZAJ5
FgB33iIc9JeeLrHSMWrp7Yzr4vyMCDo1y+dELzQhnWlZy3en3H/opF5dbbeln+57
yLoN6vB57jLduSLSylf6uX6eQWXgthzFUarQL7oqnr4/gbWcrNlAEloRj1Ke/SBY
yddNx2M7OMR1JLO6OGk2alswaF0Deg/YK+ptGJr9f7cwtqTb
-----END CERTIFICATE-----