Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/KP5HGifGCLzmXmEwdtwoXR4114s.roa
File:                     KP5HGifGCLzmXmEwdtwoXR4114s.roa (raw, json)
Hash identifier:          3fUwzHYU15gVwZKXGK/TVIOGsNAY7xVFmQXnNPOAAec=
Subject key identifier:   28:FE:47:1A:27:C6:08:BC:E6:5E:61:30:76:DC:28:5D:1E:35:D7:8B
Certificate issuer:       /CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
Certificate serial:       018CC801398DAF1BB2635446EF5FE137ECE2
Authority key identifier: BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/KP5HGifGCLzmXmEwdtwoXR4114s.roa
Signing time:             Tue 02 Jan 2024 02:29:32 +0000
ROA not before:           Tue 02 Jan 2024 02:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     397517
IP address blocks:        2a01:488:bb14::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 07:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:39:8d:af:1b:b2:63:54:46:ef:5f:e1:37:ec:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
        Validity
            Not Before: Jan  2 02:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=28fe471a27c608bce65e613076dc285d1e35d78b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:d8:87:fd:c1:cb:83:a8:55:ab:7f:dc:e0:23:
                    d7:1a:f6:0a:57:f7:c1:85:81:5f:c3:d5:db:35:89:
                    ad:eb:6a:1c:42:be:f3:c2:21:23:69:36:3c:75:bd:
                    ae:23:51:c3:f4:52:57:59:35:88:95:9c:ad:69:7a:
                    14:c8:27:5f:85:37:19:35:9e:87:93:7b:cb:87:eb:
                    e1:a3:1f:84:50:d9:8c:bc:c2:d8:9d:ed:3a:61:8b:
                    f8:89:a7:c1:8c:0f:ad:e3:9a:ef:77:b3:08:ea:f1:
                    33:ca:e2:03:24:04:25:26:04:d0:0a:fa:4d:97:78:
                    f8:0a:d0:0c:a1:5f:15:c8:60:63:8a:0a:79:a7:31:
                    30:95:a0:67:ac:65:55:1e:31:67:36:a9:19:fe:a5:
                    7b:35:41:f3:65:12:5d:f5:4b:15:0c:52:e9:ef:af:
                    bd:e9:3d:1d:e9:c3:83:c7:88:11:3e:4d:f5:cc:e6:
                    c0:89:3c:bb:36:b5:fb:32:e3:34:bf:b6:00:60:03:
                    eb:df:ce:e6:4e:cb:1a:87:82:df:55:f4:84:d5:29:
                    6a:1f:56:3a:a8:02:f1:84:e8:e3:28:e3:a8:82:1b:
                    a9:2a:64:d7:fe:03:54:7e:78:3b:da:61:54:38:10:
                    93:37:2c:ef:39:12:ff:69:86:4b:b9:33:d0:48:26:
                    00:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:FE:47:1A:27:C6:08:BC:E6:5E:61:30:76:DC:28:5D:1E:35:D7:8B
            X509v3 Authority Key Identifier:
                keyid:BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/KP5HGifGCLzmXmEwdtwoXR4114s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:488:bb14::/48

    Signature Algorithm: sha256WithRSAEncryption
         5b:a4:ca:5e:8f:12:7a:63:62:a9:60:33:61:2f:71:b3:3f:98:
         f5:8f:39:02:76:9c:5a:3c:ae:81:9d:1a:15:d8:ca:9b:a5:53:
         9f:a3:2c:f8:75:b7:2a:37:44:97:09:c8:8a:5d:4e:75:cb:df:
         58:c8:c3:49:62:d8:cc:14:26:59:e2:6c:03:34:fe:54:8b:b2:
         b7:fb:f6:ba:18:58:75:b1:6e:58:be:b8:e3:cf:1c:7e:4b:1a:
         a0:eb:ff:1a:5e:cd:63:b5:b8:bb:b4:21:47:54:20:d4:7d:2c:
         68:b2:2e:39:4e:5d:6e:2c:46:bf:1e:e5:f9:7e:81:09:cf:2b:
         46:45:01:e4:4b:6c:20:de:a3:2b:5a:39:4c:bd:62:b0:12:1f:
         4c:77:d1:50:f4:4b:b9:4e:2e:d7:51:55:5a:31:96:24:48:ac:
         f0:e1:0f:00:36:33:e1:07:3c:df:10:bf:ff:fc:a4:f5:e7:56:
         30:ab:d5:e8:9d:b5:02:ce:b4:b7:2d:65:3c:48:74:a3:47:98:
         08:fa:96:42:1f:d3:c0:88:b7:3b:8d:6d:76:a4:76:c9:f4:28:
         6b:4b:4e:3a:b7:fd:d1:44:3e:6c:8b:40:1d:03:07:94:61:9e:
         cb:03:95:0b:8f:bb:55:53:b3:99:6c:d9:35:86:62:7b:54:bb:
         02:dd:77:58
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIATmNrxuyY1RG71/hN+ziMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNmVkMGZiN2IzMjA4MzJhYzE1ODA1MzRjN2IyNjNmMzA0
ZTk4MWIwHhcNMjQwMTAyMDIyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGZlNDcxYTI3YzYwOGJjZTY1ZTYxMzA3NmRjMjg1ZDFlMzVkNzhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgNiH/cHLg6hVq3/c4CPXGvYKV/fB
hYFfw9XbNYmt62ocQr7zwiEjaTY8db2uI1HD9FJXWTWIlZytaXoUyCdfhTcZNZ6H
k3vLh+vhox+EUNmMvMLYne06YYv4iafBjA+t45rvd7MI6vEzyuIDJAQlJgTQCvpN
l3j4CtAMoV8VyGBjigp5pzEwlaBnrGVVHjFnNqkZ/qV7NUHzZRJd9UsVDFLp76+9
6T0d6cODx4gRPk31zObAiTy7NrX7MuM0v7YAYAPr387mTssah4LfVfSE1SlqH1Y6
qALxhOjjKOOoghupKmTX/gNUfng72mFUOBCTNyzvORL/aYZLuTPQSCYAgwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCj+Rxonxgi85l5hMHbcKF0eNdeLMB8GA1UdIwQY
MBaAFLpu0Pt7MggyrBWAU0x7Jj8wTpgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQt
MTYxZjM0MjM4N2QxLzEvS1A1SEdpZkdDTHptWG1Fd2R0d29YUjQxMTRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQtMTYxZjM0MjM4N2Qx
LzEvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgEEiLsU
MA0GCSqGSIb3DQEBCwUAA4IBAQBbpMpejxJ6Y2KpYDNhL3GzP5j1jzkCdpxaPK6B
nRoV2MqbpVOfoyz4dbcqN0SXCciKXU51y99YyMNJYtjMFCZZ4mwDNP5Ui7K3+/a6
GFh1sW5Yvrjjzxx+Sxqg6/8aXs1jtbi7tCFHVCDUfSxosi45Tl1uLEa/HuX5foEJ
zytGRQHkS2wg3qMrWjlMvWKwEh9Md9FQ9Eu5Ti7XUVVaMZYkSKzw4Q8ANjPhBzzf
EL///KT151Ywq9XonbUCzrS3LWU8SHSjR5gI+pZCH9PAiLc7jW12pHbJ9ChrS046
t/3RRD5si0AdAweUYZ7LA5ULj7tVU7OZbNk1hmJ7VLsC3XdY
-----END CERTIFICATE-----