Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/QmjgWzuarbRULuLql_6hRPuc_PI.roa
File:                     QmjgWzuarbRULuLql_6hRPuc_PI.roa (raw, json)
Hash identifier:          yckeBnl8EdCyKjxKxVUl5TLZX1ctT9xEBg889hfvsvQ=
Subject key identifier:   42:68:E0:5B:3B:9A:AD:B4:54:2E:E2:EA:97:FE:A1:44:FB:9C:FC:F2
Certificate issuer:       /CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
Certificate serial:       018CC801372266B482BE8CD86C393341DA68
Authority key identifier: BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/QmjgWzuarbRULuLql_6hRPuc_PI.roa
Signing time:             Tue 02 Jan 2024 02:29:32 +0000
ROA not before:           Tue 02 Jan 2024 02:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34440
IP address blocks:        2a01:488:bb18::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:37:22:66:b4:82:be:8c:d8:6c:39:33:41:da:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
        Validity
            Not Before: Jan  2 02:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4268e05b3b9aadb4542ee2ea97fea144fb9cfcf2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:df:a7:c9:f6:59:78:64:b0:22:04:48:4b:be:
                    ff:c4:bc:3f:62:9d:90:8c:39:30:9e:96:e0:3e:8d:
                    57:7f:90:48:5e:85:03:0d:e3:1c:5f:de:bb:6e:75:
                    a4:29:58:4e:87:0f:a0:2f:dd:e7:e9:f3:b9:f3:db:
                    95:7f:5f:ff:6f:3b:0a:8f:ac:6f:01:cb:87:44:6e:
                    54:d6:8a:e8:cd:4d:32:c5:77:2b:98:d3:44:1a:0e:
                    78:7c:75:3a:0e:3c:3b:db:ed:00:ed:a1:14:85:a5:
                    2f:8f:ab:91:48:64:04:b6:48:fc:f0:fd:f8:9d:e3:
                    4d:95:66:71:34:b2:71:e3:a5:42:9e:75:f5:31:af:
                    83:3e:de:ed:ed:36:69:fd:96:6e:18:5c:3c:8b:9d:
                    89:85:c6:eb:fc:e2:41:aa:91:bf:04:93:64:e7:d3:
                    48:e6:6c:bc:e5:61:e9:49:ef:55:cd:be:ca:cb:53:
                    b1:b1:63:ec:ef:90:51:e5:94:f6:24:63:6a:b4:e9:
                    81:88:ee:ad:72:53:32:1f:d9:ad:43:a9:54:f9:76:
                    ba:cb:79:96:0a:0d:73:13:ae:be:0e:c7:ca:3e:91:
                    3e:2b:df:91:16:25:93:20:d8:54:2a:25:77:a0:95:
                    8e:b6:fb:2a:9d:50:5c:de:f3:24:19:dd:fe:14:6e:
                    d2:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:68:E0:5B:3B:9A:AD:B4:54:2E:E2:EA:97:FE:A1:44:FB:9C:FC:F2
            X509v3 Authority Key Identifier:
                keyid:BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/QmjgWzuarbRULuLql_6hRPuc_PI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:488:bb18::/48

    Signature Algorithm: sha256WithRSAEncryption
         62:00:39:44:5a:6a:49:9e:11:24:ae:e9:61:ac:21:2e:90:5e:
         23:d1:a9:91:72:dc:5e:79:c7:df:9c:1a:1e:9f:eb:5c:a6:49:
         f4:e7:e9:a8:69:e7:09:14:82:fa:2e:ce:0e:b7:c9:3e:a2:21:
         96:b0:ae:85:a0:09:cd:bc:6d:a6:b8:76:c8:ca:c2:2e:ab:ae:
         04:a1:cb:47:99:22:fc:68:6d:91:19:f6:ab:c2:e8:12:8a:c3:
         f5:9a:fc:62:9d:d6:a3:e2:2d:94:d5:de:67:27:cb:23:ab:a2:
         78:14:c3:9f:18:cc:00:5e:95:43:f9:42:a5:69:a5:f4:79:83:
         9d:0e:85:0d:8e:a3:91:84:01:ed:a0:d6:cf:fb:86:ee:45:b7:
         24:17:61:4d:73:86:7e:ea:00:1a:59:13:bb:33:8c:5c:97:50:
         cd:7a:53:8a:90:33:9b:c9:c1:ef:e9:0f:98:31:b7:75:ad:f8:
         27:db:f2:e4:e2:91:ad:04:f3:75:79:a3:d3:4f:1e:21:e3:41:
         35:c5:6a:e3:b8:e5:73:b6:c3:55:bc:ad:dd:07:0a:ad:c2:a6:
         0e:18:18:c7:49:5e:77:b0:82:a3:5f:32:d0:a6:18:4c:18:54:
         bc:d1:b7:e2:e5:68:ed:82:80:c7:e3:e0:b3:e5:24:35:23:bf:
         53:3f:63:54
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIATciZrSCvozYbDkzQdpoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNmVkMGZiN2IzMjA4MzJhYzE1ODA1MzRjN2IyNjNmMzA0
ZTk4MWIwHhcNMjQwMTAyMDIyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjY4ZTA1YjNiOWFhZGI0NTQyZWUyZWE5N2ZlYTE0NGZiOWNmY2YyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkN+nyfZZeGSwIgRIS77/xLw/Yp2Q
jDkwnpbgPo1Xf5BIXoUDDeMcX967bnWkKVhOhw+gL93n6fO589uVf1//bzsKj6xv
AcuHRG5U1orozU0yxXcrmNNEGg54fHU6Djw72+0A7aEUhaUvj6uRSGQEtkj88P34
neNNlWZxNLJx46VCnnX1Ma+DPt7t7TZp/ZZuGFw8i52Jhcbr/OJBqpG/BJNk59NI
5my85WHpSe9Vzb7Ky1OxsWPs75BR5ZT2JGNqtOmBiO6tclMyH9mtQ6lU+Xa6y3mW
Cg1zE66+DsfKPpE+K9+RFiWTINhUKiV3oJWOtvsqnVBc3vMkGd3+FG7SpwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEJo4Fs7mq20VC7i6pf+oUT7nPzyMB8GA1UdIwQY
MBaAFLpu0Pt7MggyrBWAU0x7Jj8wTpgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQt
MTYxZjM0MjM4N2QxLzEvUW1qZ1d6dWFyYlJVTHVMcWxfNmhSUHVjX1BJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQtMTYxZjM0MjM4N2Qx
LzEvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgEEiLsY
MA0GCSqGSIb3DQEBCwUAA4IBAQBiADlEWmpJnhEkrulhrCEukF4j0amRctxeecff
nBoen+tcpkn05+moaecJFIL6Ls4Ot8k+oiGWsK6FoAnNvG2muHbIysIuq64EoctH
mSL8aG2RGfarwugSisP1mvxindaj4i2U1d5nJ8sjq6J4FMOfGMwAXpVD+UKlaaX0
eYOdDoUNjqORhAHtoNbP+4buRbckF2FNc4Z+6gAaWRO7M4xcl1DNelOKkDObycHv
6Q+YMbd1rfgn2/Lk4pGtBPN1eaPTTx4h40E1xWrjuOVztsNVvK3dBwqtwqYOGBjH
SV53sIKjXzLQphhMGFS80bfi5WjtgoDH4+Cz5SQ1I79TP2NU
-----END CERTIFICATE-----