Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/TkGlpc5Tn70aJVwhv7pNACfX1jA.roa
File:                     TkGlpc5Tn70aJVwhv7pNACfX1jA.roa (raw, json)
Hash identifier:          btdfTVJmMqYsieIn46CF/cLd49A9Xyl8eSZFuUISFt8=
Subject key identifier:   4E:41:A5:A5:CE:53:9F:BD:1A:25:5C:21:BF:BA:4D:00:27:D7:D6:30
Certificate issuer:       /CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
Certificate serial:       019427B652ECC01127C4CFAEBA8511D4A8FA
Authority key identifier: BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/TkGlpc5Tn70aJVwhv7pNACfX1jA.roa
Signing time:             Thu 02 Jan 2025 15:50:47 +0000
ROA not before:           Thu 02 Jan 2025 15:50:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     397518
IP address blocks:        2a01:488:bb17::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:52:ec:c0:11:27:c4:cf:ae:ba:85:11:d4:a8:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
        Validity
            Not Before: Jan  2 15:50:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4e41a5a5ce539fbd1a255c21bfba4d0027d7d630
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:71:ea:37:aa:15:f2:f9:fa:f9:d2:86:59:c0:
                    ed:92:9c:ad:83:5d:7a:a8:b0:a3:67:db:ac:39:5e:
                    c3:1a:7b:67:c7:4b:47:34:ca:8a:9b:2c:47:90:77:
                    c3:d6:0e:8f:37:ca:02:f8:28:75:23:40:57:72:42:
                    cc:f1:b4:59:3a:d8:8a:9f:07:63:70:f3:99:09:d5:
                    92:f1:b1:82:7d:d5:b4:55:65:d1:b6:79:1f:5b:53:
                    80:58:8e:b9:a0:d2:bc:ed:29:a6:ed:bb:b1:1e:d9:
                    b5:7c:e1:fb:10:1a:4e:f4:08:f4:3a:46:eb:de:ec:
                    09:ec:79:94:5c:20:e3:0c:30:62:bc:03:9c:05:85:
                    05:ec:a6:8f:7e:b0:3f:e0:5d:6a:21:9c:1e:9b:79:
                    0b:34:2a:c8:0e:ec:ce:0b:72:de:4c:1a:45:62:59:
                    a0:0f:47:fc:ea:c1:59:2d:32:0b:bf:67:65:f0:04:
                    c4:e5:ad:7a:0b:26:6e:c3:da:82:a1:ad:73:22:07:
                    7a:6e:23:0f:0a:24:3a:cc:54:5d:ec:a3:e1:f6:58:
                    a1:e3:b8:68:f1:e2:9d:b5:d8:d7:cd:73:ef:7e:f7:
                    7c:bb:a6:b5:de:f3:58:3c:bd:0f:f5:80:3d:bf:ac:
                    06:07:fe:a4:a0:78:1b:1b:ad:35:23:72:e4:a6:05:
                    2b:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:41:A5:A5:CE:53:9F:BD:1A:25:5C:21:BF:BA:4D:00:27:D7:D6:30
            X509v3 Authority Key Identifier:
                keyid:BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/TkGlpc5Tn70aJVwhv7pNACfX1jA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:488:bb17::/48

    Signature Algorithm: sha256WithRSAEncryption
         12:7b:49:6b:e2:8c:a9:ad:63:1e:e0:c1:37:e5:62:ee:45:4a:
         2e:6c:d3:9e:9d:ff:ee:82:79:ed:55:f5:50:7c:c9:98:d0:cc:
         bf:c9:82:e8:1b:b6:1f:ff:08:d7:9e:1c:a0:21:d8:a9:b6:d0:
         a4:26:40:a3:1f:84:89:d9:4b:4a:ec:08:ee:34:d4:c9:61:81:
         3f:3d:7f:fd:69:45:48:1d:99:77:e9:1c:16:02:28:18:a1:c1:
         89:68:48:cb:fa:15:a1:f9:20:6d:6f:84:a3:49:79:a2:4f:e5:
         73:a1:6e:80:c8:e8:40:28:23:ea:b5:ef:d2:58:a1:c9:96:0b:
         92:aa:44:65:86:dd:c4:28:6d:2d:a2:78:02:f7:6c:ed:e3:ab:
         e8:5c:0c:ed:4f:cb:df:83:ca:b1:3c:13:48:f1:7d:b1:36:ed:
         e3:0a:fe:fb:97:e3:9e:b6:65:06:7b:87:42:21:c7:0a:be:ef:
         03:27:4a:e5:ef:f2:fb:5d:96:ea:7f:74:cd:33:50:d6:74:6b:
         51:3a:d2:56:fc:91:83:9d:7e:c2:ff:96:ce:80:17:dc:6e:72:
         de:3e:18:38:b7:68:e4:87:20:4d:0e:83:b7:fa:6c:44:f7:59:
         15:83:3b:3e:22:b1:cb:b9:bf:7a:33:af:97:8c:51:6b:aa:69:
         68:cc:ec:3e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQntlLswBEnxM+uuoUR1Kj6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNmVkMGZiN2IzMjA4MzJhYzE1ODA1MzRjN2IyNjNmMzA0
ZTk4MWIwHhcNMjUwMTAyMTU1MDQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTQxYTVhNWNlNTM5ZmJkMWEyNTVjMjFiZmJhNGQwMDI3ZDdkNjMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlXHqN6oV8vn6+dKGWcDtkpytg116
qLCjZ9usOV7DGntnx0tHNMqKmyxHkHfD1g6PN8oC+Ch1I0BXckLM8bRZOtiKnwdj
cPOZCdWS8bGCfdW0VWXRtnkfW1OAWI65oNK87Smm7buxHtm1fOH7EBpO9Aj0Okbr
3uwJ7HmUXCDjDDBivAOcBYUF7KaPfrA/4F1qIZwem3kLNCrIDuzOC3LeTBpFYlmg
D0f86sFZLTILv2dl8ATE5a16CyZuw9qCoa1zIgd6biMPCiQ6zFRd7KPh9lih47ho
8eKdtdjXzXPvfvd8u6a13vNYPL0P9YA9v6wGB/6koHgbG601I3LkpgUrEwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFE5BpaXOU5+9GiVcIb+6TQAn19YwMB8GA1UdIwQY
MBaAFLpu0Pt7MggyrBWAU0x7Jj8wTpgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQt
MTYxZjM0MjM4N2QxLzEvVGtHbHBjNVRuNzBhSlZ3aHY3cE5BQ2ZYMWpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQtMTYxZjM0MjM4N2Qx
LzEvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgEEiLsX
MA0GCSqGSIb3DQEBCwUAA4IBAQASe0lr4oyprWMe4ME35WLuRUoubNOenf/ugnnt
VfVQfMmY0My/yYLoG7Yf/wjXnhygIdipttCkJkCjH4SJ2UtK7AjuNNTJYYE/PX/9
aUVIHZl36RwWAigYocGJaEjL+hWh+SBtb4SjSXmiT+VzoW6AyOhAKCPqte/SWKHJ
lguSqkRlht3EKG0tongC92zt46voXAztT8vfg8qxPBNI8X2xNu3jCv77l+OetmUG
e4dCIccKvu8DJ0rl7/L7XZbqf3TNM1DWdGtROtJW/JGDnX7C/5bOgBfcbnLePhg4
t2jkhyBNDoO3+mxE91kVgzs+IrHLub96M6+XjFFrqmlozOw+
-----END CERTIFICATE-----