Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/ZSpOjRqSVbvxFTysP3Apo4aG-60.roa
File:                     ZSpOjRqSVbvxFTysP3Apo4aG-60.roa (raw, json)
Hash identifier:          +2rz9BShvA07ZS8M7N/tmVg07A5JPd0L63RjNQE5ZHw=
Subject key identifier:   65:2A:4E:8D:1A:92:55:BB:F1:15:3C:AC:3F:70:29:A3:86:86:FB:AD
Certificate issuer:       /CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
Certificate serial:       018CC8013956AD148F963881740CD98F12C0
Authority key identifier: BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/ZSpOjRqSVbvxFTysP3Apo4aG-60.roa
Signing time:             Tue 02 Jan 2024 02:29:32 +0000
ROA not before:           Tue 02 Jan 2024 02:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     397516
IP address blocks:        2a01:488:bb0f::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:39:56:ad:14:8f:96:38:81:74:0c:d9:8f:12:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
        Validity
            Not Before: Jan  2 02:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=652a4e8d1a9255bbf1153cac3f7029a38686fbad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:bb:20:53:88:e9:5a:9b:0e:5e:fb:12:d3:25:
                    9e:0c:3d:cf:58:8b:79:b7:f5:1b:cb:3a:f3:d5:b3:
                    19:47:bb:40:1b:d7:5d:19:d8:2b:be:87:fc:fc:ed:
                    d9:79:fb:fa:27:89:51:2e:8c:2a:57:ef:fd:88:14:
                    fb:b1:70:06:47:9f:d3:d9:0b:b6:c1:7b:b1:21:24:
                    34:a3:9f:97:28:70:89:94:9d:67:c4:c9:f3:b7:e1:
                    08:f1:1f:99:ce:9d:3c:a3:ec:6d:32:a3:d6:a0:17:
                    2a:47:7b:97:09:80:a6:17:af:a1:cb:96:80:88:d2:
                    3b:83:00:6f:34:85:7d:2f:ec:a1:24:40:a6:5e:6d:
                    1c:d0:b4:be:fb:24:08:6a:f3:d6:0f:de:70:27:21:
                    df:7c:98:5e:b2:ad:86:9b:d9:bb:39:06:c1:3c:2c:
                    a5:90:29:3d:d1:10:59:cd:0e:80:df:f8:26:0e:28:
                    8c:e5:33:83:57:d7:ff:8c:eb:71:50:3a:ef:58:14:
                    eb:90:e0:db:89:bc:bc:c1:88:31:b2:90:1b:70:39:
                    6f:43:e6:64:a8:d5:16:d3:c3:40:17:35:05:7e:20:
                    9e:67:b3:33:ed:c5:e1:97:cb:58:1f:61:58:22:da:
                    88:a3:36:7b:77:63:71:8d:14:d9:a6:0b:3c:dc:af:
                    b3:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:2A:4E:8D:1A:92:55:BB:F1:15:3C:AC:3F:70:29:A3:86:86:FB:AD
            X509v3 Authority Key Identifier:
                keyid:BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/ZSpOjRqSVbvxFTysP3Apo4aG-60.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:488:bb0f::/48

    Signature Algorithm: sha256WithRSAEncryption
         65:4b:b8:5d:4c:71:4d:27:1b:97:11:04:ac:74:61:a2:2d:47:
         a6:3f:69:f1:fd:48:8a:9c:3a:b2:c0:f8:a9:02:78:21:1b:ae:
         4d:69:e6:bd:41:90:a5:b6:4d:57:3f:3d:6e:e2:c2:82:7b:4f:
         e3:4c:86:6f:ea:7d:e3:64:bf:14:13:3f:df:0b:bb:96:25:30:
         2c:cc:d0:3a:20:f2:01:39:9d:cb:0e:1a:3f:71:bf:ed:02:64:
         b5:57:a2:fe:05:20:c1:cb:91:c8:42:56:63:61:1a:23:ff:8a:
         7e:af:9d:2d:99:01:21:77:b9:0a:81:08:72:7a:61:15:f1:09:
         79:5a:ad:11:62:3d:a0:7e:31:bb:34:80:bd:16:cb:b6:e0:b4:
         b2:0b:11:9e:3a:fd:3c:1b:72:a5:95:94:ad:2c:e8:82:ea:04:
         8c:2a:39:a1:37:f9:50:f0:ec:e0:f3:a2:1d:6a:4c:fc:65:80:
         3b:f7:e3:2c:72:1f:ff:cf:6e:09:48:d0:68:cb:02:db:6e:f4:
         24:c0:56:1f:da:b7:d7:0c:32:90:54:1c:b1:02:2d:e6:0b:06:
         42:d3:8b:39:f1:6f:22:dc:2e:f2:18:9f:13:4b:7a:c4:93:e2:
         9b:21:7e:24:71:db:81:16:d6:28:56:0f:e8:39:79:0b:7d:14:
         e3:4d:02:ec
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIATlWrRSPljiBdAzZjxLAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNmVkMGZiN2IzMjA4MzJhYzE1ODA1MzRjN2IyNjNmMzA0
ZTk4MWIwHhcNMjQwMTAyMDIyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTJhNGU4ZDFhOTI1NWJiZjExNTNjYWMzZjcwMjlhMzg2ODZmYmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgrsgU4jpWpsOXvsS0yWeDD3PWIt5
t/Ubyzrz1bMZR7tAG9ddGdgrvof8/O3Zefv6J4lRLowqV+/9iBT7sXAGR5/T2Qu2
wXuxISQ0o5+XKHCJlJ1nxMnzt+EI8R+Zzp08o+xtMqPWoBcqR3uXCYCmF6+hy5aA
iNI7gwBvNIV9L+yhJECmXm0c0LS++yQIavPWD95wJyHffJhesq2Gm9m7OQbBPCyl
kCk90RBZzQ6A3/gmDiiM5TODV9f/jOtxUDrvWBTrkODbiby8wYgxspAbcDlvQ+Zk
qNUW08NAFzUFfiCeZ7Mz7cXhl8tYH2FYItqIozZ7d2NxjRTZpgs83K+zMQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGUqTo0aklW78RU8rD9wKaOGhvutMB8GA1UdIwQY
MBaAFLpu0Pt7MggyrBWAU0x7Jj8wTpgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQt
MTYxZjM0MjM4N2QxLzEvWlNwT2pScVNWYnZ4RlR5c1AzQXBvNGFHLTYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQtMTYxZjM0MjM4N2Qx
LzEvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgEEiLsP
MA0GCSqGSIb3DQEBCwUAA4IBAQBlS7hdTHFNJxuXEQSsdGGiLUemP2nx/UiKnDqy
wPipAnghG65Naea9QZCltk1XPz1u4sKCe0/jTIZv6n3jZL8UEz/fC7uWJTAszNA6
IPIBOZ3LDho/cb/tAmS1V6L+BSDBy5HIQlZjYRoj/4p+r50tmQEhd7kKgQhyemEV
8Ql5Wq0RYj2gfjG7NIC9Fsu24LSyCxGeOv08G3KllZStLOiC6gSMKjmhN/lQ8Ozg
86Idakz8ZYA79+Msch//z24JSNBoywLbbvQkwFYf2rfXDDKQVByxAi3mCwZC04s5
8W8i3C7yGJ8TS3rEk+KbIX4kcduBFtYoVg/oOXkLfRTjTQLs
-----END CERTIFICATE-----