Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/cWHICIBiC3dRjKZPyyI78SwfKN4.roa
File:                     cWHICIBiC3dRjKZPyyI78SwfKN4.roa (raw, json)
Hash identifier:          dxXQvROjxkYVqkgCwV2wmF0Li+AbVKndhgcGz20J/6U=
Subject key identifier:   71:61:C8:08:80:62:0B:77:51:8C:A6:4F:CB:22:3B:F1:2C:1F:28:DE
Certificate issuer:       /CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
Certificate serial:       018CC8013C16493A7DF085EE925365BE742E
Authority key identifier: BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/cWHICIBiC3dRjKZPyyI78SwfKN4.roa
Signing time:             Tue 02 Jan 2024 02:29:33 +0000
ROA not before:           Tue 02 Jan 2024 02:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     397522
IP address blocks:        2a01:488:bb1d::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 May 2024 13:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:3c:16:49:3a:7d:f0:85:ee:92:53:65:be:74:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
        Validity
            Not Before: Jan  2 02:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7161c80880620b77518ca64fcb223bf12c1f28de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:c1:ee:6d:33:b6:29:85:8c:f3:8f:ad:b7:fa:
                    e2:51:71:6b:18:0d:b6:5c:71:5e:b9:20:5b:a5:5b:
                    d3:ad:e3:d2:68:f8:88:b8:c8:86:c3:e6:99:fe:ec:
                    38:f0:c6:96:8e:ba:62:ff:56:24:d2:6d:a3:97:82:
                    ed:9e:77:d7:76:d0:04:50:8e:12:a5:64:2c:33:3f:
                    2d:0d:b0:33:da:6b:40:09:c1:64:20:2e:0e:11:24:
                    2c:05:f4:1e:b1:1b:7c:e6:29:95:8f:6c:c1:02:ac:
                    16:8b:30:53:dd:f4:83:bf:d2:a4:1f:67:16:5d:77:
                    5f:03:82:b1:6c:fe:d4:e1:94:a8:8f:29:d2:42:c3:
                    16:f5:bb:a2:97:bb:f3:74:e6:70:66:5d:e8:67:0f:
                    35:87:5a:af:92:b3:ef:a5:ad:32:8f:03:8b:c1:3e:
                    9c:99:ca:eb:ce:01:b4:10:e6:3f:8b:3b:ea:de:ab:
                    07:17:18:96:c9:9b:b0:a7:f6:a4:ba:43:e5:16:b4:
                    14:97:73:41:b8:d0:6f:bd:98:18:c4:a0:05:4b:c7:
                    aa:c1:31:77:c8:26:fa:dd:6c:ac:c2:b8:f4:ee:eb:
                    14:d8:80:22:4f:f2:63:1a:48:89:45:ef:cf:70:07:
                    2d:41:10:27:ad:f9:4d:f0:72:0d:c4:09:13:63:80:
                    09:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:61:C8:08:80:62:0B:77:51:8C:A6:4F:CB:22:3B:F1:2C:1F:28:DE
            X509v3 Authority Key Identifier:
                keyid:BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/cWHICIBiC3dRjKZPyyI78SwfKN4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:488:bb1d::/48

    Signature Algorithm: sha256WithRSAEncryption
         4d:76:0d:8b:4d:1f:82:d4:ae:bf:92:0f:99:30:52:ae:26:95:
         75:45:b0:6e:3a:32:6c:14:d7:90:6a:36:7f:7f:37:c9:b3:35:
         10:23:d4:0a:4a:f4:36:28:84:74:36:89:fd:8b:1a:56:4d:53:
         5b:c3:84:96:6f:47:1c:f0:4f:dd:ac:2e:f4:b2:92:74:ea:67:
         5f:55:96:33:d9:7f:87:bf:79:7a:18:78:46:4b:28:7f:cd:49:
         f3:11:26:b8:ad:ad:23:5e:a1:76:8e:cc:27:89:bb:fb:d7:78:
         6e:66:18:97:32:df:ba:47:cf:8c:26:5d:44:4e:89:79:76:a7:
         d2:ea:30:3a:f2:d1:d1:0c:86:0f:86:a2:bc:dd:59:39:b7:16:
         e9:2a:5f:69:88:f6:3f:cf:1d:b5:24:49:f9:d2:54:88:10:ff:
         48:8b:f6:d8:2d:91:b2:cf:c8:84:46:52:f0:83:22:e9:46:18:
         7b:bd:91:55:75:fd:41:5b:b2:4b:c4:c3:69:6b:b0:bb:fa:fa:
         af:f3:e1:90:85:c5:40:85:93:f5:ee:02:7a:2a:63:04:8f:58:
         1c:3b:7d:9c:56:f0:7f:c1:50:e4:61:54:15:48:d4:ae:b7:a7:
         e1:ba:29:43:c1:04:3f:38:88:9d:56:52:ba:ef:53:b2:61:fa:
         32:60:a8:37
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIATwWSTp98IXuklNlvnQuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNmVkMGZiN2IzMjA4MzJhYzE1ODA1MzRjN2IyNjNmMzA0
ZTk4MWIwHhcNMjQwMTAyMDIyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTYxYzgwODgwNjIwYjc3NTE4Y2E2NGZjYjIyM2JmMTJjMWYyOGRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh8HubTO2KYWM84+tt/riUXFrGA22
XHFeuSBbpVvTrePSaPiIuMiGw+aZ/uw48MaWjrpi/1Yk0m2jl4LtnnfXdtAEUI4S
pWQsMz8tDbAz2mtACcFkIC4OESQsBfQesRt85imVj2zBAqwWizBT3fSDv9KkH2cW
XXdfA4KxbP7U4ZSojynSQsMW9buil7vzdOZwZl3oZw81h1qvkrPvpa0yjwOLwT6c
mcrrzgG0EOY/izvq3qsHFxiWyZuwp/akukPlFrQUl3NBuNBvvZgYxKAFS8eqwTF3
yCb63Wyswrj07usU2IAiT/JjGkiJRe/PcActQRAnrflN8HINxAkTY4AJxQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHFhyAiAYgt3UYymT8siO/EsHyjeMB8GA1UdIwQY
MBaAFLpu0Pt7MggyrBWAU0x7Jj8wTpgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQt
MTYxZjM0MjM4N2QxLzEvY1dISUNJQmlDM2RSaktaUHl5STc4U3dmS040LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQtMTYxZjM0MjM4N2Qx
LzEvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgEEiLsd
MA0GCSqGSIb3DQEBCwUAA4IBAQBNdg2LTR+C1K6/kg+ZMFKuJpV1RbBuOjJsFNeQ
ajZ/fzfJszUQI9QKSvQ2KIR0Non9ixpWTVNbw4SWb0cc8E/drC70spJ06mdfVZYz
2X+Hv3l6GHhGSyh/zUnzESa4ra0jXqF2jswnibv713huZhiXMt+6R8+MJl1ETol5
dqfS6jA68tHRDIYPhqK83Vk5txbpKl9piPY/zx21JEn50lSIEP9Ii/bYLZGyz8iE
RlLwgyLpRhh7vZFVdf1BW7JLxMNpa7C7+vqv8+GQhcVAhZP17gJ6KmMEj1gcO32c
VvB/wVDkYVQVSNSut6fhuilDwQQ/OIidVlK671OyYfoyYKg3
-----END CERTIFICATE-----