Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/pyzxs4SebpB0XeVV1R_56nF0hlA.roa
File:                     pyzxs4SebpB0XeVV1R_56nF0hlA.roa (raw, json)
Hash identifier:          n4R/bvJcg7iaOKsSdqtEaRjws4Ra3wrKbpPis8gfodc=
Subject key identifier:   A7:2C:F1:B3:84:9E:6E:90:74:5D:E5:55:D5:1F:F9:EA:71:74:86:50
Certificate issuer:       /CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
Certificate serial:       018CC8013B80F2B4665C05384D74CD74458E
Authority key identifier: BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/pyzxs4SebpB0XeVV1R_56nF0hlA.roa
Signing time:             Tue 02 Jan 2024 02:29:32 +0000
ROA not before:           Tue 02 Jan 2024 02:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     397521
IP address blocks:        2a01:488:bb1c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:3b:80:f2:b4:66:5c:05:38:4d:74:cd:74:45:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
        Validity
            Not Before: Jan  2 02:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a72cf1b3849e6e90745de555d51ff9ea71748650
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:73:e5:66:0b:83:c2:9e:73:ee:04:97:dc:d8:
                    a3:ee:47:4e:ed:72:17:91:46:ed:f5:f2:e2:e7:52:
                    f7:e7:a9:cf:2b:7b:ea:fd:56:6d:1f:59:e7:64:e0:
                    18:b3:64:75:c9:57:af:93:88:e2:e8:a7:79:aa:1e:
                    3c:6f:8a:0b:f9:dc:c3:17:07:37:fb:4b:4e:46:13:
                    76:a7:d6:1f:61:7c:c7:b6:da:2a:4e:78:30:55:ab:
                    f8:3d:58:5d:d8:c0:42:f5:ea:e1:b5:12:80:e9:53:
                    7b:ab:83:0a:86:a2:76:e1:1d:a1:be:2f:d9:4c:47:
                    57:0c:b8:50:22:3c:4a:cf:d0:5a:a0:33:f3:a8:eb:
                    2a:af:81:cb:e8:bb:23:77:df:ba:6d:ed:3f:84:de:
                    00:9f:88:5c:2d:27:7a:cf:e6:c0:bc:77:e0:3d:d3:
                    13:6b:1d:3d:c8:48:ca:0f:ef:2a:ea:20:69:a2:b3:
                    21:3b:7c:3f:15:7d:06:38:d7:cd:c3:26:4c:ce:6f:
                    86:1e:6c:a8:66:d2:98:c8:97:88:93:e4:09:5c:6e:
                    87:a3:6c:c8:db:0a:22:4c:e5:b4:db:4b:24:a1:81:
                    18:2b:1a:2d:c3:a4:7a:c8:7f:e5:3d:da:40:1c:76:
                    3d:95:d9:75:88:95:60:a7:3d:05:ed:50:3b:48:5a:
                    0a:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:2C:F1:B3:84:9E:6E:90:74:5D:E5:55:D5:1F:F9:EA:71:74:86:50
            X509v3 Authority Key Identifier:
                keyid:BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/pyzxs4SebpB0XeVV1R_56nF0hlA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:488:bb1c::/48

    Signature Algorithm: sha256WithRSAEncryption
         22:ac:ac:be:b6:b5:9f:19:d3:d5:a0:75:1c:6c:a2:71:d0:8a:
         aa:b5:ee:32:4f:ba:63:be:14:90:fd:3f:d3:6e:c4:b8:57:9c:
         f4:19:07:e8:a4:bc:0b:59:f0:50:74:2a:cf:4e:0f:d2:89:3a:
         28:67:c6:59:3d:93:dd:e9:14:23:5d:03:a0:b2:26:25:b3:58:
         b1:bb:ac:8c:3d:a0:7e:b5:56:d6:49:bc:e6:08:bf:a4:25:74:
         15:de:71:9f:98:6c:67:fc:3b:95:1c:b5:9a:f6:24:2b:e1:ea:
         42:d9:89:ba:b9:c0:a7:84:8e:87:13:14:e1:8d:e4:6d:99:e2:
         9e:22:49:ff:76:27:61:5d:00:59:06:bf:3b:df:ed:67:7e:ee:
         a6:ff:22:b2:da:7d:5c:78:e8:89:4c:be:dd:e7:22:58:13:ec:
         84:42:25:55:69:36:01:75:3f:c5:bc:64:96:63:78:76:88:32:
         28:a3:03:08:ae:3b:f1:2c:58:e0:bf:6f:e6:a4:f3:52:87:dd:
         76:7b:29:0f:59:a3:2e:73:4d:3c:7c:e0:e7:c1:8b:96:3e:bd:
         5d:95:8f:be:88:58:9c:1d:70:e6:3e:1b:26:17:4d:0d:6f:95:
         ce:81:17:d8:3e:2b:da:d3:c0:a9:40:93:7c:7f:8a:2c:4f:de:
         e3:26:6b:aa
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIATuA8rRmXAU4TXTNdEWOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNmVkMGZiN2IzMjA4MzJhYzE1ODA1MzRjN2IyNjNmMzA0
ZTk4MWIwHhcNMjQwMTAyMDIyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzJjZjFiMzg0OWU2ZTkwNzQ1ZGU1NTVkNTFmZjllYTcxNzQ4NjUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkXPlZguDwp5z7gSX3Nij7kdO7XIX
kUbt9fLi51L356nPK3vq/VZtH1nnZOAYs2R1yVevk4ji6Kd5qh48b4oL+dzDFwc3
+0tORhN2p9YfYXzHttoqTngwVav4PVhd2MBC9erhtRKA6VN7q4MKhqJ24R2hvi/Z
TEdXDLhQIjxKz9BaoDPzqOsqr4HL6Lsjd9+6be0/hN4An4hcLSd6z+bAvHfgPdMT
ax09yEjKD+8q6iBporMhO3w/FX0GONfNwyZMzm+GHmyoZtKYyJeIk+QJXG6Ho2zI
2woiTOW020skoYEYKxotw6R6yH/lPdpAHHY9ldl1iJVgpz0F7VA7SFoK7QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKcs8bOEnm6QdF3lVdUf+epxdIZQMB8GA1UdIwQY
MBaAFLpu0Pt7MggyrBWAU0x7Jj8wTpgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQt
MTYxZjM0MjM4N2QxLzEvcHl6eHM0U2VicEIwWGVWVjFSXzU2bkYwaGxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQtMTYxZjM0MjM4N2Qx
LzEvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgEEiLsc
MA0GCSqGSIb3DQEBCwUAA4IBAQAirKy+trWfGdPVoHUcbKJx0Iqqte4yT7pjvhSQ
/T/TbsS4V5z0GQfopLwLWfBQdCrPTg/SiTooZ8ZZPZPd6RQjXQOgsiYls1ixu6yM
PaB+tVbWSbzmCL+kJXQV3nGfmGxn/DuVHLWa9iQr4epC2Ym6ucCnhI6HExThjeRt
meKeIkn/didhXQBZBr873+1nfu6m/yKy2n1ceOiJTL7d5yJYE+yEQiVVaTYBdT/F
vGSWY3h2iDIoowMIrjvxLFjgv2/mpPNSh912eykPWaMuc008fODnwYuWPr1dlY++
iFicHXDmPhsmF00Nb5XOgRfYPiva08CpQJN8f4osT97jJmuq
-----END CERTIFICATE-----