Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/uQEz2-rNbxgytpXCNU0x5qfSjhg.roa
File:                     uQEz2-rNbxgytpXCNU0x5qfSjhg.roa (raw, json)
Hash identifier:          dPfchWycWktpLuqDYThh/D1FXRf2dL13u18nlfbxJ80=
Subject key identifier:   B9:01:33:DB:EA:CD:6F:18:32:B6:95:C2:35:4D:31:E6:A7:D2:8E:18
Certificate issuer:       /CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
Certificate serial:       018CC80137561762D79ABB5F583BB447BEDF
Authority key identifier: BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/uQEz2-rNbxgytpXCNU0x5qfSjhg.roa
Signing time:             Tue 02 Jan 2024 02:29:32 +0000
ROA not before:           Tue 02 Jan 2024 02:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39779
IP address blocks:        2a01:488:bb06::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:37:56:17:62:d7:9a:bb:5f:58:3b:b4:47:be:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
        Validity
            Not Before: Jan  2 02:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b90133dbeacd6f1832b695c2354d31e6a7d28e18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:f8:55:f2:e5:b7:62:5e:62:35:47:f7:be:63:
                    0e:5e:ae:35:e8:c0:c2:cd:aa:df:3d:e9:2f:98:18:
                    0e:37:16:88:43:8f:f8:06:14:f5:84:e5:ca:1c:c1:
                    83:d1:75:a2:31:1c:ea:2f:1a:20:27:71:1a:16:d6:
                    ce:7c:ca:02:de:38:05:20:d4:e0:42:ca:d9:b0:b3:
                    3f:eb:5b:b9:7a:4f:ed:8d:7b:5f:83:c7:53:0d:f8:
                    4f:08:4f:3a:0b:52:94:50:ea:06:1f:48:45:71:74:
                    9d:85:ac:2d:fc:7a:2a:af:98:ef:3b:3b:39:5c:d5:
                    2f:44:43:06:93:db:28:f1:f9:68:fc:73:de:3a:48:
                    0f:96:17:fc:f9:8b:9c:23:00:e4:96:2b:94:5a:f9:
                    97:93:d6:af:5b:24:31:fe:15:00:32:70:66:35:b0:
                    b4:fa:47:e7:d4:3c:96:44:fc:32:d7:90:27:1e:c0:
                    33:d4:23:a5:8d:e7:09:9c:ac:47:58:ee:4a:d4:ad:
                    82:e3:b2:76:e7:f0:8b:20:97:b3:c4:34:46:02:ed:
                    25:17:c7:e1:c7:d3:24:a3:38:1f:0d:56:0f:6f:94:
                    03:6b:11:f6:0a:72:f1:c9:f6:ce:38:0d:bc:86:c3:
                    45:1e:b4:62:98:b5:d0:cb:09:ce:09:ee:d1:a8:52:
                    9f:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:01:33:DB:EA:CD:6F:18:32:B6:95:C2:35:4D:31:E6:A7:D2:8E:18
            X509v3 Authority Key Identifier:
                keyid:BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/uQEz2-rNbxgytpXCNU0x5qfSjhg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:488:bb06::/48

    Signature Algorithm: sha256WithRSAEncryption
         15:59:3d:8b:b3:fe:f1:08:dc:0e:4e:1f:03:a3:b4:02:f7:52:
         ff:6e:25:bb:ec:40:32:21:e1:46:e8:51:37:45:77:13:23:0f:
         f1:c8:44:7f:28:6e:80:e7:44:7f:fd:a8:b4:82:49:2f:e1:00:
         8a:39:c1:fa:fe:18:16:af:b2:11:bc:2f:e1:9b:b2:e2:6f:b2:
         d9:96:3c:54:aa:62:5f:0a:99:20:15:03:4c:57:ad:cc:a9:ca:
         a3:d8:b5:df:21:83:5c:80:a5:d7:3d:a5:f9:6e:31:80:b8:60:
         48:35:db:34:7a:db:1f:75:f6:20:d8:4f:40:5d:27:4f:92:8e:
         b9:a1:51:87:17:b2:9c:b3:53:68:f9:fc:4f:60:12:0b:31:08:
         41:57:82:47:8a:45:a8:d9:52:5e:9a:e1:3a:4e:83:2a:af:35:
         03:1a:4e:19:dd:e1:32:5a:19:e5:f1:f9:ec:bd:04:05:a8:3a:
         e3:7c:3e:7d:ac:ba:9a:e4:d7:c5:2b:b9:db:4b:af:3a:fa:f2:
         98:89:07:ac:89:99:04:15:95:a5:b1:58:9a:e1:a8:76:b9:ee:
         21:3b:6a:64:30:98:7c:59:dd:50:5a:a9:ef:dd:46:14:a1:e1:
         16:07:39:3b:b6:a6:6e:e9:b0:58:80:16:c0:21:20:b8:78:7c:
         c4:d4:ea:be
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIATdWF2LXmrtfWDu0R77fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNmVkMGZiN2IzMjA4MzJhYzE1ODA1MzRjN2IyNjNmMzA0
ZTk4MWIwHhcNMjQwMTAyMDIyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTAxMzNkYmVhY2Q2ZjE4MzJiNjk1YzIzNTRkMzFlNmE3ZDI4ZTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/hV8uW3Yl5iNUf3vmMOXq416MDC
zarfPekvmBgONxaIQ4/4BhT1hOXKHMGD0XWiMRzqLxogJ3EaFtbOfMoC3jgFINTg
QsrZsLM/61u5ek/tjXtfg8dTDfhPCE86C1KUUOoGH0hFcXSdhawt/Hoqr5jvOzs5
XNUvREMGk9so8flo/HPeOkgPlhf8+YucIwDkliuUWvmXk9avWyQx/hUAMnBmNbC0
+kfn1DyWRPwy15AnHsAz1COljecJnKxHWO5K1K2C47J25/CLIJezxDRGAu0lF8fh
x9MkozgfDVYPb5QDaxH2CnLxyfbOOA28hsNFHrRimLXQywnOCe7RqFKf8wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLkBM9vqzW8YMraVwjVNMean0o4YMB8GA1UdIwQY
MBaAFLpu0Pt7MggyrBWAU0x7Jj8wTpgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQt
MTYxZjM0MjM4N2QxLzEvdVFFejItck5ieGd5dHBYQ05VMHg1cWZTamhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQtMTYxZjM0MjM4N2Qx
LzEvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgEEiLsG
MA0GCSqGSIb3DQEBCwUAA4IBAQAVWT2Ls/7xCNwOTh8Do7QC91L/biW77EAyIeFG
6FE3RXcTIw/xyER/KG6A50R//ai0gkkv4QCKOcH6/hgWr7IRvC/hm7Lib7LZljxU
qmJfCpkgFQNMV63Mqcqj2LXfIYNcgKXXPaX5bjGAuGBINds0etsfdfYg2E9AXSdP
ko65oVGHF7Kcs1No+fxPYBILMQhBV4JHikWo2VJemuE6ToMqrzUDGk4Z3eEyWhnl
8fnsvQQFqDrjfD59rLqa5NfFK7nbS686+vKYiQesiZkEFZWlsVia4ah2ue4hO2pk
MJh8Wd1QWqnv3UYUoeEWBzk7tqZu6bBYgBbAISC4eHzE1Oq+
-----END CERTIFICATE-----