Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/uql2vpGxrGdtA5Gl28tpTglqNYM.roa
File:                     uql2vpGxrGdtA5Gl28tpTglqNYM.roa (raw, json)
Hash identifier:          MYOAJDrF99ey4AK3sLL6b4wh3cdKh0XERn/N9KlqA88=
Subject key identifier:   BA:A9:76:BE:91:B1:AC:67:6D:03:91:A5:DB:CB:69:4E:09:6A:35:83
Certificate issuer:       /CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
Certificate serial:       018CC80135DF7D3A61889EC2B1BBE3106A99
Authority key identifier: BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/uql2vpGxrGdtA5Gl28tpTglqNYM.roa
Signing time:             Tue 02 Jan 2024 02:29:31 +0000
ROA not before:           Tue 02 Jan 2024 02:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24940
IP address blocks:        2001:67c:1164::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:35:df:7d:3a:61:88:9e:c2:b1:bb:e3:10:6a:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
        Validity
            Not Before: Jan  2 02:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=baa976be91b1ac676d0391a5dbcb694e096a3583
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:0d:2b:03:f1:25:93:fc:00:dc:8d:3a:c8:3c:
                    38:74:b5:3f:1d:c9:d2:c1:55:ba:9b:1e:ef:51:6d:
                    7e:c1:03:e7:f4:18:94:fb:93:5c:c9:5e:b4:33:8c:
                    64:26:e9:70:a2:c9:5e:ac:db:6e:49:8e:09:27:4d:
                    25:7f:5a:27:f7:31:44:f2:32:b6:79:63:fe:69:4a:
                    81:85:b7:cb:05:63:22:71:4b:4f:44:7f:ab:f1:03:
                    68:23:5c:fb:f6:0f:e2:48:11:eb:c8:fa:f2:45:c0:
                    ef:00:16:0b:a6:70:85:89:fa:12:4f:d0:b3:b0:6d:
                    c1:33:ec:5d:9a:51:20:fc:d0:22:36:6e:b6:25:55:
                    cc:ce:6e:10:3c:46:53:d0:86:79:06:e6:6a:e3:d4:
                    6a:41:e0:87:ac:9e:12:dd:e0:96:88:4f:cb:0d:a7:
                    c3:b7:ac:53:b1:fe:cb:d4:4d:0f:b9:26:87:26:fe:
                    78:d3:c5:d5:17:51:d5:2f:20:d6:9a:38:4e:d0:4a:
                    fa:6a:45:35:e4:2d:80:62:75:d2:8d:93:70:c1:46:
                    42:10:98:d5:6d:e9:93:ca:90:bd:76:c0:a7:bf:7b:
                    7f:b3:7e:20:a7:2f:7a:c2:32:33:68:d1:a0:8f:6f:
                    be:e9:35:78:31:4f:85:86:53:9a:b9:ca:8b:94:75:
                    cc:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:A9:76:BE:91:B1:AC:67:6D:03:91:A5:DB:CB:69:4E:09:6A:35:83
            X509v3 Authority Key Identifier:
                keyid:BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/uql2vpGxrGdtA5Gl28tpTglqNYM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1164::/48

    Signature Algorithm: sha256WithRSAEncryption
         80:ce:3c:d3:25:e6:7f:de:56:fc:75:7b:e1:6c:7e:98:53:b2:
         4e:31:12:c1:49:2c:e6:79:f2:50:7d:69:ed:af:92:6c:30:0f:
         c5:56:ad:15:c0:5b:72:74:f5:5d:0b:0a:1d:e6:5a:e8:95:bd:
         52:1a:21:d1:ac:19:7c:74:22:df:38:c1:1f:05:e5:2d:55:2f:
         24:ff:a7:c0:c1:c0:7b:fa:ce:f6:70:0c:ab:9d:6f:5b:e8:ed:
         6a:ea:fa:a5:2c:11:06:38:2b:6f:5a:24:c2:37:a5:68:73:e6:
         39:7f:de:21:7b:41:78:7b:98:06:ab:06:39:cb:1b:a2:bf:6c:
         48:42:29:25:c6:87:c7:2c:b3:db:a5:8a:12:f4:1f:d9:b7:63:
         d0:de:eb:b7:16:fa:df:3c:24:cb:67:bc:8c:e9:a6:91:c2:3c:
         da:59:fd:2d:db:e7:c4:68:8c:2c:6c:57:87:db:b1:5b:05:8f:
         eb:fa:47:67:c1:5b:d3:8b:f7:21:e8:45:8e:82:c5:2f:41:ad:
         5e:4c:a8:ba:62:ca:1d:a8:c6:03:68:43:ee:32:91:f0:08:e2:
         ad:7a:cd:05:20:4b:0a:ec:b4:bf:a8:28:fa:34:8f:a2:c7:79:
         c2:6c:32:f4:e4:cc:ac:69:8d:8f:a5:cd:af:01:d1:2c:fe:de:
         45:61:47:cf
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIATXffTphiJ7CsbvjEGqZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNmVkMGZiN2IzMjA4MzJhYzE1ODA1MzRjN2IyNjNmMzA0
ZTk4MWIwHhcNMjQwMTAyMDIyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWE5NzZiZTkxYjFhYzY3NmQwMzkxYTVkYmNiNjk0ZTA5NmEzNTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtw0rA/Elk/wA3I06yDw4dLU/HcnS
wVW6mx7vUW1+wQPn9BiU+5NcyV60M4xkJulwoslerNtuSY4JJ00lf1on9zFE8jK2
eWP+aUqBhbfLBWMicUtPRH+r8QNoI1z79g/iSBHryPryRcDvABYLpnCFifoST9Cz
sG3BM+xdmlEg/NAiNm62JVXMzm4QPEZT0IZ5BuZq49RqQeCHrJ4S3eCWiE/LDafD
t6xTsf7L1E0PuSaHJv5408XVF1HVLyDWmjhO0Er6akU15C2AYnXSjZNwwUZCEJjV
bemTypC9dsCnv3t/s34gpy96wjIzaNGgj2++6TV4MU+FhlOaucqLlHXMiQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLqpdr6RsaxnbQORpdvLaU4JajWDMB8GA1UdIwQY
MBaAFLpu0Pt7MggyrBWAU0x7Jj8wTpgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQt
MTYxZjM0MjM4N2QxLzEvdXFsMnZwR3hyR2R0QTVHbDI4dHBUZ2xxTllNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQtMTYxZjM0MjM4N2Qx
LzEvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBFk
MA0GCSqGSIb3DQEBCwUAA4IBAQCAzjzTJeZ/3lb8dXvhbH6YU7JOMRLBSSzmefJQ
fWntr5JsMA/FVq0VwFtydPVdCwod5lrolb1SGiHRrBl8dCLfOMEfBeUtVS8k/6fA
wcB7+s72cAyrnW9b6O1q6vqlLBEGOCtvWiTCN6Voc+Y5f94he0F4e5gGqwY5yxui
v2xIQiklxofHLLPbpYoS9B/Zt2PQ3uu3FvrfPCTLZ7yM6aaRwjzaWf0t2+fEaIws
bFeH27FbBY/r+kdnwVvTi/ch6EWOgsUvQa1eTKi6YsodqMYDaEPuMpHwCOKtes0F
IEsK7LS/qCj6NI+ix3nCbDL05MysaY2Ppc2vAdEs/t5FYUfP
-----END CERTIFICATE-----