Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/yZB6jxFOrRl5nQBQYOM_Nql-JTs.roa
File:                     yZB6jxFOrRl5nQBQYOM_Nql-JTs.roa (raw, json)
Hash identifier:          muFo8dgBR/XmPuMC+bEvKoWwEZNAwSOZW8+/t3uC0Y4=
Subject key identifier:   C9:90:7A:8F:11:4E:AD:19:79:9D:00:50:60:E3:3F:36:A9:7E:25:3B
Certificate issuer:       /CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
Certificate serial:       018CC80138F454BA6BA146AB866001B9E3EA
Authority key identifier: BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/yZB6jxFOrRl5nQBQYOM_Nql-JTs.roa
Signing time:             Tue 02 Jan 2024 02:29:32 +0000
ROA not before:           Tue 02 Jan 2024 02:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     397515
IP address blocks:        2a01:488:bb07::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 04:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:38:f4:54:ba:6b:a1:46:ab:86:60:01:b9:e3:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
        Validity
            Not Before: Jan  2 02:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c9907a8f114ead19799d005060e33f36a97e253b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:91:90:dd:5a:df:34:1e:d2:a4:58:01:3f:c0:
                    ca:ed:57:39:6e:fe:e5:b6:2b:20:4b:75:4e:95:36:
                    4c:96:68:86:58:a9:44:da:79:bd:bb:8a:ff:d0:15:
                    0d:1e:a4:d9:cc:b5:34:a3:25:54:0a:45:35:36:65:
                    17:fb:e7:83:a2:c1:e1:aa:1c:68:33:b9:e9:be:d9:
                    fc:5e:3e:dd:4f:ec:a2:c8:4b:30:d9:87:6b:1f:a4:
                    9a:95:12:ca:6d:3f:c6:ca:79:63:4e:3e:b3:77:f7:
                    89:3e:b1:a9:de:f8:f8:cf:21:0d:ea:53:c9:0b:64:
                    a4:bd:00:0d:3f:d0:e3:af:9d:3a:bd:70:4f:c3:7b:
                    77:bb:5f:15:63:2d:3f:5f:c8:3d:55:37:71:0e:97:
                    2b:85:c0:cc:0b:97:3f:86:24:f5:33:3a:92:ba:92:
                    af:b4:45:73:b4:65:0a:66:58:25:e9:67:07:0e:52:
                    93:82:6c:3d:3b:2a:4c:f8:93:86:09:0e:43:9c:b2:
                    ad:83:54:03:be:68:cf:92:f8:5b:4a:92:04:4c:47:
                    0a:e4:f7:e8:bf:57:2e:31:c6:c1:8e:a7:82:32:3c:
                    9a:81:01:0a:41:e0:d5:5d:54:ed:ef:d3:17:8e:e4:
                    6c:ac:b3:9e:9a:16:9d:c3:0b:6c:03:64:d2:34:bb:
                    2f:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:90:7A:8F:11:4E:AD:19:79:9D:00:50:60:E3:3F:36:A9:7E:25:3B
            X509v3 Authority Key Identifier:
                keyid:BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/yZB6jxFOrRl5nQBQYOM_Nql-JTs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:488:bb07::/48

    Signature Algorithm: sha256WithRSAEncryption
         a4:09:9f:b6:93:0d:7a:18:cc:7b:fe:49:5d:21:dc:3a:d2:04:
         2f:aa:fa:be:a9:d7:b7:d0:eb:24:32:b0:31:69:52:ba:56:a0:
         c1:ea:de:09:de:d0:82:44:7e:aa:66:8c:81:4f:f1:e0:a7:f9:
         9a:81:63:a2:e4:cd:dd:99:36:f4:03:4f:40:27:59:13:63:ed:
         73:11:59:a9:2d:6b:85:34:ec:3b:b2:b6:62:5a:21:49:6f:ce:
         df:74:a4:ef:cf:07:71:5d:13:d8:a6:1d:53:b9:e5:93:92:f6:
         a4:dd:5c:aa:32:7b:84:97:2d:95:18:fd:0a:12:4d:fd:f2:c5:
         d5:f6:b4:d7:d8:1a:b9:83:cd:2e:c3:c0:26:f8:ae:31:2b:74:
         c9:cf:3e:a4:ac:26:1b:22:96:fe:48:ab:30:fb:c5:00:c8:5b:
         9f:41:f7:a8:c6:bc:06:6b:b2:55:4d:13:83:36:0c:c9:c8:b4:
         69:a2:be:8b:22:80:2e:d4:0c:cf:99:4a:c0:60:9d:48:f0:d9:
         65:20:a0:26:99:4e:02:05:fc:d9:06:8e:95:da:db:ee:8d:5e:
         54:c4:7f:54:0c:a1:11:a0:80:15:e8:bc:72:e3:e4:cc:4d:9f:
         be:5c:34:48:38:f1:00:6e:99:19:99:a5:46:ab:43:61:e4:5c:
         5d:2f:03:34
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIATj0VLproUarhmABuePqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNmVkMGZiN2IzMjA4MzJhYzE1ODA1MzRjN2IyNjNmMzA0
ZTk4MWIwHhcNMjQwMTAyMDIyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTkwN2E4ZjExNGVhZDE5Nzk5ZDAwNTA2MGUzM2YzNmE5N2UyNTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgpGQ3VrfNB7SpFgBP8DK7Vc5bv7l
tisgS3VOlTZMlmiGWKlE2nm9u4r/0BUNHqTZzLU0oyVUCkU1NmUX++eDosHhqhxo
M7npvtn8Xj7dT+yiyEsw2YdrH6SalRLKbT/GynljTj6zd/eJPrGp3vj4zyEN6lPJ
C2SkvQANP9Djr506vXBPw3t3u18VYy0/X8g9VTdxDpcrhcDMC5c/hiT1MzqSupKv
tEVztGUKZlgl6WcHDlKTgmw9OypM+JOGCQ5DnLKtg1QDvmjPkvhbSpIETEcK5Pfo
v1cuMcbBjqeCMjyagQEKQeDVXVTt79MXjuRsrLOemhadwwtsA2TSNLsv/wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMmQeo8RTq0ZeZ0AUGDjPzapfiU7MB8GA1UdIwQY
MBaAFLpu0Pt7MggyrBWAU0x7Jj8wTpgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQt
MTYxZjM0MjM4N2QxLzEveVpCNmp4Rk9yUmw1blFCUVlPTV9OcWwtSlRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQtMTYxZjM0MjM4N2Qx
LzEvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgEEiLsH
MA0GCSqGSIb3DQEBCwUAA4IBAQCkCZ+2kw16GMx7/kldIdw60gQvqvq+qde30Osk
MrAxaVK6VqDB6t4J3tCCRH6qZoyBT/Hgp/magWOi5M3dmTb0A09AJ1kTY+1zEVmp
LWuFNOw7srZiWiFJb87fdKTvzwdxXRPYph1TueWTkvak3VyqMnuEly2VGP0KEk39
8sXV9rTX2Bq5g80uw8Am+K4xK3TJzz6krCYbIpb+SKsw+8UAyFufQfeoxrwGa7JV
TRODNgzJyLRpor6LIoAu1AzPmUrAYJ1I8NllIKAmmU4CBfzZBo6V2tvujV5UxH9U
DKERoIAV6Lxy4+TMTZ++XDRIOPEAbpkZmaVGq0Nh5FxdLwM0
-----END CERTIFICATE-----