Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/BBpf_5X_8hHqfT58gcuF4KsIgsA.roa
File:                     BBpf_5X_8hHqfT58gcuF4KsIgsA.roa (raw, json)
Hash identifier:          V3wpPTUdN1akCSqTVcQbODeTjp2no7FB69F3UC/xLUQ=
Subject key identifier:   04:1A:5F:FF:95:FF:F2:11:EA:7D:3E:7C:81:CB:85:E0:AB:08:82:C0
Certificate issuer:       /CN=ba60a4d874d9601c8142c352f80c56a43276cd47
Certificate serial:       018CC56EA51B39819A7CB555CCE609A88684
Authority key identifier: BA:60:A4:D8:74:D9:60:1C:81:42:C3:52:F8:0C:56:A4:32:76:CD:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/umCk2HTZYByBQsNS-AxWpDJ2zUc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/BBpf_5X_8hHqfT58gcuF4KsIgsA.roa
Signing time:             Mon 01 Jan 2024 14:30:11 +0000
ROA not before:           Mon 01 Jan 2024 14:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208970
IP address blocks:        2a09:e440:100::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/umCk2HTZYByBQsNS-AxWpDJ2zUc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/umCk2HTZYByBQsNS-AxWpDJ2zUc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/umCk2HTZYByBQsNS-AxWpDJ2zUc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:a5:1b:39:81:9a:7c:b5:55:cc:e6:09:a8:86:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba60a4d874d9601c8142c352f80c56a43276cd47
        Validity
            Not Before: Jan  1 14:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=041a5fff95fff211ea7d3e7c81cb85e0ab0882c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:42:42:ee:a8:c6:01:d2:a6:87:04:19:86:b6:
                    e2:12:b7:0e:da:83:a1:50:e4:ff:64:7a:8c:92:21:
                    a7:8a:b2:c0:87:15:01:57:f7:9b:db:44:75:95:77:
                    a5:74:25:dc:b1:c8:c8:4b:64:98:ed:5c:c2:f9:dd:
                    3d:a2:7a:1d:c4:34:9f:4d:bc:d9:20:dc:8d:e0:0a:
                    df:5a:a7:27:23:e4:65:47:75:fc:f6:b6:c8:c1:af:
                    5e:16:63:e7:ba:06:f0:c1:71:a1:63:d0:00:b7:98:
                    51:81:7e:b0:0a:6b:2e:98:f4:ad:f3:7c:11:1a:39:
                    82:96:77:b8:6c:87:54:4d:06:cc:80:17:3f:b5:50:
                    c8:0c:ec:7a:21:f5:ca:90:0a:f5:1c:81:5a:d5:bc:
                    20:7d:9c:24:b7:bf:54:74:3a:4f:c1:b1:e2:68:04:
                    c8:a8:00:94:59:c9:5d:0c:67:71:cd:ba:3a:77:c3:
                    d5:39:c5:5e:cc:16:08:40:00:1d:f8:6e:fe:d5:3c:
                    73:36:11:75:22:1b:69:c4:3d:d1:f0:54:70:98:ff:
                    a1:db:54:d9:3d:a3:e6:a8:25:ef:d0:30:e1:4c:f4:
                    3f:ba:82:2f:b3:b7:d2:5c:86:73:1d:d2:4e:cf:b7:
                    8e:2d:a6:22:4b:61:7b:2d:4f:13:33:00:ce:7f:38:
                    47:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:1A:5F:FF:95:FF:F2:11:EA:7D:3E:7C:81:CB:85:E0:AB:08:82:C0
            X509v3 Authority Key Identifier:
                keyid:BA:60:A4:D8:74:D9:60:1C:81:42:C3:52:F8:0C:56:A4:32:76:CD:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/umCk2HTZYByBQsNS-AxWpDJ2zUc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/BBpf_5X_8hHqfT58gcuF4KsIgsA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/umCk2HTZYByBQsNS-AxWpDJ2zUc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:e440:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         6f:c5:96:db:a8:63:60:59:79:c8:0c:f2:c0:eb:6a:2f:ae:36:
         e9:51:80:4c:03:3a:f8:e0:48:05:5c:60:e1:7c:b4:0f:67:f4:
         40:c5:9d:7c:b1:4b:b6:aa:3a:53:7b:61:2c:64:6f:28:bc:d2:
         5d:25:0a:8c:01:e4:2a:84:df:a4:9f:99:ea:8e:7b:f5:b6:90:
         ee:83:b0:34:50:b1:d7:d6:46:3d:b4:38:e7:77:51:3b:8a:0a:
         b3:7e:6f:76:89:b9:44:dc:e4:db:0d:0d:6f:61:77:fd:3e:63:
         6e:3a:d5:89:de:b8:00:5f:fc:61:19:bc:ac:09:86:5f:2c:25:
         b1:54:ba:f4:2a:6c:1c:b0:a0:36:a9:60:20:55:3c:c0:bc:ef:
         46:c5:46:56:5d:46:75:df:bd:6d:f2:d0:58:af:50:bc:40:e1:
         b2:8c:14:3a:2f:de:ab:44:a0:d7:f8:51:a4:e5:c7:f3:c4:aa:
         e7:c7:72:32:11:9c:06:e0:79:ad:26:14:2e:aa:b3:f8:d9:17:
         e7:3e:81:d8:be:87:45:81:9e:60:9e:39:71:55:ca:3b:2f:72:
         23:a8:a2:a4:e5:59:1a:41:d8:e2:34:38:b8:ef:be:ac:ac:cf:
         b9:70:33:78:61:ad:be:94:f6:26:5c:a0:a4:ca:18:68:a5:a7:
         0f:52:02:85
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzFbqUbOYGafLVVzOYJqIaEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNjBhNGQ4NzRkOTYwMWM4MTQyYzM1MmY4MGM1NmE0MzI3
NmNkNDcwHhcNMjQwMTAxMTQzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDFhNWZmZjk1ZmZmMjExZWE3ZDNlN2M4MWNiODVlMGFiMDg4MmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkkJC7qjGAdKmhwQZhrbiErcO2oOh
UOT/ZHqMkiGnirLAhxUBV/eb20R1lXeldCXcscjIS2SY7VzC+d09onodxDSfTbzZ
INyN4ArfWqcnI+RlR3X89rbIwa9eFmPnugbwwXGhY9AAt5hRgX6wCmsumPSt83wR
GjmClne4bIdUTQbMgBc/tVDIDOx6IfXKkAr1HIFa1bwgfZwkt79UdDpPwbHiaATI
qACUWcldDGdxzbo6d8PVOcVezBYIQAAd+G7+1TxzNhF1IhtpxD3R8FRwmP+h21TZ
PaPmqCXv0DDhTPQ/uoIvs7fSXIZzHdJOz7eOLaYiS2F7LU8TMwDOfzhHOwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFAQaX/+V//IR6n0+fIHLheCrCILAMB8GA1UdIwQY
MBaAFLpgpNh02WAcgULDUvgMVqQyds1HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW1DazJIVFpZQnlCUXNOUy1BeFdwREoyelVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC8yOGNiNWMtMjk4Zi00ZDhiLTgxNWIt
ZTVhMzc3OGJlM2FkLzEvQkJwZl81WF84aEhxZlQ1OGdjdUY0S3NJZ3NBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC8yOGNiNWMtMjk4Zi00ZDhiLTgxNWItZTVhMzc3OGJlM2Fk
LzEvdW1DazJIVFpZQnlCUXNOUy1BeFdwREoyelVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgnkQAEw
DQYJKoZIhvcNAQELBQADggEBAG/FltuoY2BZecgM8sDrai+uNulRgEwDOvjgSAVc
YOF8tA9n9EDFnXyxS7aqOlN7YSxkbyi80l0lCowB5CqE36SfmeqOe/W2kO6DsDRQ
sdfWRj20OOd3UTuKCrN+b3aJuUTc5NsNDW9hd/0+Y2461YneuABf/GEZvKwJhl8s
JbFUuvQqbBywoDapYCBVPMC870bFRlZdRnXfvW3y0FivULxA4bKMFDov3qtEoNf4
UaTlx/PEqufHcjIRnAbgea0mFC6qs/jZF+c+gdi+h0WBnmCeOXFVyjsvciOooqTl
WRpB2OI0OLjvvqysz7lwM3hhrb6U9iZcoKTKGGilpw9SAoU=
-----END CERTIFICATE-----