Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/151c6c-617c-4643-9f6e-69809d8b9c20/1/BaWk3eP-0Qhr9wK1FRL89gBULxg.roa
File:                     BaWk3eP-0Qhr9wK1FRL89gBULxg.roa (raw, json)
Hash identifier:          A93OccEHilUwiWDEGiW1pbuGjuWGKMOs7q9ueC8cQ8E=
Subject key identifier:   05:A5:A4:DD:E3:FE:D1:08:6B:F7:02:B5:15:12:FC:F6:00:54:2F:18
Certificate issuer:       /CN=4ccc60495b2a34d89211cc1c79524eab61ba1656
Certificate serial:       018CC6B8E6FBF795FA314C6A289D5C80806B
Authority key identifier: 4C:CC:60:49:5B:2A:34:D8:92:11:CC:1C:79:52:4E:AB:61:BA:16:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TMxgSVsqNNiSEcwceVJOq2G6FlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/151c6c-617c-4643-9f6e-69809d8b9c20/1/BaWk3eP-0Qhr9wK1FRL89gBULxg.roa
Signing time:             Mon 01 Jan 2024 20:30:55 +0000
ROA not before:           Mon 01 Jan 2024 20:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24971
IP address blocks:        2a04:16c0:200::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/151c6c-617c-4643-9f6e-69809d8b9c20/1/TMxgSVsqNNiSEcwceVJOq2G6FlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/151c6c-617c-4643-9f6e-69809d8b9c20/1/TMxgSVsqNNiSEcwceVJOq2G6FlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TMxgSVsqNNiSEcwceVJOq2G6FlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 23:23:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:e6:fb:f7:95:fa:31:4c:6a:28:9d:5c:80:80:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ccc60495b2a34d89211cc1c79524eab61ba1656
        Validity
            Not Before: Jan  1 20:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=05a5a4dde3fed1086bf702b51512fcf600542f18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:c9:0c:f1:b1:b1:51:ce:20:37:b7:9d:1c:01:
                    cc:35:d0:02:c3:b7:ad:3e:e9:c2:65:f8:67:60:78:
                    2d:5a:bb:54:4e:0e:10:a0:f5:72:2f:86:df:35:f8:
                    85:33:33:60:ef:3e:12:3f:7e:09:22:cd:1b:e3:e4:
                    f1:8f:45:66:69:2e:bd:a3:3c:de:fe:10:1d:f0:0a:
                    12:9e:cd:7f:f1:66:8c:52:8e:38:49:34:e2:b9:6f:
                    66:c0:de:72:96:04:5d:0c:e1:a4:c4:45:59:82:c0:
                    28:26:c3:61:3e:35:a1:72:79:96:b5:a4:d3:12:55:
                    44:a6:33:a5:0b:8b:7f:ae:f9:65:5b:86:7d:06:fb:
                    1a:f2:bf:6c:60:6c:80:17:48:d8:80:ef:47:22:fd:
                    76:c6:d6:58:bb:e4:a3:8f:2c:cb:72:f4:d8:80:f5:
                    f8:db:38:27:3a:b4:2a:8c:e9:f4:28:12:df:e0:80:
                    0f:96:f6:57:3c:dd:2e:a5:e5:d6:af:58:1a:d3:27:
                    82:70:28:e3:d7:88:6d:1e:7f:15:fc:fb:d8:c5:4d:
                    5d:1a:00:6c:f5:33:34:f6:6c:fa:e0:ae:23:53:f6:
                    7b:53:28:0c:8a:b8:32:f1:17:ef:59:45:4f:e7:3e:
                    d6:af:f7:45:20:32:37:7b:f2:d2:bb:02:ec:6c:0a:
                    7d:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:A5:A4:DD:E3:FE:D1:08:6B:F7:02:B5:15:12:FC:F6:00:54:2F:18
            X509v3 Authority Key Identifier:
                keyid:4C:CC:60:49:5B:2A:34:D8:92:11:CC:1C:79:52:4E:AB:61:BA:16:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TMxgSVsqNNiSEcwceVJOq2G6FlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/151c6c-617c-4643-9f6e-69809d8b9c20/1/BaWk3eP-0Qhr9wK1FRL89gBULxg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/151c6c-617c-4643-9f6e-69809d8b9c20/1/TMxgSVsqNNiSEcwceVJOq2G6FlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:16c0:200::/48

    Signature Algorithm: sha256WithRSAEncryption
         b5:80:72:8d:05:c9:77:4d:0a:ad:94:fe:49:58:77:79:02:07:
         4d:fc:4a:66:7d:08:00:05:7d:53:53:63:b4:78:52:35:c2:b6:
         26:82:6f:98:61:c1:0e:d3:13:86:46:d6:35:c9:34:5f:16:64:
         ce:33:39:87:c0:47:60:0a:4b:19:cb:96:1d:a8:c4:05:a4:bd:
         64:c6:4b:56:1d:a2:bd:b6:37:1b:d2:e2:08:04:49:d1:4c:5b:
         b8:ec:f8:73:65:bf:9b:f2:e0:81:b4:45:f4:d8:b5:ef:09:35:
         a7:31:ff:f0:10:69:e3:47:94:68:3c:72:f7:27:22:4d:48:a4:
         f0:1e:c5:9d:76:d9:12:a1:63:04:48:18:ad:5a:1f:db:d0:e3:
         bb:bd:5a:ab:79:f5:46:70:62:33:98:12:9d:3a:7e:46:b7:59:
         fe:11:8d:c3:a2:19:1f:d0:02:ba:c7:ca:25:b8:5f:6d:90:a6:
         00:f9:f2:63:8d:8b:0f:fe:9d:37:e0:11:6b:eb:d2:65:f8:97:
         33:ff:8e:18:cb:a4:85:08:49:4d:a2:2a:14:99:c8:68:17:e7:
         6c:9a:24:09:c8:6e:f6:c9:0b:59:02:5e:4b:9e:1c:5e:7f:06:
         7a:cf:31:49:53:00:c8:7a:1a:ff:3e:2c:71:f1:31:f7:20:a5:
         ad:c5:cf:a4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuOb795X6MUxqKJ1cgIBrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjY2M2MDQ5NWIyYTM0ZDg5MjExY2MxYzc5NTI0ZWFiNjFi
YTE2NTYwHhcNMjQwMTAxMjAzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWE1YTRkZGUzZmVkMTA4NmJmNzAyYjUxNTEyZmNmNjAwNTQyZjE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwMkM8bGxUc4gN7edHAHMNdACw7et
PunCZfhnYHgtWrtUTg4QoPVyL4bfNfiFMzNg7z4SP34JIs0b4+Txj0VmaS69ozze
/hAd8AoSns1/8WaMUo44STTiuW9mwN5ylgRdDOGkxEVZgsAoJsNhPjWhcnmWtaTT
ElVEpjOlC4t/rvllW4Z9Bvsa8r9sYGyAF0jYgO9HIv12xtZYu+SjjyzLcvTYgPX4
2zgnOrQqjOn0KBLf4IAPlvZXPN0upeXWr1ga0yeCcCjj14htHn8V/PvYxU1dGgBs
9TM09mz64K4jU/Z7UygMirgy8RfvWUVP5z7Wr/dFIDI3e/LSuwLsbAp9YQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAWlpN3j/tEIa/cCtRUS/PYAVC8YMB8GA1UdIwQY
MBaAFEzMYElbKjTYkhHMHHlSTqthuhZWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVE14Z1NWc3FOTmlTRWN3Y2VWSk9xMkc2RmxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy8xNTFjNmMtNjE3Yy00NjQzLTlmNmUt
Njk4MDlkOGI5YzIwLzEvQmFXazNlUC0wUWhyOXdLMUZSTDg5Z0JVTHhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy8xNTFjNmMtNjE3Yy00NjQzLTlmNmUtNjk4MDlkOGI5YzIw
LzEvVE14Z1NWc3FOTmlTRWN3Y2VWSk9xMkc2RmxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgQWwAIA
MA0GCSqGSIb3DQEBCwUAA4IBAQC1gHKNBcl3TQqtlP5JWHd5AgdN/EpmfQgABX1T
U2O0eFI1wrYmgm+YYcEO0xOGRtY1yTRfFmTOMzmHwEdgCksZy5YdqMQFpL1kxktW
HaK9tjcb0uIIBEnRTFu47PhzZb+b8uCBtEX02LXvCTWnMf/wEGnjR5RoPHL3JyJN
SKTwHsWddtkSoWMESBitWh/b0OO7vVqrefVGcGIzmBKdOn5Gt1n+EY3Dohkf0AK6
x8oluF9tkKYA+fJjjYsP/p034BFr69Jl+Jcz/44Yy6SFCElNoioUmchoF+dsmiQJ
yG72yQtZAl5LnhxefwZ6zzFJUwDIehr/Pixx8TH3IKWtxc+k
-----END CERTIFICATE-----