Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/8eff42-5b55-4e6f-8222-a52a8795d956/1/ckuQTVeOTWmVeOP4EBOPI4_kTkg.roa
File:                     ckuQTVeOTWmVeOP4EBOPI4_kTkg.roa (raw, json)
Hash identifier:          lbXsTVgXldq8a0VyZZLgKrRQ4BJoKPMcORX5A8N1vSY=
Subject key identifier:   72:4B:90:4D:57:8E:4D:69:95:78:E3:F8:10:13:8F:23:8F:E4:4E:48
Certificate issuer:       /CN=5bee051a93901ecc01744079aa4ac2fb077b9fc1
Certificate serial:       019427488AA01E7814443DAABAAB7A54FED1
Authority key identifier: 5B:EE:05:1A:93:90:1E:CC:01:74:40:79:AA:4A:C2:FB:07:7B:9F:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W-4FGpOQHswBdEB5qkrC-wd7n8E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/8eff42-5b55-4e6f-8222-a52a8795d956/1/ckuQTVeOTWmVeOP4EBOPI4_kTkg.roa
Signing time:             Thu 02 Jan 2025 13:50:53 +0000
ROA not before:           Thu 02 Jan 2025 13:50:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39450
IP address blocks:        2a11:500::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/8eff42-5b55-4e6f-8222-a52a8795d956/1/W-4FGpOQHswBdEB5qkrC-wd7n8E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/8eff42-5b55-4e6f-8222-a52a8795d956/1/W-4FGpOQHswBdEB5qkrC-wd7n8E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W-4FGpOQHswBdEB5qkrC-wd7n8E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:8a:a0:1e:78:14:44:3d:aa:ba:ab:7a:54:fe:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5bee051a93901ecc01744079aa4ac2fb077b9fc1
        Validity
            Not Before: Jan  2 13:50:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=724b904d578e4d699578e3f810138f238fe44e48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:8b:5a:af:5d:ea:ac:4a:e7:fb:56:39:a9:2a:
                    65:fb:26:38:13:9d:e9:b1:71:c6:bd:53:6a:7b:98:
                    5e:d2:8b:e3:e7:c1:d3:ba:ba:dd:db:22:59:18:28:
                    34:48:41:ae:eb:63:44:19:03:e2:90:a3:90:77:ef:
                    aa:7a:64:63:0e:f2:df:e6:1b:5c:69:9f:16:e1:68:
                    5c:95:dd:6e:99:75:72:68:d1:41:42:67:c6:23:55:
                    0f:7f:9e:39:8d:ba:21:f8:93:74:94:38:74:48:d4:
                    fd:16:98:ef:1a:b7:4b:57:09:04:67:83:65:fa:5d:
                    a0:b2:55:af:c2:99:53:e6:fd:b8:a7:1d:db:eb:46:
                    08:ee:9e:8f:b2:b9:9c:e8:de:44:d4:8b:b9:e7:35:
                    b0:d9:3c:48:84:fd:1e:42:7b:6d:51:3f:d3:89:06:
                    ff:1e:02:8d:61:bc:39:1b:92:65:e1:f1:3b:76:7c:
                    b3:fd:ef:3d:85:e5:02:c2:79:91:8d:30:d4:59:28:
                    62:ca:39:bf:d9:4c:73:32:09:5c:e7:8c:d7:a5:13:
                    d9:55:b8:9b:51:37:b8:f1:61:7f:3c:7c:55:8a:32:
                    c2:2c:78:d7:8e:e3:2e:12:76:1e:9e:0e:43:ab:4a:
                    e0:9c:d1:dc:05:ac:86:d5:51:8a:80:b4:54:7f:4d:
                    e9:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:4B:90:4D:57:8E:4D:69:95:78:E3:F8:10:13:8F:23:8F:E4:4E:48
            X509v3 Authority Key Identifier:
                keyid:5B:EE:05:1A:93:90:1E:CC:01:74:40:79:AA:4A:C2:FB:07:7B:9F:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W-4FGpOQHswBdEB5qkrC-wd7n8E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/8eff42-5b55-4e6f-8222-a52a8795d956/1/ckuQTVeOTWmVeOP4EBOPI4_kTkg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/8eff42-5b55-4e6f-8222-a52a8795d956/1/W-4FGpOQHswBdEB5qkrC-wd7n8E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:500::/29

    Signature Algorithm: sha256WithRSAEncryption
         ac:d7:dc:3c:63:d7:25:9e:6a:fc:b7:19:e3:d1:e7:61:66:93:
         01:4c:d6:5b:df:7c:58:bc:3d:c0:88:d6:b9:90:6b:be:2c:91:
         0c:88:01:6f:59:ef:8e:24:bc:97:86:7f:d3:4b:91:40:7f:77:
         d3:a7:91:3c:30:77:0a:5e:1e:3e:a9:bc:1b:de:0f:a8:9b:9d:
         80:0d:62:44:20:57:d9:6a:51:98:03:fe:90:ff:e4:60:87:6d:
         22:c1:07:3e:2c:47:bb:da:68:cc:27:22:96:22:59:b4:d6:97:
         71:ac:2d:9f:b1:ae:43:b4:dc:e4:d3:86:b4:01:f5:9e:b5:bc:
         f1:28:58:2c:32:ee:fa:8b:da:95:a9:34:09:93:77:66:47:d4:
         cd:09:b6:2c:0e:57:7b:4e:a2:91:62:56:b1:f1:53:f6:83:e4:
         ac:46:24:35:f5:f8:45:06:0e:33:0b:9c:31:9a:ca:73:ab:f7:
         56:87:3e:e3:72:97:0b:52:9e:78:e0:08:93:da:82:a9:33:00:
         96:be:36:f0:5e:21:96:e9:06:a0:fe:53:66:68:e0:9a:30:d7:
         bf:a6:ae:f8:06:82:d8:1b:6c:74:06:8c:02:41:a2:64:18:43:
         2b:2f:51:68:8f:b4:60:df:be:59:ff:f8:e4:9f:0a:61:00:cf:
         7e:c5:31:e5
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQnSIqgHngURD2quqt6VP7RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViZWUwNTFhOTM5MDFlY2MwMTc0NDA3OWFhNGFjMmZiMDc3
YjlmYzEwHhcNMjUwMTAyMTM1MDUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjRiOTA0ZDU3OGU0ZDY5OTU3OGUzZjgxMDEzOGYyMzhmZTQ0ZTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Itar13qrErn+1Y5qSpl+yY4E53p
sXHGvVNqe5he0ovj58HTurrd2yJZGCg0SEGu62NEGQPikKOQd++qemRjDvLf5htc
aZ8W4Whcld1umXVyaNFBQmfGI1UPf545jboh+JN0lDh0SNT9FpjvGrdLVwkEZ4Nl
+l2gslWvwplT5v24px3b60YI7p6Psrmc6N5E1Iu55zWw2TxIhP0eQnttUT/TiQb/
HgKNYbw5G5Jl4fE7dnyz/e89heUCwnmRjTDUWShiyjm/2UxzMglc54zXpRPZVbib
UTe48WF/PHxVijLCLHjXjuMuEnYeng5Dq0rgnNHcBayG1VGKgLRUf03p6wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHJLkE1Xjk1plXjj+BATjyOP5E5IMB8GA1UdIwQY
MBaAFFvuBRqTkB7MAXRAeapKwvsHe5/BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVy00RkdwT1FIc3dCZEVCNXFrckMtd2Q3bjhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni84ZWZmNDItNWI1NS00ZTZmLTgyMjIt
YTUyYTg3OTVkOTU2LzEvY2t1UVRWZU9UV21WZU9QNEVCT1BJNF9rVGtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni84ZWZmNDItNWI1NS00ZTZmLTgyMjItYTUyYTg3OTVkOTU2
LzEvVy00RkdwT1FIc3dCZEVCNXFrckMtd2Q3bjhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhEFADAN
BgkqhkiG9w0BAQsFAAOCAQEArNfcPGPXJZ5q/LcZ49HnYWaTAUzWW998WLw9wIjW
uZBrviyRDIgBb1nvjiS8l4Z/00uRQH9306eRPDB3Cl4ePqm8G94PqJudgA1iRCBX
2WpRmAP+kP/kYIdtIsEHPixHu9pozCciliJZtNaXcawtn7GuQ7Tc5NOGtAH1nrW8
8ShYLDLu+ovalak0CZN3ZkfUzQm2LA5Xe06ikWJWsfFT9oPkrEYkNfX4RQYOMwuc
MZrKc6v3Voc+43KXC1KeeOAIk9qCqTMAlr428F4hlukGoP5TZmjgmjDXv6au+AaC
2BtsdAaMAkGiZBhDKy9RaI+0YN++Wf/45J8KYQDPfsUx5Q==
-----END CERTIFICATE-----