Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/_uI7KgVWERW5ciSrmPSld8U6PMM.roa
File:                     _uI7KgVWERW5ciSrmPSld8U6PMM.roa (raw, json)
Hash identifier:          aCEcvYxY6pmMS4ucVj7Td5LTfLLeSnWc2GvVH4GmfSA=
Subject key identifier:   FE:E2:3B:2A:05:56:11:15:B9:72:24:AB:98:F4:A5:77:C5:3A:3C:C3
Certificate issuer:       /CN=89056fa9625b6c87404267c6dc219924ac160045
Certificate serial:       019424B2613679EA43E51AA2BE29BD43EE86
Authority key identifier: 89:05:6F:A9:62:5B:6C:87:40:42:67:C6:DC:21:99:24:AC:16:00:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/_uI7KgVWERW5ciSrmPSld8U6PMM.roa
Signing time:             Thu 02 Jan 2025 01:47:37 +0000
ROA not before:           Thu 02 Jan 2025 01:47:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30900
IP address blocks:        2a11:840:27::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 03:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:61:36:79:ea:43:e5:1a:a2:be:29:bd:43:ee:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89056fa9625b6c87404267c6dc219924ac160045
        Validity
            Not Before: Jan  2 01:47:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fee23b2a05561115b97224ab98f4a577c53a3cc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:3a:ee:d0:0d:5b:0b:40:03:2b:9d:ea:81:77:
                    bf:98:fc:b1:63:db:ad:7e:6f:9d:5f:73:c5:85:f6:
                    4e:84:19:eb:3a:31:0a:72:10:65:6c:f7:e2:03:c9:
                    e7:f9:1f:fe:6c:93:21:ac:f1:71:21:db:b7:b9:9d:
                    13:09:5b:5c:e7:2b:71:83:35:00:c5:93:1f:a7:6a:
                    aa:32:93:0c:97:ee:d4:16:a8:90:d4:2f:de:38:0d:
                    4c:2b:a6:e2:1e:6a:fe:c5:a9:71:f2:f4:66:c5:09:
                    6f:af:b7:fc:e9:0f:e6:ee:0b:b7:b4:cf:72:a6:40:
                    5a:50:b9:07:8b:45:e1:27:94:66:61:ea:f5:eb:4e:
                    06:99:05:14:df:a7:86:d0:38:3f:90:1a:79:19:58:
                    10:19:22:91:84:ae:00:22:04:75:fa:b4:86:34:78:
                    28:49:72:80:ab:ff:bb:29:0f:86:53:45:35:80:f3:
                    eb:75:5b:90:65:6d:12:03:8c:4f:a1:78:8d:0b:9b:
                    1c:23:25:24:e4:58:5b:f4:26:f8:e4:f9:39:c5:c6:
                    21:77:2d:3b:71:03:e1:a0:51:17:08:37:99:4d:df:
                    ad:bb:b6:98:73:a5:a7:fb:42:31:6c:71:44:1e:c9:
                    7e:a2:85:12:82:49:eb:d5:17:78:dd:73:b6:ed:24:
                    2f:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:E2:3B:2A:05:56:11:15:B9:72:24:AB:98:F4:A5:77:C5:3A:3C:C3
            X509v3 Authority Key Identifier:
                keyid:89:05:6F:A9:62:5B:6C:87:40:42:67:C6:DC:21:99:24:AC:16:00:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/_uI7KgVWERW5ciSrmPSld8U6PMM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:840:27::/48

    Signature Algorithm: sha256WithRSAEncryption
         19:c9:64:0a:93:3a:cc:d4:9f:05:af:a1:ec:b2:ff:ae:52:8c:
         02:84:3e:06:71:c1:0b:13:df:86:a1:ae:75:84:c8:fc:ee:47:
         46:02:4b:b6:41:bc:c5:c0:6e:a5:f6:c6:15:49:39:9f:9b:23:
         fb:d2:06:21:d9:e6:36:dd:1f:cc:1a:4b:3f:6f:9c:8f:81:df:
         e9:27:b4:13:9e:1f:a7:2e:6e:04:b0:2c:21:4e:b5:ee:6f:9d:
         6f:d0:8f:6b:11:8a:11:10:17:f4:b0:8e:60:98:13:9f:db:71:
         a4:49:ee:8a:c0:6e:00:02:bc:dd:d8:c5:87:78:73:b3:fe:4e:
         09:cc:90:13:2b:df:48:88:82:c9:0c:17:2b:2b:bf:c2:9f:fc:
         ea:c1:ce:3f:cf:04:87:ab:23:70:e8:00:8f:f6:ca:b7:5b:c1:
         de:5d:94:72:30:c4:b3:52:c1:8d:08:93:ed:78:80:d9:f0:01:
         c9:ac:07:f1:a3:72:89:40:7f:c5:23:5b:39:14:8e:b2:9e:14:
         f9:0e:6d:25:2c:0c:d3:57:ca:2a:50:b5:d0:e1:00:5f:2f:e2:
         ad:65:da:6b:2f:ed:54:6d:bf:4c:47:a6:8d:43:d2:fd:7d:d5:
         0c:20:6d:95:7c:3e:9e:91:16:0f:aa:01:c0:4d:42:61:ca:72:
         45:b4:36:03
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQksmE2eepD5Rqivim9Q+6GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5MDU2ZmE5NjI1YjZjODc0MDQyNjdjNmRjMjE5OTI0YWMx
NjAwNDUwHhcNMjUwMTAyMDE0NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWUyM2IyYTA1NTYxMTE1Yjk3MjI0YWI5OGY0YTU3N2M1M2EzY2MzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtzru0A1bC0ADK53qgXe/mPyxY9ut
fm+dX3PFhfZOhBnrOjEKchBlbPfiA8nn+R/+bJMhrPFxIdu3uZ0TCVtc5ytxgzUA
xZMfp2qqMpMMl+7UFqiQ1C/eOA1MK6biHmr+xalx8vRmxQlvr7f86Q/m7gu3tM9y
pkBaULkHi0XhJ5RmYer1604GmQUU36eG0Dg/kBp5GVgQGSKRhK4AIgR1+rSGNHgo
SXKAq/+7KQ+GU0U1gPPrdVuQZW0SA4xPoXiNC5scIyUk5Fhb9Cb45Pk5xcYhdy07
cQPhoFEXCDeZTd+tu7aYc6Wn+0IxbHFEHsl+ooUSgknr1Rd43XO27SQvBQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFP7iOyoFVhEVuXIkq5j0pXfFOjzDMB8GA1UdIwQY
MBaAFIkFb6liW2yHQEJnxtwhmSSsFgBFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVFWdnFXSmJiSWRBUW1mRzNDR1pKS3dXQUVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi85OWFlMmYtMzljYy00M2YzLTk0MWQt
NTE5MjAzNzMzNTNjLzEvX3VJN0tnVldFUlc1Y2lTcm1QU2xkOFU2UE1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi85OWFlMmYtMzljYy00M2YzLTk0MWQtNTE5MjAzNzMzNTNj
LzEvaVFWdnFXSmJiSWRBUW1mRzNDR1pKS3dXQUVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhEIQAAn
MA0GCSqGSIb3DQEBCwUAA4IBAQAZyWQKkzrM1J8Fr6Hssv+uUowChD4GccELE9+G
oa51hMj87kdGAku2QbzFwG6l9sYVSTmfmyP70gYh2eY23R/MGks/b5yPgd/pJ7QT
nh+nLm4EsCwhTrXub51v0I9rEYoREBf0sI5gmBOf23GkSe6KwG4AArzd2MWHeHOz
/k4JzJATK99IiILJDBcrK7/Cn/zqwc4/zwSHqyNw6ACP9sq3W8HeXZRyMMSzUsGN
CJPteIDZ8AHJrAfxo3KJQH/FI1s5FI6ynhT5Dm0lLAzTV8oqULXQ4QBfL+KtZdpr
L+1Ubb9MR6aNQ9L9fdUMIG2VfD6ekRYPqgHATUJhynJFtDYD
-----END CERTIFICATE-----