Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/aNdqF8ehhvqsHMW-wJfvCLG64kQ.roa
File:                     aNdqF8ehhvqsHMW-wJfvCLG64kQ.roa (raw, json)
Hash identifier:          SdDy/dqbLF8eh7ans6HU47ZD9DyrxiFa8lMboopKE3k=
Subject key identifier:   68:D7:6A:17:C7:A1:86:FA:AC:1C:C5:BE:C0:97:EF:08:B1:BA:E2:44
Certificate issuer:       /CN=89056fa9625b6c87404267c6dc219924ac160045
Certificate serial:       018CC26D659293721329E3C68DE01F14AA43
Authority key identifier: 89:05:6F:A9:62:5B:6C:87:40:42:67:C6:DC:21:99:24:AC:16:00:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/aNdqF8ehhvqsHMW-wJfvCLG64kQ.roa
Signing time:             Mon 01 Jan 2024 00:29:58 +0000
ROA not before:           Mon 01 Jan 2024 00:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199984
IP address blocks:        2a11:840:24::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:65:92:93:72:13:29:e3:c6:8d:e0:1f:14:aa:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89056fa9625b6c87404267c6dc219924ac160045
        Validity
            Not Before: Jan  1 00:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=68d76a17c7a186faac1cc5bec097ef08b1bae244
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:85:c8:d5:e6:ae:c2:87:e1:2e:ca:6e:c5:05:
                    68:e4:84:50:8c:ac:29:d8:5d:d2:9f:61:ca:9b:e6:
                    59:ee:7d:18:d2:aa:16:94:42:33:0d:42:2c:ba:d6:
                    81:af:46:38:48:90:17:13:96:28:6a:6f:b4:14:d8:
                    22:f9:7e:5f:09:17:f0:b6:bd:b7:7d:e1:61:ad:97:
                    23:d5:58:3b:7c:ce:cd:26:5c:5c:d7:42:4c:61:f7:
                    3c:17:3e:48:45:21:dd:9c:b0:61:f9:61:8c:cb:30:
                    b8:32:4d:f6:7c:f9:23:3d:97:57:85:fa:2f:b0:89:
                    5f:d2:56:cc:fb:03:2e:0f:52:12:08:ae:e6:ee:37:
                    7a:31:c7:b6:a2:09:2b:7a:3c:be:cb:f4:f7:29:50:
                    15:ca:0e:46:0e:4e:fa:e8:b8:85:b7:0a:56:db:5e:
                    b8:a2:69:85:76:bb:de:03:9d:7e:7d:19:ec:fb:8f:
                    cc:66:88:91:03:04:0e:f6:0f:7e:5b:48:ef:59:7b:
                    8a:66:14:15:5e:00:7e:a1:8a:ce:d7:d1:02:73:13:
                    10:d6:e2:db:cc:bf:d1:b5:4d:b6:ac:3a:fd:67:02:
                    8f:1f:ce:4b:e2:d4:2d:af:82:51:e2:04:39:92:cc:
                    32:f5:c5:4c:44:70:88:67:cb:41:59:53:d8:26:02:
                    95:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:D7:6A:17:C7:A1:86:FA:AC:1C:C5:BE:C0:97:EF:08:B1:BA:E2:44
            X509v3 Authority Key Identifier:
                keyid:89:05:6F:A9:62:5B:6C:87:40:42:67:C6:DC:21:99:24:AC:16:00:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/aNdqF8ehhvqsHMW-wJfvCLG64kQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:840:24::/48

    Signature Algorithm: sha256WithRSAEncryption
         75:c4:54:4a:5d:bb:f0:b5:a3:a1:c8:b1:31:0f:98:d7:35:e5:
         67:97:9c:83:b8:78:76:95:5a:3d:b1:52:1a:a4:04:c8:ac:31:
         44:a9:45:5d:9d:0b:dd:0f:fc:af:24:fb:a4:ca:95:52:5b:16:
         a6:41:33:53:d0:63:02:78:12:62:dc:15:f0:96:bc:ea:aa:23:
         62:63:eb:bb:00:0c:0b:b6:97:98:a5:b6:27:e2:44:52:f1:9d:
         89:dd:78:0e:1f:70:c7:93:91:5a:11:ef:35:d7:01:7a:22:14:
         d1:42:61:2c:53:58:07:fd:bd:c0:2c:0b:dd:61:95:96:00:ac:
         06:10:99:e3:d0:34:ae:b3:21:07:6b:9e:91:26:0b:8e:42:9d:
         d4:98:99:3e:9a:04:14:72:72:53:08:a0:35:ab:c4:d0:02:d5:
         5b:b7:44:b3:d0:8a:bf:12:98:c9:4d:03:41:05:01:5f:a0:f6:
         c9:98:15:7e:5a:24:9b:7c:0b:06:3e:4d:38:20:bf:bf:51:88:
         82:8e:ff:27:32:a1:7e:2c:d5:c3:9e:d2:c3:0f:f1:17:61:dd:
         1f:f4:ba:4f:ef:f2:e0:ee:61:5a:8a:dc:35:9d:ff:c1:8c:df:
         f8:93:02:50:b8:2b:92:40:95:41:4a:56:25:b3:50:64:49:10:
         b1:5a:af:ed
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbWWSk3ITKePGjeAfFKpDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5MDU2ZmE5NjI1YjZjODc0MDQyNjdjNmRjMjE5OTI0YWMx
NjAwNDUwHhcNMjQwMTAxMDAyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGQ3NmExN2M3YTE4NmZhYWMxY2M1YmVjMDk3ZWYwOGIxYmFlMjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxIXI1eauwofhLspuxQVo5IRQjKwp
2F3Sn2HKm+ZZ7n0Y0qoWlEIzDUIsutaBr0Y4SJAXE5Yoam+0FNgi+X5fCRfwtr23
feFhrZcj1Vg7fM7NJlxc10JMYfc8Fz5IRSHdnLBh+WGMyzC4Mk32fPkjPZdXhfov
sIlf0lbM+wMuD1ISCK7m7jd6Mce2ogkrejy+y/T3KVAVyg5GDk766LiFtwpW2164
ommFdrveA51+fRns+4/MZoiRAwQO9g9+W0jvWXuKZhQVXgB+oYrO19ECcxMQ1uLb
zL/RtU22rDr9ZwKPH85L4tQtr4JR4gQ5kswy9cVMRHCIZ8tBWVPYJgKVUwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGjXahfHoYb6rBzFvsCX7wixuuJEMB8GA1UdIwQY
MBaAFIkFb6liW2yHQEJnxtwhmSSsFgBFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVFWdnFXSmJiSWRBUW1mRzNDR1pKS3dXQUVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi85OWFlMmYtMzljYy00M2YzLTk0MWQt
NTE5MjAzNzMzNTNjLzEvYU5kcUY4ZWhodnFzSE1XLXdKZnZDTEc2NGtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi85OWFlMmYtMzljYy00M2YzLTk0MWQtNTE5MjAzNzMzNTNj
LzEvaVFWdnFXSmJiSWRBUW1mRzNDR1pKS3dXQUVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhEIQAAk
MA0GCSqGSIb3DQEBCwUAA4IBAQB1xFRKXbvwtaOhyLExD5jXNeVnl5yDuHh2lVo9
sVIapATIrDFEqUVdnQvdD/yvJPukypVSWxamQTNT0GMCeBJi3BXwlrzqqiNiY+u7
AAwLtpeYpbYn4kRS8Z2J3XgOH3DHk5FaEe811wF6IhTRQmEsU1gH/b3ALAvdYZWW
AKwGEJnj0DSusyEHa56RJguOQp3UmJk+mgQUcnJTCKA1q8TQAtVbt0Sz0Iq/EpjJ
TQNBBQFfoPbJmBV+WiSbfAsGPk04IL+/UYiCjv8nMqF+LNXDntLDD/EXYd0f9LpP
7/Lg7mFaitw1nf/BjN/4kwJQuCuSQJVBSlYls1BkSRCxWq/t
-----END CERTIFICATE-----