Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iC9ezub5GESJYOPbA-aJUoYdyDk.roa
File:                     iC9ezub5GESJYOPbA-aJUoYdyDk.roa (raw, json)
Hash identifier:          XTbvjRrxLs1HohPfOI6DUN6vMsqi1ZfN+toBrfSX1iU=
Subject key identifier:   88:2F:5E:CE:E6:F9:18:44:89:60:E3:DB:03:E6:89:52:86:1D:C8:39
Certificate issuer:       /CN=89056fa9625b6c87404267c6dc219924ac160045
Certificate serial:       018CC26D6130D1AC48A57E0E4AE3A2A85718
Authority key identifier: 89:05:6F:A9:62:5B:6C:87:40:42:67:C6:DC:21:99:24:AC:16:00:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iC9ezub5GESJYOPbA-aJUoYdyDk.roa
Signing time:             Mon 01 Jan 2024 00:29:57 +0000
ROA not before:           Mon 01 Jan 2024 00:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     11831
IP address blocks:        2a11:840:31::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:61:30:d1:ac:48:a5:7e:0e:4a:e3:a2:a8:57:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89056fa9625b6c87404267c6dc219924ac160045
        Validity
            Not Before: Jan  1 00:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=882f5ecee6f918448960e3db03e68952861dc839
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:4d:c5:8e:53:15:9a:73:61:d5:fd:4c:13:90:
                    57:80:90:b1:d8:bc:5c:6d:25:2f:c1:68:c5:29:b9:
                    13:ba:35:b9:de:d3:59:a8:ff:ca:5d:9a:18:41:f3:
                    af:21:f3:25:99:0a:32:eb:00:05:66:12:bd:b5:6d:
                    6f:6e:b7:bb:04:83:af:70:ee:35:99:38:98:2f:7e:
                    70:89:d4:f3:fe:f0:87:5b:fe:23:22:a4:1d:d8:aa:
                    e9:78:d6:2a:48:a5:f4:35:37:e3:fd:b7:9f:bb:22:
                    4c:a3:74:fa:d1:67:73:5e:ac:41:09:0a:27:f8:37:
                    02:c0:4e:5e:05:81:09:e7:0c:9d:89:94:1a:8f:a2:
                    55:66:09:72:76:b3:f2:0e:3b:7c:64:a7:59:34:43:
                    7e:ad:d0:f6:7b:ed:51:42:6f:9c:9c:6c:ef:9e:17:
                    8a:46:f8:2f:be:76:bd:cd:f7:d5:1f:c4:64:e1:7c:
                    37:6e:fa:fe:cc:34:6e:c8:1f:a8:c9:13:1e:16:d7:
                    b9:73:de:65:f0:03:57:ab:b6:13:94:6b:1c:4b:c9:
                    12:ed:f7:41:74:8a:29:09:dd:cc:6e:d5:f0:78:76:
                    10:08:30:38:fe:4b:24:20:de:e5:1c:b4:2a:3a:81:
                    19:a1:f0:f3:e1:c0:44:6e:bc:71:2b:f0:7f:29:89:
                    60:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:2F:5E:CE:E6:F9:18:44:89:60:E3:DB:03:E6:89:52:86:1D:C8:39
            X509v3 Authority Key Identifier:
                keyid:89:05:6F:A9:62:5B:6C:87:40:42:67:C6:DC:21:99:24:AC:16:00:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iC9ezub5GESJYOPbA-aJUoYdyDk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:840:31::/48

    Signature Algorithm: sha256WithRSAEncryption
         84:b6:85:cd:8e:c1:f2:86:23:80:08:1a:b2:17:d8:e5:84:ec:
         ef:74:46:40:68:3f:3c:26:f1:f9:75:64:46:72:57:be:3a:cb:
         e7:6a:9d:7e:d4:d8:cb:3c:d4:45:e7:3f:97:c8:8f:d4:5d:ce:
         0b:c2:bd:1c:9a:3b:b6:9e:7b:d4:24:d2:00:c5:f8:13:d9:94:
         f8:33:a4:90:8f:e5:88:14:be:40:bd:bd:13:f4:06:95:c6:e3:
         66:e9:e2:32:7a:42:20:a6:46:7c:67:de:cc:34:a0:a1:15:67:
         86:8f:a2:15:d2:e8:c5:33:4a:3d:4f:61:43:df:a2:d5:29:e3:
         b3:b3:6a:9d:62:70:8e:cd:6a:02:a1:9e:5f:56:0b:81:05:0a:
         1e:32:02:5a:ec:3f:e7:48:10:1c:2c:b7:42:ea:78:a8:f0:7b:
         84:34:1d:f2:9b:0d:54:a3:6f:ef:34:f8:1c:57:e7:ba:4e:67:
         45:e2:db:a3:a1:88:a5:6f:d9:e5:a1:28:a1:42:34:6f:16:ad:
         62:c2:77:2a:30:5c:26:00:2f:a9:33:4b:1e:8d:70:9e:7f:c0:
         56:96:e4:97:0a:f6:0e:c4:f2:47:5d:b4:25:04:9f:e9:53:4d:
         b9:de:a0:eb:2c:74:38:3f:6a:50:34:7a:32:d7:61:18:cd:03:
         f4:41:c1:57
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbWEw0axIpX4OSuOiqFcYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5MDU2ZmE5NjI1YjZjODc0MDQyNjdjNmRjMjE5OTI0YWMx
NjAwNDUwHhcNMjQwMTAxMDAyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODJmNWVjZWU2ZjkxODQ0ODk2MGUzZGIwM2U2ODk1Mjg2MWRjODM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs03FjlMVmnNh1f1ME5BXgJCx2Lxc
bSUvwWjFKbkTujW53tNZqP/KXZoYQfOvIfMlmQoy6wAFZhK9tW1vbre7BIOvcO41
mTiYL35widTz/vCHW/4jIqQd2KrpeNYqSKX0NTfj/befuyJMo3T60WdzXqxBCQon
+DcCwE5eBYEJ5wydiZQaj6JVZglydrPyDjt8ZKdZNEN+rdD2e+1RQm+cnGzvnheK
Rvgvvna9zffVH8Rk4Xw3bvr+zDRuyB+oyRMeFte5c95l8ANXq7YTlGscS8kS7fdB
dIopCd3MbtXweHYQCDA4/kskIN7lHLQqOoEZofDz4cBEbrxxK/B/KYlg0wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIgvXs7m+RhEiWDj2wPmiVKGHcg5MB8GA1UdIwQY
MBaAFIkFb6liW2yHQEJnxtwhmSSsFgBFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVFWdnFXSmJiSWRBUW1mRzNDR1pKS3dXQUVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi85OWFlMmYtMzljYy00M2YzLTk0MWQt
NTE5MjAzNzMzNTNjLzEvaUM5ZXp1YjVHRVNKWU9QYkEtYUpVb1lkeURrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi85OWFlMmYtMzljYy00M2YzLTk0MWQtNTE5MjAzNzMzNTNj
LzEvaVFWdnFXSmJiSWRBUW1mRzNDR1pKS3dXQUVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhEIQAAx
MA0GCSqGSIb3DQEBCwUAA4IBAQCEtoXNjsHyhiOACBqyF9jlhOzvdEZAaD88JvH5
dWRGcle+Osvnap1+1NjLPNRF5z+XyI/UXc4Lwr0cmju2nnvUJNIAxfgT2ZT4M6SQ
j+WIFL5Avb0T9AaVxuNm6eIyekIgpkZ8Z97MNKChFWeGj6IV0ujFM0o9T2FD36LV
KeOzs2qdYnCOzWoCoZ5fVguBBQoeMgJa7D/nSBAcLLdC6nio8HuENB3ymw1Uo2/v
NPgcV+e6TmdF4tujoYilb9nloSihQjRvFq1iwncqMFwmAC+pM0sejXCef8BWluSX
CvYOxPJHXbQlBJ/pU0253qDrLHQ4P2pQNHoy12EYzQP0QcFX
-----END CERTIFICATE-----