Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/ohfoQ6PMXyCRqvXL697wq32N2IE.roa
File:                     ohfoQ6PMXyCRqvXL697wq32N2IE.roa (raw, json)
Hash identifier:          4Ftq9cImGTnlsG/GFrSW+NEOcfqwWC5dS24FmwyqHJQ=
Subject key identifier:   A2:17:E8:43:A3:CC:5F:20:91:AA:F5:CB:EB:DE:F0:AB:7D:8D:D8:81
Certificate issuer:       /CN=eac2c1afd4bdec980506fa07df7c8662d554fa46
Certificate serial:       01941F8C6322F10D59FB8057C2F0F304026C
Authority key identifier: EA:C2:C1:AF:D4:BD:EC:98:05:06:FA:07:DF:7C:86:62:D5:54:FA:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6sLBr9S97JgFBvoH33yGYtVU-kY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/ohfoQ6PMXyCRqvXL697wq32N2IE.roa
Signing time:             Wed 01 Jan 2025 01:48:01 +0000
ROA not before:           Wed 01 Jan 2025 01:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209209
IP address blocks:        2a11:2307::/37 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/6sLBr9S97JgFBvoH33yGYtVU-kY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/6sLBr9S97JgFBvoH33yGYtVU-kY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6sLBr9S97JgFBvoH33yGYtVU-kY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 18:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:63:22:f1:0d:59:fb:80:57:c2:f0:f3:04:02:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eac2c1afd4bdec980506fa07df7c8662d554fa46
        Validity
            Not Before: Jan  1 01:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a217e843a3cc5f2091aaf5cbebdef0ab7d8dd881
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:a0:80:d4:ac:84:e5:67:09:c4:ff:97:31:26:
                    ba:e6:e2:ff:1b:83:1e:ea:f2:a1:69:76:64:d7:55:
                    98:86:87:10:54:3b:d3:52:20:33:42:70:b2:62:ed:
                    97:74:0c:a3:4c:9e:e6:5c:8c:d9:56:ce:9e:91:f4:
                    43:0f:bf:4f:dd:a9:46:58:e5:63:8c:48:40:95:bf:
                    23:8a:f4:4d:cf:3d:f4:31:6c:aa:ef:bc:9a:e1:c8:
                    1b:f3:51:cf:68:45:94:cf:4f:17:3f:bb:f6:38:3a:
                    2f:41:fe:44:ea:31:65:c8:e4:c6:a2:57:a1:50:1e:
                    a8:68:63:f9:2c:ea:ee:d5:fc:40:02:36:80:cc:59:
                    21:8c:e6:1a:35:5c:53:28:12:b2:9e:7e:25:d8:9d:
                    6f:3f:86:01:03:7c:7a:86:22:c4:50:81:a0:b2:b8:
                    b0:a6:49:62:4b:aa:3c:6a:1a:25:66:a4:8a:ae:99:
                    f9:8e:2e:7c:08:29:e8:d6:e9:f7:2d:14:a3:af:0d:
                    6a:8a:cd:0f:6b:ed:5b:d5:52:a1:95:e8:78:fd:4a:
                    09:1d:93:10:2e:fe:ae:23:3b:96:1b:49:b2:12:4b:
                    b5:68:0f:69:50:80:e4:5e:de:d6:15:e2:0a:9c:2d:
                    e0:f6:81:07:f4:d7:2f:5d:e1:fe:0b:b6:81:51:7b:
                    03:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:17:E8:43:A3:CC:5F:20:91:AA:F5:CB:EB:DE:F0:AB:7D:8D:D8:81
            X509v3 Authority Key Identifier:
                keyid:EA:C2:C1:AF:D4:BD:EC:98:05:06:FA:07:DF:7C:86:62:D5:54:FA:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6sLBr9S97JgFBvoH33yGYtVU-kY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/ohfoQ6PMXyCRqvXL697wq32N2IE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/6sLBr9S97JgFBvoH33yGYtVU-kY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:2307::/37

    Signature Algorithm: sha256WithRSAEncryption
         97:47:ca:73:69:9c:fc:68:9b:f3:65:01:d9:ae:c6:97:9b:34:
         bb:0d:39:ba:4d:0c:cf:9f:1a:f4:d5:81:0f:14:8c:c5:a9:88:
         c3:3a:72:ce:99:7e:0a:ac:af:95:3b:e8:ff:de:9b:51:59:62:
         c5:1b:42:27:4a:5d:dc:d8:24:ff:bd:52:a8:53:10:e6:d0:32:
         45:75:b2:0b:60:71:9e:66:55:3c:80:e7:21:47:44:9b:89:42:
         2c:17:5e:eb:a3:30:f4:70:f5:41:ef:37:32:77:91:4b:3e:1f:
         ce:58:52:f3:0e:27:19:bf:df:5d:f0:b2:a3:af:39:a0:57:05:
         d2:b3:6b:8c:70:fc:ac:30:b8:9b:70:0c:3d:e0:42:31:15:81:
         27:57:f7:12:02:de:0b:2d:45:a5:1f:25:36:66:d4:d4:e3:84:
         f6:d8:2e:69:4b:db:aa:d9:c0:25:56:57:2e:57:f3:fa:06:6d:
         5a:4d:34:39:9a:f5:37:d3:3d:a1:35:af:91:65:65:60:5d:22:
         82:9d:d7:3d:56:55:ce:b5:7b:83:51:6d:ff:98:e6:10:4c:7f:
         89:99:bd:b9:71:8e:b3:9b:66:65:22:0b:01:51:e1:9f:73:a1:
         43:72:2c:40:53:0e:4e:00:b4:8d:66:db:6a:0a:a5:7f:8c:2b:
         76:ba:e0:1b
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQfjGMi8Q1Z+4BXwvDzBAJsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYzJjMWFmZDRiZGVjOTgwNTA2ZmEwN2RmN2M4NjYyZDU1
NGZhNDYwHhcNMjUwMTAxMDE0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjE3ZTg0M2EzY2M1ZjIwOTFhYWY1Y2JlYmRlZjBhYjdkOGRkODgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt6CA1KyE5WcJxP+XMSa65uL/G4Me
6vKhaXZk11WYhocQVDvTUiAzQnCyYu2XdAyjTJ7mXIzZVs6ekfRDD79P3alGWOVj
jEhAlb8jivRNzz30MWyq77ya4cgb81HPaEWUz08XP7v2ODovQf5E6jFlyOTGoleh
UB6oaGP5LOru1fxAAjaAzFkhjOYaNVxTKBKynn4l2J1vP4YBA3x6hiLEUIGgsriw
pkliS6o8aholZqSKrpn5ji58CCno1un3LRSjrw1qis0Pa+1b1VKhleh4/UoJHZMQ
Lv6uIzuWG0myEku1aA9pUIDkXt7WFeIKnC3g9oEH9NcvXeH+C7aBUXsDuwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFKIX6EOjzF8gkar1y+ve8Kt9jdiBMB8GA1UdIwQY
MBaAFOrCwa/UveyYBQb6B998hmLVVPpGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnNMQnI5Uzk3SmdGQnZvSDMzeUdZdFZVLWtZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS81ODlhNmItNGQ3ZS00MDEyLWEwZmMt
YzBjZWIwMzdhZDQyLzEvb2hmb1E2UE1YeUNScXZYTDY5N3dxMzJOMklFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS81ODlhNmItNGQ3ZS00MDEyLWEwZmMtYzBjZWIwMzdhZDQy
LzEvNnNMQnI5Uzk3SmdGQnZvSDMzeUdZdFZVLWtZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYDKhEjBwAw
DQYJKoZIhvcNAQELBQADggEBAJdHynNpnPxom/NlAdmuxpebNLsNObpNDM+fGvTV
gQ8UjMWpiMM6cs6Zfgqsr5U76P/em1FZYsUbQidKXdzYJP+9UqhTEObQMkV1sgtg
cZ5mVTyA5yFHRJuJQiwXXuujMPRw9UHvNzJ3kUs+H85YUvMOJxm/313wsqOvOaBX
BdKza4xw/KwwuJtwDD3gQjEVgSdX9xIC3gstRaUfJTZm1NTjhPbYLmlL26rZwCVW
Vy5X8/oGbVpNNDma9TfTPaE1r5FlZWBdIoKd1z1WVc61e4NRbf+Y5hBMf4mZvblx
jrObZmUiCwFR4Z9zoUNyLEBTDk4AtI1m22oKpX+MK3a64Bs=
-----END CERTIFICATE-----