Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/fYF7qqgFSbvIG73SPY7HLutTKjg.roa
File:                     fYF7qqgFSbvIG73SPY7HLutTKjg.roa (raw, json)
Hash identifier:          W1bI8M13r5AfXe8ka6CcjpoFATPqC/92JlE0ol/K+yo=
Subject key identifier:   7D:81:7B:AA:A8:05:49:BB:C8:1B:BD:D2:3D:8E:C7:2E:EB:53:2A:38
Certificate issuer:       /CN=763d457e5d3cc0acd8a74f8b10e2686bfbc496cb
Certificate serial:       019075232FA0939B5641280C819BCCA0464B
Authority key identifier: 76:3D:45:7E:5D:3C:C0:AC:D8:A7:4F:8B:10:E2:68:6B:FB:C4:96:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dj1Ffl08wKzYp0-LEOJoa_vElss.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/fYF7qqgFSbvIG73SPY7HLutTKjg.roa
Signing time:             Tue 02 Jul 2024 20:29:18 +0000
ROA not before:           Tue 02 Jul 2024 20:29:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57487
IP address blocks:        2a11:cd05::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/dj1Ffl08wKzYp0-LEOJoa_vElss.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/dj1Ffl08wKzYp0-LEOJoa_vElss.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dj1Ffl08wKzYp0-LEOJoa_vElss.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:75:23:2f:a0:93:9b:56:41:28:0c:81:9b:cc:a0:46:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=763d457e5d3cc0acd8a74f8b10e2686bfbc496cb
        Validity
            Not Before: Jul  2 20:29:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d817baaa80549bbc81bbdd23d8ec72eeb532a38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:96:42:0d:91:45:63:ac:ee:b7:ae:2e:e8:b7:
                    ee:b4:86:7f:75:ad:25:95:0e:4e:37:ba:b1:2e:29:
                    2b:58:be:82:e7:15:e3:39:5b:1b:80:7f:92:63:e3:
                    f8:b5:54:29:a3:47:69:53:6e:c3:6a:2a:f7:11:e5:
                    1f:9c:a0:ac:15:3e:6d:47:6b:b7:2f:0a:1e:75:eb:
                    91:30:28:24:44:05:84:c7:35:86:20:c7:38:af:22:
                    e5:a3:35:1f:ca:7b:cf:1c:9a:8b:c7:16:ce:f8:39:
                    8c:37:e9:b1:ab:3e:90:74:85:ee:36:bc:87:07:13:
                    a8:c3:08:cf:3e:e8:17:cc:2b:23:48:77:58:01:93:
                    d3:17:67:b7:37:47:bc:ae:b7:a3:9a:13:20:b4:8e:
                    7c:7c:88:10:0b:c7:21:8f:4c:a1:a5:fb:73:f1:23:
                    96:fd:ea:70:7d:07:a2:59:90:54:e0:75:cf:b5:2c:
                    34:c2:9c:28:d9:5a:5c:cd:e3:d1:f8:d1:1d:e8:0f:
                    f0:f3:77:4f:ce:c8:08:0b:41:3a:7f:ae:10:89:99:
                    f1:45:8d:3f:ac:9d:99:78:40:54:d1:ad:a9:88:c0:
                    45:ef:f6:55:22:4d:4d:72:bf:c4:e6:ad:50:38:5a:
                    75:d6:d9:d3:c3:b8:ac:67:66:9e:09:66:b6:dc:c9:
                    11:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:81:7B:AA:A8:05:49:BB:C8:1B:BD:D2:3D:8E:C7:2E:EB:53:2A:38
            X509v3 Authority Key Identifier:
                keyid:76:3D:45:7E:5D:3C:C0:AC:D8:A7:4F:8B:10:E2:68:6B:FB:C4:96:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dj1Ffl08wKzYp0-LEOJoa_vElss.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/fYF7qqgFSbvIG73SPY7HLutTKjg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/dj1Ffl08wKzYp0-LEOJoa_vElss.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:cd05::/32

    Signature Algorithm: sha256WithRSAEncryption
         11:bd:c4:f7:2f:18:0e:b9:c1:0d:2e:55:4b:4c:65:77:ff:29:
         27:db:e8:06:6d:60:0c:18:b6:d6:f1:f2:30:0e:c6:93:4a:91:
         f0:ab:fc:9e:06:0c:72:a5:f0:65:5d:74:9d:47:04:aa:a7:e2:
         5d:9d:8c:6d:63:f6:88:d0:a6:c3:b1:de:73:9b:bf:21:3f:04:
         6c:4c:ab:4d:bd:f7:35:4b:e2:f6:bd:9b:87:eb:b0:4d:26:ff:
         72:62:83:d9:ef:9a:82:e4:cb:ad:61:79:48:c6:06:6c:59:c8:
         f1:f3:a7:c2:da:70:b3:84:c6:63:ad:5c:30:df:ec:e5:98:f4:
         5f:a0:2c:3a:41:44:bd:a4:bc:c9:48:2b:58:a4:81:da:ba:95:
         27:fc:1a:78:6d:c3:e7:3d:cc:1d:a3:e1:20:f7:5e:f1:af:47:
         2e:80:8b:7a:5a:7f:37:e0:fc:41:8c:65:b9:31:99:6d:1d:d3:
         ce:5b:24:68:2e:08:c4:28:c3:d3:91:50:5a:6a:56:4f:42:fc:
         0f:a8:d8:5b:49:87:50:b9:66:7f:0f:97:6a:fb:63:7b:b5:01:
         db:23:2c:db:ce:47:2a:f3:1b:86:76:20:9c:b4:d4:ea:b0:29:
         40:e9:95:73:68:c8:3a:68:89:0d:2b:f0:be:2e:55:54:b2:07:
         0b:aa:78:70
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZB1Iy+gk5tWQSgMgZvMoEZLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2M2Q0NTdlNWQzY2MwYWNkOGE3NGY4YjEwZTI2ODZiZmJj
NDk2Y2IwHhcNMjQwNzAyMjAyOTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDgxN2JhYWE4MDU0OWJiYzgxYmJkZDIzZDhlYzcyZWViNTMyYTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvZZCDZFFY6zut64u6LfutIZ/da0l
lQ5ON7qxLikrWL6C5xXjOVsbgH+SY+P4tVQpo0dpU27Dair3EeUfnKCsFT5tR2u3
LwoedeuRMCgkRAWExzWGIMc4ryLlozUfynvPHJqLxxbO+DmMN+mxqz6QdIXuNryH
BxOowwjPPugXzCsjSHdYAZPTF2e3N0e8rrejmhMgtI58fIgQC8chj0yhpftz8SOW
/epwfQeiWZBU4HXPtSw0wpwo2VpczePR+NEd6A/w83dPzsgIC0E6f64QiZnxRY0/
rJ2ZeEBU0a2piMBF7/ZVIk1Ncr/E5q1QOFp11tnTw7isZ2aeCWa23MkRNwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFH2Be6qoBUm7yBu90j2Oxy7rUyo4MB8GA1UdIwQY
MBaAFHY9RX5dPMCs2KdPixDiaGv7xJbLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGoxRmZsMDh3S3pZcDAtTEVPSm9hX3ZFbHNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9jY2M5NGItYzI4Ny00ZTVmLTg2MDQt
N2U1OTRmMjQ5NGNjLzEvZllGN3FxZ0ZTYnZJRzczU1BZN0hMdXRUS2pnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9jY2M5NGItYzI4Ny00ZTVmLTg2MDQtN2U1OTRmMjQ5NGNj
LzEvZGoxRmZsMDh3S3pZcDAtTEVPSm9hX3ZFbHNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhHNBTAN
BgkqhkiG9w0BAQsFAAOCAQEAEb3E9y8YDrnBDS5VS0xld/8pJ9voBm1gDBi21vHy
MA7Gk0qR8Kv8ngYMcqXwZV10nUcEqqfiXZ2MbWP2iNCmw7Hec5u/IT8EbEyrTb33
NUvi9r2bh+uwTSb/cmKD2e+aguTLrWF5SMYGbFnI8fOnwtpws4TGY61cMN/s5Zj0
X6AsOkFEvaS8yUgrWKSB2rqVJ/waeG3D5z3MHaPhIPde8a9HLoCLelp/N+D8QYxl
uTGZbR3TzlskaC4IxCjD05FQWmpWT0L8D6jYW0mHULlmfw+Xavtje7UB2yMs285H
KvMbhnYgnLTU6rApQOmVc2jIOmiJDSvwvi5VVLIHC6p4cA==
-----END CERTIFICATE-----