Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/0ac44d-b3be-4277-80f8-58cf89888e2a/1/Ni9yi0oQXcXm_OJuFGIpmXeTYWc.roa
File:                     Ni9yi0oQXcXm_OJuFGIpmXeTYWc.roa (raw, json)
Hash identifier:          KHceQY4xzepyQDDD0j5uC43n4fNbjcGk52+Scibl7Ho=
Subject key identifier:   36:2F:72:8B:4A:10:5D:C5:E6:FC:E2:6E:14:62:29:99:77:93:61:67
Certificate issuer:       /CN=e56076f27e13d1800e77d16e4b60b23b6f58c820
Certificate serial:       018CCA2BC47B43EE25FFD3C4F9ADFDDE87BA
Authority key identifier: E5:60:76:F2:7E:13:D1:80:0E:77:D1:6E:4B:60:B2:3B:6F:58:C8:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5WB28n4T0YAOd9FuS2CyO29YyCA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/0ac44d-b3be-4277-80f8-58cf89888e2a/1/Ni9yi0oQXcXm_OJuFGIpmXeTYWc.roa
Signing time:             Tue 02 Jan 2024 12:35:15 +0000
ROA not before:           Tue 02 Jan 2024 12:35:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204790
IP address blocks:        2a11:8900::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/0ac44d-b3be-4277-80f8-58cf89888e2a/1/5WB28n4T0YAOd9FuS2CyO29YyCA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/0ac44d-b3be-4277-80f8-58cf89888e2a/1/5WB28n4T0YAOd9FuS2CyO29YyCA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5WB28n4T0YAOd9FuS2CyO29YyCA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:c4:7b:43:ee:25:ff:d3:c4:f9:ad:fd:de:87:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e56076f27e13d1800e77d16e4b60b23b6f58c820
        Validity
            Not Before: Jan  2 12:35:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=362f728b4a105dc5e6fce26e1462299977936167
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:34:7e:d1:b3:32:e8:02:ad:d4:33:83:77:e6:
                    d4:5f:49:cd:40:a9:bd:22:9e:1c:8f:b0:d0:eb:0b:
                    0b:19:3a:de:11:b6:55:e9:44:0f:64:d8:bf:20:02:
                    93:fc:b7:97:d2:a6:c7:29:f2:5a:e5:96:d5:12:10:
                    e8:01:0c:59:f2:02:65:e0:d6:c2:5d:aa:c3:76:77:
                    2f:75:55:77:2f:a8:11:35:2f:d5:e5:9b:5d:ec:a0:
                    bb:2b:88:a4:4f:31:b9:02:e8:e7:28:d3:a8:83:eb:
                    92:e1:27:07:36:a9:ab:90:c7:92:a1:4a:57:45:d0:
                    a5:8e:aa:ce:3a:d0:73:bb:fc:4a:c0:20:5b:ac:5e:
                    d6:f7:00:09:5c:34:11:6e:a8:a3:9e:c4:69:8d:24:
                    49:56:57:16:4c:03:35:3e:37:78:be:ad:f1:03:da:
                    36:83:d9:f9:fd:20:fa:38:cc:23:82:68:d4:ca:6a:
                    2f:7e:e6:ab:65:96:9f:9d:e5:e8:b5:ff:01:1a:82:
                    a9:aa:5d:f2:34:2b:c5:a4:a5:20:81:7e:42:5c:09:
                    13:b9:2b:60:78:b2:0a:57:f0:fb:fe:f0:5e:01:29:
                    5e:d2:4e:5b:68:f6:3f:cb:91:91:1f:68:49:62:24:
                    2e:6e:6e:18:c2:d4:6f:80:8a:16:ce:bf:8f:b0:b9:
                    ad:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:2F:72:8B:4A:10:5D:C5:E6:FC:E2:6E:14:62:29:99:77:93:61:67
            X509v3 Authority Key Identifier:
                keyid:E5:60:76:F2:7E:13:D1:80:0E:77:D1:6E:4B:60:B2:3B:6F:58:C8:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5WB28n4T0YAOd9FuS2CyO29YyCA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/0ac44d-b3be-4277-80f8-58cf89888e2a/1/Ni9yi0oQXcXm_OJuFGIpmXeTYWc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/0ac44d-b3be-4277-80f8-58cf89888e2a/1/5WB28n4T0YAOd9FuS2CyO29YyCA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:8900::/29

    Signature Algorithm: sha256WithRSAEncryption
         a2:bc:d3:1f:66:95:ff:53:4a:e7:a5:81:f9:0f:98:1d:50:42:
         9b:70:73:77:0d:56:2a:ca:b6:0c:69:6b:38:9a:7b:3a:79:61:
         33:ae:b1:ee:1b:bc:5c:b7:0a:d9:23:0a:c1:ce:48:bd:c3:7f:
         7c:c9:1b:32:e4:f4:f0:98:37:fd:c0:88:e0:a6:bc:ae:36:3b:
         16:3c:50:fa:29:d6:00:ff:c9:5a:3e:bd:53:b5:ad:3e:7b:f2:
         20:ec:ef:a5:80:23:49:38:a2:4a:e6:c0:50:f2:60:45:1e:0e:
         14:be:fd:15:15:f3:9b:5f:f2:0f:ba:3a:42:6d:e6:92:c1:0f:
         cf:ba:71:ac:53:3a:aa:51:71:ce:d9:41:32:85:7a:25:00:05:
         01:36:9b:21:e8:0d:8c:27:b8:e2:57:88:7c:12:8b:b9:28:ea:
         9a:95:6f:fb:6c:4f:dd:f4:df:e5:8a:12:77:d7:05:d6:63:7c:
         b5:36:ab:4a:a7:87:70:4a:19:c3:44:48:07:04:0a:28:23:ca:
         53:71:31:26:09:fd:d2:01:7e:5d:da:60:79:83:01:75:eb:d3:
         64:f1:4e:7a:3d:9e:8b:4b:38:12:c3:b1:c1:56:70:e3:48:98:
         f0:4b:3e:ea:c5:ff:8f:b5:42:cd:90:cf:7f:16:92:0f:a7:10:
         cd:d8:58:9b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzKK8R7Q+4l/9PE+a393oe6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1NjA3NmYyN2UxM2QxODAwZTc3ZDE2ZTRiNjBiMjNiNmY1
OGM4MjAwHhcNMjQwMTAyMTIzNTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjJmNzI4YjRhMTA1ZGM1ZTZmY2UyNmUxNDYyMjk5OTc3OTM2MTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiTR+0bMy6AKt1DODd+bUX0nNQKm9
Ip4cj7DQ6wsLGTreEbZV6UQPZNi/IAKT/LeX0qbHKfJa5ZbVEhDoAQxZ8gJl4NbC
XarDdncvdVV3L6gRNS/V5Ztd7KC7K4ikTzG5AujnKNOog+uS4ScHNqmrkMeSoUpX
RdCljqrOOtBzu/xKwCBbrF7W9wAJXDQRbqijnsRpjSRJVlcWTAM1Pjd4vq3xA9o2
g9n5/SD6OMwjgmjUymovfuarZZafneXotf8BGoKpql3yNCvFpKUggX5CXAkTuStg
eLIKV/D7/vBeASle0k5baPY/y5GRH2hJYiQubm4YwtRvgIoWzr+PsLmtbQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDYvcotKEF3F5vzibhRiKZl3k2FnMB8GA1UdIwQY
MBaAFOVgdvJ+E9GADnfRbktgsjtvWMggMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVdCMjhuNFQwWUFPZDlGdVMyQ3lPMjlZeUNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC8wYWM0NGQtYjNiZS00Mjc3LTgwZjgt
NThjZjg5ODg4ZTJhLzEvTmk5eWkwb1FYY1htX09KdUZHSXBtWGVUWVdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC8wYWM0NGQtYjNiZS00Mjc3LTgwZjgtNThjZjg5ODg4ZTJh
LzEvNVdCMjhuNFQwWUFPZDlGdVMyQ3lPMjlZeUNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhGJADAN
BgkqhkiG9w0BAQsFAAOCAQEAorzTH2aV/1NK56WB+Q+YHVBCm3Bzdw1WKsq2DGlr
OJp7OnlhM66x7hu8XLcK2SMKwc5IvcN/fMkbMuT08Jg3/cCI4Ka8rjY7FjxQ+inW
AP/JWj69U7WtPnvyIOzvpYAjSTiiSubAUPJgRR4OFL79FRXzm1/yD7o6Qm3mksEP
z7pxrFM6qlFxztlBMoV6JQAFATabIegNjCe44leIfBKLuSjqmpVv+2xP3fTf5YoS
d9cF1mN8tTarSqeHcEoZw0RIBwQKKCPKU3ExJgn90gF+XdpgeYMBdevTZPFOej2e
i0s4EsOxwVZw40iY8Es+6sX/j7VCzZDPfxaSD6cQzdhYmw==
-----END CERTIFICATE-----