Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/gupcS44L1JHkSszmsa-nVnvb5Pw.roa
File:                     gupcS44L1JHkSszmsa-nVnvb5Pw.roa (raw, json)
Hash identifier:          CHxnV0PlddUprn2zzLScX6c4dbcF4kzpNC/xiaQ6xrE=
Subject key identifier:   82:EA:5C:4B:8E:0B:D4:91:E4:4A:CC:E6:B1:AF:A7:56:7B:DB:E4:FC
Certificate issuer:       /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial:       0191E622D8FC0F6FA52F77307A9E642A57C6
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/gupcS44L1JHkSszmsa-nVnvb5Pw.roa
Signing time:             Thu 12 Sep 2024 12:08:48 +0000
ROA not before:           Thu 12 Sep 2024 12:08:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57487
IP address blocks:        2a11:643::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:e6:22:d8:fc:0f:6f:a5:2f:77:30:7a:9e:64:2a:57:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
        Validity
            Not Before: Sep 12 12:08:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=82ea5c4b8e0bd491e44acce6b1afa7567bdbe4fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:ac:06:63:5a:b5:4b:5f:b8:c5:13:d8:07:c6:
                    a8:33:0e:c1:35:eb:24:c0:b4:7c:a1:e9:af:6e:e9:
                    45:ae:03:d4:dd:c2:18:0e:c7:02:04:8b:6a:c7:71:
                    12:24:03:b0:40:b8:85:a4:24:fb:75:5d:ce:17:e4:
                    cd:96:00:55:69:f0:12:98:00:d4:61:ed:5b:ac:29:
                    b6:1a:30:c0:d6:4b:21:a5:4d:1d:23:50:e2:9d:b8:
                    c5:71:ff:bf:c9:01:df:78:77:da:7f:13:16:10:54:
                    3d:96:fa:01:c7:85:81:89:2d:18:db:31:46:ab:04:
                    57:1e:01:1c:3d:29:f9:b9:4f:09:cb:e7:6a:76:96:
                    5a:f7:7c:d2:cd:d4:2f:8a:3b:8d:54:d6:98:45:c6:
                    c8:8f:aa:b8:26:06:82:a7:fc:09:c8:e6:49:23:88:
                    9f:de:46:7d:1a:a4:5b:e5:0d:59:0e:86:4f:c7:d4:
                    3b:ea:20:3c:11:53:3f:42:58:73:4e:90:3a:5d:28:
                    5b:fa:6f:2a:39:3d:2b:41:81:b5:92:f8:1e:53:da:
                    9c:d1:d4:70:48:f6:d6:f8:90:1a:95:80:70:01:18:
                    95:be:40:a3:c6:92:89:62:eb:80:ad:a3:5f:8e:44:
                    84:75:7d:13:f3:29:2c:a7:8e:f3:32:77:95:7a:c5:
                    e9:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:EA:5C:4B:8E:0B:D4:91:E4:4A:CC:E6:B1:AF:A7:56:7B:DB:E4:FC
            X509v3 Authority Key Identifier:
                keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/gupcS44L1JHkSszmsa-nVnvb5Pw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:643::/32

    Signature Algorithm: sha256WithRSAEncryption
         99:37:ac:d1:3f:96:86:2a:a4:a8:15:1c:1e:a7:7d:62:85:5d:
         b7:6d:00:f7:75:84:9f:95:d6:d8:f0:da:1c:54:d3:9b:c9:e8:
         55:c0:58:22:ba:65:f8:6a:73:3b:9f:88:2b:a6:48:1a:73:9d:
         53:75:6a:a0:0c:a8:4c:bf:b0:95:26:71:f7:71:35:a0:91:54:
         3f:db:0d:a0:ba:56:3c:97:66:5a:69:f2:f3:36:f2:9e:df:a9:
         0f:b3:45:a5:e3:48:34:c0:57:89:73:ba:a5:ef:ed:eb:7a:df:
         f7:37:ad:77:d9:d4:a7:3c:39:5a:bc:ed:e8:d2:1c:37:97:30:
         bf:dc:15:d8:da:86:da:dc:52:82:65:f2:8d:7b:e9:23:67:78:
         35:3d:75:f3:b6:d9:00:6e:26:f5:3c:b0:a7:92:1a:d7:95:a9:
         9d:54:58:b0:78:7e:b8:da:15:d6:24:6c:74:02:91:5f:0d:86:
         02:d6:a8:a0:a8:41:97:ed:96:82:00:bc:6c:90:17:19:ef:0b:
         55:82:b3:8e:ff:4f:bf:62:25:9c:48:ab:3a:b3:d9:66:e9:3f:
         71:f0:83:32:4c:ef:e7:4b:02:4b:a4:1a:4b:75:87:89:49:51:
         44:8d:27:ba:06:b5:cf:01:18:41:f0:cd:6e:fb:cd:0b:bc:5a:
         7d:c0:96:93
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZHmItj8D2+lL3cwep5kKlfGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjQwOTEyMTIwODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmVhNWM0YjhlMGJkNDkxZTQ0YWNjZTZiMWFmYTc1NjdiZGJlNGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyawGY1q1S1+4xRPYB8aoMw7BNesk
wLR8oemvbulFrgPU3cIYDscCBItqx3ESJAOwQLiFpCT7dV3OF+TNlgBVafASmADU
Ye1brCm2GjDA1kshpU0dI1DinbjFcf+/yQHfeHfafxMWEFQ9lvoBx4WBiS0Y2zFG
qwRXHgEcPSn5uU8Jy+dqdpZa93zSzdQvijuNVNaYRcbIj6q4JgaCp/wJyOZJI4if
3kZ9GqRb5Q1ZDoZPx9Q76iA8EVM/QlhzTpA6XShb+m8qOT0rQYG1kvgeU9qc0dRw
SPbW+JAalYBwARiVvkCjxpKJYuuAraNfjkSEdX0T8yksp47zMneVesXpowIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFILqXEuOC9SR5ErM5rGvp1Z72+T8MB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvZ3VwY1M0NEwxSkhrU3N6bXNhLW5WbnZiNVB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhEGQzAN
BgkqhkiG9w0BAQsFAAOCAQEAmTes0T+WhiqkqBUcHqd9YoVdt20A93WEn5XW2PDa
HFTTm8noVcBYIrpl+GpzO5+IK6ZIGnOdU3VqoAyoTL+wlSZx93E1oJFUP9sNoLpW
PJdmWmny8zbynt+pD7NFpeNINMBXiXO6pe/t63rf9zetd9nUpzw5Wrzt6NIcN5cw
v9wV2NqG2txSgmXyjXvpI2d4NT1187bZAG4m9Tywp5Ia15WpnVRYsHh+uNoV1iRs
dAKRXw2GAtaooKhBl+2WggC8bJAXGe8LVYKzjv9Pv2IlnEirOrPZZuk/cfCDMkzv
50sCS6QaS3WHiUlRRI0nuga1zwEYQfDNbvvNC7xafcCWkw==
-----END CERTIFICATE-----