Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/jEJoaDc2Ebx5eZL3klh8-HvjBKQ.roa
File:                     jEJoaDc2Ebx5eZL3klh8-HvjBKQ.roa (raw, json)
Hash identifier:          iugAL3mmgo8uGtmY7ITScKrNzIC89ha94P6PZRx2gYk=
Subject key identifier:   8C:42:68:68:37:36:11:BC:79:79:92:F7:92:58:7C:F8:7B:E3:04:A4
Certificate issuer:       /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial:       019007F460B332378584D6C863EB71BB2183
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/jEJoaDc2Ebx5eZL3klh8-HvjBKQ.roa
Signing time:             Tue 11 Jun 2024 15:39:34 +0000
ROA not before:           Tue 11 Jun 2024 15:39:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213220
IP address blocks:        2a11:645::/32 maxlen: 32
                          2a11:b680::/32 maxlen: 32
                          2a11:b681::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:07:f4:60:b3:32:37:85:84:d6:c8:63:eb:71:bb:21:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
        Validity
            Not Before: Jun 11 15:39:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8c426868373611bc797992f792587cf87be304a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:e8:0e:39:31:ae:af:7b:77:4b:e4:1c:2c:93:
                    84:de:cf:c9:98:54:a3:76:1d:a1:e4:7c:2c:c2:20:
                    c0:84:e2:8f:74:21:12:c3:04:58:37:32:06:db:25:
                    10:c9:35:32:36:57:2e:7f:b4:48:84:36:2d:25:5d:
                    c0:52:c8:41:94:8b:99:d2:78:e1:58:72:2d:be:d8:
                    26:83:d9:b7:ba:c3:01:a0:b7:61:b1:c8:52:b4:df:
                    7c:bc:b1:bd:be:c5:3a:da:76:a1:95:ac:bb:af:29:
                    7a:57:e5:9d:56:f3:ad:6e:11:28:2e:80:be:5b:b6:
                    a7:be:a5:38:99:12:b3:11:cf:c9:0a:e4:2d:2c:62:
                    65:fe:4f:73:5f:62:5d:c3:fe:15:4b:3c:16:91:be:
                    a8:6b:e3:d8:72:90:09:87:a5:03:e2:07:7e:e5:37:
                    66:3c:16:64:e8:2d:e5:1e:08:f9:e5:9b:56:9f:77:
                    5d:18:b0:e5:28:27:a9:c2:d2:7b:38:62:0c:6b:7d:
                    bd:d7:a3:af:20:94:b0:31:5f:99:ab:6d:98:72:22:
                    db:39:79:1f:08:bb:f3:c3:d4:19:d8:a6:af:f7:c4:
                    c3:0a:ab:b0:f6:e7:52:27:ed:03:57:40:8d:44:e1:
                    52:1f:64:90:b0:50:f9:3e:3a:18:b8:d8:98:39:32:
                    d4:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:42:68:68:37:36:11:BC:79:79:92:F7:92:58:7C:F8:7B:E3:04:A4
            X509v3 Authority Key Identifier:
                keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/jEJoaDc2Ebx5eZL3klh8-HvjBKQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:645::/32
                  2a11:b680::/31

    Signature Algorithm: sha256WithRSAEncryption
         6e:53:ee:f8:42:01:15:7a:38:6f:83:10:59:9b:41:76:4a:1d:
         ca:e1:52:ad:18:c9:7a:a8:9c:ca:0b:18:f1:9a:ac:41:a4:ce:
         2b:40:4a:af:57:b6:5b:3e:26:fc:60:bc:fc:df:af:d5:1e:bd:
         db:99:fc:8c:d2:e7:32:3b:48:60:da:a1:45:f6:72:0c:54:bf:
         2a:56:45:0f:08:42:06:d8:dd:a6:eb:44:11:1a:94:14:c3:a3:
         69:41:af:c1:14:13:d0:02:93:4f:6a:91:94:b0:15:58:5f:6f:
         5b:a3:e8:d8:c8:eb:63:69:13:eb:a1:04:39:4a:86:c5:03:41:
         2a:76:70:db:a7:cb:f2:80:90:0a:34:5b:0d:e5:c2:dd:3d:78:
         d4:9b:5e:8c:25:85:e9:54:e8:3e:e6:a7:be:52:9e:87:1a:17:
         57:78:bd:ad:c0:d8:ab:14:8d:7a:bc:14:62:a5:f2:b1:1a:02:
         5b:97:8c:e5:cf:e4:e7:b3:74:00:82:e5:99:d8:10:94:0b:31:
         d8:d6:ac:a2:b6:af:e3:74:db:df:0d:44:9a:b9:e1:d6:48:5d:
         3a:f6:0e:37:65:80:13:9f:89:5e:57:d9:52:48:ec:ce:b0:3c:
         1b:f6:ea:f7:4a:3f:23:1f:cd:6a:36:6a:f6:c8:03:18:33:1b:
         9c:9d:1c:3c
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZAH9GCzMjeFhNbIY+txuyGDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjQwNjExMTUzOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzQyNjg2ODM3MzYxMWJjNzk3OTkyZjc5MjU4N2NmODdiZTMwNGE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsugOOTGur3t3S+QcLJOE3s/JmFSj
dh2h5HwswiDAhOKPdCESwwRYNzIG2yUQyTUyNlcuf7RIhDYtJV3AUshBlIuZ0njh
WHItvtgmg9m3usMBoLdhschStN98vLG9vsU62nahlay7ryl6V+WdVvOtbhEoLoC+
W7anvqU4mRKzEc/JCuQtLGJl/k9zX2Jdw/4VSzwWkb6oa+PYcpAJh6UD4gd+5Tdm
PBZk6C3lHgj55ZtWn3ddGLDlKCepwtJ7OGIMa32916OvIJSwMV+Zq22YciLbOXkf
CLvzw9QZ2Kav98TDCquw9udSJ+0DV0CNROFSH2SQsFD5PjoYuNiYOTLUzQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFIxCaGg3NhG8eXmS95JYfPh74wSkMB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvakVKb2FEYzJFYng1ZVpMM2tsaDgtSHZqQktRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKhEGRQMF
ASoRtoAwDQYJKoZIhvcNAQELBQADggEBAG5T7vhCARV6OG+DEFmbQXZKHcrhUq0Y
yXqonMoLGPGarEGkzitASq9Xtls+JvxgvPzfr9UevduZ/IzS5zI7SGDaoUX2cgxU
vypWRQ8IQgbY3abrRBEalBTDo2lBr8EUE9ACk09qkZSwFVhfb1uj6NjI62NpE+uh
BDlKhsUDQSp2cNuny/KAkAo0Ww3lwt09eNSbXowlhelU6D7mp75SnocaF1d4va3A
2KsUjXq8FGKl8rEaAluXjOXP5OezdACC5ZnYEJQLMdjWrKK2r+N0298NRJq54dZI
XTr2DjdlgBOfiV5X2VJI7M6wPBv26vdKPyMfzWo2avbIAxgzG5ydHDw=
-----END CERTIFICATE-----