Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/3bc707-76e7-4987-befa-981184dee131/1/Mhe-DiDiWzO6cNoqCkAD4Ax_M8E.roa
File:                     Mhe-DiDiWzO6cNoqCkAD4Ax_M8E.roa (raw, json)
Hash identifier:          28fZ5uSVUyB+1QqMleXw+Yp0J930J9CoEZkGIvL8h7Q=
Subject key identifier:   32:17:BE:0E:20:E2:5B:33:BA:70:DA:2A:0A:40:03:E0:0C:7F:33:C1
Certificate issuer:       /CN=d34fa6be3f5c38f4bb7e062b6707747f4961a048
Certificate serial:       018CCA29958C2FC3A2B50DF77E785E812E19
Authority key identifier: D3:4F:A6:BE:3F:5C:38:F4:BB:7E:06:2B:67:07:74:7F:49:61:A0:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/00-mvj9cOPS7fgYrZwd0f0lhoEg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/3bc707-76e7-4987-befa-981184dee131/1/Mhe-DiDiWzO6cNoqCkAD4Ax_M8E.roa
Signing time:             Tue 02 Jan 2024 12:32:52 +0000
ROA not before:           Tue 02 Jan 2024 12:32:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        2a11:9c80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/3bc707-76e7-4987-befa-981184dee131/1/00-mvj9cOPS7fgYrZwd0f0lhoEg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/3bc707-76e7-4987-befa-981184dee131/1/00-mvj9cOPS7fgYrZwd0f0lhoEg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/00-mvj9cOPS7fgYrZwd0f0lhoEg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:03:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:95:8c:2f:c3:a2:b5:0d:f7:7e:78:5e:81:2e:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d34fa6be3f5c38f4bb7e062b6707747f4961a048
        Validity
            Not Before: Jan  2 12:32:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3217be0e20e25b33ba70da2a0a4003e00c7f33c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:d7:24:ec:3d:8a:7c:f9:69:5e:0b:88:6f:05:
                    e8:42:82:51:59:60:e1:69:50:bb:c9:75:2b:2a:b0:
                    90:c5:17:c6:53:43:91:bf:f8:2a:6d:65:28:bf:57:
                    21:c3:fd:77:00:1d:03:65:ca:f3:36:75:a5:b2:ec:
                    87:23:5a:df:ee:ab:45:05:d1:db:7b:22:47:80:90:
                    bf:64:45:1c:e2:6a:3d:62:59:db:5d:e9:0d:1d:98:
                    0d:a4:03:50:aa:12:bb:fc:c3:b5:2a:1e:c6:b6:ac:
                    bb:ef:8f:d6:44:77:93:bb:9f:ad:ae:c5:b6:30:16:
                    06:40:d5:bb:c2:a4:f1:8b:d3:30:c5:f6:5e:a9:e4:
                    d5:22:2c:40:7e:fa:67:09:ec:3c:ac:c8:00:5a:96:
                    72:91:b6:55:99:30:fa:d8:3d:41:b2:f9:4e:e6:22:
                    2d:9d:96:90:ab:3b:76:e8:72:d5:2d:e4:38:85:60:
                    56:ee:d7:c5:c0:f7:40:9c:ce:d8:e1:43:f8:66:9f:
                    db:9b:aa:18:45:bf:fc:74:9d:ee:04:06:f7:c5:4b:
                    da:f8:54:89:9c:70:12:ce:05:2f:1c:82:54:bb:5e:
                    2a:b2:01:bb:48:27:08:8f:3a:61:ad:c5:73:86:ce:
                    b4:5e:72:6d:01:69:9b:46:34:06:84:7a:39:d0:62:
                    43:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:17:BE:0E:20:E2:5B:33:BA:70:DA:2A:0A:40:03:E0:0C:7F:33:C1
            X509v3 Authority Key Identifier:
                keyid:D3:4F:A6:BE:3F:5C:38:F4:BB:7E:06:2B:67:07:74:7F:49:61:A0:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/00-mvj9cOPS7fgYrZwd0f0lhoEg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/3bc707-76e7-4987-befa-981184dee131/1/Mhe-DiDiWzO6cNoqCkAD4Ax_M8E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/3bc707-76e7-4987-befa-981184dee131/1/00-mvj9cOPS7fgYrZwd0f0lhoEg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:9c80::/29

    Signature Algorithm: sha256WithRSAEncryption
         a0:41:01:a1:70:a3:2c:02:41:a3:ad:e4:53:a2:e4:e6:be:8f:
         41:d6:40:40:c1:a4:c3:b2:9d:8c:2d:99:cb:49:76:f0:96:ee:
         d0:9d:b1:ef:ba:54:63:f8:95:bf:98:3a:fa:ef:44:62:65:9a:
         57:ab:d0:17:3b:ef:0d:6c:78:f6:cd:2e:f8:4d:92:98:e9:28:
         75:5b:0a:bc:22:ef:c8:64:66:df:45:d0:f6:84:49:dd:69:8d:
         9b:23:b6:c3:ed:a5:4e:31:ed:4f:de:b2:e6:43:f2:36:d0:af:
         7d:b1:ed:ef:c8:d4:97:a8:2f:bd:1f:1b:44:cf:fb:a2:30:d2:
         f5:c4:7e:a7:f0:1b:11:ff:d0:b3:df:1e:29:ba:00:8d:f8:1f:
         8e:49:6e:ea:01:95:1a:f2:63:48:b7:16:e5:a0:d0:7f:c6:8a:
         11:a2:23:a7:73:94:19:a5:5a:d3:52:d4:c3:fa:e2:1b:11:fa:
         f9:75:d0:99:94:37:16:f5:06:60:71:e5:6c:00:f3:74:a0:e5:
         2d:4a:f6:0e:8e:32:4d:56:c9:50:c3:4b:df:9e:60:87:76:5a:
         67:1f:41:7b:38:6c:0c:27:d6:9c:18:f4:0f:8a:9c:8c:05:60:
         22:0b:39:22:75:99:2c:9c:51:82:df:3f:88:0a:2a:8d:6f:70:
         d5:5d:30:34
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzKKZWML8OitQ33fnhegS4ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzNGZhNmJlM2Y1YzM4ZjRiYjdlMDYyYjY3MDc3NDdmNDk2
MWEwNDgwHhcNMjQwMTAyMTIzMjUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjE3YmUwZTIwZTI1YjMzYmE3MGRhMmEwYTQwMDNlMDBjN2YzM2MxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApNck7D2KfPlpXguIbwXoQoJRWWDh
aVC7yXUrKrCQxRfGU0ORv/gqbWUov1chw/13AB0DZcrzNnWlsuyHI1rf7qtFBdHb
eyJHgJC/ZEUc4mo9YlnbXekNHZgNpANQqhK7/MO1Kh7Gtqy774/WRHeTu5+trsW2
MBYGQNW7wqTxi9MwxfZeqeTVIixAfvpnCew8rMgAWpZykbZVmTD62D1BsvlO5iIt
nZaQqzt26HLVLeQ4hWBW7tfFwPdAnM7Y4UP4Zp/bm6oYRb/8dJ3uBAb3xUva+FSJ
nHASzgUvHIJUu14qsgG7SCcIjzphrcVzhs60XnJtAWmbRjQGhHo50GJD1wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDIXvg4g4lszunDaKgpAA+AMfzPBMB8GA1UdIwQY
MBaAFNNPpr4/XDj0u34GK2cHdH9JYaBIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDAtbXZqOWNPUFM3ZmdZclp3ZDBmMGxob0VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC8zYmM3MDctNzZlNy00OTg3LWJlZmEt
OTgxMTg0ZGVlMTMxLzEvTWhlLURpRGlXek82Y05vcUNrQUQ0QXhfTThFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC8zYmM3MDctNzZlNy00OTg3LWJlZmEtOTgxMTg0ZGVlMTMx
LzEvMDAtbXZqOWNPUFM3ZmdZclp3ZDBmMGxob0VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhGcgDAN
BgkqhkiG9w0BAQsFAAOCAQEAoEEBoXCjLAJBo63kU6Lk5r6PQdZAQMGkw7KdjC2Z
y0l28Jbu0J2x77pUY/iVv5g6+u9EYmWaV6vQFzvvDWx49s0u+E2SmOkodVsKvCLv
yGRm30XQ9oRJ3WmNmyO2w+2lTjHtT96y5kPyNtCvfbHt78jUl6gvvR8bRM/7ojDS
9cR+p/AbEf/Qs98eKboAjfgfjklu6gGVGvJjSLcW5aDQf8aKEaIjp3OUGaVa01LU
w/riGxH6+XXQmZQ3FvUGYHHlbADzdKDlLUr2Do4yTVbJUMNL355gh3ZaZx9Bezhs
DCfWnBj0D4qcjAVgIgs5InWZLJxRgt8/iAoqjW9w1V0wNA==
-----END CERTIFICATE-----