Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/ry9jCCiXKxcZs4x-hvH-ZbcKJ8c.roa
File:                     ry9jCCiXKxcZs4x-hvH-ZbcKJ8c.roa (raw, json)
Hash identifier:          pgQDzmfTZG79eOFNAbIvZLzU0U62oO1FbzSMzafHb8o=
Subject key identifier:   AF:2F:63:08:28:97:2B:17:19:B3:8C:7E:86:F1:FE:65:B7:0A:27:C7
Certificate issuer:       /CN=f75d8b52815f3f2613e948992ec9fe660f6949b4
Certificate serial:       018CC7262692533F34E2D5C4BB512BE0579C
Authority key identifier: F7:5D:8B:52:81:5F:3F:26:13:E9:48:99:2E:C9:FE:66:0F:69:49:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/912LUoFfPyYT6UiZLsn-Zg9pSbQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/ry9jCCiXKxcZs4x-hvH-ZbcKJ8c.roa
Signing time:             Mon 01 Jan 2024 22:30:15 +0000
ROA not before:           Mon 01 Jan 2024 22:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204916
IP address blocks:        2a11:5a43::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/912LUoFfPyYT6UiZLsn-Zg9pSbQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/912LUoFfPyYT6UiZLsn-Zg9pSbQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/912LUoFfPyYT6UiZLsn-Zg9pSbQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:26:92:53:3f:34:e2:d5:c4:bb:51:2b:e0:57:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f75d8b52815f3f2613e948992ec9fe660f6949b4
        Validity
            Not Before: Jan  1 22:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=af2f630828972b1719b38c7e86f1fe65b70a27c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:d8:46:35:7a:a0:de:2b:a8:ba:fa:41:b6:f5:
                    6c:72:67:80:5c:0b:80:9d:8e:c7:2d:41:d0:c7:ab:
                    1d:96:2f:b4:4b:dc:4c:2b:be:e4:5c:20:3f:2e:a8:
                    1a:9f:28:ba:64:47:84:af:53:e9:d4:9b:e1:19:97:
                    a1:eb:4f:e3:d4:16:06:cf:8a:a1:15:7d:e4:fa:98:
                    8c:ed:16:49:b5:97:4d:c0:27:28:c3:a9:1b:ae:fe:
                    a8:a5:6b:a9:a4:40:1e:c7:b0:ce:ce:e0:7a:c7:90:
                    39:02:02:ad:46:74:44:76:e1:a4:21:8c:72:9d:0a:
                    75:27:aa:bb:9d:9a:7b:8b:31:b9:b9:ee:0e:47:a7:
                    ad:27:41:ff:a9:1d:da:af:e6:aa:75:c5:fe:9c:c5:
                    e6:53:55:49:56:4a:c1:80:1c:b2:37:b5:20:5a:a1:
                    b3:23:84:6c:b5:82:bf:36:be:cc:4c:43:5e:82:98:
                    28:cc:19:07:dd:f0:0c:46:f0:cc:da:57:9e:16:66:
                    b9:5a:bc:53:cb:8d:c5:b1:9f:eb:82:e0:09:d0:f0:
                    25:59:9b:f8:15:3e:90:b9:29:27:7f:92:b9:77:1a:
                    30:46:44:e9:10:e3:ad:50:23:b9:6d:c5:a1:5e:d9:
                    24:61:5c:cc:72:f6:2a:7d:2e:c9:b1:2e:1d:ff:26:
                    01:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:2F:63:08:28:97:2B:17:19:B3:8C:7E:86:F1:FE:65:B7:0A:27:C7
            X509v3 Authority Key Identifier:
                keyid:F7:5D:8B:52:81:5F:3F:26:13:E9:48:99:2E:C9:FE:66:0F:69:49:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/912LUoFfPyYT6UiZLsn-Zg9pSbQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/ry9jCCiXKxcZs4x-hvH-ZbcKJ8c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/912LUoFfPyYT6UiZLsn-Zg9pSbQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:5a43::/32

    Signature Algorithm: sha256WithRSAEncryption
         5e:88:e2:ef:43:4d:12:fa:c7:f0:ff:8c:7f:99:11:a3:93:75:
         7c:ec:09:fe:2a:32:8b:d1:f5:42:43:ed:68:f7:b3:56:21:8b:
         b1:c9:23:5f:11:32:9e:35:47:ba:3d:99:a2:42:73:06:d7:09:
         24:15:26:3a:84:ae:ea:dd:3b:0d:25:86:a6:44:70:ab:a4:48:
         b1:71:ae:c1:2f:b8:4b:d1:c2:0d:4a:15:85:be:f8:c3:1f:0d:
         50:78:6f:e8:88:e1:3d:b2:56:2e:e4:ab:8a:88:31:f7:2e:aa:
         fc:18:7c:b5:9a:ba:16:de:58:46:bc:0e:2b:00:7a:95:27:0e:
         1c:d8:6f:6f:48:28:af:c0:25:84:53:18:95:f1:c4:01:5a:74:
         6d:66:df:9e:94:cc:8e:9c:65:4d:3b:6e:9e:7e:4d:e9:75:02:
         44:f2:f4:d9:98:4a:6d:be:25:bb:21:04:e4:6e:a7:c6:d4:c7:
         bb:93:ef:92:65:dc:fb:02:67:55:e7:76:a4:8c:5a:c9:a7:15:
         e1:c9:80:06:97:40:d1:8b:ea:32:63:82:13:3d:1f:31:45:33:
         08:92:0d:c7:37:f8:59:48:df:b6:bf:fe:20:de:51:44:08:21:
         fa:5d:6e:d6:8b:4f:98:fe:58:c0:b6:62:07:9e:1d:e4:4a:5a:
         00:b6:b4:d5
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzHJiaSUz804tXEu1Er4FecMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NWQ4YjUyODE1ZjNmMjYxM2U5NDg5OTJlYzlmZTY2MGY2
OTQ5YjQwHhcNMjQwMTAxMjIzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjJmNjMwODI4OTcyYjE3MTliMzhjN2U4NmYxZmU2NWI3MGEyN2M3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0thGNXqg3iuouvpBtvVscmeAXAuA
nY7HLUHQx6sdli+0S9xMK77kXCA/Lqganyi6ZEeEr1Pp1JvhGZeh60/j1BYGz4qh
FX3k+piM7RZJtZdNwCcow6kbrv6opWuppEAex7DOzuB6x5A5AgKtRnREduGkIYxy
nQp1J6q7nZp7izG5ue4OR6etJ0H/qR3ar+aqdcX+nMXmU1VJVkrBgByyN7UgWqGz
I4RstYK/Nr7MTENegpgozBkH3fAMRvDM2leeFma5WrxTy43FsZ/rguAJ0PAlWZv4
FT6QuSknf5K5dxowRkTpEOOtUCO5bcWhXtkkYVzMcvYqfS7JsS4d/yYBOwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFK8vYwgolysXGbOMfobx/mW3CifHMB8GA1UdIwQY
MBaAFPddi1KBXz8mE+lImS7J/mYPaUm0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTEyTFVvRmZQeVlUNlVpWkxzbi1aZzlwU2JRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC85NTE0ZWQtMjc2ZS00YWJhLTg5N2Ut
YTQ0MTBlMTBiNmY1LzEvcnk5akNDaVhLeGNaczR4LWh2SC1aYmNLSjhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC85NTE0ZWQtMjc2ZS00YWJhLTg5N2UtYTQ0MTBlMTBiNmY1
LzEvOTEyTFVvRmZQeVlUNlVpWkxzbi1aZzlwU2JRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhFaQzAN
BgkqhkiG9w0BAQsFAAOCAQEAXoji70NNEvrH8P+Mf5kRo5N1fOwJ/ioyi9H1QkPt
aPezViGLsckjXxEynjVHuj2ZokJzBtcJJBUmOoSu6t07DSWGpkRwq6RIsXGuwS+4
S9HCDUoVhb74wx8NUHhv6IjhPbJWLuSriogx9y6q/Bh8tZq6Ft5YRrwOKwB6lScO
HNhvb0gor8AlhFMYlfHEAVp0bWbfnpTMjpxlTTtunn5N6XUCRPL02ZhKbb4luyEE
5G6nxtTHu5PvkmXc+wJnVed2pIxayacV4cmABpdA0YvqMmOCEz0fMUUzCJINxzf4
WUjftr/+IN5RRAgh+l1u1otPmP5YwLZiB54d5EpaALa01Q==
-----END CERTIFICATE-----