Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/MaQUW2CnDvFMN_wHIBR4wcLO2oo.roa
File:                     MaQUW2CnDvFMN_wHIBR4wcLO2oo.roa (raw, json)
Hash identifier:          KLVhJoY15Mg5OMgIlaE3sqptgFThzShOm9YM48skeeI=
Subject key identifier:   31:A4:14:5B:60:A7:0E:F1:4C:37:FC:07:20:14:78:C1:C2:CE:DA:8A
Certificate issuer:       /CN=189d6b55d6a688ee5e3381883bb5af68433276e3
Certificate serial:       0191360E2F07793C8C187C843C0C0076E672
Authority key identifier: 18:9D:6B:55:D6:A6:88:EE:5E:33:81:88:3B:B5:AF:68:43:32:76:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/MaQUW2CnDvFMN_wHIBR4wcLO2oo.roa
Signing time:             Fri 09 Aug 2024 07:33:04 +0000
ROA not before:           Fri 09 Aug 2024 07:33:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204669
IP address blocks:        2a11:2f40::/29 maxlen: 29
                          2a11:7240::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/GJ1rVdamiO5eM4GIO7WvaEMyduM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/GJ1rVdamiO5eM4GIO7WvaEMyduM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:36:0e:2f:07:79:3c:8c:18:7c:84:3c:0c:00:76:e6:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=189d6b55d6a688ee5e3381883bb5af68433276e3
        Validity
            Not Before: Aug  9 07:33:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=31a4145b60a70ef14c37fc07201478c1c2ceda8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:d7:db:7f:2f:ba:16:3a:ed:d1:14:75:f6:4e:
                    5f:73:af:45:9d:e8:05:37:19:65:45:7d:66:2a:2c:
                    60:35:59:e2:5d:27:e4:9e:53:2c:af:07:b7:87:62:
                    fd:4e:9a:c4:2c:32:a1:5b:84:fe:7d:54:0a:db:75:
                    af:29:1a:ff:21:7c:d7:2b:eb:72:b5:b9:d3:a3:b2:
                    cd:9a:f6:d4:2c:9f:91:7a:bf:7d:a7:c6:dc:9c:cc:
                    05:ba:7b:6b:19:56:64:c0:e3:4c:ea:b3:fe:b5:ae:
                    34:0d:2b:aa:45:d6:48:34:e3:d1:c2:17:f0:d3:3f:
                    32:93:47:a5:99:d0:3b:8d:71:5d:e7:3f:67:c0:16:
                    a9:14:13:b1:30:f9:4b:36:bb:82:c7:63:cb:63:5a:
                    b7:2b:15:4c:2d:fa:2a:30:a1:6e:a8:f5:9b:6f:a1:
                    57:9b:32:d6:1c:76:41:0a:a9:d2:13:13:87:0c:4c:
                    1a:23:7e:05:80:0d:d3:3e:05:02:35:a0:65:14:4d:
                    7c:e8:b4:4f:95:2b:25:29:bc:19:59:c4:f7:c1:bb:
                    e8:85:1b:e3:7d:7f:28:3e:56:f2:b3:51:87:a2:bc:
                    0b:b6:fa:e2:ed:7c:75:6b:e2:ca:2c:f8:5f:3b:49:
                    5e:18:e0:d7:2f:b4:c1:68:b8:5f:9d:d6:f8:dd:ce:
                    5f:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:A4:14:5B:60:A7:0E:F1:4C:37:FC:07:20:14:78:C1:C2:CE:DA:8A
            X509v3 Authority Key Identifier:
                keyid:18:9D:6B:55:D6:A6:88:EE:5E:33:81:88:3B:B5:AF:68:43:32:76:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/MaQUW2CnDvFMN_wHIBR4wcLO2oo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/GJ1rVdamiO5eM4GIO7WvaEMyduM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:2f40::/29
                  2a11:7240::/29

    Signature Algorithm: sha256WithRSAEncryption
         6b:bb:92:a4:90:f5:1e:b0:2d:54:44:45:cd:a2:40:49:e6:54:
         54:c1:a5:84:78:65:8b:b2:af:1f:40:6b:eb:2b:22:2c:57:a8:
         2c:38:c4:72:de:a2:9b:13:6f:4f:d6:23:61:a5:3c:03:47:0b:
         f2:c2:ad:5c:19:9c:87:7a:0e:ac:06:fc:b4:37:d4:a3:e2:54:
         78:39:1c:29:81:94:a6:86:97:97:9d:5d:c4:51:ff:75:4c:07:
         65:62:3c:d2:4d:b6:3f:0a:c4:b7:56:f3:ff:e1:6a:cf:d2:6a:
         54:c5:90:88:a5:4a:c6:7a:0b:6f:e5:51:d5:f1:67:61:b3:89:
         a3:09:a1:23:be:76:6a:8a:b7:8e:04:2d:c7:38:af:46:5e:6b:
         dc:de:19:b8:4f:eb:41:10:38:be:cb:d2:68:d8:48:5e:16:89:
         80:38:84:a5:a7:52:96:9f:01:1a:3c:4d:40:84:d2:a6:fd:ab:
         0a:f9:23:8c:e1:b0:9e:25:13:ae:dd:03:3f:a0:71:ac:04:fe:
         65:f5:ec:5d:c1:7f:60:d2:a5:35:25:93:aa:e8:39:5e:c7:f4:
         09:e9:81:cb:2a:1d:e7:d1:11:ec:47:e3:51:51:a2:51:3c:e1:
         dc:23:d0:60:de:32:9f:9d:3c:3a:54:cb:e3:2f:2e:47:30:9d:
         74:75:1b:87
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZE2Di8HeTyMGHyEPAwAduZyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4OWQ2YjU1ZDZhNjg4ZWU1ZTMzODE4ODNiYjVhZjY4NDMz
Mjc2ZTMwHhcNMjQwODA5MDczMzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWE0MTQ1YjYwYTcwZWYxNGMzN2ZjMDcyMDE0NzhjMWMyY2VkYThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyNfbfy+6Fjrt0RR19k5fc69FnegF
NxllRX1mKixgNVniXSfknlMsrwe3h2L9TprELDKhW4T+fVQK23WvKRr/IXzXK+ty
tbnTo7LNmvbULJ+Rer99p8bcnMwFuntrGVZkwONM6rP+ta40DSuqRdZINOPRwhfw
0z8yk0elmdA7jXFd5z9nwBapFBOxMPlLNruCx2PLY1q3KxVMLfoqMKFuqPWbb6FX
mzLWHHZBCqnSExOHDEwaI34FgA3TPgUCNaBlFE186LRPlSslKbwZWcT3wbvohRvj
fX8oPlbys1GHorwLtvri7Xx1a+LKLPhfO0leGODXL7TBaLhfndb43c5fhwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFDGkFFtgpw7xTDf8ByAUeMHCztqKMB8GA1UdIwQY
MBaAFBida1XWpojuXjOBiDu1r2hDMnbjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0oxclZkYW1pTzVlTTRHSU83V3ZhRU15ZHVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS83NTdiNTYtN2I1Ny00OGEwLTlhNzUt
YTJhNGM2YTYyMWNkLzEvTWFRVVcyQ25EdkZNTl93SElCUjR3Y0xPMm9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS83NTdiNTYtN2I1Ny00OGEwLTlhNzUtYTJhNGM2YTYyMWNk
LzEvR0oxclZkYW1pTzVlTTRHSU83V3ZhRU15ZHVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKhEvQAMF
AyoRckAwDQYJKoZIhvcNAQELBQADggEBAGu7kqSQ9R6wLVRERc2iQEnmVFTBpYR4
ZYuyrx9Aa+srIixXqCw4xHLeopsTb0/WI2GlPANHC/LCrVwZnId6DqwG/LQ31KPi
VHg5HCmBlKaGl5edXcRR/3VMB2ViPNJNtj8KxLdW8//has/SalTFkIilSsZ6C2/l
UdXxZ2GziaMJoSO+dmqKt44ELcc4r0Zea9zeGbhP60EQOL7L0mjYSF4WiYA4hKWn
UpafARo8TUCE0qb9qwr5I4zhsJ4lE67dAz+gcawE/mX17F3Bf2DSpTUlk6roOV7H
9AnpgcsqHefREexH41FRolE84dwj0GDeMp+dPDpUy+MvLkcwnXR1G4c=
-----END CERTIFICATE-----