Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/89ec25-72dc-4f0f-8b2f-ad7890c2e752/1/JFWNXzHlo-eIbF9lxQC8enqRziM.roa
File:                     JFWNXzHlo-eIbF9lxQC8enqRziM.roa (raw, json)
Hash identifier:          k0Fq8ZV1HqrTC607W+UkYloGn9zOwL1qAz+7WLFd8H4=
Subject key identifier:   24:55:8D:5F:31:E5:A3:E7:88:6C:5F:65:C5:00:BC:7A:7A:91:CE:23
Certificate issuer:       /CN=5bd74e39dda400d136126e6c3efb1cf9344277ef
Certificate serial:       019253593814C82EB6A2B8967E32A8229185
Authority key identifier: 5B:D7:4E:39:DD:A4:00:D1:36:12:6E:6C:3E:FB:1C:F9:34:42:77:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W9dOOd2kANE2Em5sPvsc-TRCd-8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/89ec25-72dc-4f0f-8b2f-ad7890c2e752/1/JFWNXzHlo-eIbF9lxQC8enqRziM.roa
Signing time:             Thu 03 Oct 2024 17:06:48 +0000
ROA not before:           Thu 03 Oct 2024 17:06:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29182
IP address blocks:        2a11:5186::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/89ec25-72dc-4f0f-8b2f-ad7890c2e752/1/W9dOOd2kANE2Em5sPvsc-TRCd-8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/89ec25-72dc-4f0f-8b2f-ad7890c2e752/1/W9dOOd2kANE2Em5sPvsc-TRCd-8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W9dOOd2kANE2Em5sPvsc-TRCd-8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:53:59:38:14:c8:2e:b6:a2:b8:96:7e:32:a8:22:91:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5bd74e39dda400d136126e6c3efb1cf9344277ef
        Validity
            Not Before: Oct  3 17:06:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=24558d5f31e5a3e7886c5f65c500bc7a7a91ce23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:a1:43:c5:a7:4b:24:e1:df:11:61:8b:a8:f4:
                    3e:f3:60:29:53:ff:d0:5b:d6:e3:d3:63:a5:eb:2c:
                    86:d5:ae:e0:3d:f6:da:73:75:1a:92:67:7f:07:f5:
                    38:99:fb:a9:18:0e:6b:d8:ef:cc:76:48:60:61:a3:
                    40:ff:a4:2b:06:17:fc:1e:7d:c5:70:29:f6:9b:93:
                    e2:d8:2b:ca:eb:0c:fa:15:df:41:4d:1e:4f:df:2c:
                    c3:49:4e:5a:63:31:af:6e:10:dc:89:f8:26:cd:67:
                    52:4f:c8:74:30:02:60:95:c8:17:b6:2d:b2:84:a4:
                    e3:19:fa:79:fb:b6:31:9a:dd:19:d3:4b:cb:e2:ff:
                    e1:67:3d:65:d6:d4:62:06:bc:ee:f9:51:40:43:cb:
                    d6:ff:1c:21:db:ed:16:64:a6:df:16:5c:e3:02:99:
                    26:ed:d2:40:45:ea:2c:2d:de:03:bf:e5:29:1c:4e:
                    c9:72:c1:2c:ee:e0:97:54:f7:8c:9f:84:a6:fe:e1:
                    70:e6:6d:f8:cd:c6:3c:05:4f:12:dc:20:87:ad:8f:
                    f4:d7:e6:fd:f9:58:b0:ec:a9:90:c2:fa:4b:66:d4:
                    85:8a:5f:01:31:b2:50:80:24:6b:58:b1:79:21:4d:
                    a4:9e:e9:36:62:89:29:79:4a:d6:bc:12:6e:54:0e:
                    f0:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:55:8D:5F:31:E5:A3:E7:88:6C:5F:65:C5:00:BC:7A:7A:91:CE:23
            X509v3 Authority Key Identifier:
                keyid:5B:D7:4E:39:DD:A4:00:D1:36:12:6E:6C:3E:FB:1C:F9:34:42:77:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W9dOOd2kANE2Em5sPvsc-TRCd-8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/89ec25-72dc-4f0f-8b2f-ad7890c2e752/1/JFWNXzHlo-eIbF9lxQC8enqRziM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/89ec25-72dc-4f0f-8b2f-ad7890c2e752/1/W9dOOd2kANE2Em5sPvsc-TRCd-8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:5186::/32

    Signature Algorithm: sha256WithRSAEncryption
         81:cc:a2:e9:a4:b9:a6:1f:3f:36:c3:d0:e5:b0:7d:9c:71:88:
         bb:67:59:5d:17:3f:b6:58:3c:45:31:57:b5:0e:1d:e4:03:a2:
         b5:93:3c:97:c7:47:0f:bc:db:b4:dc:46:7a:15:58:94:d4:6f:
         18:fa:40:f7:e6:03:cd:00:72:02:23:95:66:8a:5d:5f:90:bd:
         0c:46:de:51:84:12:ef:26:de:df:d3:b5:75:ce:79:0c:57:4b:
         80:5e:74:4d:3c:14:df:8a:ce:8c:44:1f:18:ce:18:9d:f9:9e:
         c3:a8:3d:3b:0a:97:4c:b1:fb:00:82:f0:da:3f:0e:9f:b8:a1:
         1c:84:5e:3a:01:c3:10:79:d7:9c:9e:6d:14:f8:a1:a6:72:0d:
         8c:6a:0c:f8:fe:96:5c:b2:a0:b2:2d:31:b2:65:b2:09:3c:65:
         46:f8:48:a2:9e:47:f6:3b:c1:a8:a9:59:36:f3:d0:b6:0d:b5:
         4e:1d:3b:d2:c9:83:ae:2c:9e:a0:5a:f7:b1:89:4b:a5:78:0c:
         a3:fe:c6:af:98:66:e5:a5:9f:8f:9b:76:59:34:da:37:98:42:
         ca:10:2a:62:c6:15:d5:5d:89:df:f2:bc:ae:2f:ec:64:2c:c8:
         16:f3:a2:bc:3b:c4:06:34:45:2a:c3:a9:8f:59:c3:25:9c:9f:
         a8:ae:b1:06
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZJTWTgUyC62oriWfjKoIpGFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViZDc0ZTM5ZGRhNDAwZDEzNjEyNmU2YzNlZmIxY2Y5MzQ0
Mjc3ZWYwHhcNMjQxMDAzMTcwNjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDU1OGQ1ZjMxZTVhM2U3ODg2YzVmNjVjNTAwYmM3YTdhOTFjZTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr6FDxadLJOHfEWGLqPQ+82ApU//Q
W9bj02Ol6yyG1a7gPfbac3Uakmd/B/U4mfupGA5r2O/MdkhgYaNA/6QrBhf8Hn3F
cCn2m5Pi2CvK6wz6Fd9BTR5P3yzDSU5aYzGvbhDcifgmzWdST8h0MAJglcgXti2y
hKTjGfp5+7Yxmt0Z00vL4v/hZz1l1tRiBrzu+VFAQ8vW/xwh2+0WZKbfFlzjApkm
7dJAReosLd4Dv+UpHE7JcsEs7uCXVPeMn4Sm/uFw5m34zcY8BU8S3CCHrY/01+b9
+Viw7KmQwvpLZtSFil8BMbJQgCRrWLF5IU2knuk2YokpeUrWvBJuVA7wlQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCRVjV8x5aPniGxfZcUAvHp6kc4jMB8GA1UdIwQY
MBaAFFvXTjndpADRNhJubD77HPk0QnfvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzlkT09kMmtBTkUyRW01c1B2c2MtVFJDZC04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC84OWVjMjUtNzJkYy00ZjBmLThiMmYt
YWQ3ODkwYzJlNzUyLzEvSkZXTlh6SGxvLWVJYkY5bHhRQzhlbnFSemlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC84OWVjMjUtNzJkYy00ZjBmLThiMmYtYWQ3ODkwYzJlNzUy
LzEvVzlkT09kMmtBTkUyRW01c1B2c2MtVFJDZC04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhFRhjAN
BgkqhkiG9w0BAQsFAAOCAQEAgcyi6aS5ph8/NsPQ5bB9nHGIu2dZXRc/tlg8RTFX
tQ4d5AOitZM8l8dHD7zbtNxGehVYlNRvGPpA9+YDzQByAiOVZopdX5C9DEbeUYQS
7ybe39O1dc55DFdLgF50TTwU34rOjEQfGM4Ynfmew6g9OwqXTLH7AILw2j8On7ih
HIReOgHDEHnXnJ5tFPihpnINjGoM+P6WXLKgsi0xsmWyCTxlRvhIop5H9jvBqKlZ
NvPQtg21Th070smDriyeoFr3sYlLpXgMo/7Gr5hm5aWfj5t2WTTaN5hCyhAqYsYV
1V2J3/K8ri/sZCzIFvOivDvEBjRFKsOpj1nDJZyfqK6xBg==
-----END CERTIFICATE-----