Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/89ec25-72dc-4f0f-8b2f-ad7890c2e752/1/LYkiDJ0yD3DDXewjrrST8s3cvSc.roa
File:                     LYkiDJ0yD3DDXewjrrST8s3cvSc.roa (raw, json)
Hash identifier:          2WJ4qleQGScjM0I0Fp4K78ncrjK2fe4YjYZDo+juQ4E=
Subject key identifier:   2D:89:22:0C:9D:32:0F:70:C3:5D:EC:23:AE:B4:93:F2:CD:DC:BD:27
Certificate issuer:       /CN=5bd74e39dda400d136126e6c3efb1cf9344277ef
Certificate serial:       018CC727F3C027FE8D98704DDA92A8801141
Authority key identifier: 5B:D7:4E:39:DD:A4:00:D1:36:12:6E:6C:3E:FB:1C:F9:34:42:77:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W9dOOd2kANE2Em5sPvsc-TRCd-8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/89ec25-72dc-4f0f-8b2f-ad7890c2e752/1/LYkiDJ0yD3DDXewjrrST8s3cvSc.roa
Signing time:             Mon 01 Jan 2024 22:32:13 +0000
ROA not before:           Mon 01 Jan 2024 22:32:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204916
IP address blocks:        2a11:68c4::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/89ec25-72dc-4f0f-8b2f-ad7890c2e752/1/W9dOOd2kANE2Em5sPvsc-TRCd-8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/89ec25-72dc-4f0f-8b2f-ad7890c2e752/1/W9dOOd2kANE2Em5sPvsc-TRCd-8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W9dOOd2kANE2Em5sPvsc-TRCd-8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 14:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:f3:c0:27:fe:8d:98:70:4d:da:92:a8:80:11:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5bd74e39dda400d136126e6c3efb1cf9344277ef
        Validity
            Not Before: Jan  1 22:32:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2d89220c9d320f70c35dec23aeb493f2cddcbd27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:3f:4f:ed:23:f4:95:18:dd:5a:a1:e1:6b:16:
                    c8:3a:41:fb:a9:6c:f5:4f:bd:f3:13:17:db:05:26:
                    3a:ff:19:4e:7e:f7:95:b9:aa:1d:8d:8e:2a:bb:87:
                    28:25:f0:3c:bc:6e:44:c8:58:5b:d4:9e:37:06:14:
                    1c:5c:5b:8f:30:1b:18:19:8d:17:b5:af:b2:f9:f9:
                    be:e2:81:8d:6c:80:50:9d:d0:63:27:6c:63:2b:c4:
                    5e:8f:b8:08:b0:b3:94:4e:88:e9:33:fb:33:68:28:
                    67:9d:fe:e8:a2:a4:73:a0:69:f2:51:49:2a:ae:b6:
                    ff:96:90:2e:4b:b6:14:b6:c2:e0:38:62:16:6c:cc:
                    4f:d0:13:4e:d4:3a:7d:a2:d5:87:24:76:22:1e:af:
                    b2:2d:90:55:4b:1a:f9:be:22:e3:67:fe:90:5a:52:
                    4a:0b:3c:17:e8:65:25:7f:92:1a:9a:71:16:7f:37:
                    70:20:8e:a2:98:f6:cf:a8:fc:c4:fe:81:ab:da:3a:
                    7a:5d:7b:3b:1c:56:70:e6:1b:36:01:b4:67:44:fc:
                    c9:37:1c:db:31:72:ef:c0:99:e4:ef:ea:68:51:9b:
                    b4:f8:4a:74:b8:34:62:c0:7a:48:bd:34:7f:c9:af:
                    09:7a:c7:24:e8:37:e1:e0:f3:ef:34:4b:52:76:f2:
                    5a:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:89:22:0C:9D:32:0F:70:C3:5D:EC:23:AE:B4:93:F2:CD:DC:BD:27
            X509v3 Authority Key Identifier:
                keyid:5B:D7:4E:39:DD:A4:00:D1:36:12:6E:6C:3E:FB:1C:F9:34:42:77:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W9dOOd2kANE2Em5sPvsc-TRCd-8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/89ec25-72dc-4f0f-8b2f-ad7890c2e752/1/LYkiDJ0yD3DDXewjrrST8s3cvSc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/89ec25-72dc-4f0f-8b2f-ad7890c2e752/1/W9dOOd2kANE2Em5sPvsc-TRCd-8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:68c4::/32

    Signature Algorithm: sha256WithRSAEncryption
         72:98:5e:00:a8:74:b8:15:93:91:32:6e:b1:ff:86:9a:67:6d:
         2f:6e:9e:38:71:2f:86:53:71:c7:b3:2a:7d:c7:98:16:95:0d:
         d8:8d:bd:90:b6:84:43:fc:0d:a2:ad:49:24:b4:4a:92:7a:5e:
         c7:f4:83:8e:77:e2:f4:3d:7a:27:93:9f:d9:30:cd:62:09:6b:
         d9:7f:59:64:19:86:e1:1b:59:40:64:12:70:41:f8:90:84:f5:
         d1:de:4f:36:50:3f:7d:cb:2b:3b:ab:e6:b3:c5:b4:f8:8a:d5:
         92:b5:54:54:f0:3a:ad:5e:0d:dc:ee:79:ff:8c:a0:e2:aa:4d:
         4d:80:a7:34:d5:85:f2:d6:34:b0:53:14:d1:d2:cc:c4:14:5e:
         12:59:2a:e6:39:6a:3d:cf:d5:ca:92:04:f5:3e:7e:c2:7c:34:
         19:da:be:91:b3:bd:c5:43:9f:90:da:28:2f:c3:09:cc:62:d8:
         ba:82:25:44:61:48:86:b3:d4:1f:9d:39:61:78:a9:e9:e2:26:
         e9:7a:9e:49:ff:e8:29:9d:c1:a7:03:23:18:11:fd:79:8e:0c:
         a6:bf:0a:0f:c8:e3:3c:34:d2:5f:64:89:17:73:d0:09:fa:ad:
         3a:fe:a8:f3:88:30:5a:6c:45:8b:a7:66:2e:8d:1f:47:c9:cd:
         93:14:b2:4e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzHJ/PAJ/6NmHBN2pKogBFBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViZDc0ZTM5ZGRhNDAwZDEzNjEyNmU2YzNlZmIxY2Y5MzQ0
Mjc3ZWYwHhcNMjQwMTAxMjIzMjEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDg5MjIwYzlkMzIwZjcwYzM1ZGVjMjNhZWI0OTNmMmNkZGNiZDI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgT9P7SP0lRjdWqHhaxbIOkH7qWz1
T73zExfbBSY6/xlOfveVuaodjY4qu4coJfA8vG5EyFhb1J43BhQcXFuPMBsYGY0X
ta+y+fm+4oGNbIBQndBjJ2xjK8Rej7gIsLOUTojpM/szaChnnf7ooqRzoGnyUUkq
rrb/lpAuS7YUtsLgOGIWbMxP0BNO1Dp9otWHJHYiHq+yLZBVSxr5viLjZ/6QWlJK
CzwX6GUlf5IamnEWfzdwII6imPbPqPzE/oGr2jp6XXs7HFZw5hs2AbRnRPzJNxzb
MXLvwJnk7+poUZu0+Ep0uDRiwHpIvTR/ya8Jesck6Dfh4PPvNEtSdvJa8wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFC2JIgydMg9ww13sI660k/LN3L0nMB8GA1UdIwQY
MBaAFFvXTjndpADRNhJubD77HPk0QnfvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzlkT09kMmtBTkUyRW01c1B2c2MtVFJDZC04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC84OWVjMjUtNzJkYy00ZjBmLThiMmYt
YWQ3ODkwYzJlNzUyLzEvTFlraURKMHlEM0REWGV3anJyU1Q4czNjdlNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC84OWVjMjUtNzJkYy00ZjBmLThiMmYtYWQ3ODkwYzJlNzUy
LzEvVzlkT09kMmtBTkUyRW01c1B2c2MtVFJDZC04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhFoxDAN
BgkqhkiG9w0BAQsFAAOCAQEAcpheAKh0uBWTkTJusf+GmmdtL26eOHEvhlNxx7Mq
fceYFpUN2I29kLaEQ/wNoq1JJLRKknpex/SDjnfi9D16J5Of2TDNYglr2X9ZZBmG
4RtZQGQScEH4kIT10d5PNlA/fcsrO6vms8W0+IrVkrVUVPA6rV4N3O55/4yg4qpN
TYCnNNWF8tY0sFMU0dLMxBReElkq5jlqPc/VypIE9T5+wnw0Gdq+kbO9xUOfkNoo
L8MJzGLYuoIlRGFIhrPUH505YXip6eIm6XqeSf/oKZ3BpwMjGBH9eY4Mpr8KD8jj
PDTSX2SJF3PQCfqtOv6o84gwWmxFi6dmLo0fR8nNkxSyTg==
-----END CERTIFICATE-----