Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/89ec25-72dc-4f0f-8b2f-ad7890c2e752/1/OAP9a4fuoXqHOPNhJii0jlh3DWY.roa
File:                     OAP9a4fuoXqHOPNhJii0jlh3DWY.roa (raw, json)
Hash identifier:          SWtc00u8mYNEaVD8GfOhyeCfLqhqs85iiHyKgf6xvkg=
Subject key identifier:   38:03:FD:6B:87:EE:A1:7A:87:38:F3:61:26:28:B4:8E:58:77:0D:66
Certificate issuer:       /CN=5bd74e39dda400d136126e6c3efb1cf9344277ef
Certificate serial:       0192BAF4796592E4218F5A427FFB5B3BEA1D
Authority key identifier: 5B:D7:4E:39:DD:A4:00:D1:36:12:6E:6C:3E:FB:1C:F9:34:42:77:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W9dOOd2kANE2Em5sPvsc-TRCd-8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/89ec25-72dc-4f0f-8b2f-ad7890c2e752/1/OAP9a4fuoXqHOPNhJii0jlh3DWY.roa
Signing time:             Wed 23 Oct 2024 19:57:16 +0000
ROA not before:           Wed 23 Oct 2024 19:57:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57487
IP address blocks:        2a11:5180::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/89ec25-72dc-4f0f-8b2f-ad7890c2e752/1/W9dOOd2kANE2Em5sPvsc-TRCd-8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/89ec25-72dc-4f0f-8b2f-ad7890c2e752/1/W9dOOd2kANE2Em5sPvsc-TRCd-8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W9dOOd2kANE2Em5sPvsc-TRCd-8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:ba:f4:79:65:92:e4:21:8f:5a:42:7f:fb:5b:3b:ea:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5bd74e39dda400d136126e6c3efb1cf9344277ef
        Validity
            Not Before: Oct 23 19:57:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3803fd6b87eea17a8738f3612628b48e58770d66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:d4:25:0f:73:8f:13:e6:39:bb:5f:ea:aa:44:
                    be:06:5c:18:c3:5d:59:05:3e:8b:ce:6f:4a:fa:ad:
                    a7:36:8e:8a:2a:53:a0:b5:9e:77:f2:d8:cd:33:88:
                    79:ef:3e:56:1d:37:10:3e:03:52:1e:bf:a6:35:ce:
                    5e:97:e2:ce:9f:14:d4:9a:d8:80:fc:a7:4e:c0:84:
                    34:01:fe:95:1c:97:f1:88:7e:da:a8:7d:f6:78:7d:
                    85:c5:58:50:2a:88:e9:80:77:36:5e:de:7a:90:3d:
                    97:42:7a:a3:cb:25:0b:13:09:5c:61:58:65:1e:60:
                    98:79:5e:41:6c:86:7a:a2:6e:a5:9f:8a:bc:02:2c:
                    13:07:6b:5e:49:32:b8:74:db:ed:a6:69:f7:e0:e1:
                    3b:13:f9:28:0c:2a:d5:8e:c0:41:06:83:c2:21:b5:
                    f7:f6:d0:08:1e:68:1a:54:d2:86:0d:e1:bf:f3:b5:
                    92:37:ab:f8:90:99:66:d1:2a:ea:40:3b:1d:7b:bc:
                    02:60:e9:7d:a0:0e:91:ae:49:8d:45:4c:5c:45:d4:
                    91:75:48:49:1e:97:50:53:79:82:8b:e9:89:87:94:
                    f9:b3:4e:15:c4:6c:f5:4b:be:67:71:8b:be:7a:30:
                    f0:2c:8c:57:c9:bc:d5:4b:cc:60:42:2c:26:35:6c:
                    7b:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:03:FD:6B:87:EE:A1:7A:87:38:F3:61:26:28:B4:8E:58:77:0D:66
            X509v3 Authority Key Identifier:
                keyid:5B:D7:4E:39:DD:A4:00:D1:36:12:6E:6C:3E:FB:1C:F9:34:42:77:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W9dOOd2kANE2Em5sPvsc-TRCd-8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/89ec25-72dc-4f0f-8b2f-ad7890c2e752/1/OAP9a4fuoXqHOPNhJii0jlh3DWY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/89ec25-72dc-4f0f-8b2f-ad7890c2e752/1/W9dOOd2kANE2Em5sPvsc-TRCd-8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:5180::/32

    Signature Algorithm: sha256WithRSAEncryption
         3e:a8:be:ae:cb:ec:ce:02:f3:b6:1a:0a:3a:92:5a:6e:d5:39:
         df:d5:60:40:e1:55:3a:9e:45:a0:df:72:a3:70:b1:56:72:ef:
         d8:66:5c:e4:60:65:a1:be:5f:9f:d8:04:18:8b:6d:60:91:b0:
         32:45:94:00:87:75:f7:41:b2:d4:13:69:0d:94:cd:23:b0:26:
         64:d1:57:2b:af:74:4c:41:31:a5:b8:39:d3:58:3b:04:e7:47:
         a2:34:ee:c6:f7:f4:f8:16:0e:68:c8:ff:cb:cd:05:15:8a:39:
         a0:ea:59:ee:dd:52:ff:c8:50:2b:42:0c:01:31:23:4c:96:f4:
         a8:34:38:5a:89:52:16:46:6e:73:60:96:c4:69:00:3b:dd:6c:
         dd:78:50:11:29:04:03:b2:53:01:6a:6f:4e:26:12:f4:ef:27:
         31:bb:41:dd:b0:62:93:ba:54:ee:d6:45:1e:97:11:85:81:7b:
         27:87:80:91:61:4a:40:b7:09:7a:91:10:ca:90:f2:0f:5b:8f:
         ec:07:59:1d:57:29:3a:32:4f:b3:a5:76:24:48:de:a1:25:4c:
         4c:86:28:6b:e5:d5:8f:65:9b:88:03:0b:8b:0e:9e:df:88:dd:
         2e:6f:2d:69:a4:cf:49:ad:d4:9a:d8:f3:9e:a3:de:91:2e:8d:
         41:89:af:6e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZK69HllkuQhj1pCf/tbO+odMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViZDc0ZTM5ZGRhNDAwZDEzNjEyNmU2YzNlZmIxY2Y5MzQ0
Mjc3ZWYwHhcNMjQxMDIzMTk1NzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODAzZmQ2Yjg3ZWVhMTdhODczOGYzNjEyNjI4YjQ4ZTU4NzcwZDY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8NQlD3OPE+Y5u1/qqkS+BlwYw11Z
BT6Lzm9K+q2nNo6KKlOgtZ538tjNM4h57z5WHTcQPgNSHr+mNc5el+LOnxTUmtiA
/KdOwIQ0Af6VHJfxiH7aqH32eH2FxVhQKojpgHc2Xt56kD2XQnqjyyULEwlcYVhl
HmCYeV5BbIZ6om6ln4q8AiwTB2teSTK4dNvtpmn34OE7E/koDCrVjsBBBoPCIbX3
9tAIHmgaVNKGDeG/87WSN6v4kJlm0SrqQDsde7wCYOl9oA6RrkmNRUxcRdSRdUhJ
HpdQU3mCi+mJh5T5s04VxGz1S75ncYu+ejDwLIxXybzVS8xgQiwmNWx7IwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDgD/WuH7qF6hzjzYSYotI5Ydw1mMB8GA1UdIwQY
MBaAFFvXTjndpADRNhJubD77HPk0QnfvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzlkT09kMmtBTkUyRW01c1B2c2MtVFJDZC04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC84OWVjMjUtNzJkYy00ZjBmLThiMmYt
YWQ3ODkwYzJlNzUyLzEvT0FQOWE0ZnVvWHFIT1BOaEppaTBqbGgzRFdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC84OWVjMjUtNzJkYy00ZjBmLThiMmYtYWQ3ODkwYzJlNzUy
LzEvVzlkT09kMmtBTkUyRW01c1B2c2MtVFJDZC04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhFRgDAN
BgkqhkiG9w0BAQsFAAOCAQEAPqi+rsvszgLzthoKOpJabtU539VgQOFVOp5FoN9y
o3CxVnLv2GZc5GBlob5fn9gEGIttYJGwMkWUAId190Gy1BNpDZTNI7AmZNFXK690
TEExpbg501g7BOdHojTuxvf0+BYOaMj/y80FFYo5oOpZ7t1S/8hQK0IMATEjTJb0
qDQ4WolSFkZuc2CWxGkAO91s3XhQESkEA7JTAWpvTiYS9O8nMbtB3bBik7pU7tZF
HpcRhYF7J4eAkWFKQLcJepEQypDyD1uP7AdZHVcpOjJPs6V2JEjeoSVMTIYoa+XV
j2WbiAMLiw6e34jdLm8taaTPSa3UmtjznqPekS6NQYmvbg==
-----END CERTIFICATE-----