Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/4HGdUJgIXmJ3-WW9WLP2-bLUONU.roa
File:                     4HGdUJgIXmJ3-WW9WLP2-bLUONU.roa (raw, json)
Hash identifier:          CJvzUMoWllpKfnhRmXp8bpNyoGiPiVL+tnnKVtoAKZo=
Subject key identifier:   E0:71:9D:50:98:08:5E:62:77:F9:65:BD:58:B3:F6:F9:B2:D4:38:D5
Certificate issuer:       /CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
Certificate serial:       018CC3B67B79ED777EFA9B6426A6D94440EA
Authority key identifier: C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/4HGdUJgIXmJ3-WW9WLP2-bLUONU.roa
Signing time:             Mon 01 Jan 2024 06:29:25 +0000
ROA not before:           Mon 01 Jan 2024 06:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216157
IP address blocks:        2a11:e101::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:7b:79:ed:77:7e:fa:9b:64:26:a6:d9:44:40:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
        Validity
            Not Before: Jan  1 06:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e0719d5098085e6277f965bd58b3f6f9b2d438d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:ff:e4:73:04:30:ab:7e:e8:1b:f1:1f:d9:db:
                    f8:5d:7d:f3:16:75:82:76:e3:18:91:68:25:aa:60:
                    f1:28:4e:71:d8:3a:c2:91:cd:d2:18:12:a0:48:65:
                    26:49:2f:9d:ab:c2:92:65:94:5d:b7:14:10:26:52:
                    3a:df:ab:76:9b:8d:9b:0c:5c:20:b3:35:02:81:ed:
                    12:0f:52:6f:71:ea:c6:96:ac:0a:cc:20:63:2c:95:
                    d3:04:40:98:69:cb:ce:a1:88:cf:b4:97:6c:23:11:
                    9e:5d:2e:b3:41:5b:14:19:b0:cc:cd:ed:4d:e1:4c:
                    60:53:d8:5f:88:bf:e4:9a:c3:82:00:89:4b:78:b0:
                    cb:fd:e5:92:8e:3c:87:ed:a4:fe:28:8f:7c:76:48:
                    fc:49:47:99:99:b2:89:7a:34:56:cc:0c:fb:e1:d5:
                    5d:b0:8f:68:bf:f1:4a:e8:01:bf:50:bc:df:33:4e:
                    29:04:1a:80:80:fe:e2:a5:ed:02:d1:b6:0a:8e:fd:
                    b7:5e:45:3a:94:21:40:fc:7b:e3:f3:22:78:6d:a4:
                    04:4a:4a:b4:00:ca:67:da:45:dd:e1:bb:b4:14:28:
                    a9:f2:b7:59:43:02:f1:e6:06:29:43:3c:ea:39:05:
                    e3:65:38:eb:eb:fd:e4:59:f8:1a:4f:46:13:d1:16:
                    85:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:71:9D:50:98:08:5E:62:77:F9:65:BD:58:B3:F6:F9:B2:D4:38:D5
            X509v3 Authority Key Identifier:
                keyid:C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/4HGdUJgIXmJ3-WW9WLP2-bLUONU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:e101::/32

    Signature Algorithm: sha256WithRSAEncryption
         68:56:59:0b:e1:b7:38:c4:6a:74:20:fb:40:5e:a0:77:3a:91:
         27:09:7d:69:64:ad:31:bc:07:9f:e5:87:e5:18:22:ef:70:e8:
         96:09:d9:2b:ce:0d:2f:de:e9:56:07:3e:97:5b:36:31:70:78:
         7a:9b:9b:55:2c:23:68:69:35:e2:8e:fb:62:ff:61:22:a4:b2:
         f5:51:15:f0:38:92:f2:03:86:b3:60:9a:cc:25:61:c9:9b:ad:
         cd:4e:00:f0:e4:30:fe:59:32:85:52:aa:bf:5b:72:18:de:7c:
         57:6f:cd:1e:c4:97:c8:a9:c1:71:a4:b1:da:73:4c:30:d4:f7:
         30:85:7d:85:c3:cd:3e:89:74:a5:a0:c2:1d:25:46:ff:5b:92:
         41:8b:22:94:66:af:92:6f:a5:da:5e:f5:a9:84:6b:a1:24:e6:
         13:e8:69:d1:83:66:c1:4c:50:e1:66:8e:b0:f0:6d:ab:11:d1:
         ff:4c:0e:d9:f2:02:82:b4:02:02:1f:b0:ae:db:a6:8d:98:12:
         c8:6a:f0:49:3b:5e:a2:11:2d:a0:d8:21:a4:d1:27:c4:4f:47:
         cb:04:c9:d5:e7:ce:bf:aa:cd:17:d0:d1:d5:5d:b8:9b:6f:33:
         1f:88:19:9b:f8:af:35:90:51:3b:68:37:b0:88:75:16:c7:c7:
         f9:26:cb:ee
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDtnt57Xd++ptkJqbZREDqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NGM2MGFkZWIwY2Q1NzY4Y2Y3NTZmNTYyYjFiNWNjNWI5
YzE4MGEwHhcNMjQwMTAxMDYyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDcxOWQ1MDk4MDg1ZTYyNzdmOTY1YmQ1OGIzZjZmOWIyZDQzOGQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiP/kcwQwq37oG/Ef2dv4XX3zFnWC
duMYkWglqmDxKE5x2DrCkc3SGBKgSGUmSS+dq8KSZZRdtxQQJlI636t2m42bDFwg
szUCge0SD1JvcerGlqwKzCBjLJXTBECYacvOoYjPtJdsIxGeXS6zQVsUGbDMze1N
4UxgU9hfiL/kmsOCAIlLeLDL/eWSjjyH7aT+KI98dkj8SUeZmbKJejRWzAz74dVd
sI9ov/FK6AG/ULzfM04pBBqAgP7ipe0C0bYKjv23XkU6lCFA/Hvj8yJ4baQESkq0
AMpn2kXd4bu0FCip8rdZQwLx5gYpQzzqOQXjZTjr6/3kWfgaT0YT0RaFSQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFOBxnVCYCF5id/llvViz9vmy1DjVMB8GA1UdIwQY
MBaAFMdMYK3rDNV2jPdW9WKxtcxbnBgKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMt
ODg1ZTg0ZTc1MTJlLzEvNEhHZFVKZ0lYbUozLVdXOVdMUDItYkxVT05VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMtODg1ZTg0ZTc1MTJl
LzEveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhHhATAN
BgkqhkiG9w0BAQsFAAOCAQEAaFZZC+G3OMRqdCD7QF6gdzqRJwl9aWStMbwHn+WH
5Rgi73DolgnZK84NL97pVgc+l1s2MXB4epubVSwjaGk14o77Yv9hIqSy9VEV8DiS
8gOGs2CazCVhyZutzU4A8OQw/lkyhVKqv1tyGN58V2/NHsSXyKnBcaSx2nNMMNT3
MIV9hcPNPol0paDCHSVG/1uSQYsilGavkm+l2l71qYRroSTmE+hp0YNmwUxQ4WaO
sPBtqxHR/0wO2fICgrQCAh+wrtumjZgSyGrwSTteohEtoNghpNEnxE9HywTJ1efO
v6rNF9DR1V24m28zH4gZm/ivNZBRO2g3sIh1FsfH+SbL7g==
-----END CERTIFICATE-----