Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/4cB2kaLagEGv4gzRmT80Ivwv3Wk.roa
File:                     4cB2kaLagEGv4gzRmT80Ivwv3Wk.roa (raw, json)
Hash identifier:          30jYV2KDEMZDuRIN8BhVHzNbofo+zoSGX6T67hGB/Z8=
Subject key identifier:   E1:C0:76:91:A2:DA:80:41:AF:E2:0C:D1:99:3F:34:22:FC:2F:DD:69
Certificate issuer:       /CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
Certificate serial:       018CC3B674FB38258F86681F02E932DBD1AF
Authority key identifier: C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/4cB2kaLagEGv4gzRmT80Ivwv3Wk.roa
Signing time:             Mon 01 Jan 2024 06:29:23 +0000
ROA not before:           Mon 01 Jan 2024 06:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198231
IP address blocks:        2a11:e101::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 04:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:74:fb:38:25:8f:86:68:1f:02:e9:32:db:d1:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
        Validity
            Not Before: Jan  1 06:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e1c07691a2da8041afe20cd1993f3422fc2fdd69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:d5:07:69:9c:63:33:a2:fa:11:79:d0:53:cc:
                    50:0c:0c:82:f5:d0:26:fd:30:60:2c:2d:51:e1:d5:
                    fd:47:40:90:fe:2d:ac:40:a3:d8:b5:91:69:89:fd:
                    e9:a1:19:de:ad:27:1a:23:62:86:f4:2d:82:f5:65:
                    79:fd:08:a5:a6:d6:59:41:86:08:eb:6f:2a:f4:65:
                    62:67:6a:37:77:26:ee:1a:4b:07:ce:e0:4e:2b:1c:
                    29:46:e9:37:48:f5:97:6e:a5:46:26:9a:87:90:76:
                    21:53:dc:10:78:fb:70:8b:51:03:79:49:ac:6c:b4:
                    10:00:0a:e9:c4:f3:c8:6f:7d:36:2f:a9:4a:41:24:
                    44:ee:65:c7:f9:95:4a:bf:94:53:51:0f:9d:a3:3f:
                    fe:30:c8:eb:4a:36:fa:41:df:35:68:3e:3b:c8:c9:
                    73:c3:d3:91:b7:21:8c:4a:38:1b:2c:c4:4f:6d:8b:
                    f3:b8:fa:15:db:29:60:12:38:5c:0d:4f:5e:56:1d:
                    3d:75:2a:11:15:02:b3:dc:73:c6:0c:67:9f:2d:a1:
                    a7:c4:c7:42:73:1c:10:2d:e4:a3:34:33:1c:73:64:
                    47:4f:64:1c:79:40:7c:68:63:51:42:b8:a9:ee:34:
                    c1:80:41:13:30:19:2d:43:28:f6:32:6e:f0:63:d0:
                    ac:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:C0:76:91:A2:DA:80:41:AF:E2:0C:D1:99:3F:34:22:FC:2F:DD:69
            X509v3 Authority Key Identifier:
                keyid:C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/4cB2kaLagEGv4gzRmT80Ivwv3Wk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:e101::/32

    Signature Algorithm: sha256WithRSAEncryption
         1f:ac:c1:4b:85:24:c1:c0:ab:3e:0a:c3:9d:e1:18:6c:64:e5:
         a0:58:f1:a3:60:97:45:1b:1f:12:db:8f:ed:00:92:d3:fc:13:
         f2:cc:28:16:31:ca:7f:ef:96:43:eb:d6:24:8b:92:03:5f:0e:
         c6:2d:5d:7d:0e:94:1c:50:83:92:c3:3a:5b:79:33:62:a9:08:
         b1:4f:8b:4e:e8:e1:11:96:33:81:44:9d:cd:37:39:87:7f:df:
         ae:9b:37:5b:bb:2a:be:a1:c9:d9:23:41:04:e6:a3:f8:66:15:
         5c:4a:5e:1e:b1:cd:29:9f:ee:c9:6c:31:ae:a8:28:40:fa:91:
         b2:8e:65:4a:0d:03:65:20:c4:4e:44:2a:5b:6b:6c:fe:40:aa:
         06:1a:49:fb:c8:c4:6f:16:12:81:00:51:88:5e:01:3f:55:ac:
         5d:38:4f:65:87:1b:e8:9d:8a:72:d6:18:2d:60:8c:83:15:a7:
         00:ea:a5:eb:e7:67:bc:39:1a:0e:4a:3e:39:90:77:c9:14:5f:
         3c:43:29:a2:df:7f:60:40:09:a3:91:0f:f8:4c:59:30:a9:ce:
         3e:bc:fe:b8:23:e6:f4:e2:1a:a3:cd:f4:80:45:dc:0e:3b:d9:
         c6:f0:fb:c6:14:9a:24:71:e8:43:1c:fa:aa:86:7c:03:e7:50:
         b1:33:a2:d6
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDtnT7OCWPhmgfAuky29GvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NGM2MGFkZWIwY2Q1NzY4Y2Y3NTZmNTYyYjFiNWNjNWI5
YzE4MGEwHhcNMjQwMTAxMDYyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWMwNzY5MWEyZGE4MDQxYWZlMjBjZDE5OTNmMzQyMmZjMmZkZDY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA29UHaZxjM6L6EXnQU8xQDAyC9dAm
/TBgLC1R4dX9R0CQ/i2sQKPYtZFpif3poRnerScaI2KG9C2C9WV5/QilptZZQYYI
628q9GViZ2o3dybuGksHzuBOKxwpRuk3SPWXbqVGJpqHkHYhU9wQePtwi1EDeUms
bLQQAArpxPPIb302L6lKQSRE7mXH+ZVKv5RTUQ+doz/+MMjrSjb6Qd81aD47yMlz
w9ORtyGMSjgbLMRPbYvzuPoV2ylgEjhcDU9eVh09dSoRFQKz3HPGDGefLaGnxMdC
cxwQLeSjNDMcc2RHT2QceUB8aGNRQrip7jTBgEETMBktQyj2Mm7wY9CsjwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFOHAdpGi2oBBr+IM0Zk/NCL8L91pMB8GA1UdIwQY
MBaAFMdMYK3rDNV2jPdW9WKxtcxbnBgKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMt
ODg1ZTg0ZTc1MTJlLzEvNGNCMmthTGFnRUd2NGd6Um1UODBJdnd2M1drLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMtODg1ZTg0ZTc1MTJl
LzEveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhHhATAN
BgkqhkiG9w0BAQsFAAOCAQEAH6zBS4UkwcCrPgrDneEYbGTloFjxo2CXRRsfEtuP
7QCS0/wT8swoFjHKf++WQ+vWJIuSA18Oxi1dfQ6UHFCDksM6W3kzYqkIsU+LTujh
EZYzgUSdzTc5h3/frps3W7sqvqHJ2SNBBOaj+GYVXEpeHrHNKZ/uyWwxrqgoQPqR
so5lSg0DZSDETkQqW2ts/kCqBhpJ+8jEbxYSgQBRiF4BP1WsXThPZYcb6J2KctYY
LWCMgxWnAOql6+dnvDkaDko+OZB3yRRfPEMpot9/YEAJo5EP+ExZMKnOPrz+uCPm
9OIao830gEXcDjvZxvD7xhSaJHHoQxz6qoZ8A+dQsTOi1g==
-----END CERTIFICATE-----