Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/af41cb-ff91-459c-9a64-aba113f3e3ae/1/ZYxMy2LGO5zj8gkKAJh1P7iPhOg.roa
File:                     ZYxMy2LGO5zj8gkKAJh1P7iPhOg.roa (raw, json)
Hash identifier:          58cuTYuVpciuRecXoJR/csn8VffhcrDPN94ojsc4TKM=
Subject key identifier:   65:8C:4C:CB:62:C6:3B:9C:E3:F2:09:0A:00:98:75:3F:B8:8F:84:E8
Certificate issuer:       /CN=48abf29fdef8570502f4b51be5ffc05c4d9b3465
Certificate serial:       018FD4F96FDED92095F238B421830F0762E5
Authority key identifier: 48:AB:F2:9F:DE:F8:57:05:02:F4:B5:1B:E5:FF:C0:5C:4D:9B:34:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SKvyn974VwUC9LUb5f_AXE2bNGU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/af41cb-ff91-459c-9a64-aba113f3e3ae/1/ZYxMy2LGO5zj8gkKAJh1P7iPhOg.roa
Signing time:             Sat 01 Jun 2024 18:04:27 +0000
ROA not before:           Sat 01 Jun 2024 18:04:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210818
IP address blocks:        2a11:8a85::/38 maxlen: 38

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/af41cb-ff91-459c-9a64-aba113f3e3ae/1/SKvyn974VwUC9LUb5f_AXE2bNGU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/af41cb-ff91-459c-9a64-aba113f3e3ae/1/SKvyn974VwUC9LUb5f_AXE2bNGU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SKvyn974VwUC9LUb5f_AXE2bNGU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:d4:f9:6f:de:d9:20:95:f2:38:b4:21:83:0f:07:62:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=48abf29fdef8570502f4b51be5ffc05c4d9b3465
        Validity
            Not Before: Jun  1 18:04:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=658c4ccb62c63b9ce3f2090a0098753fb88f84e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:fc:a6:03:47:4f:ab:9f:d7:f7:4a:ce:32:ed:
                    9b:2f:61:1c:c9:96:7e:66:f1:54:6a:79:98:60:67:
                    8a:28:08:3b:38:78:05:cb:15:6f:48:7f:18:cb:5f:
                    ae:d4:20:63:4a:87:33:db:62:06:f5:3b:30:e6:45:
                    dc:d9:5f:10:1f:41:94:ac:00:94:4f:95:2a:53:90:
                    34:83:be:ab:70:ce:65:60:bc:a4:53:96:24:c8:76:
                    fc:f9:cc:e4:5c:07:dd:bd:fc:d7:b8:91:89:54:95:
                    30:64:f0:33:bc:6f:4c:bf:de:5e:35:dc:17:9a:33:
                    96:49:81:bf:ec:a7:d5:8c:44:32:aa:d1:b1:b7:9a:
                    55:ce:7a:c3:1b:70:a8:de:47:d4:87:8d:db:d9:75:
                    78:b2:2a:0d:0f:14:9c:6a:53:94:1b:80:c2:5c:97:
                    63:53:09:d6:5f:b2:56:2f:59:be:35:b7:44:7e:67:
                    18:f2:9a:8f:52:18:d0:8d:60:42:d8:cc:d7:e8:04:
                    07:8b:b2:a5:87:da:eb:49:60:ae:7e:33:0d:04:fd:
                    6c:87:80:e8:b6:7b:03:28:5f:cb:cf:67:af:a0:b5:
                    75:f4:ed:7c:a1:be:71:c8:e6:62:d4:ed:5b:b4:37:
                    10:e4:92:c6:d1:ed:58:8f:d0:f1:a8:7a:49:e7:98:
                    68:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:8C:4C:CB:62:C6:3B:9C:E3:F2:09:0A:00:98:75:3F:B8:8F:84:E8
            X509v3 Authority Key Identifier:
                keyid:48:AB:F2:9F:DE:F8:57:05:02:F4:B5:1B:E5:FF:C0:5C:4D:9B:34:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SKvyn974VwUC9LUb5f_AXE2bNGU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/af41cb-ff91-459c-9a64-aba113f3e3ae/1/ZYxMy2LGO5zj8gkKAJh1P7iPhOg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/af41cb-ff91-459c-9a64-aba113f3e3ae/1/SKvyn974VwUC9LUb5f_AXE2bNGU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:8a85::/38

    Signature Algorithm: sha256WithRSAEncryption
         8b:7a:5d:2a:4c:47:b1:e1:98:0d:ff:42:f6:01:b6:fd:26:35:
         b1:9c:0a:58:f3:6a:86:60:23:41:8c:b4:c7:08:df:cb:cd:b5:
         a7:97:53:47:9a:ec:51:5c:0d:3c:b3:36:68:ef:8c:83:85:58:
         20:ef:d2:76:25:cb:6e:9f:3d:73:83:ba:f8:71:bb:e1:e6:9b:
         26:e8:d3:b0:26:4d:85:d1:a1:c9:92:00:3e:bc:a7:fc:87:5d:
         59:6b:a2:05:01:f1:39:5f:e1:a5:0b:00:1f:3f:e2:04:a8:2d:
         74:c6:f8:91:03:02:4e:72:05:72:aa:87:cc:66:c2:a3:a5:77:
         18:86:e5:98:fc:9e:61:9c:7f:f2:32:ec:1f:b7:fc:ce:4b:71:
         59:e4:54:45:91:2d:0e:e3:18:fe:d8:2d:91:ce:14:9b:e4:75:
         ef:ef:8a:26:4e:c9:05:c4:54:83:ba:c9:45:90:ef:89:4d:d8:
         31:98:78:ad:c1:7d:9d:59:8f:a4:f2:fa:d6:2f:9e:f9:d1:5a:
         cb:5c:70:ef:a9:14:5a:eb:a4:71:c2:80:3e:8e:d2:ae:28:fe:
         4e:f7:11:a9:75:5f:d4:85:6c:bf:de:c2:90:02:71:81:c9:1d:
         04:9e:41:ec:bc:58:d3:8b:cb:b3:7b:4e:e4:aa:c8:8d:86:60:
         a0:80:ed:a4
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY/U+W/e2SCV8ji0IYMPB2LlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4YWJmMjlmZGVmODU3MDUwMmY0YjUxYmU1ZmZjMDVjNGQ5
YjM0NjUwHhcNMjQwNjAxMTgwNDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NThjNGNjYjYyYzYzYjljZTNmMjA5MGEwMDk4NzUzZmI4OGY4NGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0/ymA0dPq5/X90rOMu2bL2EcyZZ+
ZvFUanmYYGeKKAg7OHgFyxVvSH8Yy1+u1CBjSocz22IG9Tsw5kXc2V8QH0GUrACU
T5UqU5A0g76rcM5lYLykU5YkyHb8+czkXAfdvfzXuJGJVJUwZPAzvG9Mv95eNdwX
mjOWSYG/7KfVjEQyqtGxt5pVznrDG3Co3kfUh43b2XV4sioNDxScalOUG4DCXJdj
UwnWX7JWL1m+NbdEfmcY8pqPUhjQjWBC2MzX6AQHi7Klh9rrSWCufjMNBP1sh4Do
tnsDKF/Lz2evoLV19O18ob5xyOZi1O1btDcQ5JLG0e1Yj9DxqHpJ55hozwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFGWMTMtixjuc4/IJCgCYdT+4j4ToMB8GA1UdIwQY
MBaAFEir8p/e+FcFAvS1G+X/wFxNmzRlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0t2eW45NzRWd1VDOUxVYjVmX0FYRTJiTkdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9hZjQxY2ItZmY5MS00NTljLTlhNjQt
YWJhMTEzZjNlM2FlLzEvWll4TXkyTEdPNXpqOGdrS0FKaDFQN2lQaE9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9hZjQxY2ItZmY5MS00NTljLTlhNjQtYWJhMTEzZjNlM2Fl
LzEvU0t2eW45NzRWd1VDOUxVYjVmX0FYRTJiTkdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYCKhGKhQAw
DQYJKoZIhvcNAQELBQADggEBAIt6XSpMR7HhmA3/QvYBtv0mNbGcCljzaoZgI0GM
tMcI38vNtaeXU0ea7FFcDTyzNmjvjIOFWCDv0nYly26fPXODuvhxu+Hmmybo07Am
TYXRocmSAD68p/yHXVlrogUB8Tlf4aULAB8/4gSoLXTG+JEDAk5yBXKqh8xmwqOl
dxiG5Zj8nmGcf/Iy7B+3/M5LcVnkVEWRLQ7jGP7YLZHOFJvkde/viiZOyQXEVIO6
yUWQ74lN2DGYeK3BfZ1Zj6Ty+tYvnvnRWstccO+pFFrrpHHCgD6O0q4o/k73Eal1
X9SFbL/ewpACcYHJHQSeQey8WNOLy7N7TuSqyI2GYKCA7aQ=
-----END CERTIFICATE-----