Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/IBHQ4Pr--NRO7Obhaw8nPwKad0s.roa
File:                     IBHQ4Pr--NRO7Obhaw8nPwKad0s.roa (raw, json)
Hash identifier:          sEqiSbSvymv+lWzERVPv6znMds/WSiWiTb9t5iQBxRI=
Subject key identifier:   20:11:D0:E0:FA:FE:F8:D4:4E:EC:E6:E1:6B:0F:27:3F:02:9A:77:4B
Certificate issuer:       /CN=2909fffcd81a66bc98b629d4c0579247645f0fe4
Certificate serial:       018CC26D2D13C485E24B9F665020AF3D53B1
Authority key identifier: 29:09:FF:FC:D8:1A:66:BC:98:B6:29:D4:C0:57:92:47:64:5F:0F:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KQn__NgaZryYtinUwFeSR2RfD-Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/IBHQ4Pr--NRO7Obhaw8nPwKad0s.roa
Signing time:             Mon 01 Jan 2024 00:29:44 +0000
ROA not before:           Mon 01 Jan 2024 00:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29290
IP address blocks:        2a0b:8f80:100::/40 maxlen: 48
                          2a00:f10:141::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/KQn__NgaZryYtinUwFeSR2RfD-Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/KQn__NgaZryYtinUwFeSR2RfD-Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KQn__NgaZryYtinUwFeSR2RfD-Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:2d:13:c4:85:e2:4b:9f:66:50:20:af:3d:53:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2909fffcd81a66bc98b629d4c0579247645f0fe4
        Validity
            Not Before: Jan  1 00:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2011d0e0fafef8d44eece6e16b0f273f029a774b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:38:b4:55:4b:7c:af:e4:d6:f0:1b:5e:f1:1c:
                    3d:f9:9f:8f:81:58:9b:07:2c:14:da:a1:e8:ff:ac:
                    8b:0d:68:c9:78:a8:41:36:4e:bf:6c:90:ba:2c:e9:
                    45:eb:be:76:85:f0:b9:90:9c:71:de:6b:31:98:f1:
                    80:9e:34:ac:02:d5:3d:a1:73:11:3d:e7:8e:59:36:
                    5f:a5:90:54:80:0b:28:69:a8:9d:66:fe:e3:5a:c3:
                    49:0b:55:82:c9:03:c7:7e:5a:5d:8f:a5:b4:a1:41:
                    70:00:52:90:bb:9e:55:09:ea:c7:01:fb:4d:45:7d:
                    db:04:aa:df:54:f9:cf:02:8c:84:ea:c4:25:db:bf:
                    18:a4:a3:27:38:da:f2:d8:d8:a9:28:c5:6b:16:fc:
                    45:99:60:82:ae:60:a4:3f:ad:70:ff:56:32:c7:85:
                    ff:48:db:07:90:66:e2:87:05:da:b8:1f:83:37:95:
                    18:fb:94:60:34:7e:cd:c7:57:44:f0:b8:46:b3:0b:
                    bf:99:7e:88:00:86:49:e5:bf:ae:fa:a2:0f:8c:48:
                    ed:83:0f:04:5d:fd:8d:88:83:f3:79:27:67:4b:7d:
                    45:65:69:0a:53:57:4f:35:47:13:9a:6f:63:ac:ad:
                    ee:2b:2f:34:24:20:a4:e7:f9:1c:80:cb:e4:da:a0:
                    3f:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:11:D0:E0:FA:FE:F8:D4:4E:EC:E6:E1:6B:0F:27:3F:02:9A:77:4B
            X509v3 Authority Key Identifier:
                keyid:29:09:FF:FC:D8:1A:66:BC:98:B6:29:D4:C0:57:92:47:64:5F:0F:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KQn__NgaZryYtinUwFeSR2RfD-Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/IBHQ4Pr--NRO7Obhaw8nPwKad0s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/KQn__NgaZryYtinUwFeSR2RfD-Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:f10:141::/48
                  2a0b:8f80:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         88:99:4e:47:b4:6e:4d:ca:e3:7f:f1:96:8d:e7:2a:92:e2:29:
         b6:81:56:ac:cc:e3:2f:ac:66:20:f3:03:7f:5c:e9:87:28:63:
         60:15:43:40:cc:b8:e0:1d:2c:4a:d2:6f:31:f4:09:e8:d0:59:
         2f:37:96:47:3a:45:07:ca:d4:b4:bf:6a:8c:81:6d:2e:79:7e:
         d3:bf:fc:da:49:17:a6:e9:e2:07:23:63:49:7a:19:9a:f5:96:
         60:86:e8:cf:ab:89:22:13:ec:79:74:bb:43:66:40:6c:84:cb:
         b0:5b:65:31:d2:b7:71:11:49:f3:b0:3a:c4:b9:1a:6e:e7:5a:
         b4:c1:73:97:de:43:a0:9e:c8:9e:23:89:ed:5e:49:20:f5:b1:
         b0:fa:b5:5e:44:b2:bc:d1:a5:19:1b:fe:f2:74:d5:bf:7e:6b:
         c7:16:05:24:24:e9:48:02:44:7e:25:32:0b:f4:67:2d:74:98:
         77:8a:20:50:dc:f1:55:d6:52:d1:a8:34:f6:ff:28:dd:77:f0:
         df:90:b2:3f:0d:17:3e:de:b2:9d:0d:b0:aa:50:0a:e6:5e:7d:
         1c:8f:86:55:17:6d:be:e7:b1:fd:1d:e9:41:9b:e5:e7:00:65:
         c0:b9:c3:ef:8e:75:87:b6:12:8d:83:45:ee:71:4e:af:de:ec:
         5d:d6:fd:3e
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAYzCbS0TxIXiS59mUCCvPVOxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MDlmZmZjZDgxYTY2YmM5OGI2MjlkNGMwNTc5MjQ3NjQ1
ZjBmZTQwHhcNMjQwMTAxMDAyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDExZDBlMGZhZmVmOGQ0NGVlY2U2ZTE2YjBmMjczZjAyOWE3NzRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2zi0VUt8r+TW8Bte8Rw9+Z+PgVib
BywU2qHo/6yLDWjJeKhBNk6/bJC6LOlF6752hfC5kJxx3msxmPGAnjSsAtU9oXMR
PeeOWTZfpZBUgAsoaaidZv7jWsNJC1WCyQPHflpdj6W0oUFwAFKQu55VCerHAftN
RX3bBKrfVPnPAoyE6sQl278YpKMnONry2NipKMVrFvxFmWCCrmCkP61w/1Yyx4X/
SNsHkGbihwXauB+DN5UY+5RgNH7Nx1dE8LhGswu/mX6IAIZJ5b+u+qIPjEjtgw8E
Xf2NiIPzeSdnS31FZWkKU1dPNUcTmm9jrK3uKy80JCCk5/kcgMvk2qA/4wIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFCAR0OD6/vjUTuzm4WsPJz8CmndLMB8GA1UdIwQY
MBaAFCkJ//zYGma8mLYp1MBXkkdkXw/kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1FuX19OZ2FacnlZdGluVXdGZVNSMlJmRC1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi9kZTMwNDEtOTUzNi00OTJlLWE5Y2Qt
ZjJhZTdiYzdlY2M1LzEvSUJIUTRQci0tTlJPN09iaGF3OG5Qd0thZDBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi9kZTMwNDEtOTUzNi00OTJlLWE5Y2QtZjJhZTdiYzdlY2M1
LzEvS1FuX19OZ2FacnlZdGluVXdGZVNSMlJmRC1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwcAKgAPEAFB
AwYAKguPgAEwDQYJKoZIhvcNAQELBQADggEBAIiZTke0bk3K43/xlo3nKpLiKbaB
VqzM4y+sZiDzA39c6YcoY2AVQ0DMuOAdLErSbzH0CejQWS83lkc6RQfK1LS/aoyB
bS55ftO//NpJF6bp4gcjY0l6GZr1lmCG6M+riSIT7Hl0u0NmQGyEy7BbZTHSt3ER
SfOwOsS5Gm7nWrTBc5feQ6CeyJ4jie1eSSD1sbD6tV5EsrzRpRkb/vJ01b9+a8cW
BSQk6UgCRH4lMgv0Zy10mHeKIFDc8VXWUtGoNPb/KN138N+Qsj8NFz7esp0NsKpQ
CuZefRyPhlUXbb7nsf0d6UGb5ecAZcC5w++OdYe2Eo2DRe5xTq/e7F3W/T4=
-----END CERTIFICATE-----