Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/7v9KFCSmYjbkbClTBOav2jGPsig.roa
File:                     7v9KFCSmYjbkbClTBOav2jGPsig.roa (raw, json)
Hash identifier:          9AHeh7FMCIF/CBpiS6QIhQdisxb2ftPnnUkW0JJ1L7s=
Subject key identifier:   EE:FF:4A:14:24:A6:62:36:E4:6C:29:53:04:E6:AF:DA:31:8F:B2:28
Certificate issuer:       /CN=cddbefba8fe3c1f668c8444384fe4a3a9f4d87f1
Certificate serial:       018D8EF4AA85D758BF49FF2DED00C99D2BF9
Authority key identifier: CD:DB:EF:BA:8F:E3:C1:F6:68:C8:44:43:84:FE:4A:3A:9F:4D:87:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zdvvuo_jwfZoyERDhP5KOp9Nh_E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/7v9KFCSmYjbkbClTBOav2jGPsig.roa
Signing time:             Fri 09 Feb 2024 17:40:15 +0000
ROA not before:           Fri 09 Feb 2024 17:40:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44812
IP address blocks:        2a11:66c6::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/zdvvuo_jwfZoyERDhP5KOp9Nh_E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/zdvvuo_jwfZoyERDhP5KOp9Nh_E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zdvvuo_jwfZoyERDhP5KOp9Nh_E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:8e:f4:aa:85:d7:58:bf:49:ff:2d:ed:00:c9:9d:2b:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cddbefba8fe3c1f668c8444384fe4a3a9f4d87f1
        Validity
            Not Before: Feb  9 17:40:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eeff4a1424a66236e46c295304e6afda318fb228
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:9f:85:10:49:39:fa:1a:62:53:83:44:b7:af:
                    6a:c4:84:0e:14:af:34:c1:d2:a6:7f:c7:29:43:01:
                    f3:f6:3e:89:65:34:1b:d8:a1:70:fe:dc:83:28:e8:
                    36:0c:98:99:fc:0a:1e:dc:db:be:71:e3:22:df:d7:
                    83:d9:6e:ca:a5:29:ad:c7:2f:7f:d2:b2:d0:db:f5:
                    f2:1a:ef:b0:5d:ff:50:b4:79:64:c8:5a:50:d1:9c:
                    f4:b8:27:8a:4f:2b:ba:c1:5d:b0:86:16:3a:99:75:
                    13:92:d1:48:e4:c8:21:b5:53:3a:c6:9e:80:87:36:
                    57:68:c0:2d:51:7a:8e:a4:ae:a6:77:9d:16:9f:ae:
                    a1:10:5d:c3:67:7c:c4:11:67:c6:80:f0:45:a8:04:
                    b7:b1:b8:e6:62:66:19:61:63:e7:82:7e:e4:94:6a:
                    55:ea:fc:74:e9:db:82:d7:d3:fc:e2:7a:32:11:46:
                    34:2a:26:37:00:bc:84:f4:4f:71:73:5b:68:09:e0:
                    3d:ee:18:59:11:85:6b:c9:01:a2:c5:a3:ea:6b:50:
                    3e:4a:f5:2c:41:f6:df:8e:ef:1b:84:7e:39:13:6e:
                    36:31:c4:10:d4:42:76:74:2b:3e:d7:f4:37:c4:84:
                    e0:28:3b:67:cc:a9:8c:98:65:91:e4:f9:9f:3a:24:
                    4d:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:FF:4A:14:24:A6:62:36:E4:6C:29:53:04:E6:AF:DA:31:8F:B2:28
            X509v3 Authority Key Identifier:
                keyid:CD:DB:EF:BA:8F:E3:C1:F6:68:C8:44:43:84:FE:4A:3A:9F:4D:87:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zdvvuo_jwfZoyERDhP5KOp9Nh_E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/7v9KFCSmYjbkbClTBOav2jGPsig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/zdvvuo_jwfZoyERDhP5KOp9Nh_E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:66c6::/32

    Signature Algorithm: sha256WithRSAEncryption
         93:e2:49:0b:23:5d:7a:eb:44:f2:a4:a1:59:f4:7a:b9:9d:ef:
         5b:2e:15:e0:ee:9a:91:d7:03:1c:8c:5d:23:b6:fd:87:23:9a:
         35:c8:e2:88:05:f6:6b:bb:ef:50:91:eb:29:88:be:7f:50:aa:
         ce:cf:ec:00:e3:21:32:a5:19:2c:26:e3:c4:17:8d:25:cb:b4:
         09:be:cc:52:73:a1:26:ca:60:62:de:5a:ea:d8:8f:e0:8f:e0:
         e3:a3:8d:5e:a3:b4:21:25:a0:e3:78:f9:30:0e:b6:a7:f0:8e:
         13:fa:c6:8e:e8:ee:5a:18:74:7c:9f:48:63:76:bb:58:d6:96:
         bd:78:d9:93:77:65:4b:e3:c3:27:67:8c:84:3b:4a:8c:ca:b1:
         80:1a:2b:07:9d:d4:50:6b:48:bb:63:47:08:9a:bc:41:94:5a:
         0b:b5:c8:e2:71:a6:5f:ca:bd:c0:d1:8f:3e:6c:5f:d2:e9:b4:
         c1:f0:81:76:8d:c2:46:25:7c:37:79:be:99:54:9a:dc:6f:c6:
         d8:53:28:ee:35:84:74:98:1b:0c:69:7f:6d:14:80:c1:2a:c0:
         ff:ca:a0:38:91:92:de:4f:cf:ab:0b:ed:8a:94:d6:1e:f6:c4:
         57:25:e2:3c:76:b5:a7:27:61:de:3e:ec:1b:4c:a7:89:74:68:
         b0:4f:e6:af
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY2O9KqF11i/Sf8t7QDJnSv5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkZGJlZmJhOGZlM2MxZjY2OGM4NDQ0Mzg0ZmU0YTNhOWY0
ZDg3ZjEwHhcNMjQwMjA5MTc0MDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWZmNGExNDI0YTY2MjM2ZTQ2YzI5NTMwNGU2YWZkYTMxOGZiMjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy5+FEEk5+hpiU4NEt69qxIQOFK80
wdKmf8cpQwHz9j6JZTQb2KFw/tyDKOg2DJiZ/Aoe3Nu+ceMi39eD2W7KpSmtxy9/
0rLQ2/XyGu+wXf9QtHlkyFpQ0Zz0uCeKTyu6wV2whhY6mXUTktFI5MghtVM6xp6A
hzZXaMAtUXqOpK6md50Wn66hEF3DZ3zEEWfGgPBFqAS3sbjmYmYZYWPngn7klGpV
6vx06duC19P84noyEUY0KiY3ALyE9E9xc1toCeA97hhZEYVryQGixaPqa1A+SvUs
Qfbfju8bhH45E242McQQ1EJ2dCs+1/Q3xITgKDtnzKmMmGWR5PmfOiRNsQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFO7/ShQkpmI25GwpUwTmr9oxj7IoMB8GA1UdIwQY
MBaAFM3b77qP48H2aMhEQ4T+SjqfTYfxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemR2dnVvX2p3ZlpveUVSRGhQNUtPcDlOaF9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC80ZTUyZjEtMTNiMi00NWRmLThhNDMt
MWEzOWU2YTZkZTkzLzEvN3Y5S0ZDU21ZamJrYkNsVEJPYXYyakdQc2lnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC80ZTUyZjEtMTNiMi00NWRmLThhNDMtMWEzOWU2YTZkZTkz
LzEvemR2dnVvX2p3ZlpveUVSRGhQNUtPcDlOaF9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhFmxjAN
BgkqhkiG9w0BAQsFAAOCAQEAk+JJCyNdeutE8qShWfR6uZ3vWy4V4O6akdcDHIxd
I7b9hyOaNcjiiAX2a7vvUJHrKYi+f1Cqzs/sAOMhMqUZLCbjxBeNJcu0Cb7MUnOh
JspgYt5a6tiP4I/g46ONXqO0ISWg43j5MA62p/COE/rGjujuWhh0fJ9IY3a7WNaW
vXjZk3dlS+PDJ2eMhDtKjMqxgBorB53UUGtIu2NHCJq8QZRaC7XI4nGmX8q9wNGP
Pmxf0um0wfCBdo3CRiV8N3m+mVSa3G/G2FMo7jWEdJgbDGl/bRSAwSrA/8qgOJGS
3k/PqwvtipTWHvbEVyXiPHa1pydh3j7sG0yniXRosE/mrw==
-----END CERTIFICATE-----