Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/uo9E2UfmyvboZfuNEfniNurBsNQ.roa
File:                     uo9E2UfmyvboZfuNEfniNurBsNQ.roa (raw, json)
Hash identifier:          nSe2kOSCs6nI8bxg3EmeTgpSlUayoOdARNrvJ9mpHMc=
Subject key identifier:   BA:8F:44:D9:47:E6:CA:F6:E8:65:FB:8D:11:F9:E2:36:EA:C1:B0:D4
Certificate issuer:       /CN=cddbefba8fe3c1f668c8444384fe4a3a9f4d87f1
Certificate serial:       018CF5BC33D44F6FF290E034D7F491A445F6
Authority key identifier: CD:DB:EF:BA:8F:E3:C1:F6:68:C8:44:43:84:FE:4A:3A:9F:4D:87:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zdvvuo_jwfZoyERDhP5KOp9Nh_E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/uo9E2UfmyvboZfuNEfniNurBsNQ.roa
Signing time:             Wed 10 Jan 2024 23:36:41 +0000
ROA not before:           Wed 10 Jan 2024 23:36:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43513
IP address blocks:        2a11:66c4::/32 maxlen: 32
                          2a11:66c2::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/zdvvuo_jwfZoyERDhP5KOp9Nh_E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/zdvvuo_jwfZoyERDhP5KOp9Nh_E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zdvvuo_jwfZoyERDhP5KOp9Nh_E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f5:bc:33:d4:4f:6f:f2:90:e0:34:d7:f4:91:a4:45:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cddbefba8fe3c1f668c8444384fe4a3a9f4d87f1
        Validity
            Not Before: Jan 10 23:36:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba8f44d947e6caf6e865fb8d11f9e236eac1b0d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:e1:25:66:59:c2:82:f5:4a:0f:05:a7:14:2f:
                    38:15:b9:36:24:bd:9a:a3:27:28:26:05:b1:1a:1f:
                    ee:eb:da:a7:55:85:5d:9d:43:45:d3:af:fc:d4:94:
                    c4:84:21:20:10:ef:e3:8e:31:45:ec:aa:7f:53:2b:
                    17:4e:ca:fe:ef:34:0e:41:5f:54:b5:ae:96:f4:d7:
                    94:4d:b2:7c:83:da:81:79:40:73:6b:2c:57:4e:de:
                    a9:a8:cf:75:a9:95:94:4f:64:94:63:3a:9b:6e:dc:
                    5e:03:26:5e:fa:b1:5a:69:e5:50:f6:11:03:90:f5:
                    25:1e:d8:59:c5:48:19:16:be:bb:ca:4c:df:f1:36:
                    37:68:8d:26:94:3d:77:dd:2c:55:2a:15:9a:19:69:
                    ad:28:39:b5:3d:95:fc:7c:25:dd:8a:4a:7a:0f:dd:
                    cf:95:d9:19:c2:3e:64:75:4d:fa:01:a0:42:21:1b:
                    fd:ad:6e:41:5a:e2:f6:53:62:20:f3:93:bc:f3:e5:
                    87:96:18:9f:97:73:25:21:2b:85:e2:87:9a:26:21:
                    cd:94:7b:a9:6c:2d:f9:81:6f:b9:30:4f:c2:a3:a5:
                    b5:1b:87:98:cf:5f:10:42:8c:8f:7f:2e:4a:58:a8:
                    9f:fc:ef:c4:f8:54:cf:2f:76:9f:ed:ef:5a:59:fb:
                    28:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:8F:44:D9:47:E6:CA:F6:E8:65:FB:8D:11:F9:E2:36:EA:C1:B0:D4
            X509v3 Authority Key Identifier:
                keyid:CD:DB:EF:BA:8F:E3:C1:F6:68:C8:44:43:84:FE:4A:3A:9F:4D:87:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zdvvuo_jwfZoyERDhP5KOp9Nh_E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/uo9E2UfmyvboZfuNEfniNurBsNQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/4e52f1-13b2-45df-8a43-1a39e6a6de93/1/zdvvuo_jwfZoyERDhP5KOp9Nh_E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:66c2::/32
                  2a11:66c4::/32

    Signature Algorithm: sha256WithRSAEncryption
         3d:ba:42:e6:42:db:5b:8d:d7:f6:30:b7:f4:84:0d:6a:e5:7e:
         e6:3f:4e:e5:3c:cf:02:12:ce:2b:42:81:d7:13:1c:99:b1:e8:
         38:cb:4d:52:58:e1:6c:d6:21:e2:bd:29:b9:2a:3c:da:76:83:
         03:3b:0e:4a:77:df:c4:b1:b6:27:85:66:33:a1:1c:12:d4:6e:
         74:20:20:95:da:14:2f:e6:e5:52:70:f9:18:0b:36:2e:0a:cf:
         7d:fc:ca:c6:f5:6d:d7:18:13:00:97:a2:a1:af:09:6d:5b:22:
         58:a0:eb:65:7d:e9:29:c5:93:0e:a4:d5:bb:8e:ce:53:59:3d:
         4c:de:6d:2b:55:6f:87:ca:d3:e1:c2:ba:a1:e6:6f:2f:0e:dd:
         3c:0c:01:08:fb:96:16:f3:7d:13:e0:39:3c:b5:17:f0:e1:da:
         4b:6d:1f:fc:7b:8a:db:54:3b:3b:2b:34:d2:91:47:1c:53:30:
         19:8a:74:e1:66:77:90:a7:85:dc:1a:4f:4c:95:de:0b:55:64:
         78:98:ae:ff:89:e4:ce:c1:db:65:03:97:8f:9e:b2:92:c0:13:
         39:6b:e7:33:86:48:8d:31:93:ce:36:b4:50:e0:92:9a:59:b0:
         10:41:8c:9e:38:35:36:53:7d:cc:61:31:79:b6:0b:dd:50:9e:
         39:f0:c8:cf
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYz1vDPUT2/ykOA01/SRpEX2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkZGJlZmJhOGZlM2MxZjY2OGM4NDQ0Mzg0ZmU0YTNhOWY0
ZDg3ZjEwHhcNMjQwMTEwMjMzNjQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYThmNDRkOTQ3ZTZjYWY2ZTg2NWZiOGQxMWY5ZTIzNmVhYzFiMGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsOElZlnCgvVKDwWnFC84Fbk2JL2a
oycoJgWxGh/u69qnVYVdnUNF06/81JTEhCEgEO/jjjFF7Kp/UysXTsr+7zQOQV9U
ta6W9NeUTbJ8g9qBeUBzayxXTt6pqM91qZWUT2SUYzqbbtxeAyZe+rFaaeVQ9hED
kPUlHthZxUgZFr67ykzf8TY3aI0mlD133SxVKhWaGWmtKDm1PZX8fCXdikp6D93P
ldkZwj5kdU36AaBCIRv9rW5BWuL2U2Ig85O88+WHlhifl3MlISuF4oeaJiHNlHup
bC35gW+5ME/Co6W1G4eYz18QQoyPfy5KWKif/O/E+FTPL3af7e9aWfsowQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFLqPRNlH5sr26GX7jRH54jbqwbDUMB8GA1UdIwQY
MBaAFM3b77qP48H2aMhEQ4T+SjqfTYfxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemR2dnVvX2p3ZlpveUVSRGhQNUtPcDlOaF9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC80ZTUyZjEtMTNiMi00NWRmLThhNDMt
MWEzOWU2YTZkZTkzLzEvdW85RTJVZm15dmJvWmZ1TkVmbmlOdXJCc05RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC80ZTUyZjEtMTNiMi00NWRmLThhNDMtMWEzOWU2YTZkZTkz
LzEvemR2dnVvX2p3ZlpveUVSRGhQNUtPcDlOaF9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKhFmwgMF
ACoRZsQwDQYJKoZIhvcNAQELBQADggEBAD26QuZC21uN1/Ywt/SEDWrlfuY/TuU8
zwISzitCgdcTHJmx6DjLTVJY4WzWIeK9KbkqPNp2gwM7Dkp338SxtieFZjOhHBLU
bnQgIJXaFC/m5VJw+RgLNi4Kz338ysb1bdcYEwCXoqGvCW1bIlig62V96SnFkw6k
1buOzlNZPUzebStVb4fK0+HCuqHmby8O3TwMAQj7lhbzfRPgOTy1F/Dh2kttH/x7
ittUOzsrNNKRRxxTMBmKdOFmd5CnhdwaT0yV3gtVZHiYrv+J5M7B22UDl4+espLA
Ezlr5zOGSI0xk842tFDgkppZsBBBjJ44NTZTfcxhMXm2C91QnjnwyM8=
-----END CERTIFICATE-----