Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/OriXH30oqnUaZW_nA6dZHFGGUPw.roa
File:                     OriXH30oqnUaZW_nA6dZHFGGUPw.roa (raw, json)
Hash identifier:          uJftJ0H6w2nSUE9lGmmZkEbjbesDRuiaqyENkiuEMyY=
Subject key identifier:   3A:B8:97:1F:7D:28:AA:75:1A:65:6F:E7:03:A7:59:1C:51:86:50:FC
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       0191E6410EDE14DB2753A2BCC84CBF183F59
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/OriXH30oqnUaZW_nA6dZHFGGUPw.roa
Signing time:             Thu 12 Sep 2024 12:41:48 +0000
ROA not before:           Thu 12 Sep 2024 12:41:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     398343
IP address blocks:        2a11:a540::/29 maxlen: 29
                          2a12:ad80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 15:35:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:e6:41:0e:de:14:db:27:53:a2:bc:c8:4c:bf:18:3f:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Sep 12 12:41:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ab8971f7d28aa751a656fe703a7591c518650fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:1f:8f:5b:da:a4:90:88:1b:94:e2:1b:42:3c:
                    73:b5:44:bf:17:58:9a:b4:12:4c:2d:ab:55:90:26:
                    02:e7:fc:df:2d:03:6f:d4:db:95:da:bb:2f:67:47:
                    3f:1e:d6:d3:e6:f9:40:53:9f:26:6a:ed:23:2a:60:
                    01:e2:fd:90:71:77:e7:52:5a:74:e6:a4:5a:b3:cf:
                    16:23:84:af:76:a0:97:b5:99:16:d1:52:0b:c0:03:
                    08:b5:a3:60:3b:7d:03:9e:18:19:c4:e8:ec:39:96:
                    27:d2:c6:89:5e:56:e7:73:c2:51:71:ab:ca:4e:9a:
                    e8:8d:f4:2f:88:f2:0e:76:83:2d:f1:04:65:5b:52:
                    e6:0a:38:4c:f6:57:c7:44:83:e0:8b:b6:c1:13:80:
                    41:88:b2:f4:07:73:5d:ea:ed:28:ca:ae:ab:00:c2:
                    db:dc:bb:3b:08:d1:35:7e:02:28:0e:6e:65:19:d0:
                    95:47:ca:80:96:48:f8:b3:8b:c1:28:88:c2:99:ba:
                    90:81:6f:fb:65:2b:57:f2:d7:65:9c:b1:3f:ff:76:
                    90:e8:5d:51:0c:38:34:0b:d8:f2:57:e3:63:a0:bb:
                    d5:90:aa:c7:68:7a:e1:d5:93:79:0a:66:e2:40:df:
                    1f:c4:7f:5d:6c:41:c1:eb:36:bf:53:ee:6a:bb:17:
                    d9:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:B8:97:1F:7D:28:AA:75:1A:65:6F:E7:03:A7:59:1C:51:86:50:FC
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/OriXH30oqnUaZW_nA6dZHFGGUPw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:a540::/29
                  2a12:ad80::/29

    Signature Algorithm: sha256WithRSAEncryption
         a5:a1:0d:e5:82:6f:ef:69:da:9a:3c:db:12:f3:29:db:2c:a2:
         b1:25:b9:fd:27:5d:e9:7f:27:2d:75:e4:c0:e5:00:e0:76:fb:
         9e:cd:c6:b1:13:10:b9:38:d4:1b:33:06:e5:f3:b8:de:4b:97:
         75:d3:0b:9f:96:9b:a5:ae:ae:c2:d7:d2:cb:93:af:8a:a1:81:
         14:a9:20:58:bb:e6:43:10:2e:3a:a1:88:96:8f:14:de:30:30:
         72:f0:7f:a5:19:5c:b4:bf:54:44:94:6d:1e:c7:52:5d:0a:89:
         3b:8a:30:df:c8:fc:0c:76:ab:0b:c8:f6:5b:9e:8a:ee:9a:90:
         85:34:d9:03:c3:02:96:dc:49:89:24:0c:fc:09:62:e9:d1:83:
         09:3d:e0:e6:bd:29:98:f2:f7:c1:39:4c:c9:d5:a7:b5:a6:a7:
         1c:5d:32:5b:fc:88:2e:9a:cd:ce:e0:ac:35:65:8e:87:4f:05:
         99:84:1b:dd:81:e2:91:39:45:7b:41:98:e6:f3:83:6d:64:3d:
         36:46:b7:e5:3e:c3:f4:f3:92:0e:5b:25:e9:a9:c1:f8:05:af:
         e9:d3:51:be:7e:3c:66:cd:28:53:3e:c4:d4:6b:22:e3:c3:50:
         1a:6a:14:a0:db:f3:37:e1:39:31:90:8b:2d:c4:c9:5f:20:f2:
         2b:c7:6d:4b
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZHmQQ7eFNsnU6K8yEy/GD9ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjQwOTEyMTI0MTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWI4OTcxZjdkMjhhYTc1MWE2NTZmZTcwM2E3NTkxYzUxODY1MGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtR+PW9qkkIgblOIbQjxztUS/F1ia
tBJMLatVkCYC5/zfLQNv1NuV2rsvZ0c/HtbT5vlAU58mau0jKmAB4v2QcXfnUlp0
5qRas88WI4SvdqCXtZkW0VILwAMItaNgO30DnhgZxOjsOZYn0saJXlbnc8JRcavK
TprojfQviPIOdoMt8QRlW1LmCjhM9lfHRIPgi7bBE4BBiLL0B3Nd6u0oyq6rAMLb
3Ls7CNE1fgIoDm5lGdCVR8qAlkj4s4vBKIjCmbqQgW/7ZStX8tdlnLE//3aQ6F1R
DDg0C9jyV+NjoLvVkKrHaHrh1ZN5CmbiQN8fxH9dbEHB6za/U+5quxfZBwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFDq4lx99KKp1GmVv5wOnWRxRhlD8MB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvT3JpWEgzMG9xblVhWldfbkE2ZFpIRkdHVVB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKhGlQAMF
AyoSrYAwDQYJKoZIhvcNAQELBQADggEBAKWhDeWCb+9p2po82xLzKdssorEluf0n
Xel/Jy115MDlAOB2+57NxrETELk41BszBuXzuN5Ll3XTC5+Wm6WursLX0suTr4qh
gRSpIFi75kMQLjqhiJaPFN4wMHLwf6UZXLS/VESUbR7HUl0KiTuKMN/I/Ax2qwvI
9lueiu6akIU02QPDApbcSYkkDPwJYunRgwk94Oa9KZjy98E5TMnVp7WmpxxdMlv8
iC6azc7grDVljodPBZmEG92B4pE5RXtBmObzg21kPTZGt+U+w/Tzkg5bJempwfgF
r+nTUb5+PGbNKFM+xNRrIuPDUBpqFKDb8zfhOTGQiy3EyV8g8ivHbUs=
-----END CERTIFICATE-----