Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/b796f4-2e88-4eaa-a269-2738bcb43d6d/1/K_9kIu6JLdYkmo8am721g_ghDHw.roa
File:                     K_9kIu6JLdYkmo8am721g_ghDHw.roa (raw, json)
Hash identifier:          JZn9wVdTvQzYM0GpvOcXqVX0xxc1A/NlO6Wd0Yl/J+M=
Subject key identifier:   2B:FF:64:22:EE:89:2D:D6:24:9A:8F:1A:9B:BD:B5:83:F8:21:0C:7C
Certificate issuer:       /CN=923a2b3dd7667275f09886df7da079f755ceed59
Certificate serial:       018CCA2A3DD5829CBA99BB7B7969C273082F
Authority key identifier: 92:3A:2B:3D:D7:66:72:75:F0:98:86:DF:7D:A0:79:F7:55:CE:ED:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kjorPddmcnXwmIbffaB591XO7Vk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/b796f4-2e88-4eaa-a269-2738bcb43d6d/1/K_9kIu6JLdYkmo8am721g_ghDHw.roa
Signing time:             Tue 02 Jan 2024 12:33:35 +0000
ROA not before:           Tue 02 Jan 2024 12:33:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13030
IP address blocks:        2a11:8b80::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/b796f4-2e88-4eaa-a269-2738bcb43d6d/1/kjorPddmcnXwmIbffaB591XO7Vk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/b796f4-2e88-4eaa-a269-2738bcb43d6d/1/kjorPddmcnXwmIbffaB591XO7Vk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kjorPddmcnXwmIbffaB591XO7Vk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:3d:d5:82:9c:ba:99:bb:7b:79:69:c2:73:08:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=923a2b3dd7667275f09886df7da079f755ceed59
        Validity
            Not Before: Jan  2 12:33:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2bff6422ee892dd6249a8f1a9bbdb583f8210c7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:be:6c:f3:01:b3:cf:c7:9b:86:b6:47:98:c5:
                    f5:8c:cd:8f:12:4b:e9:01:1f:67:2b:1e:82:ad:3a:
                    55:8c:12:3c:8b:84:20:42:b4:48:3c:ba:a5:71:1c:
                    09:a1:3d:d7:ae:ef:76:d4:51:29:39:19:19:06:64:
                    05:9a:f8:9d:d7:e8:d7:10:ad:e1:b1:2c:78:15:d4:
                    e3:bd:e9:c2:21:7f:0d:a6:43:32:b3:ee:f2:f4:a7:
                    12:ab:48:5d:fd:33:06:49:7a:63:12:9e:2a:97:d3:
                    8b:01:77:d0:76:85:c5:3d:d2:ce:08:14:c7:77:d8:
                    d3:9a:7a:14:ea:e6:f4:b2:c3:5a:eb:a9:60:38:1f:
                    02:54:1b:3c:88:a0:85:42:ab:5a:b5:9d:44:4c:5e:
                    5e:bc:95:28:a3:aa:11:df:e2:d9:1d:c3:d7:1a:53:
                    96:89:b0:67:a8:54:7e:d8:ce:fc:6d:7e:6f:1b:49:
                    86:9c:63:b5:f2:3d:20:2d:6d:48:50:56:e0:5f:3b:
                    ea:13:9b:e0:2b:07:ee:ed:9a:ff:9d:12:dc:56:8e:
                    77:db:e2:40:2b:cf:78:79:aa:45:e5:95:7e:d8:f8:
                    1b:bf:01:10:de:3a:e0:dd:c4:7a:97:ec:59:20:ab:
                    b3:55:d0:2e:8a:33:80:22:8f:54:fc:f5:bf:87:62:
                    2d:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:FF:64:22:EE:89:2D:D6:24:9A:8F:1A:9B:BD:B5:83:F8:21:0C:7C
            X509v3 Authority Key Identifier:
                keyid:92:3A:2B:3D:D7:66:72:75:F0:98:86:DF:7D:A0:79:F7:55:CE:ED:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kjorPddmcnXwmIbffaB591XO7Vk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/b796f4-2e88-4eaa-a269-2738bcb43d6d/1/K_9kIu6JLdYkmo8am721g_ghDHw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/b796f4-2e88-4eaa-a269-2738bcb43d6d/1/kjorPddmcnXwmIbffaB591XO7Vk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:8b80::/32

    Signature Algorithm: sha256WithRSAEncryption
         50:bc:76:26:5d:d4:0a:55:77:3f:23:c8:2f:6d:f0:2f:c1:d1:
         f0:98:64:8a:a5:06:69:9d:f4:cb:76:90:e8:b8:5b:96:ec:33:
         42:fa:62:89:2d:58:cd:b1:13:6e:00:68:5b:82:9a:7e:93:48:
         39:4f:77:b9:bf:e3:fa:4f:56:8b:63:f2:5b:4c:58:51:a3:2b:
         c8:5d:c3:06:00:21:3e:75:29:45:a0:63:0a:f8:a8:4c:fc:2c:
         dd:63:4a:6f:4a:5f:aa:07:71:8f:29:0c:86:fc:99:e2:f8:61:
         31:eb:04:6b:23:dd:ef:53:05:fb:e8:3d:e4:83:33:8c:11:5f:
         4e:68:33:3a:4a:57:0c:8c:c1:88:66:e5:24:ee:b4:73:91:3c:
         e7:e7:46:80:1f:0c:d9:63:8e:6e:ba:aa:45:ec:8c:34:c6:55:
         26:f6:39:1d:c3:72:df:72:00:e2:7c:99:87:47:ec:7e:f6:8e:
         5f:94:e7:23:b2:69:08:54:e1:86:1a:5e:da:08:ec:dc:53:17:
         1e:60:9a:85:b8:e6:36:00:11:ef:6a:76:0d:85:73:29:29:f9:
         29:44:e3:e1:a3:2a:d5:3f:35:f9:b9:61:a0:39:48:25:86:1f:
         d4:66:28:7b:af:f7:33:e9:37:31:fe:bf:03:2e:83:2e:38:33:
         10:6d:23:c9
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzKKj3Vgpy6mbt7eWnCcwgvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyM2EyYjNkZDc2NjcyNzVmMDk4ODZkZjdkYTA3OWY3NTVj
ZWVkNTkwHhcNMjQwMTAyMTIzMzM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmZmNjQyMmVlODkyZGQ2MjQ5YThmMWE5YmJkYjU4M2Y4MjEwYzdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqL5s8wGzz8ebhrZHmMX1jM2PEkvp
AR9nKx6CrTpVjBI8i4QgQrRIPLqlcRwJoT3Xru921FEpORkZBmQFmvid1+jXEK3h
sSx4FdTjvenCIX8NpkMys+7y9KcSq0hd/TMGSXpjEp4ql9OLAXfQdoXFPdLOCBTH
d9jTmnoU6ub0ssNa66lgOB8CVBs8iKCFQqtatZ1ETF5evJUoo6oR3+LZHcPXGlOW
ibBnqFR+2M78bX5vG0mGnGO18j0gLW1IUFbgXzvqE5vgKwfu7Zr/nRLcVo532+JA
K894eapF5ZV+2PgbvwEQ3jrg3cR6l+xZIKuzVdAuijOAIo9U/PW/h2It4wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCv/ZCLuiS3WJJqPGpu9tYP4IQx8MB8GA1UdIwQY
MBaAFJI6Kz3XZnJ18JiG332gefdVzu1ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2pvclBkZG1jblh3bUliZmZhQjU5MVhPN1ZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9iNzk2ZjQtMmU4OC00ZWFhLWEyNjkt
MjczOGJjYjQzZDZkLzEvS185a0l1NkpMZFlrbW84YW03MjFnX2doREh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9iNzk2ZjQtMmU4OC00ZWFhLWEyNjktMjczOGJjYjQzZDZk
LzEva2pvclBkZG1jblh3bUliZmZhQjU5MVhPN1ZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhGLgDAN
BgkqhkiG9w0BAQsFAAOCAQEAULx2Jl3UClV3PyPIL23wL8HR8JhkiqUGaZ30y3aQ
6LhbluwzQvpiiS1YzbETbgBoW4KafpNIOU93ub/j+k9Wi2PyW0xYUaMryF3DBgAh
PnUpRaBjCvioTPws3WNKb0pfqgdxjykMhvyZ4vhhMesEayPd71MF++g95IMzjBFf
TmgzOkpXDIzBiGblJO60c5E85+dGgB8M2WOObrqqReyMNMZVJvY5HcNy33IA4nyZ
h0fsfvaOX5TnI7JpCFThhhpe2gjs3FMXHmCahbjmNgAR72p2DYVzKSn5KUTj4aMq
1T81+blhoDlIJYYf1GYoe6/3M+k3Mf6/Ay6DLjgzEG0jyQ==
-----END CERTIFICATE-----