Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/WNxwGRqjvkzEEIFtJUKhx8EpDnA.roa
File:                     WNxwGRqjvkzEEIFtJUKhx8EpDnA.roa (raw, json)
Hash identifier:          NuJcsLFQveWA7JrekR32MafYf69Fr1QL8arEGvczy7k=
Subject key identifier:   58:DC:70:19:1A:A3:BE:4C:C4:10:81:6D:25:42:A1:C7:C1:29:0E:70
Certificate issuer:       /CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
Certificate serial:       0196A6FBEE65D7AD3B4A863D8B5EDD0D6B4E
Authority key identifier: 11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/WNxwGRqjvkzEEIFtJUKhx8EpDnA.roa
Signing time:             Tue 06 May 2025 19:04:10 +0000
ROA not before:           Tue 06 May 2025 19:04:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42532
IP address blocks:        2a11:8100::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Jun 2025 21:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a6:fb:ee:65:d7:ad:3b:4a:86:3d:8b:5e:dd:0d:6b:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
        Validity
            Not Before: May  6 19:04:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=58dc70191aa3be4cc410816d2542a1c7c1290e70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:9c:67:5d:b0:ed:05:f2:c1:25:e0:d1:24:29:
                    c8:1e:a5:6e:5a:09:2f:9c:6d:e2:ee:3d:bd:51:0e:
                    fa:69:bd:2f:82:1b:91:4a:97:e3:26:9b:d9:3e:e9:
                    27:d8:47:31:67:4e:a6:cf:8e:6f:21:d2:e1:ca:09:
                    05:9f:4c:d5:da:1d:e8:0f:5d:ef:f5:c1:47:a2:b9:
                    74:04:89:65:68:ff:41:ba:0a:bf:58:d4:fc:17:d2:
                    1e:50:bc:ae:48:cf:cf:65:1b:9e:b9:87:8a:a9:81:
                    9d:f4:3a:c9:3d:3a:00:69:52:be:99:ba:1f:b7:47:
                    77:78:e4:d9:58:02:c4:45:ad:d7:d7:70:38:74:77:
                    0e:52:79:d6:56:de:4f:0e:6b:4e:35:19:bc:4a:30:
                    04:ad:5c:78:21:aa:33:6e:c4:07:7b:74:be:ff:b0:
                    23:7d:b3:8a:43:cd:16:56:bf:0a:dc:a9:a8:67:2a:
                    7e:97:46:35:9d:72:6f:8c:20:39:51:1d:49:9d:2e:
                    8a:63:3b:50:5b:4f:73:d4:48:90:63:b1:b9:1b:a0:
                    46:57:69:5d:a2:df:64:78:73:69:24:2e:87:43:88:
                    f2:39:c7:fe:32:ea:81:0d:df:53:5f:4a:55:9a:7a:
                    dc:00:e7:25:d1:a0:6c:8a:d4:10:d4:ee:57:af:e2:
                    61:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:DC:70:19:1A:A3:BE:4C:C4:10:81:6D:25:42:A1:C7:C1:29:0E:70
            X509v3 Authority Key Identifier:
                keyid:11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/WNxwGRqjvkzEEIFtJUKhx8EpDnA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:8100::/32

    Signature Algorithm: sha256WithRSAEncryption
         ab:91:90:3f:02:4c:23:f9:28:1e:f5:1c:df:d0:92:2d:f1:f0:
         ba:4a:fd:dc:64:1b:d6:ec:ab:c4:9b:49:c3:f3:70:26:d0:83:
         39:9f:71:fe:04:66:e5:be:fd:2a:d9:93:47:93:00:04:4d:d2:
         3e:4e:ab:70:a6:bb:fe:40:cc:4f:1b:8a:a6:d4:9e:b7:8d:43:
         c9:a8:10:24:af:35:7c:66:44:af:c1:ad:e6:b9:c3:57:3a:ee:
         68:62:18:3a:e6:ab:ef:9c:6c:0c:78:4e:a8:63:15:86:d1:15:
         63:a9:e7:b2:dc:53:c0:03:7c:1e:50:6a:8d:92:c6:8b:58:87:
         fe:d0:b3:78:46:fd:4a:3c:66:af:fd:ea:4d:91:77:58:cb:75:
         ac:1b:0f:b8:0c:fe:1a:1c:bf:1a:3a:f7:2f:d5:46:ac:9c:d5:
         5e:66:28:55:84:08:ed:33:9c:d1:e7:4e:a6:73:08:f4:e4:45:
         7f:13:3a:22:40:53:58:37:64:6e:13:6d:f3:46:12:79:88:f0:
         d4:f0:85:5d:40:68:77:a4:62:57:16:00:74:ad:3f:ce:84:d2:
         a7:89:0a:38:fa:40:4c:e3:2b:ec:a8:99:c3:51:9f:72:0a:66:
         54:b9:cf:d6:03:bb:56:aa:1a:af:a2:f1:67:a3:b9:c4:d0:ac:
         13:88:ab:e8
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZam++5l1607SoY9i17dDWtOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYTAxMGY4N2EwNDliNmUyMWFiZWQ5YjQwOTgzYjA0ZjNm
MWM3ZTgwHhcNMjUwNTA2MTkwNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGRjNzAxOTFhYTNiZTRjYzQxMDgxNmQyNTQyYTFjN2MxMjkwZTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlJxnXbDtBfLBJeDRJCnIHqVuWgkv
nG3i7j29UQ76ab0vghuRSpfjJpvZPukn2EcxZ06mz45vIdLhygkFn0zV2h3oD13v
9cFHorl0BIllaP9Bugq/WNT8F9IeULyuSM/PZRueuYeKqYGd9DrJPToAaVK+mbof
t0d3eOTZWALERa3X13A4dHcOUnnWVt5PDmtONRm8SjAErVx4IaozbsQHe3S+/7Aj
fbOKQ80WVr8K3KmoZyp+l0Y1nXJvjCA5UR1JnS6KYztQW09z1EiQY7G5G6BGV2ld
ot9keHNpJC6HQ4jyOcf+MuqBDd9TX0pVmnrcAOcl0aBsitQQ1O5Xr+JhRwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFjccBkao75MxBCBbSVCocfBKQ5wMB8GA1UdIwQY
MBaAFBGgEPh6BJtuIavtm0CYOwTz8cfoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUt
ZWU3NDY1NzU0ZmY2LzEvV054d0dScWp2a3pFRUlGdEpVS2h4OEVwRG5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUtZWU3NDY1NzU0ZmY2
LzEvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhGBADAN
BgkqhkiG9w0BAQsFAAOCAQEAq5GQPwJMI/koHvUc39CSLfHwukr93GQb1uyrxJtJ
w/NwJtCDOZ9x/gRm5b79KtmTR5MABE3SPk6rcKa7/kDMTxuKptSet41DyagQJK81
fGZEr8Gt5rnDVzruaGIYOuar75xsDHhOqGMVhtEVY6nnstxTwAN8HlBqjZLGi1iH
/tCzeEb9Sjxmr/3qTZF3WMt1rBsPuAz+Ghy/Gjr3L9VGrJzVXmYoVYQI7TOc0edO
pnMI9ORFfxM6IkBTWDdkbhNt80YSeYjw1PCFXUBod6RiVxYAdK0/zoTSp4kKOPpA
TOMr7KiZw1GfcgpmVLnP1gO7Vqoar6LxZ6O5xNCsE4ir6A==
-----END CERTIFICATE-----