Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/49969e-546c-43e5-8dbd-f92915a968bc/1/SXGZtEot9u2S2_Kxo5fAehujUE8.roa
File:                     SXGZtEot9u2S2_Kxo5fAehujUE8.roa (raw, json)
Hash identifier:          hf58GV5jb8vaXCqjeXcsSz8ogYacb/the2lAtcNGlxQ=
Subject key identifier:   49:71:99:B4:4A:2D:F6:ED:92:DB:F2:B1:A3:97:C0:7A:1B:A3:50:4F
Certificate issuer:       /CN=f0d9cbbefde612e61e0cd0ff0b871961cbf797e3
Certificate serial:       0191B32FD7E62BBBF31971110A5AF38B12CA
Authority key identifier: F0:D9:CB:BE:FD:E6:12:E6:1E:0C:D0:FF:0B:87:19:61:CB:F7:97:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8NnLvv3mEuYeDND_C4cZYcv3l-M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/49969e-546c-43e5-8dbd-f92915a968bc/1/SXGZtEot9u2S2_Kxo5fAehujUE8.roa
Signing time:             Mon 02 Sep 2024 14:42:22 +0000
ROA not before:           Mon 02 Sep 2024 14:42:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214673
IP address blocks:        2a11:4880::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/49969e-546c-43e5-8dbd-f92915a968bc/1/8NnLvv3mEuYeDND_C4cZYcv3l-M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/49969e-546c-43e5-8dbd-f92915a968bc/1/8NnLvv3mEuYeDND_C4cZYcv3l-M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8NnLvv3mEuYeDND_C4cZYcv3l-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:b3:2f:d7:e6:2b:bb:f3:19:71:11:0a:5a:f3:8b:12:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0d9cbbefde612e61e0cd0ff0b871961cbf797e3
        Validity
            Not Before: Sep  2 14:42:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=497199b44a2df6ed92dbf2b1a397c07a1ba3504f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:f2:98:69:ec:04:cc:56:e5:cb:c0:b7:9d:37:
                    28:0a:3e:ec:62:bd:9d:a5:38:38:a6:cb:8d:ad:64:
                    da:34:0c:ad:6f:12:31:09:46:90:8e:c5:c8:55:a3:
                    00:99:a0:e5:01:8b:ab:b5:58:81:76:33:e9:22:97:
                    a1:b7:d3:58:78:43:74:ee:b5:5f:34:19:dd:b1:6a:
                    6e:a5:7d:b9:0c:17:77:db:f0:f9:f5:d4:1b:a2:48:
                    b5:11:e0:ff:03:0a:8f:90:32:24:61:dd:19:2e:72:
                    39:01:98:74:c7:0e:85:bc:80:d5:ec:9d:e0:09:71:
                    a6:07:06:97:6d:92:bc:29:3e:a9:fb:c0:9d:f7:be:
                    4b:2d:6b:7a:33:6c:0b:d8:a0:5e:aa:04:50:ed:77:
                    d1:48:86:d7:26:c3:3e:5c:52:f6:82:54:f2:b6:9d:
                    c2:93:cc:72:5c:77:c1:d5:23:79:b9:57:13:68:67:
                    d5:7c:9d:19:73:6b:eb:f4:d4:91:b2:01:0c:b9:a9:
                    75:8c:8b:d4:fc:08:5c:91:59:0a:66:6b:97:8f:64:
                    cd:82:e6:af:16:b8:01:41:f8:94:30:0c:9b:a4:f3:
                    6a:78:9f:91:24:97:f4:a8:cd:be:87:86:0f:6d:84:
                    4e:18:bd:aa:7b:9e:5f:07:1b:15:89:37:ae:8d:10:
                    fc:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:71:99:B4:4A:2D:F6:ED:92:DB:F2:B1:A3:97:C0:7A:1B:A3:50:4F
            X509v3 Authority Key Identifier:
                keyid:F0:D9:CB:BE:FD:E6:12:E6:1E:0C:D0:FF:0B:87:19:61:CB:F7:97:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8NnLvv3mEuYeDND_C4cZYcv3l-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/49969e-546c-43e5-8dbd-f92915a968bc/1/SXGZtEot9u2S2_Kxo5fAehujUE8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/49969e-546c-43e5-8dbd-f92915a968bc/1/8NnLvv3mEuYeDND_C4cZYcv3l-M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:4880::/32

    Signature Algorithm: sha256WithRSAEncryption
         ad:f8:75:85:91:7c:f6:a3:5c:4a:96:f7:b1:e9:bb:b7:2f:64:
         e1:b4:17:9d:a2:bd:17:a0:c9:31:77:2b:b6:40:23:c5:3f:ff:
         f6:d4:88:2b:e4:1c:fd:cc:42:77:1e:d2:3d:d0:6c:34:f7:61:
         4f:97:82:52:c2:aa:ad:da:99:af:f7:88:14:ea:40:e2:83:40:
         64:78:19:40:57:7c:6a:43:ac:41:7b:fb:bc:23:cb:79:65:f6:
         f2:ca:b0:8c:a6:3c:e5:41:1a:cf:31:6d:8b:d8:28:48:51:ac:
         19:a8:cf:41:57:0d:b1:31:2f:1b:5b:65:6a:22:60:79:f1:af:
         8e:8f:b9:5d:ee:6a:ce:a3:48:01:cf:73:ec:75:70:95:de:9c:
         9d:68:2a:15:bb:f9:3c:83:38:d6:f3:2f:24:a3:a2:b1:5f:d2:
         a0:c6:83:a5:81:88:0e:9a:ba:01:f7:c4:8e:b3:be:0f:34:f9:
         07:c1:10:0c:bd:39:6e:b0:23:af:fb:17:f2:0e:a4:ef:35:87:
         39:b1:ee:69:03:ba:cd:55:8a:71:be:b7:55:77:61:be:c7:67:
         db:88:99:d7:30:f5:5c:e9:18:f2:93:4a:a4:20:01:12:f0:0b:
         23:09:51:61:77:c7:9f:ed:6d:3f:7d:b8:b7:ba:dc:db:6a:51:
         a2:c5:d1:84
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZGzL9fmK7vzGXERClrzixLKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwZDljYmJlZmRlNjEyZTYxZTBjZDBmZjBiODcxOTYxY2Jm
Nzk3ZTMwHhcNMjQwOTAyMTQ0MjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTcxOTliNDRhMmRmNmVkOTJkYmYyYjFhMzk3YzA3YTFiYTM1MDRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqPKYaewEzFbly8C3nTcoCj7sYr2d
pTg4psuNrWTaNAytbxIxCUaQjsXIVaMAmaDlAYurtViBdjPpIpeht9NYeEN07rVf
NBndsWpupX25DBd32/D59dQboki1EeD/AwqPkDIkYd0ZLnI5AZh0xw6FvIDV7J3g
CXGmBwaXbZK8KT6p+8Cd975LLWt6M2wL2KBeqgRQ7XfRSIbXJsM+XFL2glTytp3C
k8xyXHfB1SN5uVcTaGfVfJ0Zc2vr9NSRsgEMual1jIvU/AhckVkKZmuXj2TNguav
FrgBQfiUMAybpPNqeJ+RJJf0qM2+h4YPbYROGL2qe55fBxsViTeujRD8bwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFElxmbRKLfbtktvysaOXwHobo1BPMB8GA1UdIwQY
MBaAFPDZy7795hLmHgzQ/wuHGWHL95fjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE5uTHZ2M21FdVllRE5EX0M0Y1pZY3YzbC1NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC80OTk2OWUtNTQ2Yy00M2U1LThkYmQt
ZjkyOTE1YTk2OGJjLzEvU1hHWnRFb3Q5dTJTMl9LeG81ZkFlaHVqVUU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC80OTk2OWUtNTQ2Yy00M2U1LThkYmQtZjkyOTE1YTk2OGJj
LzEvOE5uTHZ2M21FdVllRE5EX0M0Y1pZY3YzbC1NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhFIgDAN
BgkqhkiG9w0BAQsFAAOCAQEArfh1hZF89qNcSpb3sem7ty9k4bQXnaK9F6DJMXcr
tkAjxT//9tSIK+Qc/cxCdx7SPdBsNPdhT5eCUsKqrdqZr/eIFOpA4oNAZHgZQFd8
akOsQXv7vCPLeWX28sqwjKY85UEazzFti9goSFGsGajPQVcNsTEvG1tlaiJgefGv
jo+5Xe5qzqNIAc9z7HVwld6cnWgqFbv5PIM41vMvJKOisV/SoMaDpYGIDpq6AffE
jrO+DzT5B8EQDL05brAjr/sX8g6k7zWHObHuaQO6zVWKcb63VXdhvsdn24iZ1zD1
XOkY8pNKpCABEvALIwlRYXfHn+1tP324t7rc22pRosXRhA==
-----END CERTIFICATE-----