Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/1-QXw9v8d6-mVlz2jDxHEu5Dq-bI.roa
File:                     1-QXw9v8d6-mVlz2jDxHEu5Dq-bI.roa (raw, json)
Hash identifier:          yu/rXrhx6S6k22SBMK+hlmNxC+fqm8wA7Yguuiv0EwU=
Subject key identifier:   F9:05:F0:F6:FF:1D:EB:E9:95:97:3D:A3:0F:11:C4:BB:90:EA:F9:B2
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       019345169D4876D796D93D2E1A1BCE97E6D6
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/1-QXw9v8d6-mVlz2jDxHEu5Dq-bI.roa
Signing time:             Tue 19 Nov 2024 15:42:10 +0000
ROA not before:           Tue 19 Nov 2024 15:42:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213220
IP address blocks:        2a11:e9c3::/32 maxlen: 32
                          2a11:e9c5::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:45:16:9d:48:76:d7:96:d9:3d:2e:1a:1b:ce:97:e6:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Nov 19 15:42:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f905f0f6ff1debe995973da30f11c4bb90eaf9b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:b1:7a:88:7e:d1:a0:a0:1b:b5:cf:c3:2b:9b:
                    72:b5:2e:bf:90:dd:32:7f:d4:15:59:0d:0e:ac:7c:
                    56:06:d2:7d:3d:90:3e:ea:0b:f2:e9:44:fa:ca:15:
                    52:fe:9e:7b:27:60:df:50:1e:fc:5d:0d:aa:8a:08:
                    f2:fe:aa:94:9a:83:77:00:8c:86:84:b8:b4:6e:78:
                    81:96:36:2a:48:c5:8d:dc:65:e1:aa:65:04:31:0c:
                    23:63:b1:fc:3f:4c:00:ef:3c:31:10:af:90:31:33:
                    b0:b7:a7:83:24:01:10:5a:46:a0:13:c1:93:3f:e0:
                    e2:a1:fd:11:69:8d:12:d8:e7:81:b2:a0:d9:eb:5f:
                    ba:a3:5a:7b:b5:98:8c:4d:72:9e:9d:24:dd:9e:a7:
                    44:e7:88:85:10:c3:1d:9a:56:ef:4a:8e:88:c9:2d:
                    c3:c6:e6:1b:27:58:ab:43:8b:ce:fe:30:71:04:be:
                    73:56:e1:4f:4f:af:93:db:6d:68:cb:76:11:c7:c2:
                    12:0b:6b:d2:82:35:bd:32:4d:98:72:56:f7:83:8a:
                    d8:a1:a7:c4:30:cc:36:78:00:cb:70:0c:c2:e8:52:
                    10:dd:71:06:c0:11:89:fe:54:d1:ce:83:05:ed:03:
                    17:78:1d:27:bb:54:b4:70:a1:87:ec:ed:97:6e:f3:
                    3f:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:05:F0:F6:FF:1D:EB:E9:95:97:3D:A3:0F:11:C4:BB:90:EA:F9:B2
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/1-QXw9v8d6-mVlz2jDxHEu5Dq-bI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:e9c3::/32
                  2a11:e9c5::/32

    Signature Algorithm: sha256WithRSAEncryption
         23:fe:1c:bf:52:a6:9b:ec:43:34:44:42:fe:d0:19:30:a2:76:
         78:21:31:2c:6f:53:47:74:fc:85:a4:fd:3b:49:0b:e4:89:d1:
         45:d4:99:8a:57:73:91:aa:99:3f:13:25:5b:c3:69:13:9d:de:
         8c:2d:34:bd:e5:87:83:69:c3:7a:4a:7f:13:ff:cd:84:7e:ec:
         b6:78:72:e6:2c:e5:c7:b0:7f:2f:35:e2:58:13:84:ca:56:8b:
         a2:f2:72:da:18:17:d0:be:a9:69:69:dc:09:21:b9:3c:02:e1:
         fa:b1:97:42:14:fc:a1:ff:c9:01:b5:29:fe:9f:5c:b9:27:10:
         87:01:88:20:67:34:16:f3:77:b1:15:6c:4d:0e:39:b0:71:36:
         fb:9a:24:1d:38:c6:82:12:87:ae:1f:4e:a4:c6:3a:22:10:8d:
         25:fb:1b:ac:17:4d:c0:f1:03:bd:24:c5:80:f5:cd:d5:c8:4a:
         59:c3:9e:4a:d2:9a:78:e9:ec:cb:4d:7a:8f:72:8e:e3:3e:94:
         dd:25:43:02:f8:f6:c6:57:84:bf:5d:29:97:24:b9:a5:6f:a2:
         7c:bd:0c:4d:b8:f2:4c:6a:bf:7a:17:4b:07:6f:bc:ac:43:1b:
         34:6b:bd:fe:ce:17:12:62:a0:fb:d2:b5:d9:94:de:95:b5:ff:
         f2:57:bd:26
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgISAZNFFp1IdteW2T0uGhvOl+bWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjQxMTE5MTU0MjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTA1ZjBmNmZmMWRlYmU5OTU5NzNkYTMwZjExYzRiYjkwZWFmOWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmbF6iH7RoKAbtc/DK5tytS6/kN0y
f9QVWQ0OrHxWBtJ9PZA+6gvy6UT6yhVS/p57J2DfUB78XQ2qigjy/qqUmoN3AIyG
hLi0bniBljYqSMWN3GXhqmUEMQwjY7H8P0wA7zwxEK+QMTOwt6eDJAEQWkagE8GT
P+Diof0RaY0S2OeBsqDZ61+6o1p7tZiMTXKenSTdnqdE54iFEMMdmlbvSo6IyS3D
xuYbJ1irQ4vO/jBxBL5zVuFPT6+T221oy3YRx8ISC2vSgjW9Mk2Yclb3g4rYoafE
MMw2eADLcAzC6FIQ3XEGwBGJ/lTRzoMF7QMXeB0nu1S0cKGH7O2XbvM/WwIDAQAB
o4ICEjCCAg4wHQYDVR0OBBYEFPkF8Pb/HevplZc9ow8RxLuQ6vmyMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvMS1RWHc5djhkNi1tVmx6MmpEeEhFdTVEcS1iSS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNWIvN2I5MzM2LWU5ZjgtNGUyNy1hZjRiLTIzOWQyZmUzOThi
MS8xL0NUTlR3ZnEtaVdyNHVGX25ZQTVHTkphUHpFdy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAnBggrBgEFBQcBBwEB/wQYMBYwFAQCAAIwDgMFACoR6cMD
BQAqEenFMA0GCSqGSIb3DQEBCwUAA4IBAQAj/hy/Uqab7EM0REL+0BkwonZ4ITEs
b1NHdPyFpP07SQvkidFF1JmKV3ORqpk/EyVbw2kTnd6MLTS95YeDacN6Sn8T/82E
fuy2eHLmLOXHsH8vNeJYE4TKVoui8nLaGBfQvqlpadwJIbk8AuH6sZdCFPyh/8kB
tSn+n1y5JxCHAYggZzQW83exFWxNDjmwcTb7miQdOMaCEoeuH06kxjoiEI0l+xus
F03A8QO9JMWA9c3VyEpZw55K0pp46ezLTXqPco7jPpTdJUMC+PbGV4S/XSmXJLml
b6J8vQxNuPJMar96F0sHb7ysQxs0a73+zhcSYqD70rXZlN6Vtf/yV70m
-----END CERTIFICATE-----