Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/8eff42-5b55-4e6f-8222-a52a8795d956/1/zQduic7zuFMWNQmMiOT-7nKczfQ.roa
File:                     zQduic7zuFMWNQmMiOT-7nKczfQ.roa (raw, json)
Hash identifier:          Tuf5LaMVmnsEt85wot1+bx5M05Fyr+O2MGqZUukwDGo=
Subject key identifier:   CD:07:6E:89:CE:F3:B8:53:16:35:09:8C:88:E4:FE:EE:72:9C:CD:F4
Certificate issuer:       /CN=5bee051a93901ecc01744079aa4ac2fb077b9fc1
Certificate serial:       018DF0BAC4694BDB81B15D38F0B2B277D883
Authority key identifier: 5B:EE:05:1A:93:90:1E:CC:01:74:40:79:AA:4A:C2:FB:07:7B:9F:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W-4FGpOQHswBdEB5qkrC-wd7n8E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/8eff42-5b55-4e6f-8222-a52a8795d956/1/zQduic7zuFMWNQmMiOT-7nKczfQ.roa
Signing time:             Wed 28 Feb 2024 17:19:48 +0000
ROA not before:           Wed 28 Feb 2024 17:19:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39450
IP address blocks:        2a11:500::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/8eff42-5b55-4e6f-8222-a52a8795d956/1/W-4FGpOQHswBdEB5qkrC-wd7n8E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/8eff42-5b55-4e6f-8222-a52a8795d956/1/W-4FGpOQHswBdEB5qkrC-wd7n8E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W-4FGpOQHswBdEB5qkrC-wd7n8E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f0:ba:c4:69:4b:db:81:b1:5d:38:f0:b2:b2:77:d8:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5bee051a93901ecc01744079aa4ac2fb077b9fc1
        Validity
            Not Before: Feb 28 17:19:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cd076e89cef3b8531635098c88e4feee729ccdf4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:66:88:d1:ca:81:f3:37:84:91:2f:cb:e4:a2:
                    f0:1e:7e:d3:a2:ab:32:22:2c:fb:57:cd:27:46:fd:
                    77:dc:53:ce:d4:95:8a:52:5d:7c:c7:42:9b:52:58:
                    7c:ae:22:cd:8d:9e:c2:0f:eb:79:23:9b:eb:14:66:
                    25:5a:04:84:8c:39:9a:52:da:b8:13:f4:12:66:52:
                    39:1a:ad:ad:9c:7f:5f:48:b8:21:df:42:b7:a3:08:
                    99:76:ae:ff:28:d9:19:1c:97:72:eb:d3:1f:44:c6:
                    5f:5e:63:6f:88:4d:c2:1c:56:0c:e0:05:46:cc:ec:
                    13:14:fd:fa:d8:6b:17:4e:4e:a3:2f:47:90:e2:45:
                    e3:f0:a5:07:13:4d:ba:4d:91:dd:e5:f8:62:0f:6e:
                    de:df:1b:4e:76:4b:48:44:4e:c9:75:07:f6:cc:ac:
                    d7:4f:e6:b8:b5:2c:e6:e9:c1:16:0a:0e:70:7c:8d:
                    d9:7a:ac:98:4e:5c:d3:60:f8:8f:31:99:18:57:db:
                    c1:f1:ca:fd:a0:02:ff:12:ff:b5:84:b8:ab:1a:16:
                    ab:9c:88:9f:19:24:a6:69:20:06:f7:bb:29:6d:d5:
                    d5:3e:a4:ed:c3:37:e8:00:2a:30:d8:3f:a7:06:7f:
                    e6:b9:87:96:d4:d8:6e:59:05:48:96:9a:13:94:e9:
                    76:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:07:6E:89:CE:F3:B8:53:16:35:09:8C:88:E4:FE:EE:72:9C:CD:F4
            X509v3 Authority Key Identifier:
                keyid:5B:EE:05:1A:93:90:1E:CC:01:74:40:79:AA:4A:C2:FB:07:7B:9F:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W-4FGpOQHswBdEB5qkrC-wd7n8E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/8eff42-5b55-4e6f-8222-a52a8795d956/1/zQduic7zuFMWNQmMiOT-7nKczfQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/8eff42-5b55-4e6f-8222-a52a8795d956/1/W-4FGpOQHswBdEB5qkrC-wd7n8E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:500::/29

    Signature Algorithm: sha256WithRSAEncryption
         88:37:23:b5:8a:67:19:4d:80:cc:59:8b:14:c8:8d:0c:4f:e6:
         cd:ce:10:b2:3f:cb:e5:4d:db:c6:a4:60:d9:bf:43:c7:23:69:
         c5:08:62:1d:a1:06:bd:e3:3c:eb:51:30:08:34:29:70:cd:76:
         0b:76:3e:08:e7:31:76:f6:87:3f:09:11:df:a8:51:55:96:17:
         42:51:72:54:f3:5b:36:90:bb:9a:f3:96:3d:cb:dc:92:40:d6:
         f4:b5:aa:8e:49:a6:4f:94:35:1e:fe:e0:ea:0c:1b:44:e2:f5:
         ac:9c:e7:46:85:78:80:40:e2:2f:67:76:c3:a5:33:b5:1b:81:
         0f:9a:ca:ee:b7:bf:89:c5:e6:f2:23:f2:4e:9a:22:dd:0a:b1:
         f2:70:1c:27:fd:b0:73:cc:98:5c:ef:57:45:50:a0:27:c0:ff:
         b4:43:d7:48:6e:52:cc:21:4f:05:c8:6d:d0:53:f4:26:3b:cf:
         98:c0:93:96:a9:79:7f:eb:41:93:0d:76:33:35:3c:11:36:3d:
         52:43:6c:d0:74:a5:8e:d9:22:3b:c9:24:3f:24:52:01:b9:e0:
         62:b0:4a:72:61:06:34:74:29:aa:ef:36:9a:cc:93:76:20:28:
         9c:03:a4:53:e2:1f:a0:eb:06:8d:45:dd:ad:27:fe:a0:ed:cf:
         82:ae:94:df
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY3wusRpS9uBsV048LKyd9iDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViZWUwNTFhOTM5MDFlY2MwMTc0NDA3OWFhNGFjMmZiMDc3
YjlmYzEwHhcNMjQwMjI4MTcxOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDA3NmU4OWNlZjNiODUzMTYzNTA5OGM4OGU0ZmVlZTcyOWNjZGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmmaI0cqB8zeEkS/L5KLwHn7Toqsy
Iiz7V80nRv133FPO1JWKUl18x0KbUlh8riLNjZ7CD+t5I5vrFGYlWgSEjDmaUtq4
E/QSZlI5Gq2tnH9fSLgh30K3owiZdq7/KNkZHJdy69MfRMZfXmNviE3CHFYM4AVG
zOwTFP362GsXTk6jL0eQ4kXj8KUHE026TZHd5fhiD27e3xtOdktIRE7JdQf2zKzX
T+a4tSzm6cEWCg5wfI3ZeqyYTlzTYPiPMZkYV9vB8cr9oAL/Ev+1hLirGharnIif
GSSmaSAG97spbdXVPqTtwzfoACow2D+nBn/muYeW1NhuWQVIlpoTlOl24QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFM0HbonO87hTFjUJjIjk/u5ynM30MB8GA1UdIwQY
MBaAFFvuBRqTkB7MAXRAeapKwvsHe5/BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVy00RkdwT1FIc3dCZEVCNXFrckMtd2Q3bjhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni84ZWZmNDItNWI1NS00ZTZmLTgyMjIt
YTUyYTg3OTVkOTU2LzEvelFkdWljN3p1Rk1XTlFtTWlPVC03bktjemZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni84ZWZmNDItNWI1NS00ZTZmLTgyMjItYTUyYTg3OTVkOTU2
LzEvVy00RkdwT1FIc3dCZEVCNXFrckMtd2Q3bjhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhEFADAN
BgkqhkiG9w0BAQsFAAOCAQEAiDcjtYpnGU2AzFmLFMiNDE/mzc4Qsj/L5U3bxqRg
2b9DxyNpxQhiHaEGveM861EwCDQpcM12C3Y+COcxdvaHPwkR36hRVZYXQlFyVPNb
NpC7mvOWPcvckkDW9LWqjkmmT5Q1Hv7g6gwbROL1rJznRoV4gEDiL2d2w6UztRuB
D5rK7re/icXm8iPyTpoi3Qqx8nAcJ/2wc8yYXO9XRVCgJ8D/tEPXSG5SzCFPBcht
0FP0JjvPmMCTlql5f+tBkw12MzU8ETY9UkNs0HSljtkiO8kkPyRSAbngYrBKcmEG
NHQpqu82msyTdiAonAOkU+IfoOsGjUXdrSf+oO3Pgq6U3w==
-----END CERTIFICATE-----