Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/0e18d2-d80b-4aa0-aaef-069661675106/1/hekhG_9lU1Ndgq_lCPnY01WDWIU.roa
File:                     hekhG_9lU1Ndgq_lCPnY01WDWIU.roa (raw, json)
Hash identifier:          FhDdv2chHoWJiF8Gl14irw9xbnWQqHQKL8YXxe2yyWQ=
Subject key identifier:   85:E9:21:1B:FF:65:53:53:5D:82:AF:E5:08:F9:D8:D3:55:83:58:85
Certificate issuer:       /CN=b0f619ef200840dfa8fd43567c7a978c15312d7f
Certificate serial:       0191221C49657D2047AEA23761089AB47A2F
Authority key identifier: B0:F6:19:EF:20:08:40:DF:A8:FD:43:56:7C:7A:97:8C:15:31:2D:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sPYZ7yAIQN-o_UNWfHqXjBUxLX8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/0e18d2-d80b-4aa0-aaef-069661675106/1/hekhG_9lU1Ndgq_lCPnY01WDWIU.roa
Signing time:             Mon 05 Aug 2024 10:36:04 +0000
ROA not before:           Mon 05 Aug 2024 10:36:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56534
IP address blocks:        2a11:fb42::/32 maxlen: 32
                          2a12:1807::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/0e18d2-d80b-4aa0-aaef-069661675106/1/sPYZ7yAIQN-o_UNWfHqXjBUxLX8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/0e18d2-d80b-4aa0-aaef-069661675106/1/sPYZ7yAIQN-o_UNWfHqXjBUxLX8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sPYZ7yAIQN-o_UNWfHqXjBUxLX8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:22:1c:49:65:7d:20:47:ae:a2:37:61:08:9a:b4:7a:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0f619ef200840dfa8fd43567c7a978c15312d7f
        Validity
            Not Before: Aug  5 10:36:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=85e9211bff6553535d82afe508f9d8d355835885
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:a4:76:0c:22:b6:a8:16:0e:e7:94:21:f4:b7:
                    d0:65:02:2f:7e:fb:b7:eb:df:d5:9e:b1:54:5b:ea:
                    46:55:6b:15:f9:0a:79:a3:70:a3:10:10:73:61:41:
                    ba:f3:c0:85:1d:92:49:a7:a1:d4:f2:4a:6e:8d:db:
                    65:ca:5f:b8:5d:c5:b1:10:48:70:a4:98:75:8a:b4:
                    da:b1:32:b6:04:6a:09:e1:02:51:0b:2d:74:0d:e7:
                    dc:48:22:26:94:50:2f:05:e8:c4:19:4e:93:00:7d:
                    f3:2c:77:66:36:54:3d:85:17:29:0e:9d:9b:3e:27:
                    ce:cb:36:c5:51:49:17:c9:46:f2:fc:b5:df:b1:93:
                    96:a0:68:76:60:23:3a:ca:a8:db:47:a6:6c:7f:f6:
                    f2:2d:8e:86:46:71:4a:cd:c2:de:0c:c1:b1:af:1b:
                    72:29:03:72:2a:2d:dc:b6:11:67:fd:5a:33:e5:2d:
                    13:a4:02:ec:4d:41:66:4f:c8:52:44:22:59:ff:13:
                    1d:dd:8d:55:a7:f3:ff:57:1a:8d:30:e9:b2:66:a0:
                    a8:46:ff:c6:6d:f0:b8:d7:81:55:05:16:bf:96:62:
                    04:83:fc:6c:fe:88:5a:cf:52:ad:8d:a1:6c:15:41:
                    c1:f5:4f:51:8d:ed:f0:de:dc:38:8b:3c:87:48:af:
                    a6:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:E9:21:1B:FF:65:53:53:5D:82:AF:E5:08:F9:D8:D3:55:83:58:85
            X509v3 Authority Key Identifier:
                keyid:B0:F6:19:EF:20:08:40:DF:A8:FD:43:56:7C:7A:97:8C:15:31:2D:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sPYZ7yAIQN-o_UNWfHqXjBUxLX8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0e18d2-d80b-4aa0-aaef-069661675106/1/hekhG_9lU1Ndgq_lCPnY01WDWIU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0e18d2-d80b-4aa0-aaef-069661675106/1/sPYZ7yAIQN-o_UNWfHqXjBUxLX8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:fb42::/32
                  2a12:1807::/32

    Signature Algorithm: sha256WithRSAEncryption
         41:27:15:37:ca:79:81:42:8c:84:ab:86:6d:81:45:99:44:58:
         6e:d8:25:4e:28:e2:cc:54:c4:ab:26:a3:65:b9:4f:52:0b:f9:
         fc:bf:8f:4f:31:5e:c5:8b:d1:27:29:60:c5:c3:2e:ae:38:31:
         61:6b:ca:60:3f:8a:a1:fc:4b:28:fb:ad:97:ef:72:b0:fc:5a:
         4c:fd:d4:0e:01:2b:7d:13:55:8b:17:a0:bd:96:ce:6a:7a:c9:
         f9:23:b2:0d:fe:8b:89:0b:df:2f:29:f2:83:21:97:89:ee:fe:
         66:78:65:8b:c5:e7:82:e3:5d:71:20:8b:d5:4f:9f:d0:6e:c5:
         1d:00:37:aa:81:85:32:0d:dd:5a:c3:01:8f:2d:8d:43:47:3b:
         90:af:0c:79:14:48:6b:7b:46:00:04:16:68:dd:f3:9b:4c:61:
         02:84:d0:47:09:af:75:d8:85:04:89:87:50:36:e2:0b:7e:e6:
         43:8b:3b:fe:d2:90:4d:f9:c5:58:fc:f5:47:6d:26:7d:eb:3a:
         b3:af:e2:2a:dd:57:cb:ce:3e:57:f3:e3:76:67:0f:bd:25:f8:
         fe:cc:b0:78:47:03:d0:c0:fd:53:b0:47:c9:dc:16:9b:6b:7d:
         c5:68:34:da:1a:b7:a1:3c:28:7a:5f:be:c3:46:e4:51:a1:da:
         33:22:c0:0b
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZEiHEllfSBHrqI3YQiatHovMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwZjYxOWVmMjAwODQwZGZhOGZkNDM1NjdjN2E5NzhjMTUz
MTJkN2YwHhcNMjQwODA1MTAzNjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWU5MjExYmZmNjU1MzUzNWQ4MmFmZTUwOGY5ZDhkMzU1ODM1ODg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA26R2DCK2qBYO55Qh9LfQZQIvfvu3
69/VnrFUW+pGVWsV+Qp5o3CjEBBzYUG688CFHZJJp6HU8kpujdtlyl+4XcWxEEhw
pJh1irTasTK2BGoJ4QJRCy10DefcSCImlFAvBejEGU6TAH3zLHdmNlQ9hRcpDp2b
PifOyzbFUUkXyUby/LXfsZOWoGh2YCM6yqjbR6Zsf/byLY6GRnFKzcLeDMGxrxty
KQNyKi3cthFn/Voz5S0TpALsTUFmT8hSRCJZ/xMd3Y1Vp/P/VxqNMOmyZqCoRv/G
bfC414FVBRa/lmIEg/xs/ohaz1KtjaFsFUHB9U9Rje3w3tw4izyHSK+m0wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFIXpIRv/ZVNTXYKv5Qj52NNVg1iFMB8GA1UdIwQY
MBaAFLD2Ge8gCEDfqP1DVnx6l4wVMS1/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1BZWjd5QUlRTi1vX1VOV2ZIcVhqQlV4TFg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8wZTE4ZDItZDgwYi00YWEwLWFhZWYt
MDY5NjYxNjc1MTA2LzEvaGVraEdfOWxVMU5kZ3FfbENQblkwMVdEV0lVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8wZTE4ZDItZDgwYi00YWEwLWFhZWYtMDY5NjYxNjc1MTA2
LzEvc1BZWjd5QUlRTi1vX1VOV2ZIcVhqQlV4TFg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKhH7QgMF
ACoSGAcwDQYJKoZIhvcNAQELBQADggEBAEEnFTfKeYFCjISrhm2BRZlEWG7YJU4o
4sxUxKsmo2W5T1IL+fy/j08xXsWL0ScpYMXDLq44MWFrymA/iqH8Syj7rZfvcrD8
Wkz91A4BK30TVYsXoL2Wzmp6yfkjsg3+i4kL3y8p8oMhl4nu/mZ4ZYvF54LjXXEg
i9VPn9BuxR0AN6qBhTIN3VrDAY8tjUNHO5CvDHkUSGt7RgAEFmjd85tMYQKE0EcJ
r3XYhQSJh1A24gt+5kOLO/7SkE35xVj89UdtJn3rOrOv4irdV8vOPlfz43ZnD70l
+P7MsHhHA9DA/VOwR8ncFptrfcVoNNoat6E8KHpfvsNG5FGh2jMiwAs=
-----END CERTIFICATE-----