Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/fe4b06-fc2e-4bcb-877e-af1ef1d7afb8/1/adV_Lxq7BtnHsUDw_RyVISapCy4.roa
File:                     adV_Lxq7BtnHsUDw_RyVISapCy4.roa (raw, json)
Hash identifier:          tVbOikq8mR8WLyXwHxo3cEKO5GDaTr2rhi779HqU5+0=
Subject key identifier:   69:D5:7F:2F:1A:BB:06:D9:C7:B1:40:F0:FD:1C:95:21:26:A9:0B:2E
Certificate issuer:       /CN=b35002ba088d5bd09c1553dced5b0bf3907ff736
Certificate serial:       018CED29ADBE7DF863143FFA3CF1C9368DA7
Authority key identifier: B3:50:02:BA:08:8D:5B:D0:9C:15:53:DC:ED:5B:0B:F3:90:7F:F7:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s1ACugiNW9CcFVPc7VsL85B_9zY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/fe4b06-fc2e-4bcb-877e-af1ef1d7afb8/1/adV_Lxq7BtnHsUDw_RyVISapCy4.roa
Signing time:             Tue 09 Jan 2024 07:39:40 +0000
ROA not before:           Tue 09 Jan 2024 07:39:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210852
IP address blocks:        2a11:df40::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/fe4b06-fc2e-4bcb-877e-af1ef1d7afb8/1/s1ACugiNW9CcFVPc7VsL85B_9zY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/fe4b06-fc2e-4bcb-877e-af1ef1d7afb8/1/s1ACugiNW9CcFVPc7VsL85B_9zY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s1ACugiNW9CcFVPc7VsL85B_9zY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ed:29:ad:be:7d:f8:63:14:3f:fa:3c:f1:c9:36:8d:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b35002ba088d5bd09c1553dced5b0bf3907ff736
        Validity
            Not Before: Jan  9 07:39:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=69d57f2f1abb06d9c7b140f0fd1c952126a90b2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:b7:52:2e:34:c4:d1:a2:26:e7:00:67:ed:d1:
                    77:08:6d:7d:4c:76:3c:50:e7:a1:44:16:3f:24:9a:
                    4a:58:8e:81:46:a8:51:d7:13:f2:67:38:d1:f9:06:
                    85:11:74:8b:ec:d7:2d:fb:57:6d:db:79:ff:33:e0:
                    5e:a4:40:85:78:18:a6:99:5b:9a:a6:f6:b2:ec:a1:
                    e1:67:c8:cb:0b:fb:24:c1:48:c8:09:f9:13:e3:65:
                    b0:9c:5f:6e:65:66:9d:fe:b4:1e:a9:4c:9a:be:1c:
                    c5:65:8a:0e:ef:40:ee:25:81:6e:56:66:d4:e3:58:
                    4f:d6:19:a2:8a:94:02:8e:3e:10:d7:63:3a:ed:b1:
                    72:f3:f5:d4:6b:31:bf:d0:d0:2a:09:d5:4a:16:5d:
                    c0:31:6e:47:1f:65:96:89:67:fc:27:04:40:0e:e5:
                    fa:62:9e:73:ff:eb:82:2f:9a:b6:98:5f:77:65:0c:
                    05:f0:b4:50:2f:e8:83:42:60:49:5e:35:7d:ff:a0:
                    6f:08:fc:dc:5a:ba:dc:3c:19:ae:59:3f:52:d2:45:
                    eb:2d:64:54:59:cc:03:b6:e0:91:59:be:2c:37:1e:
                    08:9a:c2:86:72:80:3c:1b:e8:6a:23:f2:49:4f:2e:
                    46:82:b8:64:a9:04:24:41:18:51:1b:3b:9f:10:b2:
                    14:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:D5:7F:2F:1A:BB:06:D9:C7:B1:40:F0:FD:1C:95:21:26:A9:0B:2E
            X509v3 Authority Key Identifier:
                keyid:B3:50:02:BA:08:8D:5B:D0:9C:15:53:DC:ED:5B:0B:F3:90:7F:F7:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s1ACugiNW9CcFVPc7VsL85B_9zY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/fe4b06-fc2e-4bcb-877e-af1ef1d7afb8/1/adV_Lxq7BtnHsUDw_RyVISapCy4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/fe4b06-fc2e-4bcb-877e-af1ef1d7afb8/1/s1ACugiNW9CcFVPc7VsL85B_9zY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:df40::/32

    Signature Algorithm: sha256WithRSAEncryption
         09:f8:b1:9e:cb:89:71:ad:2e:e1:88:c8:14:f4:8a:a5:55:93:
         86:30:03:0a:f4:39:19:8a:dd:1c:23:eb:e0:f8:3a:49:36:b0:
         22:08:dc:62:22:74:c6:de:93:38:1a:a9:29:04:ee:90:0b:27:
         0e:1b:a9:43:f9:8f:74:dd:7d:70:8c:5b:f2:cc:31:d3:cb:17:
         f1:69:7c:b0:2a:81:2e:fb:43:a9:c5:e6:e7:ac:fc:eb:8e:50:
         5e:3c:b1:d0:e4:f9:7a:74:89:3e:36:cc:c4:44:be:42:bb:fe:
         3d:c0:96:e2:c5:19:90:58:d3:41:b0:a3:33:33:8f:47:32:5d:
         78:ff:38:cf:bf:89:0b:19:22:a5:1a:76:14:1b:6a:77:34:54:
         b9:07:60:e6:4d:4c:e8:d7:85:db:d1:e4:a8:22:53:fd:30:85:
         d1:0f:74:29:21:2f:16:d4:55:9c:3b:7a:c6:11:f5:0e:0a:7d:
         81:58:43:a4:df:59:c8:d9:87:25:3d:2a:ba:6d:e3:9c:95:30:
         34:b4:a8:8a:7b:3e:3f:02:ae:b6:12:25:35:83:92:3b:55:8c:
         8a:1b:4a:b3:37:b8:cf:d6:bf:f2:8e:a9:b5:0c:46:33:95:04:
         f5:a8:15:e7:90:de:f3:ec:75:e1:ad:5c:37:77:52:c1:91:2e:
         e7:b7:aa:ab
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYztKa2+ffhjFD/6PPHJNo2nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzNTAwMmJhMDg4ZDViZDA5YzE1NTNkY2VkNWIwYmYzOTA3
ZmY3MzYwHhcNMjQwMTA5MDczOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWQ1N2YyZjFhYmIwNmQ5YzdiMTQwZjBmZDFjOTUyMTI2YTkwYjJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3rdSLjTE0aIm5wBn7dF3CG19THY8
UOehRBY/JJpKWI6BRqhR1xPyZzjR+QaFEXSL7Nct+1dt23n/M+BepECFeBimmVua
pvay7KHhZ8jLC/skwUjICfkT42WwnF9uZWad/rQeqUyavhzFZYoO70DuJYFuVmbU
41hP1hmiipQCjj4Q12M67bFy8/XUazG/0NAqCdVKFl3AMW5HH2WWiWf8JwRADuX6
Yp5z/+uCL5q2mF93ZQwF8LRQL+iDQmBJXjV9/6BvCPzcWrrcPBmuWT9S0kXrLWRU
WcwDtuCRWb4sNx4ImsKGcoA8G+hqI/JJTy5GgrhkqQQkQRhRGzufELIUSQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGnVfy8auwbZx7FA8P0clSEmqQsuMB8GA1UdIwQY
MBaAFLNQAroIjVvQnBVT3O1bC/OQf/c2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczFBQ3VnaU5XOUNjRlZQYzdWc0w4NUJfOXpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9mZTRiMDYtZmMyZS00YmNiLTg3N2Ut
YWYxZWYxZDdhZmI4LzEvYWRWX0x4cTdCdG5Ic1VEd19SeVZJU2FwQ3k0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9mZTRiMDYtZmMyZS00YmNiLTg3N2UtYWYxZWYxZDdhZmI4
LzEvczFBQ3VnaU5XOUNjRlZQYzdWc0w4NUJfOXpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhHfQDAN
BgkqhkiG9w0BAQsFAAOCAQEACfixnsuJca0u4YjIFPSKpVWThjADCvQ5GYrdHCPr
4Pg6STawIgjcYiJ0xt6TOBqpKQTukAsnDhupQ/mPdN19cIxb8swx08sX8Wl8sCqB
LvtDqcXm56z8645QXjyx0OT5enSJPjbMxES+Qrv+PcCW4sUZkFjTQbCjMzOPRzJd
eP84z7+JCxkipRp2FBtqdzRUuQdg5k1M6NeF29HkqCJT/TCF0Q90KSEvFtRVnDt6
xhH1Dgp9gVhDpN9ZyNmHJT0qum3jnJUwNLSoins+PwKuthIlNYOSO1WMihtKsze4
z9a/8o6ptQxGM5UE9agV55De8+x14a1cN3dSwZEu57eqqw==
-----END CERTIFICATE-----