Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/fe4b06-fc2e-4bcb-877e-af1ef1d7afb8/1/o65tQ_qHBOb6CgmucgNds2kBFyY.roa
File:                     o65tQ_qHBOb6CgmucgNds2kBFyY.roa (raw, json)
Hash identifier:          7hVv/NGuKppZq3u6a6kuGvDIpGzIEXnfm2BlTbSpXa8=
Subject key identifier:   A3:AE:6D:43:FA:87:04:E6:FA:0A:09:AE:72:03:5D:B3:69:01:17:26
Certificate issuer:       /CN=b35002ba088d5bd09c1553dced5b0bf3907ff736
Certificate serial:       018CC5DD20C187027167308C9B065B5DE124
Authority key identifier: B3:50:02:BA:08:8D:5B:D0:9C:15:53:DC:ED:5B:0B:F3:90:7F:F7:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s1ACugiNW9CcFVPc7VsL85B_9zY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/fe4b06-fc2e-4bcb-877e-af1ef1d7afb8/1/o65tQ_qHBOb6CgmucgNds2kBFyY.roa
Signing time:             Mon 01 Jan 2024 16:30:52 +0000
ROA not before:           Mon 01 Jan 2024 16:30:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208626
IP address blocks:        2a11:7e40::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/fe4b06-fc2e-4bcb-877e-af1ef1d7afb8/1/s1ACugiNW9CcFVPc7VsL85B_9zY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/fe4b06-fc2e-4bcb-877e-af1ef1d7afb8/1/s1ACugiNW9CcFVPc7VsL85B_9zY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s1ACugiNW9CcFVPc7VsL85B_9zY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dd:20:c1:87:02:71:67:30:8c:9b:06:5b:5d:e1:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b35002ba088d5bd09c1553dced5b0bf3907ff736
        Validity
            Not Before: Jan  1 16:30:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a3ae6d43fa8704e6fa0a09ae72035db369011726
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:59:17:ab:b0:03:b5:03:c3:2c:ba:f2:cb:04:
                    54:9c:cc:bc:7e:a7:65:c0:56:c9:8c:76:15:4f:07:
                    0f:9f:9c:d7:c8:a7:6f:cf:3e:aa:09:0a:3b:fe:f4:
                    84:d9:26:e7:f2:c2:4e:95:63:a7:fd:ca:b5:9e:6d:
                    e0:38:2e:15:2e:75:42:83:ac:1b:d0:fb:6b:6d:44:
                    31:6a:3e:84:74:b4:d3:c2:12:69:95:b6:05:c8:a4:
                    1f:33:41:c1:a7:8f:a1:6a:7c:69:10:df:dd:6c:f0:
                    d1:a7:57:f0:11:f0:45:63:82:ea:7c:45:23:ad:f3:
                    89:1a:3b:9b:d9:7d:2c:23:5c:38:4f:47:f4:60:ce:
                    6a:fa:db:47:d2:52:32:0e:a1:d0:5c:3c:7a:6d:da:
                    fd:07:60:6b:77:60:f3:e4:72:e9:ec:e1:a5:2e:89:
                    3a:12:10:bc:84:c0:01:8a:97:ef:22:4c:90:0c:2f:
                    3c:3c:35:8b:d6:b0:a1:3d:b6:85:83:a4:6d:c2:3f:
                    e5:d9:b4:63:78:ad:c3:cd:dd:2d:9d:72:a8:7b:fa:
                    80:38:d5:d9:12:81:71:55:9b:d8:08:77:39:30:34:
                    31:dc:cd:a3:7d:70:8a:8c:15:47:ba:52:38:0d:02:
                    80:16:d2:2e:49:4f:d6:0f:70:1a:46:e0:51:d3:45:
                    04:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:AE:6D:43:FA:87:04:E6:FA:0A:09:AE:72:03:5D:B3:69:01:17:26
            X509v3 Authority Key Identifier:
                keyid:B3:50:02:BA:08:8D:5B:D0:9C:15:53:DC:ED:5B:0B:F3:90:7F:F7:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s1ACugiNW9CcFVPc7VsL85B_9zY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/fe4b06-fc2e-4bcb-877e-af1ef1d7afb8/1/o65tQ_qHBOb6CgmucgNds2kBFyY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/fe4b06-fc2e-4bcb-877e-af1ef1d7afb8/1/s1ACugiNW9CcFVPc7VsL85B_9zY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:7e40::/32

    Signature Algorithm: sha256WithRSAEncryption
         74:ac:6a:ee:1d:c1:c6:01:c5:ae:df:11:48:9d:d8:12:01:16:
         ea:88:4d:71:91:46:37:ef:25:c4:08:6c:14:b6:6d:a1:11:8a:
         ac:b9:ea:be:a6:ca:6a:7e:48:cf:d6:cb:bc:8c:52:92:bf:f6:
         99:a1:63:6d:ac:3b:ed:1f:60:4d:da:c3:4c:76:c9:00:a0:98:
         9b:96:37:07:2c:4c:36:5f:4d:20:65:c6:68:2c:4a:a6:ee:36:
         9a:b6:95:a6:c7:d5:2e:a6:b6:dd:31:d7:01:43:7a:b0:f7:bc:
         c6:6e:b9:b5:f4:5d:80:e6:bf:6e:8a:bf:90:47:57:4d:a6:07:
         71:e9:6c:ad:cd:17:3d:03:53:dc:fe:ed:4b:26:f1:a2:f5:12:
         60:bc:c5:45:21:e3:e9:91:3e:bf:1d:22:ca:02:55:14:ef:36:
         0b:4b:87:b9:a8:ce:f3:5c:d7:87:b3:b5:3d:78:c8:cc:0c:fd:
         99:43:b5:e6:a0:48:43:ce:af:2b:19:5a:ee:bc:4c:31:7b:5e:
         c1:2a:c7:d5:56:53:27:18:c3:db:04:6e:27:8e:41:b5:41:29:
         49:b5:e1:08:3f:22:ce:61:1d:aa:b6:54:43:23:80:44:ec:5d:
         6c:b2:3f:d4:8f:1a:35:4d:d9:34:d2:bd:0a:c1:9d:e6:bb:ff:
         4f:e1:05:20
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzF3SDBhwJxZzCMmwZbXeEkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzNTAwMmJhMDg4ZDViZDA5YzE1NTNkY2VkNWIwYmYzOTA3
ZmY3MzYwHhcNMjQwMTAxMTYzMDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2FlNmQ0M2ZhODcwNGU2ZmEwYTA5YWU3MjAzNWRiMzY5MDExNzI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoFkXq7ADtQPDLLryywRUnMy8fqdl
wFbJjHYVTwcPn5zXyKdvzz6qCQo7/vSE2Sbn8sJOlWOn/cq1nm3gOC4VLnVCg6wb
0PtrbUQxaj6EdLTTwhJplbYFyKQfM0HBp4+hanxpEN/dbPDRp1fwEfBFY4LqfEUj
rfOJGjub2X0sI1w4T0f0YM5q+ttH0lIyDqHQXDx6bdr9B2Brd2Dz5HLp7OGlLok6
EhC8hMABipfvIkyQDC88PDWL1rChPbaFg6Rtwj/l2bRjeK3Dzd0tnXKoe/qAONXZ
EoFxVZvYCHc5MDQx3M2jfXCKjBVHulI4DQKAFtIuSU/WD3AaRuBR00UEyQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKOubUP6hwTm+goJrnIDXbNpARcmMB8GA1UdIwQY
MBaAFLNQAroIjVvQnBVT3O1bC/OQf/c2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczFBQ3VnaU5XOUNjRlZQYzdWc0w4NUJfOXpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9mZTRiMDYtZmMyZS00YmNiLTg3N2Ut
YWYxZWYxZDdhZmI4LzEvbzY1dFFfcUhCT2I2Q2dtdWNnTmRzMmtCRnlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9mZTRiMDYtZmMyZS00YmNiLTg3N2UtYWYxZWYxZDdhZmI4
LzEvczFBQ3VnaU5XOUNjRlZQYzdWc0w4NUJfOXpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhF+QDAN
BgkqhkiG9w0BAQsFAAOCAQEAdKxq7h3BxgHFrt8RSJ3YEgEW6ohNcZFGN+8lxAhs
FLZtoRGKrLnqvqbKan5Iz9bLvIxSkr/2maFjbaw77R9gTdrDTHbJAKCYm5Y3ByxM
Nl9NIGXGaCxKpu42mraVpsfVLqa23THXAUN6sPe8xm65tfRdgOa/boq/kEdXTaYH
celsrc0XPQNT3P7tSybxovUSYLzFRSHj6ZE+vx0iygJVFO82C0uHuajO81zXh7O1
PXjIzAz9mUO15qBIQ86vKxla7rxMMXtewSrH1VZTJxjD2wRuJ45BtUEpSbXhCD8i
zmEdqrZUQyOAROxdbLI/1I8aNU3ZNNK9CsGd5rv/T+EFIA==
-----END CERTIFICATE-----