Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/0hnLckQ5u2EIhSUlq9Z5RtNiTnM.roa
File:                     0hnLckQ5u2EIhSUlq9Z5RtNiTnM.roa (raw, json)
Hash identifier:          19SJjaivFAbVRczQ+EjvauRhnNaG22pxZ0XkkJ7ohvc=
Subject key identifier:   D2:19:CB:72:44:39:BB:61:08:85:25:25:AB:D6:79:46:D3:62:4E:73
Certificate issuer:       /CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
Certificate serial:       018F0430A8A352BCE8446B2C7D7C87451CB7
Authority key identifier: 44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/0hnLckQ5u2EIhSUlq9Z5RtNiTnM.roa
Signing time:             Mon 22 Apr 2024 05:04:08 +0000
ROA not before:           Mon 22 Apr 2024 05:04:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61400
IP address blocks:        2a11:c84::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:03:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:04:30:a8:a3:52:bc:e8:44:6b:2c:7d:7c:87:45:1c:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
        Validity
            Not Before: Apr 22 05:04:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d219cb724439bb6108852525abd67946d3624e73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:c7:17:c5:05:8a:7d:9c:64:2b:29:3f:4d:1d:
                    2b:e1:40:b7:f4:16:50:28:c4:e2:b2:e2:4a:a4:78:
                    78:4b:3d:6c:ac:6c:c9:ee:a7:a3:64:1f:08:81:57:
                    35:35:4a:42:4e:43:f7:b5:0c:df:fc:07:ec:26:02:
                    5b:a5:03:5e:42:36:66:e3:85:7b:f7:a6:39:c3:00:
                    42:c0:91:8f:84:df:eb:be:78:1a:ae:66:0f:b9:a7:
                    50:d3:69:10:ca:7f:54:d9:c2:92:40:1d:ee:6c:05:
                    08:73:57:75:62:5c:c1:91:2f:57:6c:d9:81:57:99:
                    fb:d9:94:9d:94:b0:02:5d:b6:c4:98:f7:82:38:36:
                    f9:b3:aa:4b:4d:4f:4b:45:8e:b8:62:df:78:5b:73:
                    2a:cd:ce:cc:91:33:f0:16:dc:3c:10:44:1f:bb:c2:
                    b9:69:a7:46:1c:02:db:17:72:a6:3a:a8:22:96:28:
                    e4:07:15:55:5d:85:ff:3c:e6:a5:2e:c3:4e:0e:8a:
                    bd:0c:48:14:64:52:a4:ee:3c:ff:a6:54:2d:14:60:
                    c9:3f:7a:61:3c:91:14:f8:63:5b:59:dc:68:88:6b:
                    ad:6d:04:c5:23:3a:be:c0:0d:84:d4:dd:bb:c4:e3:
                    32:e7:79:55:cf:50:be:71:eb:a9:9e:88:1f:75:74:
                    cf:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:19:CB:72:44:39:BB:61:08:85:25:25:AB:D6:79:46:D3:62:4E:73
            X509v3 Authority Key Identifier:
                keyid:44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/0hnLckQ5u2EIhSUlq9Z5RtNiTnM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:c84::/32

    Signature Algorithm: sha256WithRSAEncryption
         80:21:f8:96:4e:a4:60:42:61:71:28:29:e6:7f:9b:be:4a:da:
         6f:91:84:78:80:7d:b8:d1:68:21:f1:40:b8:5e:f4:14:d5:07:
         3f:4c:3a:a6:5b:a4:7a:a0:0f:f5:1e:65:87:a6:0e:22:b4:29:
         34:d3:49:89:88:34:c6:3c:a5:cc:a3:a4:25:87:87:44:46:ae:
         31:3f:b4:23:bb:8e:93:4d:5b:ec:b7:0b:55:9d:68:20:c7:08:
         94:4a:45:e8:ab:33:65:96:98:f8:a6:39:de:f5:06:6e:fd:d8:
         48:03:23:a3:52:c8:8c:97:7f:66:40:34:a6:20:be:cc:71:26:
         39:c9:85:4b:d9:11:33:dc:c8:3d:c2:be:69:0b:2d:5e:53:83:
         58:be:30:11:e7:64:f1:9e:bc:4f:66:7c:42:a0:60:73:b1:29:
         47:5c:b1:82:16:eb:50:e4:fc:60:dc:77:ea:0f:12:98:84:79:
         09:c6:32:90:f1:d0:95:9e:02:df:f2:a3:29:a3:7a:a7:63:e6:
         32:09:7b:24:ba:46:86:6e:e7:63:51:91:68:fa:db:fe:79:b3:
         bf:ce:7a:e5:d0:af:52:77:3c:8d:c6:13:6d:2e:ea:c5:bb:36:
         20:f7:d5:2b:11:9b:94:04:9e:0f:d4:9a:85:2f:da:fb:d1:59:
         87:70:22:60
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY8EMKijUrzoRGssfXyHRRy3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTllYzJhNWZkNTM5MDljNTIzOWY0Y2M4ZDZkMzI5YTI3
NzliYjEwHhcNMjQwNDIyMDUwNDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjE5Y2I3MjQ0MzliYjYxMDg4NTI1MjVhYmQ2Nzk0NmQzNjI0ZTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv8cXxQWKfZxkKyk/TR0r4UC39BZQ
KMTisuJKpHh4Sz1srGzJ7qejZB8IgVc1NUpCTkP3tQzf/AfsJgJbpQNeQjZm44V7
96Y5wwBCwJGPhN/rvngarmYPuadQ02kQyn9U2cKSQB3ubAUIc1d1YlzBkS9XbNmB
V5n72ZSdlLACXbbEmPeCODb5s6pLTU9LRY64Yt94W3Mqzc7MkTPwFtw8EEQfu8K5
aadGHALbF3KmOqgilijkBxVVXYX/POalLsNODoq9DEgUZFKk7jz/plQtFGDJP3ph
PJEU+GNbWdxoiGutbQTFIzq+wA2E1N27xOMy53lVz1C+ceupnogfdXTPXwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNIZy3JEObthCIUlJavWeUbTYk5zMB8GA1UdIwQY
MBaAFERZ7Cpf1TkJxSOfTMjW0ymid5uxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTkt
NmI0MzcyNjAyMDk2LzEvMGhuTGNrUTV1MkVJaFNVbHE5WjVSdE5pVG5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTktNmI0MzcyNjAyMDk2
LzEvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhEMhDAN
BgkqhkiG9w0BAQsFAAOCAQEAgCH4lk6kYEJhcSgp5n+bvkrab5GEeIB9uNFoIfFA
uF70FNUHP0w6plukeqAP9R5lh6YOIrQpNNNJiYg0xjylzKOkJYeHREauMT+0I7uO
k01b7LcLVZ1oIMcIlEpF6KszZZaY+KY53vUGbv3YSAMjo1LIjJd/ZkA0piC+zHEm
OcmFS9kRM9zIPcK+aQstXlODWL4wEedk8Z68T2Z8QqBgc7EpR1yxghbrUOT8YNx3
6g8SmIR5CcYykPHQlZ4C3/KjKaN6p2PmMgl7JLpGhm7nY1GRaPrb/nmzv8565dCv
Unc8jcYTbS7qxbs2IPfVKxGblASeD9SahS/a+9FZh3AiYA==
-----END CERTIFICATE-----