Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/Q3Y3Ok1moLR6Sw7Xz8fDLPd8QhE.roa
File:                     Q3Y3Ok1moLR6Sw7Xz8fDLPd8QhE.roa (raw, json)
Hash identifier:          56lCxziyfEbm1iw/2KMvPZreRnpLBGkVJqcvrTLC3Qc=
Subject key identifier:   43:76:37:3A:4D:66:A0:B4:7A:4B:0E:D7:CF:C7:C3:2C:F7:7C:42:11
Certificate issuer:       /CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
Certificate serial:       018EC322E166B0A99F27CDE9F1FA9F453B3A
Authority key identifier: 44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/Q3Y3Ok1moLR6Sw7Xz8fDLPd8QhE.roa
Signing time:             Tue 09 Apr 2024 13:53:46 +0000
ROA not before:           Tue 09 Apr 2024 13:53:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25227
IP address blocks:        2a11:c84::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c3:22:e1:66:b0:a9:9f:27:cd:e9:f1:fa:9f:45:3b:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
        Validity
            Not Before: Apr  9 13:53:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4376373a4d66a0b47a4b0ed7cfc7c32cf77c4211
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:ba:dd:5e:e5:e0:1b:34:9d:8c:73:6d:c5:eb:
                    38:cc:da:b1:25:1b:0a:a0:95:e8:f4:62:18:7a:fd:
                    d3:73:bf:36:3e:37:0f:c4:18:e8:78:e2:44:2f:eb:
                    ca:da:12:f9:e8:5e:f2:b7:6c:a5:23:9d:86:f3:a9:
                    25:30:3f:34:b5:9a:3b:b5:6c:8a:5f:45:8b:23:91:
                    3e:91:c9:4b:5a:de:b8:86:34:93:b3:01:58:fd:8a:
                    99:83:e2:43:cf:58:f7:ad:28:9a:34:96:7b:34:8a:
                    f0:35:07:7f:5b:1e:ab:dd:28:67:fa:ce:c9:c9:f0:
                    d9:f0:e0:a8:bd:50:8c:e7:29:90:0d:e6:0d:7a:c6:
                    80:67:5e:37:f0:07:ee:d1:b5:b9:52:bc:9d:5b:7f:
                    6f:3d:83:53:0c:a0:27:c4:30:98:92:11:bd:f3:f2:
                    af:35:1b:07:c0:70:58:17:98:60:d8:0d:58:36:68:
                    62:90:80:6a:dd:59:6a:cb:92:71:03:68:8c:ee:da:
                    dd:65:91:5e:fb:c6:85:78:fd:97:9f:96:87:a2:00:
                    79:b1:7e:b9:8e:41:61:c2:e2:a7:b3:37:b1:5b:6f:
                    3e:9f:7e:42:2f:3e:7b:bb:37:2d:07:f2:bf:d2:0f:
                    38:70:5b:7a:e9:8b:68:4f:b0:18:20:d6:38:cb:61:
                    ec:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:76:37:3A:4D:66:A0:B4:7A:4B:0E:D7:CF:C7:C3:2C:F7:7C:42:11
            X509v3 Authority Key Identifier:
                keyid:44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/Q3Y3Ok1moLR6Sw7Xz8fDLPd8QhE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:c84::/32

    Signature Algorithm: sha256WithRSAEncryption
         2a:ee:cd:0a:bb:4c:2d:ab:c9:35:22:dd:71:20:82:bf:89:27:
         4c:21:06:f4:a1:56:17:97:a9:83:24:4f:f9:21:16:1e:40:f4:
         95:27:fa:3b:ea:97:12:b3:d8:56:3f:49:6a:69:88:37:51:17:
         5a:5e:7c:cd:e8:41:10:2c:04:7a:38:15:ff:db:49:1c:e8:ef:
         9b:e2:ac:85:73:48:f5:35:11:68:22:ed:f0:35:1e:ec:ed:04:
         a0:87:38:5e:0c:9a:0b:9f:09:b3:f4:95:f6:fe:76:ef:4c:9d:
         90:32:91:02:d3:72:40:de:99:2b:4f:72:4b:f0:25:7a:88:09:
         cc:6e:b3:98:98:14:a6:00:35:93:00:9d:4d:86:90:15:9d:74:
         21:1e:4c:cc:bd:50:05:bc:41:2a:f8:95:2f:5e:fd:ca:a3:09:
         c4:78:60:7f:8f:93:3d:ce:82:d8:78:54:a6:d6:c1:a6:48:a9:
         eb:cd:ce:5d:91:11:63:97:55:74:bc:5f:11:d5:50:c2:a2:c7:
         d6:75:00:77:f9:e0:10:0a:16:be:1e:d8:ba:98:26:ff:1a:9e:
         50:9c:d5:db:9a:1f:1f:d0:46:07:86:39:32:7c:1a:b6:07:1d:
         49:c6:42:fb:9f:5d:18:9d:c3:03:be:7e:08:11:66:c7:d5:f4:
         f1:9d:57:f7
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY7DIuFmsKmfJ83p8fqfRTs6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTllYzJhNWZkNTM5MDljNTIzOWY0Y2M4ZDZkMzI5YTI3
NzliYjEwHhcNMjQwNDA5MTM1MzQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Mzc2MzczYTRkNjZhMGI0N2E0YjBlZDdjZmM3YzMyY2Y3N2M0MjExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn7rdXuXgGzSdjHNtxes4zNqxJRsK
oJXo9GIYev3Tc782PjcPxBjoeOJEL+vK2hL56F7yt2ylI52G86klMD80tZo7tWyK
X0WLI5E+kclLWt64hjSTswFY/YqZg+JDz1j3rSiaNJZ7NIrwNQd/Wx6r3Shn+s7J
yfDZ8OCovVCM5ymQDeYNesaAZ1438Afu0bW5UrydW39vPYNTDKAnxDCYkhG98/Kv
NRsHwHBYF5hg2A1YNmhikIBq3Vlqy5JxA2iM7trdZZFe+8aFeP2Xn5aHogB5sX65
jkFhwuKnszexW28+n35CLz57uzctB/K/0g84cFt66YtoT7AYINY4y2HssQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEN2NzpNZqC0eksO18/Hwyz3fEIRMB8GA1UdIwQY
MBaAFERZ7Cpf1TkJxSOfTMjW0ymid5uxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTkt
NmI0MzcyNjAyMDk2LzEvUTNZM09rMW1vTFI2U3c3WHo4ZkRMUGQ4UWhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTktNmI0MzcyNjAyMDk2
LzEvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhEMhDAN
BgkqhkiG9w0BAQsFAAOCAQEAKu7NCrtMLavJNSLdcSCCv4knTCEG9KFWF5epgyRP
+SEWHkD0lSf6O+qXErPYVj9JammIN1EXWl58zehBECwEejgV/9tJHOjvm+KshXNI
9TURaCLt8DUe7O0EoIc4XgyaC58Js/SV9v5270ydkDKRAtNyQN6ZK09yS/AleogJ
zG6zmJgUpgA1kwCdTYaQFZ10IR5MzL1QBbxBKviVL179yqMJxHhgf4+TPc6C2HhU
ptbBpkip683OXZERY5dVdLxfEdVQwqLH1nUAd/ngEAoWvh7Yupgm/xqeUJzV25of
H9BGB4Y5MnwatgcdScZC+59dGJ3DA75+CBFmx9X08Z1X9w==
-----END CERTIFICATE-----