Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/f4a80d-f5f7-4522-b9b5-f772a0139016/1/X11UPamxvTJ52F12EYvV90XOvIU.roa
File:                     X11UPamxvTJ52F12EYvV90XOvIU.roa (raw, json)
Hash identifier:          txaXRHq4PMYv+TzMXO5DplEv4dJTdAmZCs6IT5VRvNg=
Subject key identifier:   5F:5D:54:3D:A9:B1:BD:32:79:D8:5D:76:11:8B:D5:F7:45:CE:BC:85
Certificate issuer:       /CN=23d8448c5cb90398e4c285cec9c0f4766ac931df
Certificate serial:       018CC9BBFF166F07AAD8DEF1959EA074E3E7
Authority key identifier: 23:D8:44:8C:5C:B9:03:98:E4:C2:85:CE:C9:C0:F4:76:6A:C9:31:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I9hEjFy5A5jkwoXOycD0dmrJMd8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/f4a80d-f5f7-4522-b9b5-f772a0139016/1/X11UPamxvTJ52F12EYvV90XOvIU.roa
Signing time:             Tue 02 Jan 2024 10:33:10 +0000
ROA not before:           Tue 02 Jan 2024 10:33:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     760
IP address blocks:        2001:62a::/31 maxlen: 31

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/f4a80d-f5f7-4522-b9b5-f772a0139016/1/I9hEjFy5A5jkwoXOycD0dmrJMd8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/f4a80d-f5f7-4522-b9b5-f772a0139016/1/I9hEjFy5A5jkwoXOycD0dmrJMd8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I9hEjFy5A5jkwoXOycD0dmrJMd8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 14:15:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:ff:16:6f:07:aa:d8:de:f1:95:9e:a0:74:e3:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23d8448c5cb90398e4c285cec9c0f4766ac931df
        Validity
            Not Before: Jan  2 10:33:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f5d543da9b1bd3279d85d76118bd5f745cebc85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:b6:24:8a:f6:8a:55:d4:10:5f:25:b5:dd:c2:
                    88:fd:02:f4:49:e7:b4:49:0d:2c:88:ff:5f:dc:06:
                    78:bc:97:d8:b4:a9:41:5b:96:a1:f8:51:c0:a3:b8:
                    d8:7a:70:59:e1:d0:58:0e:92:3a:ef:52:9f:a0:10:
                    1a:1e:aa:5a:40:db:b8:b6:70:87:ba:ce:74:4b:19:
                    80:dc:96:8c:f1:f1:04:f8:2f:c3:73:ab:35:12:4b:
                    57:f2:1d:56:38:52:77:47:46:83:e4:41:69:52:37:
                    03:2d:cc:25:7c:3f:9f:6d:be:32:55:3e:62:a4:76:
                    46:88:fc:ae:88:68:c5:ef:3a:23:0c:dc:b0:7a:fb:
                    bb:47:87:14:fa:9f:76:67:7e:d5:12:fe:f1:1d:56:
                    e3:34:c2:44:49:8d:30:b6:d0:37:ee:2e:f2:7e:4b:
                    ef:2c:4b:72:7d:41:89:f1:95:90:97:3f:a1:29:f1:
                    e8:f3:39:35:fe:e0:00:68:58:a0:d7:10:27:ae:3e:
                    9c:7d:6e:2e:56:dd:e0:30:16:2e:6f:57:68:2e:fd:
                    21:30:8a:55:bb:4d:ba:15:db:c5:6b:7d:fd:95:e4:
                    06:8c:8b:c6:ca:0d:8d:ff:0e:a2:dd:13:21:e7:84:
                    47:86:3a:3c:fd:e2:ce:6e:52:df:3a:08:d5:5a:a3:
                    ee:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:5D:54:3D:A9:B1:BD:32:79:D8:5D:76:11:8B:D5:F7:45:CE:BC:85
            X509v3 Authority Key Identifier:
                keyid:23:D8:44:8C:5C:B9:03:98:E4:C2:85:CE:C9:C0:F4:76:6A:C9:31:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I9hEjFy5A5jkwoXOycD0dmrJMd8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/f4a80d-f5f7-4522-b9b5-f772a0139016/1/X11UPamxvTJ52F12EYvV90XOvIU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/f4a80d-f5f7-4522-b9b5-f772a0139016/1/I9hEjFy5A5jkwoXOycD0dmrJMd8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:62a::/31

    Signature Algorithm: sha256WithRSAEncryption
         34:e7:d7:b4:44:b5:ef:85:f4:25:56:5a:38:e9:89:07:47:0b:
         2c:3b:d8:e8:a3:1d:31:57:56:98:52:f3:57:39:3f:1c:ab:fe:
         79:f8:d0:66:b0:74:c4:fb:4d:c3:24:62:30:7e:de:2a:b2:bb:
         4a:6c:8a:28:d1:35:65:c7:e4:d3:40:cf:6a:f4:65:a8:9a:38:
         16:40:35:f8:fb:9c:b8:21:ab:ae:87:cb:ad:34:60:41:9f:d6:
         dc:6d:68:07:30:05:e3:f5:f8:0d:b2:e3:64:71:f0:dd:65:63:
         4e:de:d5:85:a6:dc:d9:39:82:c9:a9:9a:b5:b5:37:dd:58:91:
         86:a4:d2:15:30:bb:06:b9:96:55:b5:2f:04:f4:e4:78:15:5f:
         30:0b:6e:f9:87:5c:f9:e5:5d:17:c8:d9:63:0e:86:bc:43:d4:
         0f:33:b4:8c:e2:4f:4c:b4:f2:61:f4:fe:28:62:11:75:4b:40:
         5c:12:b4:46:61:d6:80:79:5e:c8:3c:23:c1:82:48:41:6d:2d:
         2b:57:b5:a1:72:97:f4:a4:68:45:d4:bf:15:79:0e:df:bb:64:
         72:2a:e7:7e:5f:72:bc:3b:ce:72:0e:25:0a:1e:55:a7:d3:51:
         ee:10:94:6f:78:4e:2a:09:c9:00:b0:4e:2c:6e:2b:5a:a9:14:
         e6:9d:db:05
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJu/8Wbweq2N7xlZ6gdOPnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzZDg0NDhjNWNiOTAzOThlNGMyODVjZWM5YzBmNDc2NmFj
OTMxZGYwHhcNMjQwMTAyMTAzMzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjVkNTQzZGE5YjFiZDMyNzlkODVkNzYxMThiZDVmNzQ1Y2ViYzg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlbYkivaKVdQQXyW13cKI/QL0See0
SQ0siP9f3AZ4vJfYtKlBW5ah+FHAo7jYenBZ4dBYDpI671KfoBAaHqpaQNu4tnCH
us50SxmA3JaM8fEE+C/Dc6s1EktX8h1WOFJ3R0aD5EFpUjcDLcwlfD+fbb4yVT5i
pHZGiPyuiGjF7zojDNywevu7R4cU+p92Z37VEv7xHVbjNMJESY0wttA37i7yfkvv
LEtyfUGJ8ZWQlz+hKfHo8zk1/uAAaFig1xAnrj6cfW4uVt3gMBYub1doLv0hMIpV
u026FdvFa339leQGjIvGyg2N/w6i3RMh54RHhjo8/eLOblLfOgjVWqPuLQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFF9dVD2psb0yedhddhGL1fdFzryFMB8GA1UdIwQY
MBaAFCPYRIxcuQOY5MKFzsnA9HZqyTHfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTloRWpGeTVBNWprd29YT3ljRDBkbXJKTWQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9mNGE4MGQtZjVmNy00NTIyLWI5YjUt
Zjc3MmEwMTM5MDE2LzEvWDExVVBhbXh2VEo1MkYxMkVZdlY5MFhPdklVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9mNGE4MGQtZjVmNy00NTIyLWI5YjUtZjc3MmEwMTM5MDE2
LzEvSTloRWpGeTVBNWprd29YT3ljRDBkbXJKTWQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUBIAEGKjAN
BgkqhkiG9w0BAQsFAAOCAQEANOfXtES174X0JVZaOOmJB0cLLDvY6KMdMVdWmFLz
Vzk/HKv+efjQZrB0xPtNwyRiMH7eKrK7SmyKKNE1Zcfk00DPavRlqJo4FkA1+Puc
uCGrrofLrTRgQZ/W3G1oBzAF4/X4DbLjZHHw3WVjTt7Vhabc2TmCyamatbU33ViR
hqTSFTC7BrmWVbUvBPTkeBVfMAtu+Ydc+eVdF8jZYw6GvEPUDzO0jOJPTLTyYfT+
KGIRdUtAXBK0RmHWgHleyDwjwYJIQW0tK1e1oXKX9KRoRdS/FXkO37tkcirnfl9y
vDvOcg4lCh5Vp9NR7hCUb3hOKgnJALBOLG4rWqkU5p3bBQ==
-----END CERTIFICATE-----