Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/afe373-e5bc-4010-8ad6-6aab2b1b922c/1/pArtkAZCHrgWZcrBKNIoPWNa_LQ.roa
File:                     pArtkAZCHrgWZcrBKNIoPWNa_LQ.roa (raw, json)
Hash identifier:          qxgrQ3z1vcqTGCZffrwux1wZjUvishxEAtEFzrEW1Mk=
Subject key identifier:   A4:0A:ED:90:06:42:1E:B8:16:65:CA:C1:28:D2:28:3D:63:5A:FC:B4
Certificate issuer:       /CN=6fa86d1c1676a59a46acf37336192e985cff0e5b
Certificate serial:       018CC5DC2B8253B1E9D7D1C6FE0D7720D3F0
Authority key identifier: 6F:A8:6D:1C:16:76:A5:9A:46:AC:F3:73:36:19:2E:98:5C:FF:0E:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b6htHBZ2pZpGrPNzNhkumFz_Dls.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/afe373-e5bc-4010-8ad6-6aab2b1b922c/1/pArtkAZCHrgWZcrBKNIoPWNa_LQ.roa
Signing time:             Mon 01 Jan 2024 16:29:49 +0000
ROA not before:           Mon 01 Jan 2024 16:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210701
IP address blocks:        2a11:4e40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/afe373-e5bc-4010-8ad6-6aab2b1b922c/1/b6htHBZ2pZpGrPNzNhkumFz_Dls.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/afe373-e5bc-4010-8ad6-6aab2b1b922c/1/b6htHBZ2pZpGrPNzNhkumFz_Dls.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b6htHBZ2pZpGrPNzNhkumFz_Dls.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:2b:82:53:b1:e9:d7:d1:c6:fe:0d:77:20:d3:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fa86d1c1676a59a46acf37336192e985cff0e5b
        Validity
            Not Before: Jan  1 16:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a40aed9006421eb81665cac128d2283d635afcb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:b1:90:e6:80:ed:cb:6b:ba:e0:73:ce:26:c2:
                    92:6e:0b:0f:17:fd:10:84:5d:66:ad:24:e1:7f:84:
                    7b:64:9a:57:25:d4:53:e3:ac:fa:9f:fb:86:a6:80:
                    77:93:c8:6c:70:22:9a:1e:0d:66:c7:4c:c8:07:0d:
                    88:9f:8d:e4:90:31:2b:c1:a6:ca:da:32:a6:4a:78:
                    b6:31:78:22:40:17:6f:12:ba:a7:a5:e2:b2:2a:97:
                    11:52:c7:15:aa:2c:bf:fa:1d:c9:d4:b7:45:b2:1d:
                    1d:cb:0f:b2:f9:e1:53:5e:c3:02:fd:63:19:7f:bb:
                    86:f1:78:df:aa:bf:3d:93:1c:8d:52:3f:43:fa:b6:
                    b6:0d:0c:b9:de:fc:ee:d4:d9:cc:36:c6:03:fe:4a:
                    25:b4:f8:ca:07:ee:6a:04:49:4d:28:96:4d:84:a7:
                    62:bb:ba:63:6e:22:bb:1f:26:70:d7:f6:83:b1:2f:
                    a1:96:5f:e3:66:35:c4:bd:0b:cc:f8:62:b7:44:a5:
                    e0:c7:f4:42:da:de:d9:45:78:ec:75:d8:45:77:68:
                    fe:30:64:f1:4f:c9:e1:a6:a7:61:72:00:d6:04:76:
                    69:84:a8:d4:fb:fb:1b:e2:c9:57:ac:67:e6:0b:8f:
                    86:73:9c:c8:32:1e:e6:11:7b:19:4b:88:9c:c9:e2:
                    8f:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:0A:ED:90:06:42:1E:B8:16:65:CA:C1:28:D2:28:3D:63:5A:FC:B4
            X509v3 Authority Key Identifier:
                keyid:6F:A8:6D:1C:16:76:A5:9A:46:AC:F3:73:36:19:2E:98:5C:FF:0E:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6htHBZ2pZpGrPNzNhkumFz_Dls.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/afe373-e5bc-4010-8ad6-6aab2b1b922c/1/pArtkAZCHrgWZcrBKNIoPWNa_LQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/afe373-e5bc-4010-8ad6-6aab2b1b922c/1/b6htHBZ2pZpGrPNzNhkumFz_Dls.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:4e40::/29

    Signature Algorithm: sha256WithRSAEncryption
         35:b6:ae:07:74:5c:5c:d8:ee:a5:a2:c7:2c:9a:dd:26:0e:78:
         23:40:5a:3a:07:9d:ca:28:35:4b:89:46:9e:ae:70:67:13:24:
         86:3d:e3:4b:c1:bf:a3:83:d1:9b:b6:31:e9:ec:d3:96:0c:e0:
         0d:aa:72:cd:24:75:56:bc:f0:ee:f7:9f:bc:a9:df:dd:ff:13:
         8c:f1:f1:ac:6b:58:f0:7b:dd:db:09:8c:c0:0d:3e:6b:41:9e:
         23:2e:cd:9e:32:87:9c:6e:f5:3e:96:82:66:fe:fd:8c:5e:67:
         fb:44:e9:87:67:49:4d:1b:4b:fe:36:90:42:0c:81:0f:0b:64:
         14:93:87:5c:6a:d3:4c:68:6e:06:b0:d3:28:88:fa:57:7f:91:
         1a:6c:e8:1e:ab:e4:b6:e3:b2:eb:74:99:d5:69:25:5c:3a:c4:
         85:ac:ec:a9:c0:f6:ab:85:49:ad:43:ab:58:6c:39:a7:42:7a:
         15:74:4e:cb:31:ed:cd:5b:48:9f:67:85:86:67:40:41:9e:4a:
         42:a3:b2:e7:ac:f0:02:f8:bc:b1:7e:6d:21:0c:34:01:2b:ab:
         ae:c1:35:a3:43:f9:69:42:db:51:81:74:6a:5e:82:64:b5:55:
         55:06:90:d3:14:10:29:12:91:ab:c8:52:5d:17:54:79:d2:f7:
         80:9c:e6:51
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzF3CuCU7Hp19HG/g13INPwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYTg2ZDFjMTY3NmE1OWE0NmFjZjM3MzM2MTkyZTk4NWNm
ZjBlNWIwHhcNMjQwMTAxMTYyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDBhZWQ5MDA2NDIxZWI4MTY2NWNhYzEyOGQyMjgzZDYzNWFmY2I0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjrGQ5oDty2u64HPOJsKSbgsPF/0Q
hF1mrSThf4R7ZJpXJdRT46z6n/uGpoB3k8hscCKaHg1mx0zIBw2In43kkDErwabK
2jKmSni2MXgiQBdvErqnpeKyKpcRUscVqiy/+h3J1LdFsh0dyw+y+eFTXsMC/WMZ
f7uG8Xjfqr89kxyNUj9D+ra2DQy53vzu1NnMNsYD/koltPjKB+5qBElNKJZNhKdi
u7pjbiK7HyZw1/aDsS+hll/jZjXEvQvM+GK3RKXgx/RC2t7ZRXjsddhFd2j+MGTx
T8nhpqdhcgDWBHZphKjU+/sb4slXrGfmC4+Gc5zIMh7mEXsZS4icyeKPpQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKQK7ZAGQh64FmXKwSjSKD1jWvy0MB8GA1UdIwQY
MBaAFG+obRwWdqWaRqzzczYZLphc/w5bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjZodEhCWjJwWnBHclBOek5oa3VtRnpfRGxzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9hZmUzNzMtZTViYy00MDEwLThhZDYt
NmFhYjJiMWI5MjJjLzEvcEFydGtBWkNIcmdXWmNyQktOSW9QV05hX0xRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9hZmUzNzMtZTViYy00MDEwLThhZDYtNmFhYjJiMWI5MjJj
LzEvYjZodEhCWjJwWnBHclBOek5oa3VtRnpfRGxzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhFOQDAN
BgkqhkiG9w0BAQsFAAOCAQEANbauB3RcXNjupaLHLJrdJg54I0BaOgedyig1S4lG
nq5wZxMkhj3jS8G/o4PRm7Yx6ezTlgzgDapyzSR1Vrzw7vefvKnf3f8TjPHxrGtY
8Hvd2wmMwA0+a0GeIy7NnjKHnG71PpaCZv79jF5n+0Tph2dJTRtL/jaQQgyBDwtk
FJOHXGrTTGhuBrDTKIj6V3+RGmzoHqvktuOy63SZ1WklXDrEhazsqcD2q4VJrUOr
WGw5p0J6FXROyzHtzVtIn2eFhmdAQZ5KQqOy56zwAvi8sX5tIQw0ASurrsE1o0P5
aULbUYF0al6CZLVVVQaQ0xQQKRKRq8hSXRdUedL3gJzmUQ==
-----END CERTIFICATE-----