Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/4EXCVZD6C9Q7Wt8T_H8r5yR3g_A.roa
File:                     4EXCVZD6C9Q7Wt8T_H8r5yR3g_A.roa (raw, json)
Hash identifier:          xxBuCQi+DC79kZ0AmOrMFZc2PUXdFYmBWA6schKqzPQ=
Subject key identifier:   E0:45:C2:55:90:FA:0B:D4:3B:5A:DF:13:FC:7F:2B:E7:24:77:83:F0
Certificate issuer:       /CN=310b05251378994cfa8088d23b6eeed4e9e6ab08
Certificate serial:       018CF5BB4858A606790E22DD6F118D806A48
Authority key identifier: 31:0B:05:25:13:78:99:4C:FA:80:88:D2:3B:6E:EE:D4:E9:E6:AB:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MQsFJRN4mUz6gIjSO27u1Onmqwg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/4EXCVZD6C9Q7Wt8T_H8r5yR3g_A.roa
Signing time:             Wed 10 Jan 2024 23:35:40 +0000
ROA not before:           Wed 10 Jan 2024 23:35:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43513
IP address blocks:        2a11:9883::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/MQsFJRN4mUz6gIjSO27u1Onmqwg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/MQsFJRN4mUz6gIjSO27u1Onmqwg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MQsFJRN4mUz6gIjSO27u1Onmqwg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f5:bb:48:58:a6:06:79:0e:22:dd:6f:11:8d:80:6a:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=310b05251378994cfa8088d23b6eeed4e9e6ab08
        Validity
            Not Before: Jan 10 23:35:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e045c25590fa0bd43b5adf13fc7f2be7247783f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:9e:8b:b2:85:74:d5:0e:6a:77:e9:cd:fd:19:
                    c1:30:c1:32:9b:61:27:15:de:86:1a:20:78:13:6f:
                    f2:16:ef:e9:fa:47:44:3d:6f:82:ba:fb:8d:fb:1f:
                    cf:7a:68:95:e5:28:5c:ee:07:a2:c0:0d:b8:78:63:
                    10:4c:96:34:8a:d8:a5:8f:65:a4:00:cc:42:02:2a:
                    f8:26:a2:28:5d:01:3a:50:ef:aa:64:fb:f5:eb:38:
                    a0:8c:67:ff:ad:c4:6f:8a:9e:cf:02:65:92:95:b6:
                    2a:6c:9b:4a:0b:54:30:f3:77:c7:a4:3d:5e:63:45:
                    e4:d7:db:85:5a:5e:83:c0:5c:35:d1:53:d7:b7:63:
                    c4:5e:f5:d3:55:bd:28:24:04:91:f7:0d:f8:0a:db:
                    eb:45:15:4f:1c:81:42:c9:a8:66:5b:c3:f1:6b:75:
                    61:76:ff:04:b3:65:6a:e4:56:73:bc:62:8b:77:60:
                    d4:52:84:6b:ed:da:83:20:b5:ea:df:c1:62:21:ef:
                    df:87:d6:5f:c5:da:9b:91:7c:1d:ef:22:9c:32:3f:
                    b2:6b:cc:7a:4e:d2:e6:d5:1f:fc:40:7e:81:4f:37:
                    69:50:23:19:45:a0:18:bf:3e:2c:3b:2b:d6:7d:75:
                    aa:d2:3a:0a:05:5e:25:ea:d9:39:ee:2d:f1:8b:b9:
                    32:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:45:C2:55:90:FA:0B:D4:3B:5A:DF:13:FC:7F:2B:E7:24:77:83:F0
            X509v3 Authority Key Identifier:
                keyid:31:0B:05:25:13:78:99:4C:FA:80:88:D2:3B:6E:EE:D4:E9:E6:AB:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MQsFJRN4mUz6gIjSO27u1Onmqwg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/4EXCVZD6C9Q7Wt8T_H8r5yR3g_A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/MQsFJRN4mUz6gIjSO27u1Onmqwg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:9883::/32

    Signature Algorithm: sha256WithRSAEncryption
         9d:2b:2c:05:11:b9:0d:d6:99:92:2d:99:3f:40:48:a1:e1:24:
         90:3e:08:c7:e5:57:26:cd:ed:c7:20:ea:05:fa:8e:67:67:9c:
         46:bd:fc:04:70:6e:f3:be:6c:38:75:b5:c1:e1:c7:47:50:87:
         4c:47:d7:66:fc:ff:de:8a:ad:b1:23:5f:4b:a3:04:a0:2e:0c:
         45:18:fa:7e:53:2c:42:0f:50:8b:29:4f:32:8c:2b:32:ab:79:
         07:47:d3:62:33:04:60:38:60:e7:80:8e:c9:fc:d6:2c:8e:3b:
         58:ca:4f:78:b1:76:74:21:f5:06:09:3e:0e:b3:d5:fd:19:9d:
         30:73:31:d6:02:e0:98:16:68:23:69:3b:23:db:a1:52:fe:a4:
         2f:b5:ee:b5:33:f7:b2:c0:e4:da:d9:c6:01:87:39:dd:38:43:
         a2:f1:d8:76:12:0f:c4:fa:fc:4a:aa:d8:10:76:6f:7b:0e:3c:
         96:1b:2e:e9:83:8a:42:c7:25:c4:5d:5c:23:d3:63:a0:fb:c5:
         0b:c7:dd:25:f7:dd:48:9f:8f:bb:47:13:2c:ef:5a:30:79:fe:
         33:f0:87:14:39:20:7d:95:27:05:5e:a6:2f:49:b3:c8:c6:cc:
         28:38:1d:a9:cf:0b:a3:68:90:db:8a:61:fd:43:80:09:20:0f:
         28:3b:f3:e9
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYz1u0hYpgZ5DiLdbxGNgGpIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxMGIwNTI1MTM3ODk5NGNmYTgwODhkMjNiNmVlZWQ0ZTll
NmFiMDgwHhcNMjQwMTEwMjMzNTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDQ1YzI1NTkwZmEwYmQ0M2I1YWRmMTNmYzdmMmJlNzI0Nzc4M2YwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAip6LsoV01Q5qd+nN/RnBMMEym2En
Fd6GGiB4E2/yFu/p+kdEPW+CuvuN+x/PemiV5Shc7geiwA24eGMQTJY0itilj2Wk
AMxCAir4JqIoXQE6UO+qZPv16zigjGf/rcRvip7PAmWSlbYqbJtKC1Qw83fHpD1e
Y0Xk19uFWl6DwFw10VPXt2PEXvXTVb0oJASR9w34CtvrRRVPHIFCyahmW8Pxa3Vh
dv8Es2Vq5FZzvGKLd2DUUoRr7dqDILXq38FiIe/fh9ZfxdqbkXwd7yKcMj+ya8x6
TtLm1R/8QH6BTzdpUCMZRaAYvz4sOyvWfXWq0joKBV4l6tk57i3xi7kyFQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFOBFwlWQ+gvUO1rfE/x/K+ckd4PwMB8GA1UdIwQY
MBaAFDELBSUTeJlM+oCI0jtu7tTp5qsIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVFzRkpSTjRtVXo2Z0lqU08yN3UxT25tcXdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC83NzE0ODYtYmVlMy00MjRhLWIzNDEt
N2NmZGYyZGY2NjMyLzEvNEVYQ1ZaRDZDOVE3V3Q4VF9IOHI1eVIzZ19BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC83NzE0ODYtYmVlMy00MjRhLWIzNDEtN2NmZGYyZGY2NjMy
LzEvTVFzRkpSTjRtVXo2Z0lqU08yN3UxT25tcXdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhGYgzAN
BgkqhkiG9w0BAQsFAAOCAQEAnSssBRG5DdaZki2ZP0BIoeEkkD4Ix+VXJs3txyDq
BfqOZ2ecRr38BHBu875sOHW1weHHR1CHTEfXZvz/3oqtsSNfS6MEoC4MRRj6flMs
Qg9QiylPMowrMqt5B0fTYjMEYDhg54COyfzWLI47WMpPeLF2dCH1Bgk+DrPV/Rmd
MHMx1gLgmBZoI2k7I9uhUv6kL7XutTP3ssDk2tnGAYc53ThDovHYdhIPxPr8SqrY
EHZvew48lhsu6YOKQsclxF1cI9NjoPvFC8fdJffdSJ+Pu0cTLO9aMHn+M/CHFDkg
fZUnBV6mL0mzyMbMKDgdqc8Lo2iQ24ph/UOACSAPKDvz6Q==
-----END CERTIFICATE-----