Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/Fm7_jeD2Uvx6-nqyjemDWPtp0Vg.roa
File:                     Fm7_jeD2Uvx6-nqyjemDWPtp0Vg.roa (raw, json)
Hash identifier:          eOQespAPfub1ImVA4DmCM904Nt/7hIYmJQ0eE47qF6Q=
Subject key identifier:   16:6E:FF:8D:E0:F6:52:FC:7A:FA:7A:B2:8D:E9:83:58:FB:69:D1:58
Certificate issuer:       /CN=310b05251378994cfa8088d23b6eeed4e9e6ab08
Certificate serial:       018D8DCEC8708531ADC777133E6CDF501A7C
Authority key identifier: 31:0B:05:25:13:78:99:4C:FA:80:88:D2:3B:6E:EE:D4:E9:E6:AB:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MQsFJRN4mUz6gIjSO27u1Onmqwg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/Fm7_jeD2Uvx6-nqyjemDWPtp0Vg.roa
Signing time:             Fri 09 Feb 2024 12:19:15 +0000
ROA not before:           Fri 09 Feb 2024 12:19:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50340
IP address blocks:        2a11:9887::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/MQsFJRN4mUz6gIjSO27u1Onmqwg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/MQsFJRN4mUz6gIjSO27u1Onmqwg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MQsFJRN4mUz6gIjSO27u1Onmqwg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:8d:ce:c8:70:85:31:ad:c7:77:13:3e:6c:df:50:1a:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=310b05251378994cfa8088d23b6eeed4e9e6ab08
        Validity
            Not Before: Feb  9 12:19:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=166eff8de0f652fc7afa7ab28de98358fb69d158
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:f3:01:6d:20:95:a9:16:42:b4:0f:ea:cc:e4:
                    d7:97:5e:81:a2:d8:08:71:74:a6:d2:5c:56:76:df:
                    46:0f:30:37:a1:95:fc:bd:4c:4c:ad:cd:78:7f:56:
                    ac:09:f3:2e:77:27:2a:47:4e:09:bc:4e:92:0e:82:
                    a7:ef:6f:78:b4:61:33:c8:9d:ae:d1:b1:a0:4d:87:
                    81:dc:83:42:01:bb:87:9e:da:18:a2:20:5c:40:29:
                    b6:cc:47:17:c2:ee:71:73:1b:d0:92:d7:d7:f7:b3:
                    9a:25:eb:23:4b:5f:a7:b6:36:e0:cf:2c:2d:78:ad:
                    68:55:da:e6:10:8f:66:74:70:92:55:01:ee:98:1f:
                    d9:38:8e:36:4b:25:92:3a:db:25:54:29:ce:6c:06:
                    ef:6c:6c:a9:f7:6b:e6:a4:00:cb:96:bc:bd:f9:57:
                    11:42:e3:fa:82:0d:ad:43:fd:7a:40:8b:f0:db:da:
                    1d:d5:44:3d:e9:51:fb:66:36:6f:30:b8:64:e9:1f:
                    cd:f7:f0:f1:ec:ad:2e:a9:67:cc:0e:75:d9:db:f2:
                    2d:29:28:87:74:ea:35:dd:44:8e:d4:01:58:ef:4c:
                    b2:20:39:5b:60:42:16:86:d9:d6:c9:44:ae:8f:de:
                    6b:91:d5:ef:8d:f5:1d:b2:8b:17:ac:f5:3b:3e:60:
                    e2:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:6E:FF:8D:E0:F6:52:FC:7A:FA:7A:B2:8D:E9:83:58:FB:69:D1:58
            X509v3 Authority Key Identifier:
                keyid:31:0B:05:25:13:78:99:4C:FA:80:88:D2:3B:6E:EE:D4:E9:E6:AB:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MQsFJRN4mUz6gIjSO27u1Onmqwg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/Fm7_jeD2Uvx6-nqyjemDWPtp0Vg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/MQsFJRN4mUz6gIjSO27u1Onmqwg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:9887::/32

    Signature Algorithm: sha256WithRSAEncryption
         3b:0b:61:80:52:07:06:e1:99:32:0b:b0:b3:cd:66:3e:06:0f:
         15:d6:b0:39:d7:00:84:f1:4b:24:db:a3:60:07:12:83:b2:df:
         11:30:b5:56:0d:7f:41:78:a6:bf:59:37:d5:22:e3:60:c1:bd:
         c7:fe:f2:b7:0d:0e:90:6b:9e:9e:4d:04:75:f5:72:ee:e5:55:
         a3:63:3d:09:17:bc:4a:2a:6e:82:12:37:cd:fc:33:ab:b3:6d:
         8a:28:b2:a2:4d:7b:bb:4c:7c:62:92:dd:a8:a6:f9:b9:43:de:
         5e:9a:b1:cd:ea:81:9a:9c:17:f6:dc:1f:20:8c:98:ea:ec:5c:
         6e:5e:66:c7:66:08:96:3e:27:ba:21:63:8f:e8:bd:ef:eb:f3:
         76:fc:53:a3:0b:a7:d2:e1:c7:48:c4:47:0a:0e:7f:e6:f5:f7:
         e7:96:3e:1a:e4:4e:98:75:dd:6c:4f:ea:cc:d6:e3:b7:f1:d1:
         52:2a:a0:aa:ce:87:26:4c:18:a8:75:20:8a:0b:a4:05:70:1f:
         b9:db:21:49:ef:41:03:75:4f:2b:0d:80:1e:fc:08:6c:47:9b:
         d0:03:5a:0c:05:d2:f3:bf:ac:60:fa:68:d2:9b:9b:f7:2e:bb:
         b8:12:fc:51:5a:b9:22:92:8c:98:14:4b:7a:84:d7:a8:9f:d1:
         d4:bc:29:f0
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY2NzshwhTGtx3cTPmzfUBp8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxMGIwNTI1MTM3ODk5NGNmYTgwODhkMjNiNmVlZWQ0ZTll
NmFiMDgwHhcNMjQwMjA5MTIxOTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjZlZmY4ZGUwZjY1MmZjN2FmYTdhYjI4ZGU5ODM1OGZiNjlkMTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtfMBbSCVqRZCtA/qzOTXl16BotgI
cXSm0lxWdt9GDzA3oZX8vUxMrc14f1asCfMudycqR04JvE6SDoKn7294tGEzyJ2u
0bGgTYeB3INCAbuHntoYoiBcQCm2zEcXwu5xcxvQktfX97OaJesjS1+ntjbgzywt
eK1oVdrmEI9mdHCSVQHumB/ZOI42SyWSOtslVCnObAbvbGyp92vmpADLlry9+VcR
QuP6gg2tQ/16QIvw29od1UQ96VH7ZjZvMLhk6R/N9/Dx7K0uqWfMDnXZ2/ItKSiH
dOo13USO1AFY70yyIDlbYEIWhtnWyUSuj95rkdXvjfUdsosXrPU7PmDiIQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBZu/43g9lL8evp6so3pg1j7adFYMB8GA1UdIwQY
MBaAFDELBSUTeJlM+oCI0jtu7tTp5qsIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVFzRkpSTjRtVXo2Z0lqU08yN3UxT25tcXdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC83NzE0ODYtYmVlMy00MjRhLWIzNDEt
N2NmZGYyZGY2NjMyLzEvRm03X2plRDJVdng2LW5xeWplbURXUHRwMFZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC83NzE0ODYtYmVlMy00MjRhLWIzNDEtN2NmZGYyZGY2NjMy
LzEvTVFzRkpSTjRtVXo2Z0lqU08yN3UxT25tcXdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhGYhzAN
BgkqhkiG9w0BAQsFAAOCAQEAOwthgFIHBuGZMguws81mPgYPFdawOdcAhPFLJNuj
YAcSg7LfETC1Vg1/QXimv1k31SLjYMG9x/7ytw0OkGuenk0EdfVy7uVVo2M9CRe8
SipughI3zfwzq7Ntiiiyok17u0x8YpLdqKb5uUPeXpqxzeqBmpwX9twfIIyY6uxc
bl5mx2YIlj4nuiFjj+i97+vzdvxTowun0uHHSMRHCg5/5vX355Y+GuROmHXdbE/q
zNbjt/HRUiqgqs6HJkwYqHUgigukBXAfudshSe9BA3VPKw2AHvwIbEeb0ANaDAXS
87+sYPpo0pub9y67uBL8UVq5IpKMmBRLeoTXqJ/R1Lwp8A==
-----END CERTIFICATE-----