Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/1-KEulmNZtWvcyDhap83s-wjfIM8.roa
File:                     1-KEulmNZtWvcyDhap83s-wjfIM8.roa (raw, json)
Hash identifier:          dfGzd1vhtQLVPFyKNlYVxHdZiPz5oxIB8lrJfzz5P6A=
Subject key identifier:   F8:A1:2E:96:63:59:B5:6B:DC:C8:38:5A:A7:CD:EC:FB:08:DF:20:CF
Certificate issuer:       /CN=89056fa9625b6c87404267c6dc219924ac160045
Certificate serial:       018CC26D63984D3C3006E3E7EEF04146075C
Authority key identifier: 89:05:6F:A9:62:5B:6C:87:40:42:67:C6:DC:21:99:24:AC:16:00:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/1-KEulmNZtWvcyDhap83s-wjfIM8.roa
Signing time:             Mon 01 Jan 2024 00:29:57 +0000
ROA not before:           Mon 01 Jan 2024 00:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51765
IP address blocks:        2a11:840:21::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:63:98:4d:3c:30:06:e3:e7:ee:f0:41:46:07:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89056fa9625b6c87404267c6dc219924ac160045
        Validity
            Not Before: Jan  1 00:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f8a12e966359b56bdcc8385aa7cdecfb08df20cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:c5:86:11:6d:d8:9a:3b:eb:f4:16:95:30:a7:
                    22:12:1b:e0:ae:13:ff:e3:36:09:52:0b:fa:86:39:
                    22:3f:8c:a5:ed:af:a3:e8:db:91:c8:4e:8f:b6:b0:
                    a4:6a:cf:4a:27:6f:f0:a4:df:77:ce:6e:fe:d7:ee:
                    5e:f4:80:b2:94:b1:3f:64:23:72:bc:c2:84:2a:9e:
                    37:7b:0d:3a:bf:ae:eb:f6:ba:ce:a5:8d:85:61:90:
                    c1:10:b1:db:cc:f6:e6:a9:63:83:66:c7:cf:c1:b3:
                    5e:f5:2a:17:5f:2f:d1:eb:cc:a6:b2:78:9f:ee:72:
                    dd:a1:81:64:ec:74:de:bf:79:88:92:1f:fd:9b:05:
                    77:6a:a0:84:df:d5:df:10:de:b3:84:93:5a:78:bc:
                    da:9d:4f:b6:17:5b:28:a3:1c:71:fc:4a:1a:14:ab:
                    8e:c4:18:22:c2:2b:da:ea:f1:7c:19:f8:22:51:36:
                    14:89:ae:59:74:b7:85:ff:15:40:22:30:2b:93:99:
                    57:ed:04:11:dc:cc:5e:c2:72:23:c2:41:02:93:e5:
                    eb:c7:56:f1:d0:24:12:53:8a:4a:9d:14:58:8c:99:
                    b7:03:60:4f:3b:8e:e3:73:1b:6e:ef:c9:a7:49:10:
                    9f:ac:67:af:91:ac:8f:e6:21:20:80:fa:94:f5:36:
                    71:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:A1:2E:96:63:59:B5:6B:DC:C8:38:5A:A7:CD:EC:FB:08:DF:20:CF
            X509v3 Authority Key Identifier:
                keyid:89:05:6F:A9:62:5B:6C:87:40:42:67:C6:DC:21:99:24:AC:16:00:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/1-KEulmNZtWvcyDhap83s-wjfIM8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:840:21::/48

    Signature Algorithm: sha256WithRSAEncryption
         55:3e:c8:77:6d:33:30:45:d2:f9:2a:83:8f:26:a8:92:df:2f:
         87:d2:ef:9e:71:97:c0:a1:89:d9:e2:12:04:08:63:e9:60:14:
         e2:bc:93:ff:3e:58:97:fe:17:1b:39:85:5a:5f:a0:d4:3f:d1:
         b9:be:94:76:3a:b8:76:95:dc:6a:3d:9e:ae:54:75:5b:53:91:
         84:87:d5:cd:50:91:12:15:4d:15:37:8d:f0:f4:f1:b3:b2:86:
         aa:12:e0:3f:fa:32:97:0b:e6:0c:ab:c7:9c:f7:21:64:c5:89:
         2b:da:b4:9e:9b:cb:22:40:30:69:4c:90:82:7f:99:10:dd:28:
         5a:c8:77:ac:24:36:4c:e1:0c:56:5d:4b:ad:c5:c3:75:57:09:
         01:96:a2:d7:86:bd:55:8a:cf:26:40:8d:b7:3e:52:8b:ed:64:
         4c:2a:55:84:3c:41:79:1c:76:1a:f1:cb:57:2f:9c:71:ec:a4:
         c5:e9:0c:49:bd:74:e3:93:8e:37:4e:23:97:4f:b5:17:35:36:
         b4:5c:d8:c7:e0:9a:16:b3:e8:6c:21:91:0e:fb:5d:39:00:87:
         28:6d:7d:57:a7:4d:8a:49:97:75:ef:c9:75:0e:68:7a:a1:9e:
         86:c8:dc:b9:71:8c:79:23:1c:6e:7a:c6:f3:87:b1:1a:5e:a7:
         02:6c:84:61
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAYzCbWOYTTwwBuPn7vBBRgdcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5MDU2ZmE5NjI1YjZjODc0MDQyNjdjNmRjMjE5OTI0YWMx
NjAwNDUwHhcNMjQwMTAxMDAyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGExMmU5NjYzNTliNTZiZGNjODM4NWFhN2NkZWNmYjA4ZGYyMGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAksWGEW3Ymjvr9BaVMKciEhvgrhP/
4zYJUgv6hjkiP4yl7a+j6NuRyE6PtrCkas9KJ2/wpN93zm7+1+5e9ICylLE/ZCNy
vMKEKp43ew06v67r9rrOpY2FYZDBELHbzPbmqWODZsfPwbNe9SoXXy/R68ymsnif
7nLdoYFk7HTev3mIkh/9mwV3aqCE39XfEN6zhJNaeLzanU+2F1sooxxx/EoaFKuO
xBgiwiva6vF8GfgiUTYUia5ZdLeF/xVAIjArk5lX7QQR3MxewnIjwkECk+Xrx1bx
0CQSU4pKnRRYjJm3A2BPO47jcxtu78mnSRCfrGevkayP5iEggPqU9TZxoQIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFPihLpZjWbVr3Mg4WqfN7PsI3yDPMB8GA1UdIwQY
MBaAFIkFb6liW2yHQEJnxtwhmSSsFgBFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVFWdnFXSmJiSWRBUW1mRzNDR1pKS3dXQUVVLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi85OWFlMmYtMzljYy00M2YzLTk0MWQt
NTE5MjAzNzMzNTNjLzEvMS1LRXVsbU5adFd2Y3lEaGFwODNzLXdqZklNOC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYWIvOTlhZTJmLTM5Y2MtNDNmMy05NDFkLTUxOTIwMzczMzUz
Yy8xL2lRVnZxV0piYklkQVFtZkczQ0daSkt3V0FFVS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoRCEAA
ITANBgkqhkiG9w0BAQsFAAOCAQEAVT7Id20zMEXS+SqDjyaokt8vh9LvnnGXwKGJ
2eISBAhj6WAU4ryT/z5Yl/4XGzmFWl+g1D/Rub6Udjq4dpXcaj2erlR1W1ORhIfV
zVCREhVNFTeN8PTxs7KGqhLgP/oylwvmDKvHnPchZMWJK9q0npvLIkAwaUyQgn+Z
EN0oWsh3rCQ2TOEMVl1LrcXDdVcJAZai14a9VYrPJkCNtz5Si+1kTCpVhDxBeRx2
GvHLVy+cceykxekMSb1045OON04jl0+1FzU2tFzYx+CaFrPobCGRDvtdOQCHKG19
V6dNikmXde/JdQ5oeqGehsjcuXGMeSMcbnrG84exGl6nAmyEYQ==
-----END CERTIFICATE-----