Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/7Ba72zDtXAybzRm2KOKEbGVRRww.roa
File:                     7Ba72zDtXAybzRm2KOKEbGVRRww.roa (raw, json)
Hash identifier:          tMQI4Y9Bo17Yqk731Ar9qtK/Ruk6JfH+hTGXpdeXSyo=
Subject key identifier:   EC:16:BB:DB:30:ED:5C:0C:9B:CD:19:B6:28:E2:84:6C:65:51:47:0C
Certificate issuer:       /CN=89056fa9625b6c87404267c6dc219924ac160045
Certificate serial:       018CC26D66B6F7ED02192110F66B96969BB5
Authority key identifier: 89:05:6F:A9:62:5B:6C:87:40:42:67:C6:DC:21:99:24:AC:16:00:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/7Ba72zDtXAybzRm2KOKEbGVRRww.roa
Signing time:             Mon 01 Jan 2024 00:29:58 +0000
ROA not before:           Mon 01 Jan 2024 00:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204094
IP address blocks:        2a11:840:22::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 12:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:66:b6:f7:ed:02:19:21:10:f6:6b:96:96:9b:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89056fa9625b6c87404267c6dc219924ac160045
        Validity
            Not Before: Jan  1 00:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ec16bbdb30ed5c0c9bcd19b628e2846c6551470c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:33:d3:27:a2:cf:72:d5:0d:34:9d:7d:44:02:
                    21:06:09:bb:86:1a:02:e8:e8:3b:d7:06:da:e4:7b:
                    80:ce:fa:f7:ce:a5:3e:f7:10:cc:3c:e5:d2:fa:a6:
                    03:3e:ee:cf:a8:02:16:29:0b:26:8d:3b:2b:8c:94:
                    3b:c1:31:cc:99:c8:1b:23:2c:a2:9c:9a:61:63:17:
                    fc:81:37:da:91:50:30:54:34:32:68:6f:e7:36:1c:
                    6c:56:d6:63:ce:64:eb:ef:b0:3e:e3:73:47:a7:74:
                    ab:fb:54:8b:0a:ed:4d:9d:b2:07:2a:36:0b:53:ec:
                    f4:e1:d5:78:42:52:50:91:34:86:19:77:ce:a8:9f:
                    be:b2:62:06:02:44:cb:bc:dd:b1:b4:ff:b6:fd:ea:
                    d2:d4:d7:5e:64:27:76:56:0e:f4:9d:dc:53:87:c5:
                    49:19:e4:c4:69:44:b3:73:4e:f9:7a:67:47:ef:7f:
                    a4:1a:af:49:21:13:11:80:96:cc:72:19:a0:be:f0:
                    cc:5c:eb:88:4b:1c:3a:a1:a5:9d:8b:a4:9a:9d:07:
                    d1:28:b2:f0:d2:54:76:af:72:ee:97:d1:3b:64:5f:
                    53:f3:08:04:d4:99:35:10:bb:1d:40:a2:26:82:64:
                    c3:83:f1:00:11:60:0b:65:51:87:75:8c:60:8a:f2:
                    ad:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:16:BB:DB:30:ED:5C:0C:9B:CD:19:B6:28:E2:84:6C:65:51:47:0C
            X509v3 Authority Key Identifier:
                keyid:89:05:6F:A9:62:5B:6C:87:40:42:67:C6:DC:21:99:24:AC:16:00:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/7Ba72zDtXAybzRm2KOKEbGVRRww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:840:22::/48

    Signature Algorithm: sha256WithRSAEncryption
         0c:00:ba:78:68:da:3a:b8:a2:b0:a0:3b:78:b2:80:28:1e:d1:
         51:09:52:18:0f:c8:ba:e8:d8:44:b2:9f:74:31:c2:a2:a2:01:
         2f:85:39:5f:8b:f2:01:3c:c1:d8:bf:a1:18:71:c0:57:a4:23:
         89:0a:a7:e2:67:41:43:e3:7a:45:b8:19:57:65:a7:1e:29:a5:
         bb:14:49:98:50:6b:70:54:2b:d7:8b:d9:29:5d:b1:86:86:72:
         07:32:d3:6e:1a:bc:60:23:3d:09:d0:d6:77:23:91:6d:36:05:
         7c:aa:51:41:e4:53:51:ed:2f:dc:07:99:dd:91:b2:d3:71:7c:
         08:ce:f9:27:f0:3e:3d:c2:29:90:3c:a4:3d:8c:96:b3:91:29:
         f7:bf:c9:23:25:52:9a:56:ee:55:f8:58:0f:a1:57:b2:cd:e7:
         fd:d3:3e:6a:94:57:65:5a:b5:e2:4c:d8:5b:fd:99:6e:76:d2:
         df:dd:81:94:0d:27:d5:c6:ea:65:f5:fc:98:54:7b:68:65:b0:
         b6:f0:c9:0a:29:32:68:fa:7b:1a:20:4b:6b:aa:41:38:82:a0:
         b1:fe:d1:db:83:ee:df:41:0d:32:28:fe:2c:01:c1:85:24:76:
         1d:b0:98:86:75:a8:26:7d:fc:33:42:ff:90:48:f9:40:91:57:
         a5:1d:e1:58
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbWa29+0CGSEQ9muWlpu1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5MDU2ZmE5NjI1YjZjODc0MDQyNjdjNmRjMjE5OTI0YWMx
NjAwNDUwHhcNMjQwMTAxMDAyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzE2YmJkYjMwZWQ1YzBjOWJjZDE5YjYyOGUyODQ2YzY1NTE0NzBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnDPTJ6LPctUNNJ19RAIhBgm7hhoC
6Og71wba5HuAzvr3zqU+9xDMPOXS+qYDPu7PqAIWKQsmjTsrjJQ7wTHMmcgbIyyi
nJphYxf8gTfakVAwVDQyaG/nNhxsVtZjzmTr77A+43NHp3Sr+1SLCu1NnbIHKjYL
U+z04dV4QlJQkTSGGXfOqJ++smIGAkTLvN2xtP+2/erS1NdeZCd2Vg70ndxTh8VJ
GeTEaUSzc075emdH73+kGq9JIRMRgJbMchmgvvDMXOuISxw6oaWdi6SanQfRKLLw
0lR2r3Lul9E7ZF9T8wgE1Jk1ELsdQKImgmTDg/EAEWALZVGHdYxgivKtKwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOwWu9sw7VwMm80ZtijihGxlUUcMMB8GA1UdIwQY
MBaAFIkFb6liW2yHQEJnxtwhmSSsFgBFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVFWdnFXSmJiSWRBUW1mRzNDR1pKS3dXQUVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi85OWFlMmYtMzljYy00M2YzLTk0MWQt
NTE5MjAzNzMzNTNjLzEvN0JhNzJ6RHRYQXlielJtMktPS0ViR1ZSUnd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi85OWFlMmYtMzljYy00M2YzLTk0MWQtNTE5MjAzNzMzNTNj
LzEvaVFWdnFXSmJiSWRBUW1mRzNDR1pKS3dXQUVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhEIQAAi
MA0GCSqGSIb3DQEBCwUAA4IBAQAMALp4aNo6uKKwoDt4soAoHtFRCVIYD8i66NhE
sp90McKiogEvhTlfi/IBPMHYv6EYccBXpCOJCqfiZ0FD43pFuBlXZaceKaW7FEmY
UGtwVCvXi9kpXbGGhnIHMtNuGrxgIz0J0NZ3I5FtNgV8qlFB5FNR7S/cB5ndkbLT
cXwIzvkn8D49wimQPKQ9jJazkSn3v8kjJVKaVu5V+FgPoVeyzef90z5qlFdlWrXi
TNhb/ZludtLf3YGUDSfVxupl9fyYVHtoZbC28MkKKTJo+nsaIEtrqkE4gqCx/tHb
g+7fQQ0yKP4sAcGFJHYdsJiGdagmffwzQv+QSPlAkVelHeFY
-----END CERTIFICATE-----