Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/FqBDVoNMuqA-RZdAZz68-1JcKlU.roa
File:                     FqBDVoNMuqA-RZdAZz68-1JcKlU.roa (raw, json)
Hash identifier:          ERMgNkQ3eJdCns7eC1EvPixVR/O04k8TdPWXvsS/MJk=
Subject key identifier:   16:A0:43:56:83:4C:BA:A0:3E:45:97:40:67:3E:BC:FB:52:5C:2A:55
Certificate issuer:       /CN=89056fa9625b6c87404267c6dc219924ac160045
Certificate serial:       018CC26D6448991FAE5F5460C61A0AF79273
Authority key identifier: 89:05:6F:A9:62:5B:6C:87:40:42:67:C6:DC:21:99:24:AC:16:00:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/FqBDVoNMuqA-RZdAZz68-1JcKlU.roa
Signing time:             Mon 01 Jan 2024 00:29:58 +0000
ROA not before:           Mon 01 Jan 2024 00:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     63018
IP address blocks:        2a11:840:33::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:64:48:99:1f:ae:5f:54:60:c6:1a:0a:f7:92:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89056fa9625b6c87404267c6dc219924ac160045
        Validity
            Not Before: Jan  1 00:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=16a04356834cbaa03e459740673ebcfb525c2a55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:a1:e0:7a:57:4f:58:1f:bc:c2:0f:c9:a6:d1:
                    80:b4:9a:0f:d8:a9:2b:fa:6b:7c:32:42:5e:84:60:
                    22:9d:77:0b:21:49:13:bb:b1:e7:02:2c:dc:a9:da:
                    da:b2:f6:79:02:3b:80:d7:da:9a:71:51:f8:b0:ba:
                    4a:0a:7c:c5:84:42:b5:0d:32:ea:dd:e5:03:6a:9e:
                    89:05:e3:2e:e5:d9:c7:b7:1c:a0:14:92:ef:45:42:
                    6e:96:75:15:9a:66:4e:61:15:56:ce:3e:13:67:45:
                    39:07:3f:70:8c:ad:f7:1b:96:a5:92:65:ff:70:19:
                    86:6b:f8:c7:d6:f9:7e:cd:90:48:aa:ab:02:5d:92:
                    43:c2:6d:03:04:a7:a8:e0:7f:e9:c9:93:24:64:3d:
                    56:6a:77:fc:c2:a1:28:2b:a8:2c:61:1f:f8:43:88:
                    b8:d8:f4:17:1b:43:66:3e:47:17:f4:5c:7e:09:be:
                    8c:52:04:59:4c:0a:d9:8d:70:39:2b:e9:7d:44:bb:
                    eb:72:56:e9:31:9e:d1:b9:6f:6d:3c:4f:9a:4b:c9:
                    7a:1d:50:5f:ea:ba:f3:36:3c:d5:6c:bf:e2:2c:0f:
                    53:a3:cf:89:51:a3:44:b6:bb:09:cc:f7:97:5e:26:
                    cc:aa:8a:02:89:32:47:9c:d1:80:53:3e:5e:2e:de:
                    15:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:A0:43:56:83:4C:BA:A0:3E:45:97:40:67:3E:BC:FB:52:5C:2A:55
            X509v3 Authority Key Identifier:
                keyid:89:05:6F:A9:62:5B:6C:87:40:42:67:C6:DC:21:99:24:AC:16:00:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/FqBDVoNMuqA-RZdAZz68-1JcKlU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:840:33::/48

    Signature Algorithm: sha256WithRSAEncryption
         4e:8f:9f:00:3d:0e:79:04:d8:2c:2b:59:86:32:4d:de:6f:d0:
         84:18:f2:14:ff:c9:01:4c:11:9e:df:a6:c3:40:a4:33:f3:c8:
         ba:84:b7:f6:cc:a9:1e:ad:7e:2c:f8:19:de:3e:b4:ff:fd:75:
         ea:4c:74:73:59:8e:04:1c:01:72:cd:f3:cc:7b:d4:86:e4:e8:
         eb:4e:18:33:1d:72:a3:4b:93:1d:54:bb:19:94:51:00:c2:48:
         1f:b3:68:f1:14:71:6e:3b:13:72:29:70:cd:0c:e4:b1:a8:06:
         5e:94:72:f8:a3:f4:fd:2a:3f:ce:a2:52:ae:55:18:6e:e7:1e:
         7d:68:c7:8b:3e:04:75:83:fb:50:4b:51:41:d1:ce:a2:f3:8b:
         47:d9:3a:a9:ae:82:ba:b8:bd:0f:dc:90:be:9f:01:c5:74:a5:
         57:2e:a4:4a:b6:71:e8:65:f2:1a:5d:d4:f4:9e:c4:85:93:35:
         a0:24:2c:41:2a:c6:83:a4:2e:ee:e7:02:a4:4a:a6:dc:5c:8f:
         66:74:37:d5:ff:5d:4d:84:3a:be:05:25:86:28:21:5b:fa:e3:
         52:5a:ab:f5:05:1f:30:2e:f2:09:64:77:6b:09:38:ee:c7:c5:
         91:63:a9:3e:67:c8:b4:4c:aa:a9:a7:3f:33:12:1c:44:ae:d9:
         08:c9:7b:b9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbWRImR+uX1RgxhoK95JzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5MDU2ZmE5NjI1YjZjODc0MDQyNjdjNmRjMjE5OTI0YWMx
NjAwNDUwHhcNMjQwMTAxMDAyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmEwNDM1NjgzNGNiYWEwM2U0NTk3NDA2NzNlYmNmYjUyNWMyYTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhKHgeldPWB+8wg/JptGAtJoP2Kkr
+mt8MkJehGAinXcLIUkTu7HnAizcqdrasvZ5AjuA19qacVH4sLpKCnzFhEK1DTLq
3eUDap6JBeMu5dnHtxygFJLvRUJulnUVmmZOYRVWzj4TZ0U5Bz9wjK33G5alkmX/
cBmGa/jH1vl+zZBIqqsCXZJDwm0DBKeo4H/pyZMkZD1Wanf8wqEoK6gsYR/4Q4i4
2PQXG0NmPkcX9Fx+Cb6MUgRZTArZjXA5K+l9RLvrclbpMZ7RuW9tPE+aS8l6HVBf
6rrzNjzVbL/iLA9To8+JUaNEtrsJzPeXXibMqooCiTJHnNGAUz5eLt4VHQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBagQ1aDTLqgPkWXQGc+vPtSXCpVMB8GA1UdIwQY
MBaAFIkFb6liW2yHQEJnxtwhmSSsFgBFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVFWdnFXSmJiSWRBUW1mRzNDR1pKS3dXQUVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi85OWFlMmYtMzljYy00M2YzLTk0MWQt
NTE5MjAzNzMzNTNjLzEvRnFCRFZvTk11cUEtUlpkQVp6NjgtMUpjS2xVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi85OWFlMmYtMzljYy00M2YzLTk0MWQtNTE5MjAzNzMzNTNj
LzEvaVFWdnFXSmJiSWRBUW1mRzNDR1pKS3dXQUVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhEIQAAz
MA0GCSqGSIb3DQEBCwUAA4IBAQBOj58APQ55BNgsK1mGMk3eb9CEGPIU/8kBTBGe
36bDQKQz88i6hLf2zKkerX4s+BnePrT//XXqTHRzWY4EHAFyzfPMe9SG5OjrThgz
HXKjS5MdVLsZlFEAwkgfs2jxFHFuOxNyKXDNDOSxqAZelHL4o/T9Kj/OolKuVRhu
5x59aMeLPgR1g/tQS1FB0c6i84tH2TqproK6uL0P3JC+nwHFdKVXLqRKtnHoZfIa
XdT0nsSFkzWgJCxBKsaDpC7u5wKkSqbcXI9mdDfV/11NhDq+BSWGKCFb+uNSWqv1
BR8wLvIJZHdrCTjux8WRY6k+Z8i0TKqppz8zEhxErtkIyXu5
-----END CERTIFICATE-----