Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/SkQQoP1m2vbJLPtDcaEWDEDG_AQ.roa
File:                     SkQQoP1m2vbJLPtDcaEWDEDG_AQ.roa (raw, json)
Hash identifier:          N6TOkYUshwFPgbthVHmFtkaMydRZ8lj88eOUcXCtd18=
Subject key identifier:   4A:44:10:A0:FD:66:DA:F6:C9:2C:FB:43:71:A1:16:0C:40:C6:FC:04
Certificate issuer:       /CN=89056fa9625b6c87404267c6dc219924ac160045
Certificate serial:       018CC26D623446DC8F44B83C2085BA529F4F
Authority key identifier: 89:05:6F:A9:62:5B:6C:87:40:42:67:C6:DC:21:99:24:AC:16:00:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/SkQQoP1m2vbJLPtDcaEWDEDG_AQ.roa
Signing time:             Mon 01 Jan 2024 00:29:57 +0000
ROA not before:           Mon 01 Jan 2024 00:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43260
IP address blocks:        2a11:840:24::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 21:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:62:34:46:dc:8f:44:b8:3c:20:85:ba:52:9f:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89056fa9625b6c87404267c6dc219924ac160045
        Validity
            Not Before: Jan  1 00:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4a4410a0fd66daf6c92cfb4371a1160c40c6fc04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:11:b3:b0:d9:91:4e:97:ec:be:6f:2d:97:ab:
                    0c:e4:69:83:d1:bc:82:3f:86:c3:41:07:4a:87:28:
                    8d:23:f5:70:98:34:af:d7:05:b0:64:2f:59:83:6e:
                    b3:31:f7:b1:46:c1:54:9f:cb:3d:fb:68:16:90:64:
                    a9:84:d3:bc:e4:e4:1e:31:9a:f4:ea:a9:b6:0d:cc:
                    ce:8d:2c:cf:39:99:2f:7e:e9:8c:75:8a:9c:c6:fb:
                    41:2e:ee:67:89:a5:53:8d:61:aa:88:b7:d4:78:b9:
                    04:a6:ab:d1:25:dc:19:39:6c:b9:09:ed:ee:29:d7:
                    45:8d:00:7f:94:b1:ef:8f:d1:c6:55:4c:15:14:6e:
                    6e:a3:9e:83:fc:f1:6e:e2:bf:04:9e:76:dc:52:92:
                    04:70:42:bb:1e:a2:e4:4b:25:36:e1:fc:28:19:a4:
                    04:d9:f0:e0:c8:a1:bd:79:46:48:88:f5:1d:77:9b:
                    85:2c:1b:ff:8e:04:ed:d9:b9:a4:87:90:76:16:4a:
                    50:61:bd:05:a9:70:10:77:10:dd:9f:44:c6:8f:c6:
                    0a:c4:1a:21:88:98:ad:b5:1e:f1:b7:b3:dc:dc:3c:
                    44:1f:66:21:b1:24:96:ce:aa:4d:da:7d:d2:30:6c:
                    e4:a6:cb:ed:59:58:00:af:61:34:6d:2c:85:c1:11:
                    41:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:44:10:A0:FD:66:DA:F6:C9:2C:FB:43:71:A1:16:0C:40:C6:FC:04
            X509v3 Authority Key Identifier:
                keyid:89:05:6F:A9:62:5B:6C:87:40:42:67:C6:DC:21:99:24:AC:16:00:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/SkQQoP1m2vbJLPtDcaEWDEDG_AQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:840:24::/48

    Signature Algorithm: sha256WithRSAEncryption
         50:f3:15:88:18:18:a9:b2:1b:e1:6c:33:67:79:5f:8a:fb:43:
         f0:55:17:63:78:be:db:f3:93:51:76:d6:41:58:aa:de:61:41:
         21:04:b7:d3:4d:64:bc:e5:cf:b4:4f:be:89:4c:63:8d:76:07:
         ed:b2:e1:33:99:92:8d:5e:af:32:f3:ca:42:5b:cf:82:47:38:
         1b:f5:93:74:3b:fb:ea:e5:a2:28:ab:a7:3c:73:68:57:cb:6e:
         3b:f7:e8:36:68:19:e0:9c:4b:28:01:69:7c:b3:83:18:fb:5b:
         da:23:cc:e8:27:8f:f3:91:60:31:a7:ad:6e:fe:2d:e9:cc:fd:
         b2:b3:7c:96:55:09:28:86:34:46:34:38:54:1b:f4:be:8a:34:
         a4:a6:0c:9a:f8:60:b7:49:e5:87:7d:09:3f:eb:18:5b:be:4a:
         ac:72:23:5d:87:58:b4:6d:a1:ac:3a:8c:1f:4c:ea:c3:29:ab:
         26:f9:4e:86:44:c8:83:92:1c:0a:06:2e:40:ad:eb:01:42:02:
         e6:d6:7e:95:cc:26:77:4f:0b:0c:52:16:9d:fa:ed:59:de:99:
         3a:8b:92:0a:b0:2e:6b:d7:3f:4b:69:41:7c:ef:22:6f:e4:45:
         67:44:00:10:2e:73:d2:b3:1b:57:9b:1f:25:67:fb:f4:6a:78:
         1a:ee:29:28
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbWI0RtyPRLg8IIW6Up9PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5MDU2ZmE5NjI1YjZjODc0MDQyNjdjNmRjMjE5OTI0YWMx
NjAwNDUwHhcNMjQwMTAxMDAyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTQ0MTBhMGZkNjZkYWY2YzkyY2ZiNDM3MWExMTYwYzQwYzZmYzA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxxGzsNmRTpfsvm8tl6sM5GmD0byC
P4bDQQdKhyiNI/VwmDSv1wWwZC9Zg26zMfexRsFUn8s9+2gWkGSphNO85OQeMZr0
6qm2DczOjSzPOZkvfumMdYqcxvtBLu5niaVTjWGqiLfUeLkEpqvRJdwZOWy5Ce3u
KddFjQB/lLHvj9HGVUwVFG5uo56D/PFu4r8EnnbcUpIEcEK7HqLkSyU24fwoGaQE
2fDgyKG9eUZIiPUdd5uFLBv/jgTt2bmkh5B2FkpQYb0FqXAQdxDdn0TGj8YKxBoh
iJittR7xt7Pc3DxEH2YhsSSWzqpN2n3SMGzkpsvtWVgAr2E0bSyFwRFBFwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEpEEKD9Ztr2ySz7Q3GhFgxAxvwEMB8GA1UdIwQY
MBaAFIkFb6liW2yHQEJnxtwhmSSsFgBFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVFWdnFXSmJiSWRBUW1mRzNDR1pKS3dXQUVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi85OWFlMmYtMzljYy00M2YzLTk0MWQt
NTE5MjAzNzMzNTNjLzEvU2tRUW9QMW0ydmJKTFB0RGNhRVdERURHX0FRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi85OWFlMmYtMzljYy00M2YzLTk0MWQtNTE5MjAzNzMzNTNj
LzEvaVFWdnFXSmJiSWRBUW1mRzNDR1pKS3dXQUVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhEIQAAk
MA0GCSqGSIb3DQEBCwUAA4IBAQBQ8xWIGBipshvhbDNneV+K+0PwVRdjeL7b85NR
dtZBWKreYUEhBLfTTWS85c+0T76JTGONdgftsuEzmZKNXq8y88pCW8+CRzgb9ZN0
O/vq5aIoq6c8c2hXy2479+g2aBngnEsoAWl8s4MY+1vaI8zoJ4/zkWAxp61u/i3p
zP2ys3yWVQkohjRGNDhUG/S+ijSkpgya+GC3SeWHfQk/6xhbvkqsciNdh1i0baGs
OowfTOrDKasm+U6GRMiDkhwKBi5AresBQgLm1n6VzCZ3TwsMUhad+u1Z3pk6i5IK
sC5r1z9LaUF87yJv5EVnRAAQLnPSsxtXmx8lZ/v0anga7iko
-----END CERTIFICATE-----