Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/bM1xaStBKvXEaTchnSWr5n6B7MQ.roa
File:                     bM1xaStBKvXEaTchnSWr5n6B7MQ.roa (raw, json)
Hash identifier:          kMlcVNFsxi8aSTmgdGVNY3FH/waBXSAZsr90I2onw2k=
Subject key identifier:   6C:CD:71:69:2B:41:2A:F5:C4:69:37:21:9D:25:AB:E6:7E:81:EC:C4
Certificate issuer:       /CN=89056fa9625b6c87404267c6dc219924ac160045
Certificate serial:       018CC26D61F4642153E5DBA4D037CB59475A
Authority key identifier: 89:05:6F:A9:62:5B:6C:87:40:42:67:C6:DC:21:99:24:AC:16:00:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/bM1xaStBKvXEaTchnSWr5n6B7MQ.roa
Signing time:             Mon 01 Jan 2024 00:29:57 +0000
ROA not before:           Mon 01 Jan 2024 00:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     37153
IP address blocks:        2a11:840:32::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 12:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:61:f4:64:21:53:e5:db:a4:d0:37:cb:59:47:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89056fa9625b6c87404267c6dc219924ac160045
        Validity
            Not Before: Jan  1 00:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ccd71692b412af5c46937219d25abe67e81ecc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:9f:46:9e:42:0e:8d:33:bb:63:13:47:0f:b0:
                    08:d5:26:2c:f4:18:6b:24:fc:c8:11:3e:da:da:e5:
                    9c:4c:00:b7:ab:7d:81:53:95:3e:10:c6:38:c4:ee:
                    85:7a:5b:c2:83:9d:dc:3b:46:80:b1:46:6a:18:ea:
                    09:14:cd:06:fb:fa:ae:21:ab:22:c2:43:f1:a6:76:
                    21:3b:62:aa:ea:b4:d1:25:8e:c6:ab:09:b3:12:4a:
                    57:78:43:b7:71:cd:9b:e5:9d:cc:98:3e:8e:2b:4f:
                    c6:95:cd:b3:7a:0d:0c:1f:f1:4b:3e:7b:84:c4:1d:
                    3a:93:d1:d9:34:53:27:94:09:31:d9:f7:9d:be:e4:
                    9d:d4:24:db:f8:08:ab:3d:cd:cd:f5:05:aa:6c:a3:
                    fd:23:71:f0:db:9e:78:86:e7:9c:ff:55:ee:47:e4:
                    62:85:8a:f8:ed:f3:4b:00:e6:01:e3:20:5e:2d:d6:
                    82:18:db:ba:64:a5:a2:c8:4e:33:df:9f:52:d2:a8:
                    21:4f:4a:d9:dd:05:32:d2:3a:21:d2:7d:1c:dc:75:
                    1e:14:d4:8e:a8:94:f2:1d:82:e8:02:20:6e:36:ba:
                    51:e5:49:99:30:90:bd:c9:15:af:bc:10:a3:97:42:
                    a2:1b:17:1d:be:a7:61:d7:b4:9b:5b:a3:e6:3c:3d:
                    2f:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:CD:71:69:2B:41:2A:F5:C4:69:37:21:9D:25:AB:E6:7E:81:EC:C4
            X509v3 Authority Key Identifier:
                keyid:89:05:6F:A9:62:5B:6C:87:40:42:67:C6:DC:21:99:24:AC:16:00:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/bM1xaStBKvXEaTchnSWr5n6B7MQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:840:32::/48

    Signature Algorithm: sha256WithRSAEncryption
         10:09:77:8e:22:a0:cb:86:f4:5e:51:5b:d2:63:6c:36:49:b0:
         2b:35:c1:ff:5f:1d:c9:23:c0:52:71:21:35:9d:e0:82:7f:1c:
         8d:74:73:7d:82:5d:69:a9:b2:71:09:ad:b2:df:aa:4a:96:f1:
         fa:6c:2e:c7:6a:b1:4d:51:24:04:c5:1b:d8:98:c3:2d:36:84:
         8c:86:a6:9b:e0:b5:c2:21:72:fd:67:07:ce:52:06:46:3f:61:
         4b:d3:9d:bf:0e:2f:a6:b9:b8:33:82:2f:de:0a:c0:f5:68:86:
         5b:bf:12:dc:14:c4:2d:d4:b2:cd:1c:af:b2:33:96:6a:3e:90:
         85:38:02:50:c0:69:b1:1e:ad:8d:24:aa:2e:6a:69:57:06:b2:
         e5:5b:57:f9:c9:39:81:4c:f2:93:de:74:4a:62:ae:0b:3a:d5:
         61:f5:db:ff:c6:27:a4:aa:37:6a:b6:ae:4d:9f:2d:bb:8c:0e:
         30:7a:fd:2d:ce:75:3c:ea:8b:75:ef:64:3f:5b:36:14:f7:5a:
         90:08:0a:3b:79:f9:d8:49:65:36:be:a8:80:32:47:ec:7a:13:
         d7:d7:80:e4:be:63:04:71:ab:3e:80:a3:d0:ec:60:ff:75:b5:
         b0:96:72:2b:3d:6a:ee:a7:21:9d:b6:52:ac:f1:cc:5f:2f:d6:
         09:27:b6:57
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbWH0ZCFT5duk0DfLWUdaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5MDU2ZmE5NjI1YjZjODc0MDQyNjdjNmRjMjE5OTI0YWMx
NjAwNDUwHhcNMjQwMTAxMDAyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2NkNzE2OTJiNDEyYWY1YzQ2OTM3MjE5ZDI1YWJlNjdlODFlY2M0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvZ9GnkIOjTO7YxNHD7AI1SYs9Bhr
JPzIET7a2uWcTAC3q32BU5U+EMY4xO6FelvCg53cO0aAsUZqGOoJFM0G+/quIasi
wkPxpnYhO2Kq6rTRJY7GqwmzEkpXeEO3cc2b5Z3MmD6OK0/Glc2zeg0MH/FLPnuE
xB06k9HZNFMnlAkx2fedvuSd1CTb+AirPc3N9QWqbKP9I3Hw2554huec/1XuR+Ri
hYr47fNLAOYB4yBeLdaCGNu6ZKWiyE4z359S0qghT0rZ3QUy0joh0n0c3HUeFNSO
qJTyHYLoAiBuNrpR5UmZMJC9yRWvvBCjl0KiGxcdvqdh17SbW6PmPD0v4wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGzNcWkrQSr1xGk3IZ0lq+Z+gezEMB8GA1UdIwQY
MBaAFIkFb6liW2yHQEJnxtwhmSSsFgBFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVFWdnFXSmJiSWRBUW1mRzNDR1pKS3dXQUVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi85OWFlMmYtMzljYy00M2YzLTk0MWQt
NTE5MjAzNzMzNTNjLzEvYk0xeGFTdEJLdlhFYVRjaG5TV3I1bjZCN01RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi85OWFlMmYtMzljYy00M2YzLTk0MWQtNTE5MjAzNzMzNTNj
LzEvaVFWdnFXSmJiSWRBUW1mRzNDR1pKS3dXQUVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhEIQAAy
MA0GCSqGSIb3DQEBCwUAA4IBAQAQCXeOIqDLhvReUVvSY2w2SbArNcH/Xx3JI8BS
cSE1neCCfxyNdHN9gl1pqbJxCa2y36pKlvH6bC7HarFNUSQExRvYmMMtNoSMhqab
4LXCIXL9ZwfOUgZGP2FL052/Di+mubgzgi/eCsD1aIZbvxLcFMQt1LLNHK+yM5Zq
PpCFOAJQwGmxHq2NJKouamlXBrLlW1f5yTmBTPKT3nRKYq4LOtVh9dv/xiekqjdq
tq5Nny27jA4wev0tznU86ot172Q/WzYU91qQCAo7efnYSWU2vqiAMkfsehPX14Dk
vmMEcas+gKPQ7GD/dbWwlnIrPWrupyGdtlKs8cxfL9YJJ7ZX
-----END CERTIFICATE-----