Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/cBP8zn9MM65dNrPCaBUZYMycZIA.roa
File:                     cBP8zn9MM65dNrPCaBUZYMycZIA.roa (raw, json)
Hash identifier:          cjVJfPYrl8mN5o5FZ7oIbqlY3veyPBe88RGoKDW5jsU=
Subject key identifier:   70:13:FC:CE:7F:4C:33:AE:5D:36:B3:C2:68:15:19:60:CC:9C:64:80
Certificate issuer:       /CN=89056fa9625b6c87404267c6dc219924ac160045
Certificate serial:       018CC26D649EEA1877B0F6C78EA41B3CFA3C
Authority key identifier: 89:05:6F:A9:62:5B:6C:87:40:42:67:C6:DC:21:99:24:AC:16:00:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/cBP8zn9MM65dNrPCaBUZYMycZIA.roa
Signing time:             Mon 01 Jan 2024 00:29:58 +0000
ROA not before:           Mon 01 Jan 2024 00:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     133752
IP address blocks:        2a11:840:46::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:64:9e:ea:18:77:b0:f6:c7:8e:a4:1b:3c:fa:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89056fa9625b6c87404267c6dc219924ac160045
        Validity
            Not Before: Jan  1 00:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7013fcce7f4c33ae5d36b3c268151960cc9c6480
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:55:dc:a3:43:ba:c1:1c:14:ac:da:66:bc:21:
                    13:fb:17:89:b5:3d:e4:f1:91:30:19:8b:ca:9d:9a:
                    ca:be:4f:79:c6:cc:10:ed:f6:97:7b:aa:df:70:03:
                    e6:ba:5a:ad:06:09:01:12:ba:74:76:31:a7:88:66:
                    5e:a9:f1:10:69:c6:17:e5:30:ea:f9:67:2d:a9:35:
                    4b:d5:f3:31:97:35:1c:40:4c:21:bc:36:3b:c1:02:
                    05:2e:b7:e6:c8:45:4c:96:ea:ed:c8:c8:0e:92:3c:
                    31:16:02:2a:d1:38:63:2b:ba:b6:8a:0e:ea:77:94:
                    b3:a6:c7:37:e4:23:bd:6d:42:dc:7e:e5:8f:7a:a3:
                    62:39:07:31:7e:7f:4b:17:bb:12:d5:9d:04:dd:05:
                    dd:41:ee:70:bf:b9:31:33:8b:25:3f:e9:ab:62:a1:
                    42:f3:54:29:6d:8c:f4:68:f2:85:12:9d:7c:c5:bd:
                    c4:a0:57:30:e8:dc:e4:19:ee:7e:1f:b9:76:31:e4:
                    dc:b8:6b:f7:d2:f8:85:a7:d4:53:5e:bc:c2:d6:5b:
                    43:fd:0c:b6:e2:4e:d4:c8:ca:fa:71:47:d8:28:3f:
                    ff:1c:aa:80:09:ee:a4:b3:d2:70:fd:78:89:a3:ae:
                    cb:f6:ee:ca:e7:cb:94:46:6c:ff:bb:1e:76:a3:1d:
                    8b:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:13:FC:CE:7F:4C:33:AE:5D:36:B3:C2:68:15:19:60:CC:9C:64:80
            X509v3 Authority Key Identifier:
                keyid:89:05:6F:A9:62:5B:6C:87:40:42:67:C6:DC:21:99:24:AC:16:00:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/cBP8zn9MM65dNrPCaBUZYMycZIA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:840:46::/48

    Signature Algorithm: sha256WithRSAEncryption
         00:c3:22:d1:09:15:63:60:bd:1a:36:ef:e2:63:ab:70:b1:55:
         db:17:2b:dd:f9:06:55:23:7b:2d:80:35:bd:33:e1:ee:a5:b0:
         86:6d:02:3d:98:56:e5:b5:2c:8f:fa:75:c7:05:eb:c9:1b:95:
         0c:d3:46:d4:07:73:ad:03:01:fe:42:51:92:62:30:97:69:bc:
         fe:d3:e3:0a:fa:9f:11:3d:14:12:33:0c:40:c7:62:fa:7c:dc:
         64:d6:e9:d8:3e:fe:7e:c7:23:ef:1c:52:07:18:73:a0:1e:9a:
         04:2a:df:23:79:4f:cd:d1:80:ab:9c:31:25:16:40:2d:b2:41:
         2e:db:3f:74:c7:df:6d:7a:fd:da:6d:fc:2c:69:37:01:a7:6d:
         0f:0d:8f:43:79:7a:9e:08:96:23:d2:86:2b:8d:d6:31:59:de:
         29:16:7b:a8:d4:fd:29:46:2b:8e:52:78:f2:a0:03:29:e3:35:
         27:be:c1:b2:cf:0b:45:47:7b:7e:dc:b8:99:91:e1:01:11:c7:
         be:25:0b:91:b0:12:96:7c:f0:a7:94:be:19:58:a1:ec:a9:40:
         e0:a7:29:5a:71:0b:60:5a:ae:1f:b3:9b:ff:a3:89:e9:c7:7a:
         d0:e5:a0:3d:de:d7:fc:76:e9:64:0d:4c:6a:0e:fe:e7:e4:31:
         74:96:fe:df
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbWSe6hh3sPbHjqQbPPo8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5MDU2ZmE5NjI1YjZjODc0MDQyNjdjNmRjMjE5OTI0YWMx
NjAwNDUwHhcNMjQwMTAxMDAyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDEzZmNjZTdmNGMzM2FlNWQzNmIzYzI2ODE1MTk2MGNjOWM2NDgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh1Xco0O6wRwUrNpmvCET+xeJtT3k
8ZEwGYvKnZrKvk95xswQ7faXe6rfcAPmulqtBgkBErp0djGniGZeqfEQacYX5TDq
+WctqTVL1fMxlzUcQEwhvDY7wQIFLrfmyEVMlurtyMgOkjwxFgIq0ThjK7q2ig7q
d5Szpsc35CO9bULcfuWPeqNiOQcxfn9LF7sS1Z0E3QXdQe5wv7kxM4slP+mrYqFC
81QpbYz0aPKFEp18xb3EoFcw6NzkGe5+H7l2MeTcuGv30viFp9RTXrzC1ltD/Qy2
4k7UyMr6cUfYKD//HKqACe6ks9Jw/XiJo67L9u7K58uURmz/ux52ox2LTQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHAT/M5/TDOuXTazwmgVGWDMnGSAMB8GA1UdIwQY
MBaAFIkFb6liW2yHQEJnxtwhmSSsFgBFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVFWdnFXSmJiSWRBUW1mRzNDR1pKS3dXQUVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi85OWFlMmYtMzljYy00M2YzLTk0MWQt
NTE5MjAzNzMzNTNjLzEvY0JQOHpuOU1NNjVkTnJQQ2FCVVpZTXljWklBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi85OWFlMmYtMzljYy00M2YzLTk0MWQtNTE5MjAzNzMzNTNj
LzEvaVFWdnFXSmJiSWRBUW1mRzNDR1pKS3dXQUVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhEIQABG
MA0GCSqGSIb3DQEBCwUAA4IBAQAAwyLRCRVjYL0aNu/iY6twsVXbFyvd+QZVI3st
gDW9M+HupbCGbQI9mFbltSyP+nXHBevJG5UM00bUB3OtAwH+QlGSYjCXabz+0+MK
+p8RPRQSMwxAx2L6fNxk1unYPv5+xyPvHFIHGHOgHpoEKt8jeU/N0YCrnDElFkAt
skEu2z90x99tev3abfwsaTcBp20PDY9DeXqeCJYj0oYrjdYxWd4pFnuo1P0pRiuO
UnjyoAMp4zUnvsGyzwtFR3t+3LiZkeEBEce+JQuRsBKWfPCnlL4ZWKHsqUDgpyla
cQtgWq4fs5v/o4npx3rQ5aA93tf8dulkDUxqDv7n5DF0lv7f
-----END CERTIFICATE-----