Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/gTkJvjy9A4c53WcF3c4oBPT0rgA.roa
File:                     gTkJvjy9A4c53WcF3c4oBPT0rgA.roa (raw, json)
Hash identifier:          E8UfrAtMOUdVQNGSivMk3uCV21A9a6oA3BS+kByXpnI=
Subject key identifier:   81:39:09:BE:3C:BD:03:87:39:DD:67:05:DD:CE:28:04:F4:F4:AE:00
Certificate issuer:       /CN=89056fa9625b6c87404267c6dc219924ac160045
Certificate serial:       018CC26D6308E211A4CC43E4DE3F54D2BCD2
Authority key identifier: 89:05:6F:A9:62:5B:6C:87:40:42:67:C6:DC:21:99:24:AC:16:00:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/gTkJvjy9A4c53WcF3c4oBPT0rgA.roa
Signing time:             Mon 01 Jan 2024 00:29:57 +0000
ROA not before:           Mon 01 Jan 2024 00:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49770
IP address blocks:        2a11:840:28::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 23:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:63:08:e2:11:a4:cc:43:e4:de:3f:54:d2:bc:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89056fa9625b6c87404267c6dc219924ac160045
        Validity
            Not Before: Jan  1 00:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=813909be3cbd038739dd6705ddce2804f4f4ae00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:55:e6:c0:de:97:69:cf:f4:11:37:8a:47:20:
                    a6:84:9e:80:46:7b:f9:89:b3:13:d2:18:01:4a:d2:
                    70:5a:0e:59:e2:b4:b9:39:2c:ef:3c:ce:9f:6c:85:
                    49:08:eb:57:bd:e8:16:11:10:0d:4f:7d:0f:de:fd:
                    4b:f5:24:60:ba:40:b7:47:72:e6:7d:f2:e4:04:e5:
                    c8:e1:39:b1:b9:c4:ba:15:72:80:64:d6:69:9c:4b:
                    74:b7:15:6f:cd:81:fd:03:60:8f:5f:05:00:17:87:
                    83:b9:68:4d:91:e2:44:27:55:f3:86:a1:0b:54:ae:
                    7e:81:80:dc:bc:3d:87:c8:6d:13:36:46:ac:e4:36:
                    cf:9c:e4:d5:69:c9:c4:34:de:d9:40:45:9a:32:24:
                    0f:91:7b:30:30:ef:73:9c:35:18:6a:5b:da:e5:51:
                    75:67:96:4b:36:12:61:80:ba:fc:d9:2f:75:23:c8:
                    55:8a:59:4c:b4:ef:25:32:98:c1:22:14:8d:40:cb:
                    35:b3:67:23:54:8f:55:f2:0f:2e:36:05:80:e7:b7:
                    ee:d4:85:2e:63:b8:4c:e0:ac:88:ad:c6:02:89:e8:
                    21:af:40:3b:f9:19:91:c1:e5:46:64:be:db:dd:06:
                    46:c8:33:19:5f:12:27:c0:59:a1:af:93:3c:17:41:
                    01:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:39:09:BE:3C:BD:03:87:39:DD:67:05:DD:CE:28:04:F4:F4:AE:00
            X509v3 Authority Key Identifier:
                keyid:89:05:6F:A9:62:5B:6C:87:40:42:67:C6:DC:21:99:24:AC:16:00:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/gTkJvjy9A4c53WcF3c4oBPT0rgA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:840:28::/48

    Signature Algorithm: sha256WithRSAEncryption
         95:ef:79:6c:44:18:b7:39:bc:62:33:82:ea:63:65:53:96:fe:
         e7:6c:35:de:09:1d:dc:cd:c5:e6:6d:ce:24:d5:d0:7c:ca:3f:
         d1:7b:11:49:fe:18:db:62:ec:3c:89:5b:17:92:cd:3c:1d:f8:
         a5:dd:e6:95:24:62:8a:30:a2:f1:26:a8:4b:4b:82:30:fe:92:
         47:ae:61:a2:91:18:f3:97:c5:e5:d0:99:9d:2d:ee:04:d8:fb:
         48:fd:9d:57:c6:d3:cc:d7:52:1b:c9:7b:0b:2a:fa:ed:9c:f1:
         29:1e:c4:bf:f4:77:a4:35:9b:d1:a0:75:53:7d:ad:c7:5e:77:
         b9:52:a1:32:9c:2e:d7:31:fe:22:2e:d9:ca:3f:09:8b:8c:50:
         44:d7:ee:8b:b6:02:d9:ab:c2:69:8c:3b:e5:b7:13:be:95:0b:
         42:7a:a2:57:c3:48:e8:4f:55:c5:01:ee:b7:84:0f:42:74:c3:
         d2:e0:d6:b8:b6:85:b9:55:45:da:06:d3:d4:8c:5b:ca:5d:f2:
         61:75:ef:4d:ed:d5:43:e8:9b:46:85:69:87:af:92:00:9d:d4:
         22:d6:c5:47:b5:41:7b:53:bc:b4:41:3f:b7:7c:11:ae:f1:1e:
         f4:df:2b:70:b8:ba:c5:c3:4b:bd:5b:5a:e1:f5:e5:22:2a:ec:
         89:1d:b9:13
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbWMI4hGkzEPk3j9U0rzSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5MDU2ZmE5NjI1YjZjODc0MDQyNjdjNmRjMjE5OTI0YWMx
NjAwNDUwHhcNMjQwMTAxMDAyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTM5MDliZTNjYmQwMzg3MzlkZDY3MDVkZGNlMjgwNGY0ZjRhZTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0lXmwN6Xac/0ETeKRyCmhJ6ARnv5
ibMT0hgBStJwWg5Z4rS5OSzvPM6fbIVJCOtXvegWERANT30P3v1L9SRgukC3R3Lm
ffLkBOXI4TmxucS6FXKAZNZpnEt0txVvzYH9A2CPXwUAF4eDuWhNkeJEJ1XzhqEL
VK5+gYDcvD2HyG0TNkas5DbPnOTVacnENN7ZQEWaMiQPkXswMO9znDUYalva5VF1
Z5ZLNhJhgLr82S91I8hVillMtO8lMpjBIhSNQMs1s2cjVI9V8g8uNgWA57fu1IUu
Y7hM4KyIrcYCieghr0A7+RmRweVGZL7b3QZGyDMZXxInwFmhr5M8F0EBfQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIE5Cb48vQOHOd1nBd3OKAT09K4AMB8GA1UdIwQY
MBaAFIkFb6liW2yHQEJnxtwhmSSsFgBFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVFWdnFXSmJiSWRBUW1mRzNDR1pKS3dXQUVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi85OWFlMmYtMzljYy00M2YzLTk0MWQt
NTE5MjAzNzMzNTNjLzEvZ1RrSnZqeTlBNGM1M1djRjNjNG9CUFQwcmdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi85OWFlMmYtMzljYy00M2YzLTk0MWQtNTE5MjAzNzMzNTNj
LzEvaVFWdnFXSmJiSWRBUW1mRzNDR1pKS3dXQUVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhEIQAAo
MA0GCSqGSIb3DQEBCwUAA4IBAQCV73lsRBi3ObxiM4LqY2VTlv7nbDXeCR3czcXm
bc4k1dB8yj/RexFJ/hjbYuw8iVsXks08Hfil3eaVJGKKMKLxJqhLS4Iw/pJHrmGi
kRjzl8Xl0JmdLe4E2PtI/Z1XxtPM11IbyXsLKvrtnPEpHsS/9HekNZvRoHVTfa3H
Xne5UqEynC7XMf4iLtnKPwmLjFBE1+6LtgLZq8JpjDvltxO+lQtCeqJXw0joT1XF
Ae63hA9CdMPS4Na4toW5VUXaBtPUjFvKXfJhde9N7dVD6JtGhWmHr5IAndQi1sVH
tUF7U7y0QT+3fBGu8R703ytwuLrFw0u9W1rh9eUiKuyJHbkT
-----END CERTIFICATE-----