Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/rRmUa8Glw6004jIOE7e1nUddFhM.roa
File:                     rRmUa8Glw6004jIOE7e1nUddFhM.roa (raw, json)
Hash identifier:          nG7jcc2osfxL/77c2w5BV8UAFT6wGMsou1EVsN5VkGU=
Subject key identifier:   AD:19:94:6B:C1:A5:C3:AD:34:E2:32:0E:13:B7:B5:9D:47:5D:16:13
Certificate issuer:       /CN=89056fa9625b6c87404267c6dc219924ac160045
Certificate serial:       018CC26D61677C0965DC4E755364A653E5B7
Authority key identifier: 89:05:6F:A9:62:5B:6C:87:40:42:67:C6:DC:21:99:24:AC:16:00:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/rRmUa8Glw6004jIOE7e1nUddFhM.roa
Signing time:             Mon 01 Jan 2024 00:29:57 +0000
ROA not before:           Mon 01 Jan 2024 00:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30900
IP address blocks:        2a11:840:27::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 12:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:61:67:7c:09:65:dc:4e:75:53:64:a6:53:e5:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89056fa9625b6c87404267c6dc219924ac160045
        Validity
            Not Before: Jan  1 00:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ad19946bc1a5c3ad34e2320e13b7b59d475d1613
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:fb:b6:0f:61:ad:c0:e5:f9:60:94:65:55:ce:
                    a5:69:f6:d8:43:77:b3:2e:da:07:93:fe:b5:2f:bc:
                    26:4b:8b:c0:f5:a9:be:89:cd:72:37:04:33:81:ee:
                    93:a7:8e:99:2d:38:17:5f:28:39:b4:d4:93:63:11:
                    58:28:df:f8:f5:35:83:b8:e5:d1:26:ba:16:b7:c6:
                    c4:58:1c:22:9f:c9:f3:72:2f:16:c4:e9:2e:9d:b7:
                    27:28:96:50:32:5e:22:41:56:ec:75:b3:03:6d:38:
                    6a:5a:8e:87:5d:1c:ee:4f:09:60:2a:02:0a:17:18:
                    89:dd:e6:15:cf:97:54:a1:cc:ee:17:4a:45:4e:18:
                    35:c2:8e:38:9b:3a:33:89:ce:84:bb:bd:d1:bd:7f:
                    48:31:80:48:ea:a8:b6:ee:0c:43:d5:c2:03:19:5c:
                    e4:29:39:56:51:76:a4:a8:26:c4:f8:03:95:b6:a6:
                    b7:39:4a:60:41:df:3b:e9:66:be:05:5e:75:47:68:
                    3a:eb:99:07:5a:c2:91:d0:7c:8e:d7:64:e4:6a:a1:
                    27:55:19:d3:83:c6:61:63:76:d0:f8:ad:15:c6:5e:
                    d8:35:e2:07:79:22:5a:c9:96:90:93:7a:bc:10:1d:
                    cb:55:1f:c3:6a:8b:19:96:d9:54:07:d6:2b:6f:77:
                    c9:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:19:94:6B:C1:A5:C3:AD:34:E2:32:0E:13:B7:B5:9D:47:5D:16:13
            X509v3 Authority Key Identifier:
                keyid:89:05:6F:A9:62:5B:6C:87:40:42:67:C6:DC:21:99:24:AC:16:00:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iQVvqWJbbIdAQmfG3CGZJKwWAEU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/rRmUa8Glw6004jIOE7e1nUddFhM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/99ae2f-39cc-43f3-941d-51920373353c/1/iQVvqWJbbIdAQmfG3CGZJKwWAEU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:840:27::/48

    Signature Algorithm: sha256WithRSAEncryption
         55:8b:c0:be:70:c9:80:75:d2:12:41:5e:3e:fd:2d:4d:94:82:
         a4:82:69:5e:c6:bb:d7:29:6f:10:a4:cd:3d:68:46:59:81:f3:
         a7:ca:ff:a6:ca:a8:01:99:cc:79:94:40:54:f7:f7:f8:0c:23:
         99:1f:b4:ad:4c:7e:bb:ab:75:01:b7:e0:76:a6:c1:89:be:b6:
         aa:17:3c:82:1a:f7:ca:ac:71:73:b0:ef:63:cc:6f:a9:1c:85:
         57:77:a6:80:9a:ff:03:ce:a2:b5:2a:b4:fe:6b:c9:18:d3:ee:
         d6:09:12:5d:d3:57:86:fd:ea:6b:6b:25:89:9f:cf:89:ca:1b:
         06:ef:b3:da:7f:cb:e3:28:c5:49:3b:14:5d:b0:d2:77:e3:34:
         f0:86:e7:1b:ef:83:d9:df:0e:cf:d3:97:25:0f:1a:7d:18:7a:
         f9:4a:34:ae:6d:ba:7f:bc:f0:97:47:65:15:53:af:41:94:31:
         93:c3:6f:7e:4b:b7:98:44:32:1d:bf:dc:8f:02:c2:b0:e7:e2:
         fc:49:25:3b:5f:c5:17:3c:9e:96:f2:8d:eb:bc:b5:24:ef:0d:
         5d:50:23:24:6b:3b:09:7a:19:a9:05:7b:4b:73:42:73:35:0f:
         9c:11:4d:cf:67:92:3f:7d:3c:fe:c2:2e:6c:ae:91:fa:01:ac:
         6b:bf:b1:8a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbWFnfAll3E51U2SmU+W3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5MDU2ZmE5NjI1YjZjODc0MDQyNjdjNmRjMjE5OTI0YWMx
NjAwNDUwHhcNMjQwMTAxMDAyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDE5OTQ2YmMxYTVjM2FkMzRlMjMyMGUxM2I3YjU5ZDQ3NWQxNjEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyfu2D2GtwOX5YJRlVc6lafbYQ3ez
LtoHk/61L7wmS4vA9am+ic1yNwQzge6Tp46ZLTgXXyg5tNSTYxFYKN/49TWDuOXR
JroWt8bEWBwin8nzci8WxOkunbcnKJZQMl4iQVbsdbMDbThqWo6HXRzuTwlgKgIK
FxiJ3eYVz5dUoczuF0pFThg1wo44mzozic6Eu73RvX9IMYBI6qi27gxD1cIDGVzk
KTlWUXakqCbE+AOVtqa3OUpgQd876Wa+BV51R2g665kHWsKR0HyO12TkaqEnVRnT
g8ZhY3bQ+K0Vxl7YNeIHeSJayZaQk3q8EB3LVR/DaosZltlUB9Yrb3fJIQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFK0ZlGvBpcOtNOIyDhO3tZ1HXRYTMB8GA1UdIwQY
MBaAFIkFb6liW2yHQEJnxtwhmSSsFgBFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVFWdnFXSmJiSWRBUW1mRzNDR1pKS3dXQUVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi85OWFlMmYtMzljYy00M2YzLTk0MWQt
NTE5MjAzNzMzNTNjLzEvclJtVWE4R2x3NjAwNGpJT0U3ZTFuVWRkRmhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi85OWFlMmYtMzljYy00M2YzLTk0MWQtNTE5MjAzNzMzNTNj
LzEvaVFWdnFXSmJiSWRBUW1mRzNDR1pKS3dXQUVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhEIQAAn
MA0GCSqGSIb3DQEBCwUAA4IBAQBVi8C+cMmAddISQV4+/S1NlIKkgmlexrvXKW8Q
pM09aEZZgfOnyv+myqgBmcx5lEBU9/f4DCOZH7StTH67q3UBt+B2psGJvraqFzyC
GvfKrHFzsO9jzG+pHIVXd6aAmv8DzqK1KrT+a8kY0+7WCRJd01eG/eprayWJn8+J
yhsG77Paf8vjKMVJOxRdsNJ34zTwhucb74PZ3w7P05clDxp9GHr5SjSubbp/vPCX
R2UVU69BlDGTw29+S7eYRDIdv9yPAsKw5+L8SSU7X8UXPJ6W8o3rvLUk7w1dUCMk
azsJehmpBXtLc0JzNQ+cEU3PZ5I/fTz+wi5srpH6Aaxrv7GK
-----END CERTIFICATE-----