Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/40b8f6-685d-4e86-97d8-6e31347d04d9/1/Pygn2BZatoUwQA26Ocq9efCnwJY.roa
File:                     Pygn2BZatoUwQA26Ocq9efCnwJY.roa (raw, json)
Hash identifier:          xrJMDR+J65rMtfy+hZcsfFiyEUu4xy6hWZcuP5Vkthk=
Subject key identifier:   3F:28:27:D8:16:5A:B6:85:30:40:0D:BA:39:CA:BD:79:F0:A7:C0:96
Certificate issuer:       /CN=58dd42ab3460279709c134b570f76e34e4d95b91
Certificate serial:       01914ABA5168F92FFCB1102F504A987F8941
Authority key identifier: 58:DD:42:AB:34:60:27:97:09:C1:34:B5:70:F7:6E:34:E4:D9:5B:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WN1CqzRgJ5cJwTS1cPduNOTZW5E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/40b8f6-685d-4e86-97d8-6e31347d04d9/1/Pygn2BZatoUwQA26Ocq9efCnwJY.roa
Signing time:             Tue 13 Aug 2024 07:53:30 +0000
ROA not before:           Tue 13 Aug 2024 07:53:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29152
IP address blocks:        2a00:1b11:115::/48 maxlen: 48
                          2a00:1b11:116::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/40b8f6-685d-4e86-97d8-6e31347d04d9/1/WN1CqzRgJ5cJwTS1cPduNOTZW5E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/40b8f6-685d-4e86-97d8-6e31347d04d9/1/WN1CqzRgJ5cJwTS1cPduNOTZW5E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WN1CqzRgJ5cJwTS1cPduNOTZW5E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:4a:ba:51:68:f9:2f:fc:b1:10:2f:50:4a:98:7f:89:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58dd42ab3460279709c134b570f76e34e4d95b91
        Validity
            Not Before: Aug 13 07:53:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f2827d8165ab68530400dba39cabd79f0a7c096
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:e5:80:2a:64:2d:84:3d:12:93:22:0d:07:47:
                    43:8e:c6:60:24:27:21:43:9a:32:6f:1f:64:94:ed:
                    ca:b8:97:bd:5b:18:ba:16:6e:38:7b:d1:59:0d:67:
                    d9:2a:d6:29:43:ee:70:05:e5:ae:bc:d3:ac:bc:2c:
                    71:a1:fc:69:83:23:ac:31:f5:41:88:74:55:52:2d:
                    ce:bb:09:31:08:a7:82:dd:df:73:6f:2a:64:58:2e:
                    89:f0:5a:be:7e:3b:66:03:96:f3:c3:91:84:06:85:
                    d1:18:a1:45:d9:9b:e5:31:cb:8d:ac:50:c5:7d:90:
                    5d:75:b6:71:79:bc:0f:74:4d:49:bb:b7:e6:c2:e5:
                    8f:51:e4:1b:16:38:04:a8:24:6b:18:7d:5d:4b:34:
                    5a:1b:a0:d0:1e:dc:2a:5e:e8:47:d0:fc:e2:65:31:
                    39:ca:de:a1:4a:43:13:fe:aa:fa:16:f4:5f:12:0b:
                    c8:33:fd:5b:21:ac:cb:e8:49:cf:03:89:e8:90:9b:
                    1a:c2:40:57:c5:f6:82:96:92:2d:bb:ca:f4:ec:a7:
                    ce:45:14:1d:3d:a4:60:f4:bc:be:d5:b2:3d:1a:80:
                    7c:05:5d:e5:0c:d2:13:d9:6b:da:13:f4:9d:c4:db:
                    4d:94:68:85:e1:5e:7a:9f:ba:5f:ba:51:99:e2:f9:
                    6c:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:28:27:D8:16:5A:B6:85:30:40:0D:BA:39:CA:BD:79:F0:A7:C0:96
            X509v3 Authority Key Identifier:
                keyid:58:DD:42:AB:34:60:27:97:09:C1:34:B5:70:F7:6E:34:E4:D9:5B:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WN1CqzRgJ5cJwTS1cPduNOTZW5E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/40b8f6-685d-4e86-97d8-6e31347d04d9/1/Pygn2BZatoUwQA26Ocq9efCnwJY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/40b8f6-685d-4e86-97d8-6e31347d04d9/1/WN1CqzRgJ5cJwTS1cPduNOTZW5E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:1b11:115::-2a00:1b11:116:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         43:7a:b4:1e:bc:ef:cb:3f:d2:98:7b:02:20:83:17:cb:17:fd:
         42:d8:81:04:f9:09:d4:b0:95:32:b6:34:d7:8e:04:9c:5e:52:
         bb:8a:71:19:70:63:f3:2a:04:c1:33:50:d5:03:59:f0:17:8a:
         18:ec:a5:ba:c7:4e:d7:c9:16:b0:0d:99:22:39:ac:86:84:f8:
         63:ff:3c:af:12:15:30:4e:f1:b6:66:56:d4:2f:3f:1a:bf:84:
         cb:f4:af:ec:19:43:be:67:e3:77:20:ef:61:b2:b3:57:a0:7b:
         f4:35:9b:8d:04:7c:94:63:14:f4:a9:3f:49:1b:6d:09:4f:59:
         8a:8d:84:87:75:38:4f:99:0b:69:4b:3e:0e:65:56:0d:c9:93:
         a4:12:f2:e6:e6:6f:18:98:81:2c:00:db:a3:3e:3f:4c:c4:93:
         3c:89:14:66:b6:59:ca:6a:b9:82:92:64:f1:de:cf:36:4a:bf:
         c8:bd:3a:58:a8:20:4f:13:1a:13:cd:65:0c:06:bc:44:54:81:
         ee:d9:c6:53:47:66:93:81:01:37:22:2e:36:75:28:de:fe:d5:
         fa:a5:f9:9d:38:22:8a:a7:52:a6:aa:f3:9e:cc:e8:a4:1b:6e:
         9e:64:37:32:97:a4:bc:aa:d2:e3:37:c8:55:99:4b:ab:e3:aa:
         82:56:7a:02
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZFKulFo+S/8sRAvUEqYf4lBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ZGQ0MmFiMzQ2MDI3OTcwOWMxMzRiNTcwZjc2ZTM0ZTRk
OTViOTEwHhcNMjQwODEzMDc1MzMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjI4MjdkODE2NWFiNjg1MzA0MDBkYmEzOWNhYmQ3OWYwYTdjMDk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAreWAKmQthD0SkyINB0dDjsZgJCch
Q5oybx9klO3KuJe9Wxi6Fm44e9FZDWfZKtYpQ+5wBeWuvNOsvCxxofxpgyOsMfVB
iHRVUi3OuwkxCKeC3d9zbypkWC6J8Fq+fjtmA5bzw5GEBoXRGKFF2ZvlMcuNrFDF
fZBddbZxebwPdE1Ju7fmwuWPUeQbFjgEqCRrGH1dSzRaG6DQHtwqXuhH0PziZTE5
yt6hSkMT/qr6FvRfEgvIM/1bIazL6EnPA4nokJsawkBXxfaClpItu8r07KfORRQd
PaRg9Ly+1bI9GoB8BV3lDNIT2WvaE/SdxNtNlGiF4V56n7pfulGZ4vlsrwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFD8oJ9gWWraFMEANujnKvXnwp8CWMB8GA1UdIwQY
MBaAFFjdQqs0YCeXCcE0tXD3bjTk2VuRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV04xQ3F6UmdKNWNKd1RTMWNQZHVOT1RaVzVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC80MGI4ZjYtNjg1ZC00ZTg2LTk3ZDgt
NmUzMTM0N2QwNGQ5LzEvUHlnbjJCWmF0b1V3UUEyNk9jcTllZkNud0pZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC80MGI4ZjYtNjg1ZC00ZTg2LTk3ZDgtNmUzMTM0N2QwNGQ5
LzEvV04xQ3F6UmdKNWNKd1RTMWNQZHVOT1RaVzVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwAqABsR
ARUDBwAqABsRARYwDQYJKoZIhvcNAQELBQADggEBAEN6tB6878s/0ph7AiCDF8sX
/ULYgQT5CdSwlTK2NNeOBJxeUruKcRlwY/MqBMEzUNUDWfAXihjspbrHTtfJFrAN
mSI5rIaE+GP/PK8SFTBO8bZmVtQvPxq/hMv0r+wZQ75n43cg72Gys1ege/Q1m40E
fJRjFPSpP0kbbQlPWYqNhId1OE+ZC2lLPg5lVg3Jk6QS8ubmbxiYgSwA26M+P0zE
kzyJFGa2WcpquYKSZPHezzZKv8i9OlioIE8TGhPNZQwGvERUge7ZxlNHZpOBATci
LjZ1KN7+1fql+Z04IoqnUqaq857M6KQbbp5kNzKXpLyq0uM3yFWZS6vjqoJWegI=
-----END CERTIFICATE-----