Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/L4Xe1niDm7mXAc_tGRsEPBfTyCE.roa
File:                     L4Xe1niDm7mXAc_tGRsEPBfTyCE.roa (raw, json)
Hash identifier:          mj0subICubl8SdoCC1hPOD5TMl0Co7cyp0M3+s5r4Kk=
Subject key identifier:   2F:85:DE:D6:78:83:9B:B9:97:01:CF:ED:19:1B:04:3C:17:D3:C8:21
Certificate issuer:       /CN=eac2c1afd4bdec980506fa07df7c8662d554fa46
Certificate serial:       018CCA29BA3005184056DED41A1D36D062E3
Authority key identifier: EA:C2:C1:AF:D4:BD:EC:98:05:06:FA:07:DF:7C:86:62:D5:54:FA:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6sLBr9S97JgFBvoH33yGYtVU-kY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/L4Xe1niDm7mXAc_tGRsEPBfTyCE.roa
Signing time:             Tue 02 Jan 2024 12:33:01 +0000
ROA not before:           Tue 02 Jan 2024 12:33:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     53667
IP address blocks:        2a11:2304::/37 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/6sLBr9S97JgFBvoH33yGYtVU-kY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/6sLBr9S97JgFBvoH33yGYtVU-kY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6sLBr9S97JgFBvoH33yGYtVU-kY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 May 2024 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:ba:30:05:18:40:56:de:d4:1a:1d:36:d0:62:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eac2c1afd4bdec980506fa07df7c8662d554fa46
        Validity
            Not Before: Jan  2 12:33:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2f85ded678839bb99701cfed191b043c17d3c821
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:ac:8f:9e:76:14:af:44:43:9c:f8:61:90:42:
                    ad:6c:91:31:f3:76:7b:6e:6b:92:33:e4:91:ec:9c:
                    65:12:10:66:a5:45:9a:37:e8:b7:ad:d9:84:b8:5f:
                    4e:29:e9:f0:2f:77:26:57:e8:a1:b6:cb:f0:c4:cf:
                    67:04:7c:81:96:29:2c:61:e5:ea:3e:a1:19:b6:c1:
                    f4:f5:06:9f:1a:7b:b3:77:f5:fb:04:17:d3:36:ce:
                    88:02:e1:18:69:50:42:ac:4b:db:c3:ae:09:0f:45:
                    c7:9e:f8:c8:15:9e:bc:f2:ba:06:22:2b:e1:a6:b3:
                    06:d1:53:2a:36:af:76:0d:8f:84:54:4b:a7:3e:92:
                    d7:8e:02:25:d3:5d:08:6d:5c:85:b4:d2:97:ec:68:
                    5f:e7:f7:f5:d1:2a:2b:ba:7a:ca:35:f8:29:04:75:
                    04:bc:85:94:ed:59:f1:1a:59:20:33:c4:82:9d:f8:
                    80:b0:bc:6f:87:b0:83:4f:79:48:ea:4b:c7:de:8b:
                    05:1f:f3:27:49:d2:7d:9e:45:f5:8b:41:c7:64:cb:
                    ff:9a:40:7d:70:a3:cb:10:dc:5a:91:25:77:b0:6f:
                    13:a0:d2:a0:a3:31:0e:0d:22:82:2d:15:16:ec:1f:
                    85:c5:55:b2:68:1e:2c:b3:6f:c8:f5:eb:44:52:bf:
                    ac:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:85:DE:D6:78:83:9B:B9:97:01:CF:ED:19:1B:04:3C:17:D3:C8:21
            X509v3 Authority Key Identifier:
                keyid:EA:C2:C1:AF:D4:BD:EC:98:05:06:FA:07:DF:7C:86:62:D5:54:FA:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6sLBr9S97JgFBvoH33yGYtVU-kY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/L4Xe1niDm7mXAc_tGRsEPBfTyCE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/6sLBr9S97JgFBvoH33yGYtVU-kY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:2304::/37

    Signature Algorithm: sha256WithRSAEncryption
         92:3d:64:4e:66:db:66:fc:17:3e:68:fd:73:39:33:28:55:6b:
         17:5f:80:78:a9:a4:83:c3:e4:23:a8:52:3c:07:3f:35:22:2d:
         30:a7:d6:cf:cc:91:93:6e:f0:3b:49:78:6f:c4:cf:3a:7f:99:
         d8:ab:7a:d9:94:b1:e0:85:a3:6f:54:78:8f:4f:80:3a:4d:02:
         52:2d:1c:87:22:53:ee:ee:94:65:82:2e:8b:da:cb:b5:2b:ba:
         73:39:ef:4a:72:df:c5:85:53:0f:bd:f6:0a:0a:b8:a5:50:27:
         f4:ee:16:09:5c:e6:14:10:2d:3e:b7:73:1d:30:eb:f7:c9:f9:
         2d:d5:93:9e:0e:4d:3c:21:4d:00:96:c1:1d:12:88:3c:8a:37:
         dc:12:8f:58:64:1a:c6:c8:b5:e3:e1:da:ba:de:8a:ed:ae:32:
         a2:45:a4:46:9b:cb:2e:79:ad:21:72:4c:f0:31:62:56:1b:46:
         83:63:6a:2f:9a:47:f0:08:4f:2f:8e:8c:c5:3b:7a:dc:bf:0e:
         06:ef:8a:13:99:48:3d:1c:06:c2:4f:f6:8a:b2:7f:10:18:ee:
         2f:0f:1e:de:44:5c:61:2e:7e:9f:f7:6b:df:6c:f1:d3:23:bc:
         e2:04:2d:24:1d:ee:ab:f5:65:7e:28:39:8b:60:fe:eb:d7:0a:
         05:5f:98:6c
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzKKbowBRhAVt7UGh020GLjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYzJjMWFmZDRiZGVjOTgwNTA2ZmEwN2RmN2M4NjYyZDU1
NGZhNDYwHhcNMjQwMTAyMTIzMzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjg1ZGVkNjc4ODM5YmI5OTcwMWNmZWQxOTFiMDQzYzE3ZDNjODIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi6yPnnYUr0RDnPhhkEKtbJEx83Z7
bmuSM+SR7JxlEhBmpUWaN+i3rdmEuF9OKenwL3cmV+ihtsvwxM9nBHyBliksYeXq
PqEZtsH09QafGnuzd/X7BBfTNs6IAuEYaVBCrEvbw64JD0XHnvjIFZ688roGIivh
prMG0VMqNq92DY+EVEunPpLXjgIl010IbVyFtNKX7Ghf5/f10SorunrKNfgpBHUE
vIWU7VnxGlkgM8SCnfiAsLxvh7CDT3lI6kvH3osFH/MnSdJ9nkX1i0HHZMv/mkB9
cKPLENxakSV3sG8ToNKgozEODSKCLRUW7B+FxVWyaB4ss2/I9etEUr+s1wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFC+F3tZ4g5u5lwHP7RkbBDwX08ghMB8GA1UdIwQY
MBaAFOrCwa/UveyYBQb6B998hmLVVPpGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnNMQnI5Uzk3SmdGQnZvSDMzeUdZdFZVLWtZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS81ODlhNmItNGQ3ZS00MDEyLWEwZmMt
YzBjZWIwMzdhZDQyLzEvTDRYZTFuaURtN21YQWNfdEdSc0VQQmZUeUNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS81ODlhNmItNGQ3ZS00MDEyLWEwZmMtYzBjZWIwMzdhZDQy
LzEvNnNMQnI5Uzk3SmdGQnZvSDMzeUdZdFZVLWtZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYDKhEjBAAw
DQYJKoZIhvcNAQELBQADggEBAJI9ZE5m22b8Fz5o/XM5MyhVaxdfgHippIPD5COo
UjwHPzUiLTCn1s/MkZNu8DtJeG/Ezzp/mdiretmUseCFo29UeI9PgDpNAlItHIci
U+7ulGWCLovay7UrunM570py38WFUw+99goKuKVQJ/TuFglc5hQQLT63cx0w6/fJ
+S3Vk54OTTwhTQCWwR0SiDyKN9wSj1hkGsbItePh2rreiu2uMqJFpEabyy55rSFy
TPAxYlYbRoNjai+aR/AITy+OjMU7ety/DgbvihOZSD0cBsJP9oqyfxAY7i8PHt5E
XGEufp/3a99s8dMjvOIELSQd7qv1ZX4oOYtg/uvXCgVfmGw=
-----END CERTIFICATE-----