Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/TRdCRCeFOjA1Q4PcZyS5Z8mWXZ0.roa
File:                     TRdCRCeFOjA1Q4PcZyS5Z8mWXZ0.roa (raw, json)
Hash identifier:          XAfIDB2POws7zIHWWGkWVC/20Bm3rIxoF/u/HthYxlI=
Subject key identifier:   4D:17:42:44:27:85:3A:30:35:43:83:DC:67:24:B9:67:C9:96:5D:9D
Certificate issuer:       /CN=763d457e5d3cc0acd8a74f8b10e2686bfbc496cb
Certificate serial:       01933F93C9191FD3E9D71EE53EEEB75F012D
Authority key identifier: 76:3D:45:7E:5D:3C:C0:AC:D8:A7:4F:8B:10:E2:68:6B:FB:C4:96:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dj1Ffl08wKzYp0-LEOJoa_vElss.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/TRdCRCeFOjA1Q4PcZyS5Z8mWXZ0.roa
Signing time:             Mon 18 Nov 2024 14:01:10 +0000
ROA not before:           Mon 18 Nov 2024 14:01:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209641
IP address blocks:        2a11:b785::/32 maxlen: 32
                          2a12:4c06::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/dj1Ffl08wKzYp0-LEOJoa_vElss.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/dj1Ffl08wKzYp0-LEOJoa_vElss.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dj1Ffl08wKzYp0-LEOJoa_vElss.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:3f:93:c9:19:1f:d3:e9:d7:1e:e5:3e:ee:b7:5f:01:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=763d457e5d3cc0acd8a74f8b10e2686bfbc496cb
        Validity
            Not Before: Nov 18 14:01:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d17424427853a30354383dc6724b967c9965d9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:a5:08:2e:a8:af:80:0e:6f:6c:79:0d:43:d3:
                    26:b4:8c:32:e5:f8:54:a5:16:12:f9:49:bf:dc:ac:
                    31:92:d1:59:8a:91:29:85:05:7d:10:6d:bc:c4:6d:
                    f2:10:72:86:81:00:93:16:87:40:e2:8e:76:69:92:
                    38:62:d6:1c:4f:cf:1b:60:98:8f:b9:4f:e2:be:af:
                    7d:25:bf:9e:d3:67:ab:e7:d9:ac:ac:a7:cd:1b:67:
                    eb:8d:45:d4:12:ac:f4:71:2d:15:d8:4a:9f:7f:91:
                    15:4b:76:45:3c:1c:fc:df:89:6d:80:cb:04:b5:75:
                    a9:a5:8f:43:8e:ca:73:e1:63:ed:9e:88:9a:b9:97:
                    1b:d8:d1:b2:85:f8:6e:48:d7:26:7d:ba:b7:75:04:
                    8e:7a:0e:72:fc:42:28:93:41:f4:8f:f6:9c:3b:5d:
                    82:59:bb:b7:87:7c:76:cf:25:23:02:ac:c9:71:1e:
                    e9:3d:dc:47:8a:e8:ce:a0:e3:ec:79:66:b4:f3:37:
                    67:23:97:b7:ce:5b:19:d6:a2:c8:e1:00:66:46:08:
                    4b:24:8f:71:34:2c:6b:41:eb:87:43:46:4f:c9:9f:
                    b2:fb:cc:39:b4:02:12:66:a1:3c:c1:b7:06:2c:5b:
                    79:e2:ce:72:20:b3:6e:2a:81:a5:7a:bf:e0:89:6d:
                    f2:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:17:42:44:27:85:3A:30:35:43:83:DC:67:24:B9:67:C9:96:5D:9D
            X509v3 Authority Key Identifier:
                keyid:76:3D:45:7E:5D:3C:C0:AC:D8:A7:4F:8B:10:E2:68:6B:FB:C4:96:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dj1Ffl08wKzYp0-LEOJoa_vElss.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/TRdCRCeFOjA1Q4PcZyS5Z8mWXZ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/dj1Ffl08wKzYp0-LEOJoa_vElss.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:b785::/32
                  2a12:4c06::/32

    Signature Algorithm: sha256WithRSAEncryption
         bd:32:88:b8:53:aa:1b:d6:98:98:84:f6:30:4d:ed:55:b2:63:
         bc:8a:ec:6f:bd:fb:49:2d:34:fa:69:c1:60:53:35:01:c1:1f:
         54:8e:07:56:7d:7b:78:2d:71:64:67:9b:1d:ee:3b:f7:33:9c:
         95:1f:0c:76:6d:f7:94:c2:35:43:18:7b:14:b4:1d:9a:6c:60:
         0c:e7:c8:00:e3:d3:67:ee:2c:7a:a7:1e:b4:01:9f:b5:23:92:
         cb:b0:30:0b:b7:df:db:4b:9c:24:c8:87:f0:ca:ab:78:10:76:
         8c:78:0a:fc:38:ad:07:dc:58:7b:8f:cf:b0:f0:fb:92:62:0a:
         36:08:fa:36:75:6d:a1:95:cb:c4:4b:2d:df:e2:0d:6c:f6:57:
         4b:67:32:20:6c:cb:3e:26:9e:aa:3d:2c:e8:af:ce:31:94:0b:
         9f:ec:ad:b9:f9:3f:5e:8e:62:79:7f:e2:0a:fe:2b:c6:11:dc:
         a0:c7:a8:8a:f3:c7:3d:ff:2b:9e:6b:8e:7e:a3:bd:40:ba:b2:
         f1:a8:7a:95:d3:e6:5e:40:bd:8c:53:c5:18:94:85:c6:0f:42:
         39:73:26:c0:aa:8e:00:13:ca:5b:83:0e:ef:c9:00:17:86:04:
         61:ec:8e:3b:31:5e:eb:c6:0a:67:5a:42:70:aa:ea:6a:8a:41:
         02:0e:3f:7d
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZM/k8kZH9Pp1x7lPu63XwEtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2M2Q0NTdlNWQzY2MwYWNkOGE3NGY4YjEwZTI2ODZiZmJj
NDk2Y2IwHhcNMjQxMTE4MTQwMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDE3NDI0NDI3ODUzYTMwMzU0MzgzZGM2NzI0Yjk2N2M5OTY1ZDlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8KUILqivgA5vbHkNQ9MmtIwy5fhU
pRYS+Um/3KwxktFZipEphQV9EG28xG3yEHKGgQCTFodA4o52aZI4YtYcT88bYJiP
uU/ivq99Jb+e02er59msrKfNG2frjUXUEqz0cS0V2Eqff5EVS3ZFPBz834ltgMsE
tXWppY9Djspz4WPtnoiauZcb2NGyhfhuSNcmfbq3dQSOeg5y/EIok0H0j/acO12C
Wbu3h3x2zyUjAqzJcR7pPdxHiujOoOPseWa08zdnI5e3zlsZ1qLI4QBmRghLJI9x
NCxrQeuHQ0ZPyZ+y+8w5tAISZqE8wbcGLFt54s5yILNuKoGler/giW3ybQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFE0XQkQnhTowNUOD3GckuWfJll2dMB8GA1UdIwQY
MBaAFHY9RX5dPMCs2KdPixDiaGv7xJbLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGoxRmZsMDh3S3pZcDAtTEVPSm9hX3ZFbHNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9jY2M5NGItYzI4Ny00ZTVmLTg2MDQt
N2U1OTRmMjQ5NGNjLzEvVFJkQ1JDZUZPakExUTRQY1p5UzVaOG1XWFowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9jY2M5NGItYzI4Ny00ZTVmLTg2MDQtN2U1OTRmMjQ5NGNj
LzEvZGoxRmZsMDh3S3pZcDAtTEVPSm9hX3ZFbHNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKhG3hQMF
ACoSTAYwDQYJKoZIhvcNAQELBQADggEBAL0yiLhTqhvWmJiE9jBN7VWyY7yK7G+9
+0ktNPppwWBTNQHBH1SOB1Z9e3gtcWRnmx3uO/cznJUfDHZt95TCNUMYexS0HZps
YAznyADj02fuLHqnHrQBn7UjksuwMAu339tLnCTIh/DKq3gQdox4Cvw4rQfcWHuP
z7Dw+5JiCjYI+jZ1baGVy8RLLd/iDWz2V0tnMiBsyz4mnqo9LOivzjGUC5/srbn5
P16OYnl/4gr+K8YR3KDHqIrzxz3/K55rjn6jvUC6svGoepXT5l5AvYxTxRiUhcYP
QjlzJsCqjgATyluDDu/JABeGBGHsjjsxXuvGCmdaQnCq6mqKQQIOP30=
-----END CERTIFICATE-----