Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/g11Luu_KdONz9gNQEEe4A5BciK4.roa
File:                     g11Luu_KdONz9gNQEEe4A5BciK4.roa (raw, json)
Hash identifier:          Mulmo7NCfhkWqysjG452jYO/8GqflSEOr0H185YoRNQ=
Subject key identifier:   83:5D:4B:BA:EF:CA:74:E3:73:F6:03:50:10:47:B8:03:90:5C:88:AE
Certificate issuer:       /CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
Certificate serial:       018CC4938E54753BBCEBBF80F00276915C81
Authority key identifier: FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/g11Luu_KdONz9gNQEEe4A5BciK4.roa
Signing time:             Mon 01 Jan 2024 10:30:53 +0000
ROA not before:           Mon 01 Jan 2024 10:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207168
IP address blocks:        2a00:1e68:125::/48 maxlen: 128
                          2a00:1e68:98::/47 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:8e:54:75:3b:bc:eb:bf:80:f0:02:76:91:5c:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb32e9f4aa32aba7312fab054b174dce8c515ca3
        Validity
            Not Before: Jan  1 10:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=835d4bbaefca74e373f603501047b803905c88ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:0f:35:5a:90:38:eb:88:8e:28:1e:a8:e4:73:
                    ea:5f:52:0e:45:35:55:86:9e:44:43:35:6a:8e:8c:
                    19:e8:9b:a4:ef:8f:c9:87:e3:3d:9c:b9:d0:df:cb:
                    91:03:5a:27:45:72:b1:c3:af:71:37:61:3d:32:7b:
                    7f:43:16:fc:bd:6c:a6:34:ad:9c:4f:69:16:97:1d:
                    df:76:5c:bd:35:a4:70:0a:6b:0a:57:ae:48:79:45:
                    99:96:0d:cf:85:a4:73:74:96:41:d9:64:c5:b1:b7:
                    a1:31:13:81:55:2b:b8:8e:cd:27:22:87:86:15:59:
                    8d:ab:15:5f:4a:5e:99:22:c9:0a:0b:8f:ed:03:88:
                    46:ae:07:20:ed:d7:3f:01:39:a1:99:5f:5a:09:35:
                    e8:a1:0b:6b:e1:14:27:a3:3b:e5:4f:68:53:69:d2:
                    a5:f6:52:44:ad:fe:15:eb:aa:e3:74:97:68:90:80:
                    f5:8e:2f:af:2e:ea:29:71:c4:ea:10:4c:22:49:71:
                    c3:f7:81:1f:2e:78:d5:f3:2d:d1:89:e1:39:0e:ae:
                    81:6a:de:6b:0b:be:c5:4b:71:7f:2e:aa:55:a8:d4:
                    73:1f:0f:3b:a6:8f:84:8c:f7:09:62:cb:57:61:b7:
                    a2:83:eb:44:2c:6f:e3:ed:1a:8c:b5:86:44:d6:e0:
                    5d:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:5D:4B:BA:EF:CA:74:E3:73:F6:03:50:10:47:B8:03:90:5C:88:AE
            X509v3 Authority Key Identifier:
                keyid:FB:32:E9:F4:AA:32:AB:A7:31:2F:AB:05:4B:17:4D:CE:8C:51:5C:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/g11Luu_KdONz9gNQEEe4A5BciK4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/278663-b135-4db1-a044-20624b3c157f/1/1-zLp9Koyq6cxL6sFSxdNzoxRXKM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:1e68:98::/47
                  2a00:1e68:125::/48

    Signature Algorithm: sha256WithRSAEncryption
         6e:a3:6a:5a:66:83:cf:e4:56:54:a8:1b:35:f9:b1:12:53:78:
         e3:ed:64:d0:ae:fd:81:64:14:92:9a:a3:ab:ae:d0:26:35:5a:
         0d:bb:e4:df:68:a8:3b:58:28:0e:39:44:6f:ad:95:ad:64:81:
         05:53:75:ef:cd:c3:bd:f4:c7:49:c8:96:98:4c:93:5d:bb:58:
         81:61:d4:c1:78:63:97:38:98:4e:b5:55:85:46:b6:23:dc:ad:
         a1:0b:da:27:c3:5e:ab:ae:06:dd:e5:1b:d5:1d:b8:d7:ff:18:
         2f:03:12:88:f5:01:86:8c:e1:8e:74:8e:54:20:f6:b8:c6:93:
         32:2d:19:ce:ac:54:f2:90:a3:4e:7f:dc:db:64:1f:6d:d2:75:
         6c:1d:04:a6:b3:bc:c6:df:f7:14:ec:89:dc:3e:aa:00:0f:e4:
         42:2a:30:e7:f2:39:e8:1b:42:43:6b:a8:3f:4e:4a:a3:59:66:
         6a:7d:37:53:ca:ad:c3:9f:65:2d:b9:fe:fb:1d:59:ee:87:88:
         cf:7e:7f:9e:5d:b5:1e:4a:4a:fa:1a:fd:6c:51:ac:34:f9:49:
         0c:5c:34:66:2b:12:27:99:ff:a2:ea:f1:3b:3e:30:95:36:ce:
         61:2f:69:03:1f:a9:1c:fb:b6:cc:72:97:f5:0e:a6:bc:72:17:
         b0:aa:a2:72
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzEk45UdTu867+A8AJ2kVyBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiMzJlOWY0YWEzMmFiYTczMTJmYWIwNTRiMTc0ZGNlOGM1
MTVjYTMwHhcNMjQwMTAxMTAzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzVkNGJiYWVmY2E3NGUzNzNmNjAzNTAxMDQ3YjgwMzkwNWM4OGFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQ81WpA464iOKB6o5HPqX1IORTVV
hp5EQzVqjowZ6Juk74/Jh+M9nLnQ38uRA1onRXKxw69xN2E9Mnt/Qxb8vWymNK2c
T2kWlx3fdly9NaRwCmsKV65IeUWZlg3PhaRzdJZB2WTFsbehMROBVSu4js0nIoeG
FVmNqxVfSl6ZIskKC4/tA4hGrgcg7dc/ATmhmV9aCTXooQtr4RQnozvlT2hTadKl
9lJErf4V66rjdJdokID1ji+vLuopccTqEEwiSXHD94EfLnjV8y3RieE5Dq6Bat5r
C77FS3F/LqpVqNRzHw87po+EjPcJYstXYbeig+tELG/j7RqMtYZE1uBdnQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFINdS7rvynTjc/YDUBBHuAOQXIiuMB8GA1UdIwQY
MBaAFPsy6fSqMqunMS+rBUsXTc6MUVyjMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS16THA5S295cTZjeEw2c0ZTeGROem94UlhLTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTIvMjc4NjYzLWIxMzUtNGRiMS1hMDQ0
LTIwNjI0YjNjMTU3Zi8xL2cxMUx1dV9LZE9OejlnTlFFRWU0QTVCY2lLNC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZTIvMjc4NjYzLWIxMzUtNGRiMS1hMDQ0LTIwNjI0YjNjMTU3
Zi8xLzEtekxwOUtveXE2Y3hMNnNGU3hkTnpveFJYS00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgACMBIDBwEqAB5o
AJgDBwAqAB5oASUwDQYJKoZIhvcNAQELBQADggEBAG6jalpmg8/kVlSoGzX5sRJT
eOPtZNCu/YFkFJKao6uu0CY1Wg275N9oqDtYKA45RG+tla1kgQVTde/Nw730x0nI
lphMk127WIFh1MF4Y5c4mE61VYVGtiPcraEL2ifDXquuBt3lG9UduNf/GC8DEoj1
AYaM4Y50jlQg9rjGkzItGc6sVPKQo05/3NtkH23SdWwdBKazvMbf9xTsidw+qgAP
5EIqMOfyOegbQkNrqD9OSqNZZmp9N1PKrcOfZS25/vsdWe6HiM9+f55dtR5KSvoa
/WxRrDT5SQxcNGYrEieZ/6Lq8Ts+MJU2zmEvaQMfqRz7tsxyl/UOprxyF7CqonI=
-----END CERTIFICATE-----