Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/3NZrAd-0jpXRsxo5XueYVeSmmCI.roa
File:                     3NZrAd-0jpXRsxo5XueYVeSmmCI.roa (raw, json)
Hash identifier:          gJpHBjCD7XP8qSEee1OvdFVrR+Y2rkDa5kijCldnM84=
Subject key identifier:   DC:D6:6B:01:DF:B4:8E:95:D1:B3:1A:39:5E:E7:98:55:E4:A6:98:22
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       0193591812E9F6AADEC0494AF04A21CD64FD
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/3NZrAd-0jpXRsxo5XueYVeSmmCI.roa
Signing time:             Sat 23 Nov 2024 12:56:10 +0000
ROA not before:           Sat 23 Nov 2024 12:56:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214958
IP address blocks:        2a11:91c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:59:18:12:e9:f6:aa:de:c0:49:4a:f0:4a:21:cd:64:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Nov 23 12:56:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dcd66b01dfb48e95d1b31a395ee79855e4a69822
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:58:c6:4c:af:f3:d8:48:ae:6e:cf:c0:ae:95:
                    47:5c:94:d4:c0:be:0f:e5:23:0b:3c:92:15:6d:09:
                    4a:4f:c9:b1:29:1f:0b:9f:a1:2a:fe:b2:d6:65:be:
                    73:c8:2d:94:70:4a:61:e0:69:68:ad:29:0e:6e:87:
                    32:01:47:1e:08:40:a7:7a:02:51:2e:04:9f:ad:81:
                    5c:df:b4:af:95:67:4d:bc:97:0c:1d:a8:8f:d8:ec:
                    26:65:89:bc:4f:62:13:2e:e0:96:45:a3:1d:e9:73:
                    d5:b1:ed:c7:52:b5:80:fd:05:8e:58:71:c6:10:89:
                    33:95:1f:92:91:19:79:68:59:92:bf:2b:33:b5:a7:
                    09:bf:4f:58:25:78:2a:7f:40:47:d1:06:2e:85:d1:
                    74:6b:63:09:0a:41:60:03:8c:3c:3b:c9:8e:26:e3:
                    2a:77:ac:d2:3f:4a:d9:fd:ef:76:3e:11:ae:e8:60:
                    bf:b6:a6:e0:15:6d:e0:36:0e:43:19:22:04:ad:50:
                    7c:b4:41:c9:29:b6:9a:b2:82:31:7b:5d:91:6f:af:
                    fe:fc:66:c2:1f:73:88:9b:ec:db:da:af:6c:ab:81:
                    d5:d9:9d:94:1a:0e:e7:97:56:d3:dc:d4:e0:fc:f9:
                    f5:8a:07:ff:17:99:9a:ae:45:6a:0b:f2:b1:8a:41:
                    58:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:D6:6B:01:DF:B4:8E:95:D1:B3:1A:39:5E:E7:98:55:E4:A6:98:22
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/3NZrAd-0jpXRsxo5XueYVeSmmCI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:91c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         9a:df:6a:b0:6b:14:6d:8b:89:05:79:6c:9b:28:2f:22:41:bb:
         f5:7a:2c:e7:df:e1:13:84:5c:76:89:88:b7:dc:71:f2:21:92:
         b9:7c:86:6c:fa:8c:8e:cc:7d:ac:d4:c6:cd:b0:44:e6:21:69:
         56:21:8f:27:3b:52:f9:e6:e4:68:aa:c4:0a:5f:55:fe:db:d2:
         6a:6a:5b:7d:2e:b8:cc:88:aa:82:20:c8:d6:fb:d6:c7:13:cc:
         57:c4:c9:07:71:9b:a6:3c:f7:0b:e7:ef:e3:30:05:2d:c1:bc:
         c0:7e:a1:9c:49:8f:f5:96:b5:04:69:9e:ec:66:0e:5d:74:9a:
         cb:fb:08:1f:f0:e2:e6:b6:64:42:69:69:03:c6:38:c9:22:03:
         ef:9e:00:0a:b0:b9:75:95:59:95:cb:cf:20:fb:cd:a2:9e:9f:
         1d:7a:12:7c:4a:fa:f1:f9:c0:e0:18:d3:83:c9:4c:93:11:b2:
         e2:e3:fd:56:41:7c:9a:7d:fb:3b:2d:59:b1:ca:50:e2:e1:d7:
         6b:59:b0:d8:6a:e3:91:3b:39:0a:d2:b0:1f:e7:8c:b9:e2:e6:
         d4:c6:f3:1c:41:74:cc:a9:30:56:bf:63:c1:f9:cb:07:84:6b:
         7b:b5:f9:e1:58:de:02:af:ff:92:25:70:37:19:db:71:85:a1:
         ed:75:69:48
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZNZGBLp9qrewElK8EohzWT9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjQxMTIzMTI1NjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2Q2NmIwMWRmYjQ4ZTk1ZDFiMzFhMzk1ZWU3OTg1NWU0YTY5ODIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzljGTK/z2Eiubs/ArpVHXJTUwL4P
5SMLPJIVbQlKT8mxKR8Ln6Eq/rLWZb5zyC2UcEph4GlorSkObocyAUceCECnegJR
LgSfrYFc37SvlWdNvJcMHaiP2OwmZYm8T2ITLuCWRaMd6XPVse3HUrWA/QWOWHHG
EIkzlR+SkRl5aFmSvysztacJv09YJXgqf0BH0QYuhdF0a2MJCkFgA4w8O8mOJuMq
d6zSP0rZ/e92PhGu6GC/tqbgFW3gNg5DGSIErVB8tEHJKbaasoIxe12Rb6/+/GbC
H3OIm+zb2q9sq4HV2Z2UGg7nl1bT3NTg/Pn1igf/F5markVqC/KxikFY0wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNzWawHftI6V0bMaOV7nmFXkppgiMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvM05ackFkLTBqcFhSc3hvNVh1ZVlWZVNtbUNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhGRwDAN
BgkqhkiG9w0BAQsFAAOCAQEAmt9qsGsUbYuJBXlsmygvIkG79Xos59/hE4RcdomI
t9xx8iGSuXyGbPqMjsx9rNTGzbBE5iFpViGPJztS+ebkaKrECl9V/tvSampbfS64
zIiqgiDI1vvWxxPMV8TJB3Gbpjz3C+fv4zAFLcG8wH6hnEmP9Za1BGme7GYOXXSa
y/sIH/Di5rZkQmlpA8Y4ySID754ACrC5dZVZlcvPIPvNop6fHXoSfEr68fnA4BjT
g8lMkxGy4uP9VkF8mn37Oy1ZscpQ4uHXa1mw2GrjkTs5CtKwH+eMueLm1MbzHEF0
zKkwVr9jwfnLB4Rre7X54VjeAq//kiVwNxnbcYWh7XVpSA==
-----END CERTIFICATE-----