Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/8eJGbhVQ3Y--6zLiMZ7m1fKLjPA.roa
File:                     8eJGbhVQ3Y--6zLiMZ7m1fKLjPA.roa (raw, json)
Hash identifier:          dOJnR9kz+ZKNI3mr1DbJoJ34GmyKxTbbRszt1aFLiN4=
Subject key identifier:   F1:E2:46:6E:15:50:DD:8F:BE:EB:32:E2:31:9E:E6:D5:F2:8B:8C:F0
Certificate issuer:       /CN=c84d61cd17ed92e54bb3397f1e5a6b3904ac6f05
Certificate serial:       018CC424D6D66336A4F4A71CAF58C71C3621
Authority key identifier: C8:4D:61:CD:17:ED:92:E5:4B:B3:39:7F:1E:5A:6B:39:04:AC:6F:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yE1hzRftkuVLszl_HlprOQSsbwU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/8eJGbhVQ3Y--6zLiMZ7m1fKLjPA.roa
Signing time:             Mon 01 Jan 2024 08:29:57 +0000
ROA not before:           Mon 01 Jan 2024 08:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198047
IP address blocks:        185.11.240.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/yE1hzRftkuVLszl_HlprOQSsbwU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/yE1hzRftkuVLszl_HlprOQSsbwU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yE1hzRftkuVLszl_HlprOQSsbwU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 07:03:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:d6:d6:63:36:a4:f4:a7:1c:af:58:c7:1c:36:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c84d61cd17ed92e54bb3397f1e5a6b3904ac6f05
        Validity
            Not Before: Jan  1 08:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f1e2466e1550dd8fbeeb32e2319ee6d5f28b8cf0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:c6:8b:48:e7:ba:65:b2:b8:87:ca:d5:cd:e0:
                    4f:0d:ab:e2:70:53:3d:9a:1e:ef:48:90:74:ca:73:
                    bf:a0:69:b7:2d:77:e7:9e:2d:36:cf:a5:b4:2c:22:
                    a1:b9:2c:09:3d:54:0a:76:18:5e:97:14:6f:fb:39:
                    00:a7:ca:90:b5:03:4a:ba:2f:5e:d2:2d:43:6a:0b:
                    4b:7f:96:f6:bc:fa:5a:9a:f2:86:3c:6d:0a:61:50:
                    70:6a:c4:36:dd:ec:af:2b:cc:a3:4c:60:37:5e:f6:
                    00:b6:84:17:8f:5d:d1:68:aa:eb:bc:65:cb:ef:8b:
                    9b:a8:84:d3:88:52:8d:8f:c0:b8:b7:e8:ac:b2:93:
                    98:fa:3f:8d:7c:2c:d8:68:fd:74:93:6b:d6:97:4a:
                    bb:56:fe:d6:24:5d:2a:8c:15:6b:2a:d3:30:ba:01:
                    be:09:55:6a:31:69:5b:89:bd:6c:ef:22:89:88:ce:
                    84:28:89:e9:b1:76:69:2d:82:01:d2:f1:a5:bd:00:
                    2a:f5:ce:4c:d7:ba:8c:64:30:d9:7f:5a:35:52:a8:
                    02:43:ce:47:e1:da:16:9e:e8:cc:a0:e9:9b:ad:88:
                    4f:1a:92:68:4f:fc:6f:05:a6:2a:a4:a3:ba:34:1a:
                    a7:4d:5c:ca:30:ea:85:6d:ca:21:73:71:1e:ce:70:
                    8d:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:E2:46:6E:15:50:DD:8F:BE:EB:32:E2:31:9E:E6:D5:F2:8B:8C:F0
            X509v3 Authority Key Identifier:
                keyid:C8:4D:61:CD:17:ED:92:E5:4B:B3:39:7F:1E:5A:6B:39:04:AC:6F:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yE1hzRftkuVLszl_HlprOQSsbwU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/8eJGbhVQ3Y--6zLiMZ7m1fKLjPA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/yE1hzRftkuVLszl_HlprOQSsbwU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.11.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:0f:27:00:8e:5d:93:ce:2d:f0:4c:fe:78:6b:0a:80:4e:e0:
         f1:4b:30:42:cd:bc:ae:73:c5:39:47:ff:84:db:b3:bb:18:3e:
         6f:da:4f:6f:67:3f:9d:5e:e8:92:22:f4:22:94:0d:23:1b:7e:
         cc:db:86:2b:7e:6d:9e:03:0d:2e:13:e6:5b:31:c3:9d:0e:84:
         94:26:41:8e:22:31:e4:a6:25:89:b2:0c:3f:f2:41:16:d7:76:
         7e:c5:53:2a:58:9d:75:97:0d:c3:07:4c:b7:ed:cf:60:30:c5:
         9d:a3:85:1f:eb:86:15:30:5f:a0:88:6b:22:e1:c1:89:5a:2b:
         a9:8e:ee:8d:f5:91:98:27:24:67:c8:f0:be:bc:a5:3c:97:1e:
         ed:36:7f:f6:5d:3e:94:61:a5:be:c0:33:23:2e:9e:ee:b5:aa:
         8e:08:70:e4:51:d2:bd:d6:0f:ca:e2:8f:36:06:3d:6b:37:3b:
         57:f6:ba:96:d5:81:4a:02:45:a8:e1:1d:b4:50:75:f1:cd:2a:
         b3:07:19:57:de:c6:e0:e6:41:16:33:f3:fe:29:47:e9:7a:a7:
         0c:48:5f:f4:03:35:ae:bc:73:2c:27:d0:92:b4:cf:3b:35:d1:
         4b:e9:20:70:aa:65:be:d8:98:17:54:df:cc:8f:86:9c:21:c4:
         f9:72:dc:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJNbWYzak9Kccr1jHHDYhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4NGQ2MWNkMTdlZDkyZTU0YmIzMzk3ZjFlNWE2YjM5MDRh
YzZmMDUwHhcNMjQwMTAxMDgyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWUyNDY2ZTE1NTBkZDhmYmVlYjMyZTIzMTllZTZkNWYyOGI4Y2YwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsMaLSOe6ZbK4h8rVzeBPDavicFM9
mh7vSJB0ynO/oGm3LXfnni02z6W0LCKhuSwJPVQKdhhelxRv+zkAp8qQtQNKui9e
0i1DagtLf5b2vPpamvKGPG0KYVBwasQ23eyvK8yjTGA3XvYAtoQXj13RaKrrvGXL
74ubqITTiFKNj8C4t+isspOY+j+NfCzYaP10k2vWl0q7Vv7WJF0qjBVrKtMwugG+
CVVqMWlbib1s7yKJiM6EKInpsXZpLYIB0vGlvQAq9c5M17qMZDDZf1o1UqgCQ85H
4doWnujMoOmbrYhPGpJoT/xvBaYqpKO6NBqnTVzKMOqFbcohc3EeznCNTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPHiRm4VUN2Pvusy4jGe5tXyi4zwMB8GA1UdIwQY
MBaAFMhNYc0X7ZLlS7M5fx5aazkErG8FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUUxaHpSZnRrdVZMc3psX0hscHJPUVNzYndVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS84OGVhZTgtNGI4Ni00Mzg5LWFhZGIt
YzI1Nzc5MmRhZGM0LzEvOGVKR2JoVlEzWS0tNnpMaU1aN20xZktMalBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS84OGVhZTgtNGI4Ni00Mzg5LWFhZGItYzI1Nzc5MmRhZGM0
LzEveUUxaHpSZnRrdVZMc3psX0hscHJPUVNzYndVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQvwMA0G
CSqGSIb3DQEBCwUAA4IBAQBrDycAjl2Tzi3wTP54awqATuDxSzBCzbyuc8U5R/+E
27O7GD5v2k9vZz+dXuiSIvQilA0jG37M24Yrfm2eAw0uE+ZbMcOdDoSUJkGOIjHk
piWJsgw/8kEW13Z+xVMqWJ11lw3DB0y37c9gMMWdo4Uf64YVMF+giGsi4cGJWiup
ju6N9ZGYJyRnyPC+vKU8lx7tNn/2XT6UYaW+wDMjLp7utaqOCHDkUdK91g/K4o82
Bj1rNztX9rqW1YFKAkWo4R20UHXxzSqzBxlX3sbg5kEWM/P+KUfpeqcMSF/0AzWu
vHMsJ9CStM87NdFL6SBwqmW+2JgXVN/Mj4acIcT5ctzo
-----END CERTIFICATE-----