Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/73d197-33c0-42e8-a291-05d9c1cd7425/1/WsXo6KzMdkKbb0SJeF67fmXx1UY.roa
File:                     WsXo6KzMdkKbb0SJeF67fmXx1UY.roa (raw, json)
Hash identifier:          Uqr8i/vkCMRK6A1aMGnGd681unOZfqOxTg7fohwjogE=
Subject key identifier:   5A:C5:E8:E8:AC:CC:76:42:9B:6F:44:89:78:5E:BB:7E:65:F1:D5:46
Certificate issuer:       /CN=de14a429e6658abb70a3792c172d7ed62eb8fa26
Certificate serial:       018CC6B78B1382FEC7D06DE0D386A7E75B17
Authority key identifier: DE:14:A4:29:E6:65:8A:BB:70:A3:79:2C:17:2D:7E:D6:2E:B8:FA:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3hSkKeZlirtwo3ksFy1-1i64-iY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/73d197-33c0-42e8-a291-05d9c1cd7425/1/WsXo6KzMdkKbb0SJeF67fmXx1UY.roa
Signing time:             Mon 01 Jan 2024 20:29:26 +0000
ROA not before:           Mon 01 Jan 2024 20:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62105
IP address blocks:        185.128.11.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/73d197-33c0-42e8-a291-05d9c1cd7425/1/3hSkKeZlirtwo3ksFy1-1i64-iY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/73d197-33c0-42e8-a291-05d9c1cd7425/1/3hSkKeZlirtwo3ksFy1-1i64-iY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3hSkKeZlirtwo3ksFy1-1i64-iY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 03:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:8b:13:82:fe:c7:d0:6d:e0:d3:86:a7:e7:5b:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de14a429e6658abb70a3792c172d7ed62eb8fa26
        Validity
            Not Before: Jan  1 20:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5ac5e8e8accc76429b6f4489785ebb7e65f1d546
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:17:d7:d0:e7:75:c2:44:b3:de:ec:98:48:5d:
                    95:b8:36:67:dd:93:f2:84:77:49:07:6d:31:0e:e4:
                    1e:82:88:04:e8:ce:09:87:ce:59:b0:f9:7d:24:e2:
                    be:75:f1:bc:2b:ad:4c:1d:46:9f:c7:3e:da:43:25:
                    20:bd:0a:44:bb:80:b0:48:f0:20:7a:57:83:ab:d5:
                    f1:92:61:28:a9:48:d0:39:f7:21:b3:26:0f:be:08:
                    f2:97:90:04:38:32:3f:33:eb:f4:4c:20:e3:78:38:
                    9e:f5:a1:d4:d3:a8:bb:41:7c:95:00:65:92:1f:03:
                    5c:0a:3c:72:fb:e7:30:b2:fa:14:97:09:b4:75:d8:
                    bb:ed:d0:0e:47:e3:2f:3c:bd:b9:f0:07:6d:b0:8f:
                    04:c3:0a:3f:f6:d6:a1:8f:0d:e3:a9:f9:eb:d8:8c:
                    44:46:7d:37:41:4e:36:d8:c4:59:97:2e:09:67:86:
                    8a:9c:3d:0d:65:74:fb:26:42:a9:c4:c1:6c:1c:d7:
                    2f:ad:11:1f:7a:75:12:d2:8f:56:c2:46:ea:04:e6:
                    ed:3f:0e:25:62:f6:3f:d0:7b:b7:40:22:ff:25:06:
                    8a:06:38:d2:08:44:e1:19:9b:50:33:dc:96:4c:ce:
                    f6:6d:ca:a4:29:da:af:db:40:78:f5:0c:56:2c:3e:
                    92:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:C5:E8:E8:AC:CC:76:42:9B:6F:44:89:78:5E:BB:7E:65:F1:D5:46
            X509v3 Authority Key Identifier:
                keyid:DE:14:A4:29:E6:65:8A:BB:70:A3:79:2C:17:2D:7E:D6:2E:B8:FA:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3hSkKeZlirtwo3ksFy1-1i64-iY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/73d197-33c0-42e8-a291-05d9c1cd7425/1/WsXo6KzMdkKbb0SJeF67fmXx1UY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/73d197-33c0-42e8-a291-05d9c1cd7425/1/3hSkKeZlirtwo3ksFy1-1i64-iY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.128.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:52:10:e1:c4:82:7a:28:bb:cf:ec:34:a4:a4:63:0b:c4:39:
         19:b4:cf:8c:40:3e:95:cd:1c:64:fe:cf:53:fa:0b:0a:a0:c2:
         51:23:84:29:f9:88:93:7c:fe:27:6a:5f:9e:5e:02:b4:79:3a:
         21:cf:d6:e5:37:4b:53:53:55:0c:e8:b6:69:1f:a0:c2:ed:a0:
         48:af:6e:33:57:3b:fa:80:1b:e9:b3:96:76:7a:ef:f2:71:f4:
         d6:fc:41:2b:46:34:96:c6:e2:23:f3:03:8f:d3:c1:c7:dc:73:
         56:d5:8a:af:fb:7f:af:14:cf:a2:78:48:b4:de:74:ab:c9:d8:
         4d:c4:79:22:86:cf:31:be:10:44:35:bd:34:61:c7:ef:36:ce:
         c7:ea:d4:68:de:86:f4:b5:f9:0f:f8:85:2e:86:4c:50:e5:a2:
         b7:a9:ef:c9:d6:0f:42:7e:9f:2b:45:7c:de:b5:8b:c0:80:20:
         da:27:76:b4:25:29:9f:5d:ad:de:2c:72:3f:e4:16:c1:d4:9f:
         fa:e8:e3:12:89:c5:4d:8d:11:49:4b:ef:af:82:ef:0d:79:e3:
         64:a9:d1:a6:ca:f1:4b:a5:d3:cd:ba:d9:d7:29:f2:a1:b5:a6:
         e7:be:ad:48:05:7d:15:a5:4a:dc:29:07:75:bd:7c:af:ac:7a:
         9a:27:7b:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt4sTgv7H0G3g04an51sXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlMTRhNDI5ZTY2NThhYmI3MGEzNzkyYzE3MmQ3ZWQ2MmVi
OGZhMjYwHhcNMjQwMTAxMjAyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWM1ZThlOGFjY2M3NjQyOWI2ZjQ0ODk3ODVlYmI3ZTY1ZjFkNTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnBfX0Od1wkSz3uyYSF2VuDZn3ZPy
hHdJB20xDuQegogE6M4Jh85ZsPl9JOK+dfG8K61MHUafxz7aQyUgvQpEu4CwSPAg
eleDq9XxkmEoqUjQOfchsyYPvgjyl5AEODI/M+v0TCDjeDie9aHU06i7QXyVAGWS
HwNcCjxy++cwsvoUlwm0ddi77dAOR+MvPL258AdtsI8Ewwo/9tahjw3jqfnr2IxE
Rn03QU422MRZly4JZ4aKnD0NZXT7JkKpxMFsHNcvrREfenUS0o9WwkbqBObtPw4l
YvY/0Hu3QCL/JQaKBjjSCEThGZtQM9yWTM72bcqkKdqv20B49QxWLD6SKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFrF6OiszHZCm29EiXheu35l8dVGMB8GA1UdIwQY
MBaAFN4UpCnmZYq7cKN5LBctftYuuPomMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2hTa0tlWmxpcnR3bzNrc0Z5MS0xaTY0LWlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi83M2QxOTctMzNjMC00MmU4LWEyOTEt
MDVkOWMxY2Q3NDI1LzEvV3NYbzZLek1ka0tiYjBTSmVGNjdmbVh4MVVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi83M2QxOTctMzNjMC00MmU4LWEyOTEtMDVkOWMxY2Q3NDI1
LzEvM2hTa0tlWmxpcnR3bzNrc0Z5MS0xaTY0LWlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYALMA0G
CSqGSIb3DQEBCwUAA4IBAQAkUhDhxIJ6KLvP7DSkpGMLxDkZtM+MQD6VzRxk/s9T
+gsKoMJRI4Qp+YiTfP4nal+eXgK0eTohz9blN0tTU1UM6LZpH6DC7aBIr24zVzv6
gBvps5Z2eu/ycfTW/EErRjSWxuIj8wOP08HH3HNW1Yqv+3+vFM+ieEi03nSrydhN
xHkihs8xvhBENb00YcfvNs7H6tRo3ob0tfkP+IUuhkxQ5aK3qe/J1g9Cfp8rRXze
tYvAgCDaJ3a0JSmfXa3eLHI/5BbB1J/66OMSicVNjRFJS++vgu8NeeNkqdGmyvFL
pdPNutnXKfKhtabnvq1IBX0VpUrcKQd1vXyvrHqaJ3sJ
-----END CERTIFICATE-----