Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/nBGnunXHIlzfqmh1yvjBYc2bnwI.roa
File:                     nBGnunXHIlzfqmh1yvjBYc2bnwI.roa (raw, json)
Hash identifier:          AE0YoKWgcnhxm5wM19OntmREG6LsPgDjKTOjRjiZyzs=
Subject key identifier:   9C:11:A7:BA:75:C7:22:5C:DF:AA:68:75:CA:F8:C1:61:CD:9B:9F:02
Certificate issuer:       /CN=c84d61cd17ed92e54bb3397f1e5a6b3904ac6f05
Certificate serial:       019427485FEC832362C4011722DB8E309786
Authority key identifier: C8:4D:61:CD:17:ED:92:E5:4B:B3:39:7F:1E:5A:6B:39:04:AC:6F:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yE1hzRftkuVLszl_HlprOQSsbwU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/nBGnunXHIlzfqmh1yvjBYc2bnwI.roa
Signing time:             Thu 02 Jan 2025 13:50:41 +0000
ROA not before:           Thu 02 Jan 2025 13:50:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198047
IP address blocks:        185.11.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/yE1hzRftkuVLszl_HlprOQSsbwU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/yE1hzRftkuVLszl_HlprOQSsbwU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yE1hzRftkuVLszl_HlprOQSsbwU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 22:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:5f:ec:83:23:62:c4:01:17:22:db:8e:30:97:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c84d61cd17ed92e54bb3397f1e5a6b3904ac6f05
        Validity
            Not Before: Jan  2 13:50:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9c11a7ba75c7225cdfaa6875caf8c161cd9b9f02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:73:60:6f:9b:53:9f:86:0b:68:01:2d:2d:44:
                    13:a0:1b:fb:ea:ed:2d:86:ab:50:c0:9a:64:8a:e8:
                    6d:ee:6d:52:16:a8:a5:59:6b:4c:7f:92:5b:c4:10:
                    e7:68:fe:8e:ff:e4:64:80:52:cb:40:b3:55:1e:d4:
                    e2:88:76:ee:7d:d8:1f:bc:3b:04:fa:8b:8e:55:d4:
                    ed:0b:ea:a2:e9:f4:3e:29:32:e9:c4:7a:92:42:3b:
                    16:2a:04:3c:3e:66:fc:82:2b:df:37:cc:79:e7:49:
                    f5:f9:ff:6b:28:86:12:48:41:74:e2:93:f7:ba:02:
                    91:e8:a5:24:ac:7f:e3:ba:ec:aa:90:d8:ad:63:6b:
                    bf:b8:66:da:a4:17:c6:ef:34:13:e5:eb:24:5d:86:
                    bc:a7:99:31:5a:79:c9:06:04:7a:23:2c:75:48:1c:
                    ca:2b:76:24:78:dd:9e:f7:5c:40:7a:73:b0:81:24:
                    7a:51:47:16:3c:46:b4:da:8e:51:bf:39:74:e9:01:
                    c4:74:3f:6b:f4:f7:dc:ea:96:a7:4d:2a:83:6c:c0:
                    cf:61:be:12:2e:5b:77:36:73:d1:be:1e:03:a3:b3:
                    da:4d:93:92:76:36:db:3d:82:92:eb:51:de:c8:7a:
                    de:af:cd:f2:ad:b9:c9:96:aa:3b:1e:5b:ff:13:4e:
                    ec:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:11:A7:BA:75:C7:22:5C:DF:AA:68:75:CA:F8:C1:61:CD:9B:9F:02
            X509v3 Authority Key Identifier:
                keyid:C8:4D:61:CD:17:ED:92:E5:4B:B3:39:7F:1E:5A:6B:39:04:AC:6F:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yE1hzRftkuVLszl_HlprOQSsbwU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/nBGnunXHIlzfqmh1yvjBYc2bnwI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/yE1hzRftkuVLszl_HlprOQSsbwU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.11.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:36:43:c5:f3:6e:a5:a1:24:28:ff:c5:6d:67:35:58:08:c5:
         f3:67:98:3d:65:45:69:1a:c2:e4:c5:00:d8:96:7c:78:29:c6:
         f6:08:8f:0f:c0:06:54:d4:0c:92:1b:44:17:8c:a6:9d:49:0b:
         b0:e6:61:3e:e5:6c:ba:64:16:b0:d4:f1:da:54:62:06:2d:5c:
         8f:9d:b7:11:bf:e1:19:22:5a:b4:78:b9:3a:3e:f4:ce:40:4e:
         34:5f:86:4e:f7:c5:cc:1d:f6:5d:f1:e2:5f:78:46:a4:19:8b:
         4b:0f:96:18:a5:7b:33:31:56:cd:71:c4:de:3c:db:3f:38:4d:
         ff:a1:e2:09:b7:80:24:64:9d:1f:1c:31:43:f3:7b:06:fb:79:
         d0:f1:1a:86:b6:07:e0:98:e2:b8:48:3c:fb:fa:f8:88:fa:15:
         38:49:b6:90:30:3a:81:89:ec:ba:19:53:5c:8e:fd:4b:a7:91:
         c6:75:e1:43:4b:35:b8:2d:72:60:69:74:9e:13:ea:d1:d6:7d:
         ab:1e:cd:19:7a:9e:33:75:19:95:fd:e0:f6:e2:d7:85:29:0c:
         3e:29:6f:a4:ad:e1:2e:63:7c:37:60:c4:52:32:7c:7a:05:34:
         67:b5:2e:f6:2f:1d:a6:3c:de:32:a2:1f:62:3d:ac:eb:22:f0:
         38:0e:35:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSF/sgyNixAEXItuOMJeGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4NGQ2MWNkMTdlZDkyZTU0YmIzMzk3ZjFlNWE2YjM5MDRh
YzZmMDUwHhcNMjUwMTAyMTM1MDQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzExYTdiYTc1YzcyMjVjZGZhYTY4NzVjYWY4YzE2MWNkOWI5ZjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAznNgb5tTn4YLaAEtLUQToBv76u0t
hqtQwJpkiuht7m1SFqilWWtMf5JbxBDnaP6O/+RkgFLLQLNVHtTiiHbufdgfvDsE
+ouOVdTtC+qi6fQ+KTLpxHqSQjsWKgQ8Pmb8givfN8x550n1+f9rKIYSSEF04pP3
ugKR6KUkrH/juuyqkNitY2u/uGbapBfG7zQT5eskXYa8p5kxWnnJBgR6Iyx1SBzK
K3YkeN2e91xAenOwgSR6UUcWPEa02o5Rvzl06QHEdD9r9Pfc6panTSqDbMDPYb4S
Llt3NnPRvh4Do7PaTZOSdjbbPYKS61HeyHrer83yrbnJlqo7Hlv/E07svQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJwRp7p1xyJc36podcr4wWHNm58CMB8GA1UdIwQY
MBaAFMhNYc0X7ZLlS7M5fx5aazkErG8FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUUxaHpSZnRrdVZMc3psX0hscHJPUVNzYndVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS84OGVhZTgtNGI4Ni00Mzg5LWFhZGIt
YzI1Nzc5MmRhZGM0LzEvbkJHbnVuWEhJbHpmcW1oMXl2akJZYzJibndJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS84OGVhZTgtNGI4Ni00Mzg5LWFhZGItYzI1Nzc5MmRhZGM0
LzEveUUxaHpSZnRrdVZMc3psX0hscHJPUVNzYndVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQvwMA0G
CSqGSIb3DQEBCwUAA4IBAQCCNkPF826loSQo/8VtZzVYCMXzZ5g9ZUVpGsLkxQDY
lnx4Kcb2CI8PwAZU1AySG0QXjKadSQuw5mE+5Wy6ZBaw1PHaVGIGLVyPnbcRv+EZ
Ilq0eLk6PvTOQE40X4ZO98XMHfZd8eJfeEakGYtLD5YYpXszMVbNccTePNs/OE3/
oeIJt4AkZJ0fHDFD83sG+3nQ8RqGtgfgmOK4SDz7+viI+hU4SbaQMDqBiey6GVNc
jv1Lp5HGdeFDSzW4LXJgaXSeE+rR1n2rHs0Zep4zdRmV/eD24teFKQw+KW+kreEu
Y3w3YMRSMnx6BTRntS72Lx2mPN4yoh9iPazrIvA4DjWB
-----END CERTIFICATE-----