Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/0fc7e5-b1f6-474e-99a7-eda23f2f17e9/1/Qjat3qMRFyVwfROAwxdYU8ulVCU.roa
File:                     Qjat3qMRFyVwfROAwxdYU8ulVCU.roa (raw, json)
Hash identifier:          dEICHLzVcs/aY39snVqHpMeYRlFokk6nCh/MKl7UYSU=
Subject key identifier:   42:36:AD:DE:A3:11:17:25:70:7D:13:80:C3:17:58:53:CB:A5:54:25
Certificate issuer:       /CN=e1874a887aa288dab72c658e93694ed5dafd2026
Certificate serial:       018CC4932E4CDB0735657393D06579947815
Authority key identifier: E1:87:4A:88:7A:A2:88:DA:B7:2C:65:8E:93:69:4E:D5:DA:FD:20:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4YdKiHqiiNq3LGWOk2lO1dr9ICY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/0fc7e5-b1f6-474e-99a7-eda23f2f17e9/1/Qjat3qMRFyVwfROAwxdYU8ulVCU.roa
Signing time:             Mon 01 Jan 2024 10:30:29 +0000
ROA not before:           Mon 01 Jan 2024 10:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211855
IP address blocks:        185.105.11.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/0fc7e5-b1f6-474e-99a7-eda23f2f17e9/1/4YdKiHqiiNq3LGWOk2lO1dr9ICY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/0fc7e5-b1f6-474e-99a7-eda23f2f17e9/1/4YdKiHqiiNq3LGWOk2lO1dr9ICY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4YdKiHqiiNq3LGWOk2lO1dr9ICY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:2e:4c:db:07:35:65:73:93:d0:65:79:94:78:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1874a887aa288dab72c658e93694ed5dafd2026
        Validity
            Not Before: Jan  1 10:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4236addea3111725707d1380c3175853cba55425
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:3b:48:2d:75:71:49:ef:47:31:ed:d6:2a:c2:
                    13:73:0c:6b:8c:28:c5:af:44:f8:f2:da:b0:50:d5:
                    b9:26:4c:59:9c:07:dc:da:34:51:a3:9c:01:0e:b2:
                    8f:b2:31:14:6e:18:7f:17:25:a2:97:9f:03:69:fc:
                    50:f8:b3:76:6a:a6:32:f6:26:c2:28:cc:ea:0f:48:
                    d4:d8:75:b8:f7:47:2b:5b:51:a2:bd:40:66:28:58:
                    b6:d4:98:6e:4c:8b:d1:94:87:7c:ed:34:79:cf:29:
                    a3:bf:cd:4f:04:3e:e4:91:eb:a4:3d:d1:62:1e:ce:
                    74:93:b8:1d:d0:3b:51:91:33:e8:fe:4c:3c:ec:5f:
                    ee:80:fa:74:ec:98:a9:79:36:71:23:f3:7b:ed:e8:
                    2e:10:52:66:6f:c0:45:8a:2d:81:44:97:75:2c:07:
                    df:ad:09:3b:92:5a:1c:d0:6a:6f:7f:44:c4:be:a7:
                    94:7a:e1:cd:f0:bb:df:e0:a9:04:8a:9b:65:0a:12:
                    b0:31:88:a3:42:7f:d7:43:ff:0d:f8:6b:ae:ec:92:
                    8c:35:8e:dc:d6:0c:e9:09:bc:34:87:9e:ca:d9:70:
                    3e:bc:d0:fb:13:f5:d3:04:2f:b6:7a:8d:d6:ae:7e:
                    e9:3b:b7:59:c3:2f:2c:ca:de:ec:84:e7:cc:ef:a0:
                    e4:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:36:AD:DE:A3:11:17:25:70:7D:13:80:C3:17:58:53:CB:A5:54:25
            X509v3 Authority Key Identifier:
                keyid:E1:87:4A:88:7A:A2:88:DA:B7:2C:65:8E:93:69:4E:D5:DA:FD:20:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4YdKiHqiiNq3LGWOk2lO1dr9ICY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/0fc7e5-b1f6-474e-99a7-eda23f2f17e9/1/Qjat3qMRFyVwfROAwxdYU8ulVCU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/0fc7e5-b1f6-474e-99a7-eda23f2f17e9/1/4YdKiHqiiNq3LGWOk2lO1dr9ICY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.105.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:48:19:7f:50:e8:8f:80:66:de:80:ce:5a:95:b4:4b:09:03:
         72:9f:a4:a7:5d:6f:7c:ba:dc:7d:98:4c:21:77:56:9c:58:07:
         a4:ae:88:ed:14:a7:71:94:9a:18:bc:3d:96:84:2b:06:19:d5:
         d9:4a:d2:8c:ce:dc:48:8b:31:2e:d7:84:e4:58:a8:5f:b8:57:
         8a:1e:33:1b:1f:a6:68:51:16:e5:ce:93:51:fe:5b:96:91:66:
         0b:be:1e:ce:f3:23:c5:bf:db:8c:9b:2a:3f:83:62:06:6b:9d:
         da:9a:df:96:f3:5e:09:98:2c:b1:0b:b5:4c:e5:e0:6d:be:e4:
         bd:98:99:e4:23:74:01:30:06:26:43:c0:93:cd:a0:4f:d5:76:
         97:0e:ec:d2:7a:c7:f2:25:80:c7:49:de:b4:6d:1f:ae:cd:ab:
         db:dd:11:d9:39:d9:42:42:4c:09:17:58:d0:41:43:26:f8:50:
         a1:40:b4:e4:73:a7:67:cf:2f:a1:ad:4d:a9:dc:f4:5f:2c:cf:
         aa:67:d8:0e:00:fe:9c:96:c8:6e:4f:4f:f8:16:17:74:91:4e:
         89:bf:2a:bc:3c:c4:0f:15:df:9b:47:66:f2:b0:13:ee:ad:7a:
         5f:a4:be:e4:63:71:4b:41:99:d5:9b:4b:30:d0:b0:5f:c2:59:
         5c:e4:9b:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEky5M2wc1ZXOT0GV5lHgVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxODc0YTg4N2FhMjg4ZGFiNzJjNjU4ZTkzNjk0ZWQ1ZGFm
ZDIwMjYwHhcNMjQwMTAxMTAzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjM2YWRkZWEzMTExNzI1NzA3ZDEzODBjMzE3NTg1M2NiYTU1NDI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyztILXVxSe9HMe3WKsITcwxrjCjF
r0T48tqwUNW5JkxZnAfc2jRRo5wBDrKPsjEUbhh/FyWil58DafxQ+LN2aqYy9ibC
KMzqD0jU2HW490crW1GivUBmKFi21JhuTIvRlId87TR5zymjv81PBD7kkeukPdFi
Hs50k7gd0DtRkTPo/kw87F/ugPp07JipeTZxI/N77eguEFJmb8BFii2BRJd1LAff
rQk7kloc0Gpvf0TEvqeUeuHN8Lvf4KkEiptlChKwMYijQn/XQ/8N+Guu7JKMNY7c
1gzpCbw0h57K2XA+vND7E/XTBC+2eo3Wrn7pO7dZwy8syt7shOfM76DkzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEI2rd6jERclcH0TgMMXWFPLpVQlMB8GA1UdIwQY
MBaAFOGHSoh6oojatyxljpNpTtXa/SAmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFlkS2lIcWlpTnEzTEdXT2sybE8xZHI5SUNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8wZmM3ZTUtYjFmNi00NzRlLTk5YTct
ZWRhMjNmMmYxN2U5LzEvUWphdDNxTVJGeVZ3ZlJPQXd4ZFlVOHVsVkNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8wZmM3ZTUtYjFmNi00NzRlLTk5YTctZWRhMjNmMmYxN2U5
LzEvNFlkS2lIcWlpTnEzTEdXT2sybE8xZHI5SUNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWkLMA0G
CSqGSIb3DQEBCwUAA4IBAQA8SBl/UOiPgGbegM5albRLCQNyn6SnXW98utx9mEwh
d1acWAekrojtFKdxlJoYvD2WhCsGGdXZStKMztxIizEu14TkWKhfuFeKHjMbH6Zo
URblzpNR/luWkWYLvh7O8yPFv9uMmyo/g2IGa53amt+W814JmCyxC7VM5eBtvuS9
mJnkI3QBMAYmQ8CTzaBP1XaXDuzSesfyJYDHSd60bR+uzavb3RHZOdlCQkwJF1jQ
QUMm+FChQLTkc6dnzy+hrU2p3PRfLM+qZ9gOAP6clshuT0/4Fhd0kU6Jvyq8PMQP
Fd+bR2bysBPurXpfpL7kY3FLQZnVm0sw0LBfwllc5Jv6
-----END CERTIFICATE-----