Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/1cd134-4d03-4fcd-b229-7bf0356a6bab/1/MFYeUjqc9Aypj7jELr0mjVfedtE.roa
File:                     MFYeUjqc9Aypj7jELr0mjVfedtE.roa (raw, json)
Hash identifier:          RKH8qLRpffzd63VA6HkHauthxtVwZ54SJsD84YUpOKE=
Subject key identifier:   30:56:1E:52:3A:9C:F4:0C:A9:8F:B8:C4:2E:BD:26:8D:57:DE:76:D1
Certificate issuer:       /CN=111b09710acdb72086d658e90d8f025fa6a111b1
Certificate serial:       018CC56E62B51C87BD1F8CA81B1A766609D4
Authority key identifier: 11:1B:09:71:0A:CD:B7:20:86:D6:58:E9:0D:8F:02:5F:A6:A1:11:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ERsJcQrNtyCG1ljpDY8CX6ahEbE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/1cd134-4d03-4fcd-b229-7bf0356a6bab/1/MFYeUjqc9Aypj7jELr0mjVfedtE.roa
Signing time:             Mon 01 Jan 2024 14:29:54 +0000
ROA not before:           Mon 01 Jan 2024 14:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31050
IP address blocks:        185.101.12.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/1cd134-4d03-4fcd-b229-7bf0356a6bab/1/ERsJcQrNtyCG1ljpDY8CX6ahEbE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/1cd134-4d03-4fcd-b229-7bf0356a6bab/1/ERsJcQrNtyCG1ljpDY8CX6ahEbE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ERsJcQrNtyCG1ljpDY8CX6ahEbE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 02:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:62:b5:1c:87:bd:1f:8c:a8:1b:1a:76:66:09:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=111b09710acdb72086d658e90d8f025fa6a111b1
        Validity
            Not Before: Jan  1 14:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=30561e523a9cf40ca98fb8c42ebd268d57de76d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:75:a6:4c:57:41:6c:f4:36:b5:48:74:bc:cd:
                    b2:be:4d:15:63:eb:bb:59:62:f9:db:24:38:e2:80:
                    f5:64:7e:4b:56:87:c6:8c:06:d1:88:68:86:5c:00:
                    83:82:3b:27:05:55:69:ef:ae:fe:ff:78:c5:a4:b0:
                    7a:a5:71:d0:45:53:b4:0f:e4:f0:2c:11:c6:3e:74:
                    81:e8:bc:fa:de:65:4c:d5:7a:ef:fc:58:80:8c:3b:
                    37:01:5e:3a:96:7d:e6:5d:63:a0:59:ac:72:c7:7f:
                    8f:fc:a1:69:f1:b8:2e:c6:14:90:8b:3a:26:51:b7:
                    c4:8f:d4:6e:99:2f:cc:76:10:f5:14:b6:a2:30:98:
                    7a:6b:17:dd:17:00:bc:6d:24:ee:0b:c1:28:11:80:
                    6a:46:32:15:08:cd:cf:b7:b3:8c:1f:6e:da:6d:95:
                    19:79:86:7a:73:ca:83:74:be:68:4f:be:fd:ed:21:
                    30:39:68:a5:17:d0:6a:9a:9c:c0:37:c2:15:e6:36:
                    bc:f4:5f:31:69:8c:f3:f9:f0:6a:fc:d3:7f:04:2d:
                    1b:ab:56:ae:32:63:bb:04:10:91:cd:b8:20:c6:61:
                    5f:70:f6:bf:06:ac:bb:70:67:41:88:12:c0:84:ea:
                    7d:26:14:83:1d:4f:6f:a1:3f:9d:1f:7a:ae:eb:67:
                    de:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:56:1E:52:3A:9C:F4:0C:A9:8F:B8:C4:2E:BD:26:8D:57:DE:76:D1
            X509v3 Authority Key Identifier:
                keyid:11:1B:09:71:0A:CD:B7:20:86:D6:58:E9:0D:8F:02:5F:A6:A1:11:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ERsJcQrNtyCG1ljpDY8CX6ahEbE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/1cd134-4d03-4fcd-b229-7bf0356a6bab/1/MFYeUjqc9Aypj7jELr0mjVfedtE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/1cd134-4d03-4fcd-b229-7bf0356a6bab/1/ERsJcQrNtyCG1ljpDY8CX6ahEbE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.101.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         72:9d:fc:e2:3b:c8:61:ac:1e:56:45:ee:b3:7d:39:48:f4:80:
         01:64:d6:fb:fd:f7:36:46:b4:c2:04:5c:9f:f7:21:b3:52:fb:
         55:24:66:d7:c0:65:d4:ba:16:84:20:e0:e4:ab:69:5d:26:19:
         ee:38:61:88:35:94:2d:5b:90:27:84:fe:d8:72:05:a7:e1:47:
         3b:5a:ae:a4:50:88:e6:ca:a8:c8:e7:ec:17:dc:ad:2e:33:0d:
         bc:ef:63:e5:4a:c8:39:1d:1d:fd:ed:a5:19:3d:34:29:70:a5:
         a8:44:f4:79:63:bd:10:44:cf:fd:9f:57:82:39:a8:9b:c0:73:
         d7:3d:c3:ef:54:52:36:ce:b5:94:2c:8a:46:e8:15:cf:75:30:
         32:9f:1e:61:96:50:d7:67:cc:22:02:a7:ba:7e:96:ad:d5:cd:
         aa:a2:c7:e9:35:70:3d:86:6f:5c:04:a9:ba:41:ee:57:5f:c2:
         36:21:49:9f:dd:e9:9d:7e:f5:01:c0:c3:8a:86:66:6e:22:9c:
         56:2e:e6:63:ee:98:28:6b:31:80:19:1f:a8:d3:1b:69:74:fc:
         e9:9b:ff:f3:31:1c:ae:bd:14:1f:50:fe:dd:28:22:84:c8:b8:
         e8:f1:ca:bc:cf:16:29:e3:9f:ba:35:56:fd:a8:7d:6d:82:a9:
         da:36:18:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbmK1HIe9H4yoGxp2ZgnUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExMWIwOTcxMGFjZGI3MjA4NmQ2NThlOTBkOGYwMjVmYTZh
MTExYjEwHhcNMjQwMTAxMTQyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDU2MWU1MjNhOWNmNDBjYTk4ZmI4YzQyZWJkMjY4ZDU3ZGU3NmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhXWmTFdBbPQ2tUh0vM2yvk0VY+u7
WWL52yQ44oD1ZH5LVofGjAbRiGiGXACDgjsnBVVp767+/3jFpLB6pXHQRVO0D+Tw
LBHGPnSB6Lz63mVM1Xrv/FiAjDs3AV46ln3mXWOgWaxyx3+P/KFp8bguxhSQizom
UbfEj9RumS/MdhD1FLaiMJh6axfdFwC8bSTuC8EoEYBqRjIVCM3Pt7OMH27abZUZ
eYZ6c8qDdL5oT7797SEwOWilF9BqmpzAN8IV5ja89F8xaYzz+fBq/NN/BC0bq1au
MmO7BBCRzbggxmFfcPa/Bqy7cGdBiBLAhOp9JhSDHU9voT+dH3qu62fetQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDBWHlI6nPQMqY+4xC69Jo1X3nbRMB8GA1UdIwQY
MBaAFBEbCXEKzbcghtZY6Q2PAl+moRGxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVJzSmNRck50eUNHMWxqcERZOENYNmFoRWJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8xY2QxMzQtNGQwMy00ZmNkLWIyMjkt
N2JmMDM1NmE2YmFiLzEvTUZZZVVqcWM5QXlwajdqRUxyMG1qVmZlZHRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8xY2QxMzQtNGQwMy00ZmNkLWIyMjktN2JmMDM1NmE2YmFi
LzEvRVJzSmNRck50eUNHMWxqcERZOENYNmFoRWJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWUMMA0G
CSqGSIb3DQEBCwUAA4IBAQBynfziO8hhrB5WRe6zfTlI9IABZNb7/fc2RrTCBFyf
9yGzUvtVJGbXwGXUuhaEIODkq2ldJhnuOGGINZQtW5AnhP7YcgWn4Uc7Wq6kUIjm
yqjI5+wX3K0uMw2872PlSsg5HR397aUZPTQpcKWoRPR5Y70QRM/9n1eCOaibwHPX
PcPvVFI2zrWULIpG6BXPdTAynx5hllDXZ8wiAqe6fpat1c2qosfpNXA9hm9cBKm6
Qe5XX8I2IUmf3emdfvUBwMOKhmZuIpxWLuZj7pgoazGAGR+o0xtpdPzpm//zMRyu
vRQfUP7dKCKEyLjo8cq8zxYp45+6NVb9qH1tgqnaNhgf
-----END CERTIFICATE-----