Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/11cGxgIe24DcNkrD4zLBqAkDBOE.roa
File:                     11cGxgIe24DcNkrD4zLBqAkDBOE.roa (raw, json)
Hash identifier:          d+UvEbTnFEungd+syguYKWUshAm4r4L3LDhqS73XgDI=
Subject key identifier:   D7:57:06:C6:02:1E:DB:80:DC:36:4A:C3:E3:32:C1:A8:09:03:04:E1
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       018CC348E94B01558E1A972C464087A345A3
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/11cGxgIe24DcNkrD4zLBqAkDBOE.roa
Signing time:             Mon 01 Jan 2024 04:29:44 +0000
ROA not before:           Mon 01 Jan 2024 04:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213011
IP address blocks:        194.209.39.0/24 maxlen: 24
                          194.209.198.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:e9:4b:01:55:8e:1a:97:2c:46:40:87:a3:45:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  1 04:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d75706c6021edb80dc364ac3e332c1a8090304e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:70:c4:6c:16:b5:01:57:90:af:82:73:31:0d:
                    e5:23:6d:c6:68:38:72:03:42:be:ed:2c:a5:d3:37:
                    cc:ff:a7:61:30:e0:93:d1:48:fa:1a:68:65:bd:f5:
                    39:ad:68:86:de:b7:f5:93:1d:0f:16:2f:ab:ad:e6:
                    2e:79:e3:5c:cd:4a:0b:27:52:f2:63:d0:21:9f:2f:
                    f0:b0:06:5f:0f:ce:77:cc:ae:50:94:af:72:be:48:
                    77:26:ab:ac:ee:11:ec:df:8f:dc:42:27:0a:b1:33:
                    b3:25:56:b8:91:6f:9d:e6:4b:8f:af:5d:a6:2e:93:
                    87:78:66:9c:ac:8f:ff:73:85:ae:c3:ad:a9:12:9c:
                    e7:d3:72:e6:43:cf:0f:b4:46:73:5f:df:d7:ad:20:
                    93:6c:32:b0:53:99:1b:1b:a1:1f:ca:bc:e1:ea:2d:
                    61:0d:e3:51:71:5a:22:73:2f:a6:89:d7:c0:bb:5e:
                    f6:28:c6:30:c6:15:e4:5a:fb:a0:30:13:d2:7c:5b:
                    49:2f:9b:7d:8f:73:2b:ff:8f:4f:86:db:48:2f:57:
                    4c:46:1b:aa:60:1e:04:2d:10:80:ba:3e:59:f4:b4:
                    2c:26:38:c2:d6:40:9b:e0:fd:4a:8d:ba:3c:01:30:
                    bd:52:70:b7:1c:24:a4:0b:aa:14:b7:42:f6:c5:64:
                    4b:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:57:06:C6:02:1E:DB:80:DC:36:4A:C3:E3:32:C1:A8:09:03:04:E1
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/11cGxgIe24DcNkrD4zLBqAkDBOE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.209.39.0/24
                  194.209.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:3c:39:b6:51:a7:a9:e3:cb:5c:07:0a:89:3f:02:cb:c7:b8:
         92:ad:b6:07:5e:a1:3c:97:ca:24:54:bb:7d:a3:08:07:23:83:
         eb:3e:6f:8e:6f:7d:cf:a3:21:21:df:89:ff:4f:99:f5:bd:e3:
         1e:70:50:86:51:d8:b5:e8:4b:08:bb:03:b9:78:f3:3f:09:86:
         86:bb:a9:35:44:57:14:41:83:72:02:26:b8:86:29:04:8f:ef:
         75:fa:d8:a5:04:26:c5:2e:cf:05:1b:86:a2:f8:10:f8:ea:28:
         6b:dd:08:12:2f:3e:ea:9f:60:c0:ce:70:c8:a4:d8:a0:4d:5b:
         c8:10:dc:b6:a8:5b:17:14:38:dc:3e:aa:19:9d:aa:b6:cb:6e:
         90:ab:6d:5b:04:95:66:03:7c:fb:f9:22:6e:54:13:2b:ae:e4:
         d6:2e:3c:c3:76:fd:04:29:e2:4a:c3:ab:83:87:c7:e0:71:24:
         2d:e7:7e:14:81:bd:18:6a:6d:d1:86:60:ae:af:29:3a:09:24:
         8c:8a:e9:ee:f2:5f:ee:c5:5a:f6:37:72:81:ae:d3:16:a8:b3:
         3c:33:83:2c:f7:69:09:fd:2b:a6:06:13:73:37:a2:5f:c7:a3:
         7a:22:19:59:87:0b:98:f6:e7:a3:c7:3e:65:ad:b5:1d:d5:95:
         ea:87:40:b5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDSOlLAVWOGpcsRkCHo0WjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjQwMTAxMDQyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzU3MDZjNjAyMWVkYjgwZGMzNjRhYzNlMzMyYzFhODA5MDMwNGUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj3DEbBa1AVeQr4JzMQ3lI23GaDhy
A0K+7Syl0zfM/6dhMOCT0Uj6GmhlvfU5rWiG3rf1kx0PFi+rreYueeNczUoLJ1Ly
Y9Ahny/wsAZfD853zK5QlK9yvkh3Jqus7hHs34/cQicKsTOzJVa4kW+d5kuPr12m
LpOHeGacrI//c4Wuw62pEpzn03LmQ88PtEZzX9/XrSCTbDKwU5kbG6Efyrzh6i1h
DeNRcVoicy+midfAu172KMYwxhXkWvugMBPSfFtJL5t9j3Mr/49PhttIL1dMRhuq
YB4ELRCAuj5Z9LQsJjjC1kCb4P1Kjbo8ATC9UnC3HCSkC6oUt0L2xWRL3wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNdXBsYCHtuA3DZKw+MywagJAwThMB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvMTFjR3hnSWUyNERjTmtyRDR6TEJxQWtEQk9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwtEnAwQA
wtHGMA0GCSqGSIb3DQEBCwUAA4IBAQCYPDm2Uaep48tcBwqJPwLLx7iSrbYHXqE8
l8okVLt9owgHI4PrPm+Ob33PoyEh34n/T5n1veMecFCGUdi16EsIuwO5ePM/CYaG
u6k1RFcUQYNyAia4hikEj+91+tilBCbFLs8FG4ai+BD46ihr3QgSLz7qn2DAznDI
pNigTVvIENy2qFsXFDjcPqoZnaq2y26Qq21bBJVmA3z7+SJuVBMrruTWLjzDdv0E
KeJKw6uDh8fgcSQt534Ugb0Yam3RhmCuryk6CSSMiunu8l/uxVr2N3KBrtMWqLM8
M4Ms92kJ/SumBhNzN6Jfx6N6IhlZhwuY9uejxz5lrbUd1ZXqh0C1
-----END CERTIFICATE-----