Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/173173-819f-4bc9-92d8-78791c9356a3/1/T_HIir9u0e1JvPmwgJPiR2AyVbU.roa
File:                     T_HIir9u0e1JvPmwgJPiR2AyVbU.roa (raw, json)
Hash identifier:          XAanoUcmy+Cytt7KUKMYXw5N2N3oC/sHWoBb3wJ4WJQ=
Subject key identifier:   4F:F1:C8:8A:BF:6E:D1:ED:49:BC:F9:B0:80:93:E2:47:60:32:55:B5
Certificate issuer:       /CN=11bfa2961fa0e0b07041293ddc0c3693a9e0a238
Certificate serial:       018CC26D71878EDDFA86E7CFE45ABB108D0E
Authority key identifier: 11:BF:A2:96:1F:A0:E0:B0:70:41:29:3D:DC:0C:36:93:A9:E0:A2:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Eb-ilh-g4LBwQSk93Aw2k6ngojg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/173173-819f-4bc9-92d8-78791c9356a3/1/T_HIir9u0e1JvPmwgJPiR2AyVbU.roa
Signing time:             Mon 01 Jan 2024 00:30:01 +0000
ROA not before:           Mon 01 Jan 2024 00:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203066
IP address blocks:        94.124.1.0/24 maxlen: 24
                          80.82.26.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/173173-819f-4bc9-92d8-78791c9356a3/1/Eb-ilh-g4LBwQSk93Aw2k6ngojg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/173173-819f-4bc9-92d8-78791c9356a3/1/Eb-ilh-g4LBwQSk93Aw2k6ngojg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Eb-ilh-g4LBwQSk93Aw2k6ngojg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:71:87:8e:dd:fa:86:e7:cf:e4:5a:bb:10:8d:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11bfa2961fa0e0b07041293ddc0c3693a9e0a238
        Validity
            Not Before: Jan  1 00:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4ff1c88abf6ed1ed49bcf9b08093e247603255b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:eb:92:df:30:4e:9a:4e:4d:85:78:07:fe:6e:
                    2a:ee:ae:c8:79:e2:b7:df:f0:20:2a:2f:ba:29:98:
                    3d:3b:b0:26:73:23:66:df:d5:d9:b5:f5:17:40:68:
                    fb:cd:33:7c:8b:ca:e1:87:72:5c:c3:4c:29:3e:62:
                    08:65:8d:cd:b7:8a:6b:2d:bd:0c:f6:73:13:eb:87:
                    98:bd:48:06:26:4a:23:91:fc:a3:6c:a4:49:f8:89:
                    83:6a:d6:7d:b7:7e:2f:05:71:39:62:17:ac:9f:34:
                    b6:8f:ce:3e:de:97:99:a9:88:24:90:38:76:4e:69:
                    5b:3a:e0:5a:22:7a:1a:74:90:74:c8:bb:6f:99:0c:
                    a8:b4:b7:2c:57:fd:b3:11:fa:77:c3:de:31:fd:30:
                    b1:d0:0b:d7:61:10:e8:0e:df:98:b9:35:7d:ab:46:
                    47:0f:ca:f4:c2:ce:e9:9b:6a:0f:c8:b4:8f:bd:79:
                    f0:06:df:3c:cb:9a:6c:0e:d0:04:a0:8c:81:41:f8:
                    bc:13:a6:76:ba:f3:63:b5:c6:10:6c:1c:48:61:23:
                    bb:10:32:b6:3b:a5:a7:1e:0c:16:d3:89:69:8a:2a:
                    71:1c:68:13:a9:85:ce:c7:5c:9f:2a:aa:06:7e:e6:
                    25:d0:bc:10:9c:cb:db:73:44:17:f7:93:d2:51:c9:
                    77:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:F1:C8:8A:BF:6E:D1:ED:49:BC:F9:B0:80:93:E2:47:60:32:55:B5
            X509v3 Authority Key Identifier:
                keyid:11:BF:A2:96:1F:A0:E0:B0:70:41:29:3D:DC:0C:36:93:A9:E0:A2:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Eb-ilh-g4LBwQSk93Aw2k6ngojg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/173173-819f-4bc9-92d8-78791c9356a3/1/T_HIir9u0e1JvPmwgJPiR2AyVbU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/173173-819f-4bc9-92d8-78791c9356a3/1/Eb-ilh-g4LBwQSk93Aw2k6ngojg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.82.26.0/24
                  94.124.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:79:2e:20:a3:72:af:71:91:36:14:99:cf:fc:83:9f:aa:cf:
         e1:f1:b8:c1:cc:36:9d:39:ab:84:25:07:cb:d1:e1:a7:42:73:
         94:82:cf:1d:ef:e8:cf:c3:87:b6:0e:40:49:76:42:52:ee:ca:
         82:3d:24:d5:9d:fc:b8:19:d7:6d:c6:88:e2:f2:b7:95:18:b0:
         7e:96:bf:d9:ab:35:7a:08:83:2e:db:d8:a4:14:ef:ee:16:e8:
         20:26:98:59:77:c9:9d:80:37:69:8b:8c:ee:30:af:36:71:d7:
         dc:de:06:e8:cd:7a:a5:fd:35:fc:84:b0:81:7a:de:80:be:42:
         c9:37:d7:64:ba:24:26:bb:01:db:7a:8f:64:65:c9:58:93:3b:
         8b:41:e3:f8:69:48:ee:b4:23:39:c1:3e:7b:96:28:09:20:da:
         48:96:74:fd:73:ce:12:28:b9:66:04:4a:86:3e:c3:96:70:0a:
         aa:7d:fe:f8:ec:16:b2:10:31:9c:51:70:1b:28:b7:a2:27:fa:
         d9:16:49:07:ec:28:ff:8f:7e:26:ca:6c:c9:71:b7:94:40:4f:
         1d:50:e8:a3:3a:3c:46:97:c4:e2:eb:e1:ab:3f:ea:ac:d9:b3:
         a8:0b:be:ce:16:87:41:a6:b5:57:77:93:6c:25:66:d6:79:54:
         2f:cc:51:62
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzCbXGHjt36hufP5Fq7EI0OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYmZhMjk2MWZhMGUwYjA3MDQxMjkzZGRjMGMzNjkzYTll
MGEyMzgwHhcNMjQwMTAxMDAzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmYxYzg4YWJmNmVkMWVkNDliY2Y5YjA4MDkzZTI0NzYwMzI1NWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk+uS3zBOmk5NhXgH/m4q7q7IeeK3
3/AgKi+6KZg9O7AmcyNm39XZtfUXQGj7zTN8i8rhh3Jcw0wpPmIIZY3Nt4prLb0M
9nMT64eYvUgGJkojkfyjbKRJ+ImDatZ9t34vBXE5YhesnzS2j84+3peZqYgkkDh2
TmlbOuBaInoadJB0yLtvmQyotLcsV/2zEfp3w94x/TCx0AvXYRDoDt+YuTV9q0ZH
D8r0ws7pm2oPyLSPvXnwBt88y5psDtAEoIyBQfi8E6Z2uvNjtcYQbBxIYSO7EDK2
O6WnHgwW04lpiipxHGgTqYXOx1yfKqoGfuYl0LwQnMvbc0QX95PSUcl3vQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFE/xyIq/btHtSbz5sICT4kdgMlW1MB8GA1UdIwQY
MBaAFBG/opYfoOCwcEEpPdwMNpOp4KI4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWItaWxoLWc0TEJ3UVNrOTNBdzJrNm5nb2pnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8xNzMxNzMtODE5Zi00YmM5LTkyZDgt
Nzg3OTFjOTM1NmEzLzEvVF9ISWlyOXUwZTFKdlBtd2dKUGlSMkF5VmJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8xNzMxNzMtODE5Zi00YmM5LTkyZDgtNzg3OTFjOTM1NmEz
LzEvRWItaWxoLWc0TEJ3UVNrOTNBdzJrNm5nb2pnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUFIaAwQA
XnwBMA0GCSqGSIb3DQEBCwUAA4IBAQBleS4go3KvcZE2FJnP/IOfqs/h8bjBzDad
OauEJQfL0eGnQnOUgs8d7+jPw4e2DkBJdkJS7sqCPSTVnfy4Gddtxoji8reVGLB+
lr/ZqzV6CIMu29ikFO/uFuggJphZd8mdgDdpi4zuMK82cdfc3gbozXql/TX8hLCB
et6AvkLJN9dkuiQmuwHbeo9kZclYkzuLQeP4aUjutCM5wT57ligJINpIlnT9c84S
KLlmBEqGPsOWcAqqff747BayEDGcUXAbKLeiJ/rZFkkH7Cj/j34mymzJcbeUQE8d
UOijOjxGl8Ti6+GrP+qs2bOoC77OFodBprVXd5NsJWbWeVQvzFFi
-----END CERTIFICATE-----