Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/yG_twx-dd9H2XjWAlmDs6-1PhvE.roa
File:                     yG_twx-dd9H2XjWAlmDs6-1PhvE.roa (raw, json)
Hash identifier:          5jGa/GdPOThFJN5xgl//Wg8pp0KI4oShZg818sdGaco=
Subject key identifier:   C8:6F:ED:C3:1F:9D:77:D1:F6:5E:35:80:96:60:EC:EB:ED:4F:86:F1
Certificate issuer:       /CN=d45bdf6eec08370ae1f67e83f99b5ac1fe26872c
Certificate serial:       019427484B964FB3B07407FAE18E71C8D78A
Authority key identifier: D4:5B:DF:6E:EC:08:37:0A:E1:F6:7E:83:F9:9B:5A:C1:FE:26:87:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/yG_twx-dd9H2XjWAlmDs6-1PhvE.roa
Signing time:             Thu 02 Jan 2025 13:50:36 +0000
ROA not before:           Thu 02 Jan 2025 13:50:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60750
IP address blocks:        85.203.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 05:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:4b:96:4f:b3:b0:74:07:fa:e1:8e:71:c8:d7:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d45bdf6eec08370ae1f67e83f99b5ac1fe26872c
        Validity
            Not Before: Jan  2 13:50:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c86fedc31f9d77d1f65e35809660ecebed4f86f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:e1:f1:33:5c:63:ba:d5:f0:9a:97:8c:c6:c5:
                    78:ab:cf:85:72:31:a6:f3:2d:60:75:e7:f2:4c:78:
                    9f:1b:22:d2:d7:94:6c:22:99:57:bd:6c:52:0e:ae:
                    6f:1b:68:10:d2:28:b2:ef:20:ea:f8:2b:15:01:40:
                    26:a8:00:dd:aa:bd:bf:99:e5:95:43:a1:44:f9:5c:
                    53:eb:82:6e:46:c9:bf:73:09:ab:98:07:0b:0d:a1:
                    8d:03:13:6f:50:32:ca:ce:46:01:4a:9d:53:b8:e5:
                    d2:5b:2a:60:34:14:67:e1:6b:29:ae:5b:58:01:22:
                    8e:a6:e7:d1:37:6b:33:85:97:af:83:d4:ee:40:b1:
                    df:98:20:9d:2c:d9:bc:d3:80:51:9f:0b:9e:78:ec:
                    4c:a9:61:2f:60:04:99:b3:46:e2:eb:0e:45:0d:42:
                    d7:ee:0e:25:ba:ee:00:89:10:84:45:0a:a5:e7:79:
                    ef:e4:58:94:60:b9:a4:59:77:83:f1:97:84:01:4f:
                    47:83:9d:27:7b:71:05:d4:7a:b6:14:2c:9c:99:23:
                    64:70:f5:f1:9f:71:7e:bb:3f:4a:03:25:2f:18:e0:
                    d5:ba:f1:f6:4e:f0:c5:5a:28:cb:2e:06:8e:3c:20:
                    c1:e0:ef:2f:74:e9:91:32:73:0c:73:3e:d5:f9:49:
                    66:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:6F:ED:C3:1F:9D:77:D1:F6:5E:35:80:96:60:EC:EB:ED:4F:86:F1
            X509v3 Authority Key Identifier:
                keyid:D4:5B:DF:6E:EC:08:37:0A:E1:F6:7E:83:F9:9B:5A:C1:FE:26:87:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/yG_twx-dd9H2XjWAlmDs6-1PhvE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.203.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:8a:18:9e:c5:4c:96:69:1c:ef:50:a2:70:16:2f:08:c6:db:
         4e:ea:44:d9:06:04:2b:fa:35:34:79:75:17:06:31:5a:be:ae:
         74:84:85:d3:a8:e9:a6:b0:87:ed:3f:f8:7c:d5:65:75:77:3e:
         6b:54:51:15:d2:a1:97:54:fa:31:14:03:af:88:f5:f1:c7:0c:
         30:95:5e:92:be:67:46:01:30:22:23:89:c4:b5:47:bc:29:f9:
         27:a8:7b:67:8f:c9:43:51:4d:84:54:ab:76:f2:02:ef:42:4c:
         34:32:13:80:42:51:85:4f:b8:e8:c9:86:23:64:c1:1b:c7:ef:
         34:e6:1c:1f:1c:c2:fe:d2:a4:96:65:26:df:8a:1c:68:34:95:
         e3:76:95:9b:70:22:6a:2b:bf:76:fb:a2:ec:11:62:fe:7f:64:
         7a:26:27:a5:15:f2:13:80:13:2e:2d:74:bf:5c:d4:f5:0f:f9:
         9f:3e:2e:1c:89:50:39:5e:40:e2:a2:63:c7:db:e0:41:11:3a:
         98:b9:3d:84:3f:74:af:3b:b8:b3:b8:16:23:93:7f:90:6b:4c:
         31:c3:3a:2a:6c:d3:6a:e9:c8:01:b1:73:f1:05:f4:24:a9:f4:
         10:b0:85:ec:db:77:fc:3f:26:d6:77:6f:f4:a2:17:2b:5f:1b:
         46:ac:0e:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSEuWT7OwdAf64Y5xyNeKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NWJkZjZlZWMwODM3MGFlMWY2N2U4M2Y5OWI1YWMxZmUy
Njg3MmMwHhcNMjUwMTAyMTM1MDM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODZmZWRjMzFmOWQ3N2QxZjY1ZTM1ODA5NjYwZWNlYmVkNGY4NmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoeHxM1xjutXwmpeMxsV4q8+FcjGm
8y1gdefyTHifGyLS15RsIplXvWxSDq5vG2gQ0iiy7yDq+CsVAUAmqADdqr2/meWV
Q6FE+VxT64JuRsm/cwmrmAcLDaGNAxNvUDLKzkYBSp1TuOXSWypgNBRn4WsprltY
ASKOpufRN2szhZevg9TuQLHfmCCdLNm804BRnwueeOxMqWEvYASZs0bi6w5FDULX
7g4luu4AiRCERQql53nv5FiUYLmkWXeD8ZeEAU9Hg50ne3EF1Hq2FCycmSNkcPXx
n3F+uz9KAyUvGODVuvH2TvDFWijLLgaOPCDB4O8vdOmRMnMMcz7V+UlmUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMhv7cMfnXfR9l41gJZg7OvtT4bxMB8GA1UdIwQY
MBaAFNRb327sCDcK4fZ+g/mbWsH+JocsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUZ2ZmJ1d0lOd3JoOW42RC1adGF3ZjRtaHl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9lMmRmZmYtOGJhOC00YmNmLWFjMzEt
OTg0NjM4NTllY2MxLzEveUdfdHd4LWRkOUgyWGpXQWxtRHM2LTFQaHZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9lMmRmZmYtOGJhOC00YmNmLWFjMzEtOTg0NjM4NTllY2Mx
LzEvMUZ2ZmJ1d0lOd3JoOW42RC1adGF3ZjRtaHl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVcsLMA0G
CSqGSIb3DQEBCwUAA4IBAQAsihiexUyWaRzvUKJwFi8IxttO6kTZBgQr+jU0eXUX
BjFavq50hIXTqOmmsIftP/h81WV1dz5rVFEV0qGXVPoxFAOviPXxxwwwlV6SvmdG
ATAiI4nEtUe8KfknqHtnj8lDUU2EVKt28gLvQkw0MhOAQlGFT7joyYYjZMEbx+80
5hwfHML+0qSWZSbfihxoNJXjdpWbcCJqK792+6LsEWL+f2R6JielFfITgBMuLXS/
XNT1D/mfPi4ciVA5XkDiomPH2+BBETqYuT2EP3SvO7izuBYjk3+Qa0wxwzoqbNNq
6cgBsXPxBfQkqfQQsIXs23f8PybWd2/0ohcrXxtGrA4l
-----END CERTIFICATE-----