Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/tObryqj4_uQtGJ6A9dznl4mcXvY.roa
File:                     tObryqj4_uQtGJ6A9dznl4mcXvY.roa (raw, json)
Hash identifier:          ZmeGI9tWlMBj6YU965jCFTtroOtiN7c3aKRYzf+l5Nc=
Subject key identifier:   B4:E6:EB:CA:A8:F8:FE:E4:2D:18:9E:80:F5:DC:E7:97:89:9C:5E:F6
Certificate issuer:       /CN=29be02dea0a086e9880f564c86872bbc597cc672
Certificate serial:       018CC79449A47441C98B43809AD2B724EB36
Authority key identifier: 29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/tObryqj4_uQtGJ6A9dznl4mcXvY.roa
Signing time:             Tue 02 Jan 2024 00:30:33 +0000
ROA not before:           Tue 02 Jan 2024 00:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200473
IP address blocks:        185.82.11.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:49:a4:74:41:c9:8b:43:80:9a:d2:b7:24:eb:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29be02dea0a086e9880f564c86872bbc597cc672
        Validity
            Not Before: Jan  2 00:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b4e6ebcaa8f8fee42d189e80f5dce797899c5ef6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:a5:85:e3:60:1b:f3:75:de:75:9c:7c:90:8a:
                    7b:74:09:30:7e:e6:94:a5:aa:59:e6:ab:df:bc:d5:
                    91:64:d5:6c:79:e9:0a:0e:2d:41:8e:d8:08:24:f0:
                    01:1f:f0:bf:31:24:08:16:0d:6d:8b:22:14:2e:f1:
                    cc:62:86:e2:cb:86:03:b9:9c:d3:29:70:5d:4b:f9:
                    cf:89:34:42:74:f0:ab:7f:e5:cc:83:44:1a:0b:d5:
                    9d:f9:63:75:74:64:64:67:0e:ee:8d:68:9d:80:e3:
                    c3:9f:f0:c9:3b:8b:46:c0:22:d2:7a:fe:70:8d:00:
                    65:db:4a:4d:e3:ae:64:f3:00:85:10:04:b3:76:6c:
                    47:04:ba:20:5d:ad:35:97:67:f7:e8:53:d3:1d:f3:
                    5b:64:1d:e5:27:c3:1c:97:be:5c:16:1a:39:27:59:
                    53:ae:20:91:25:7e:9c:8d:15:c9:e9:0d:7f:c1:8c:
                    23:16:33:ad:46:44:86:26:78:8b:e6:dd:89:42:a7:
                    41:ed:13:c2:b8:50:5d:d6:6f:b8:0c:b6:cc:6d:a5:
                    6d:32:bc:2c:c0:30:20:5b:85:2f:22:c3:13:a2:36:
                    89:95:2c:19:8b:20:f1:6d:46:e4:75:84:12:6c:31:
                    09:9b:2a:1b:cf:5d:9a:fd:c8:47:69:5c:36:12:15:
                    4b:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:E6:EB:CA:A8:F8:FE:E4:2D:18:9E:80:F5:DC:E7:97:89:9C:5E:F6
            X509v3 Authority Key Identifier:
                keyid:29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/tObryqj4_uQtGJ6A9dznl4mcXvY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.82.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:43:fe:ab:63:ea:40:79:72:80:99:46:a1:1a:75:6a:b9:52:
         05:cf:6e:af:fe:ae:8c:b6:48:5e:6c:9e:ea:10:bd:34:d7:5e:
         fd:62:e6:87:1b:64:83:f7:53:98:f3:69:a3:7e:fd:49:4b:0f:
         28:c2:4c:55:6d:91:2d:7d:f3:5a:b6:69:c2:ab:7d:f4:a0:34:
         22:8f:88:79:26:67:2f:fc:66:c8:4b:8d:66:10:c2:fb:28:7b:
         19:0d:b5:8a:48:e6:e0:49:56:2d:1b:81:19:dd:33:72:f4:7f:
         2e:39:0c:36:b8:89:49:85:db:76:d7:08:6e:83:44:74:4e:d7:
         18:5e:d9:09:d3:af:ec:75:5b:df:28:be:8d:ea:98:27:36:c7:
         94:fe:25:f6:7b:92:69:63:4c:74:2f:6f:d9:b8:28:2a:a3:0d:
         87:ff:2f:c7:1b:59:7b:fd:2b:ad:4d:b8:75:bd:ad:22:05:9e:
         a4:ce:77:b5:91:ad:a9:2b:ca:8f:c5:c7:68:ea:a1:69:8b:24:
         58:ea:13:7a:f3:d6:52:7c:62:7c:76:cf:82:a9:fd:80:d6:64:
         0d:6b:91:2d:88:29:9b:fc:ea:0f:55:40:b5:14:92:db:ef:f0:
         5e:b5:84:c8:98:65:f3:57:49:ba:e1:e6:84:18:70:87:ac:30:
         c5:c3:d6:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlEmkdEHJi0OAmtK3JOs2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5YmUwMmRlYTBhMDg2ZTk4ODBmNTY0Yzg2ODcyYmJjNTk3
Y2M2NzIwHhcNMjQwMTAyMDAzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGU2ZWJjYWE4ZjhmZWU0MmQxODllODBmNWRjZTc5Nzg5OWM1ZWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmaWF42Ab83XedZx8kIp7dAkwfuaU
papZ5qvfvNWRZNVseekKDi1BjtgIJPABH/C/MSQIFg1tiyIULvHMYobiy4YDuZzT
KXBdS/nPiTRCdPCrf+XMg0QaC9Wd+WN1dGRkZw7ujWidgOPDn/DJO4tGwCLSev5w
jQBl20pN465k8wCFEASzdmxHBLogXa01l2f36FPTHfNbZB3lJ8Mcl75cFho5J1lT
riCRJX6cjRXJ6Q1/wYwjFjOtRkSGJniL5t2JQqdB7RPCuFBd1m+4DLbMbaVtMrws
wDAgW4UvIsMTojaJlSwZiyDxbUbkdYQSbDEJmyobz12a/chHaVw2EhVLRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLTm68qo+P7kLRiegPXc55eJnF72MB8GA1UdIwQY
MBaAFCm+At6goIbpiA9WTIaHK7xZfMZyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMt
MDAzYTE1NjhiZjNmLzEvdE9icnlxajRfdVF0R0o2QTlkem5sNG1jWHZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMtMDAzYTE1NjhiZjNm
LzEvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVILMA0G
CSqGSIb3DQEBCwUAA4IBAQAKQ/6rY+pAeXKAmUahGnVquVIFz26v/q6MtkhebJ7q
EL001179YuaHG2SD91OY82mjfv1JSw8owkxVbZEtffNatmnCq330oDQij4h5Jmcv
/GbIS41mEML7KHsZDbWKSObgSVYtG4EZ3TNy9H8uOQw2uIlJhdt21whug0R0TtcY
XtkJ06/sdVvfKL6N6pgnNseU/iX2e5JpY0x0L2/ZuCgqow2H/y/HG1l7/SutTbh1
va0iBZ6kzne1ka2pK8qPxcdo6qFpiyRY6hN689ZSfGJ8ds+Cqf2A1mQNa5EtiCmb
/OoPVUC1FJLb7/BetYTImGXzV0m64eaEGHCHrDDFw9bq
-----END CERTIFICATE-----