Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/zvPA1UGui-igyOCxkJMwtvZ5S28.roa
File:                     zvPA1UGui-igyOCxkJMwtvZ5S28.roa (raw, json)
Hash identifier:          /AfKz5TxnkzdqXaxQMADqDtWb4d/fIp2oXqMIKdkCNA=
Subject key identifier:   CE:F3:C0:D5:41:AE:8B:E8:A0:C8:E0:B1:90:93:30:B6:F6:79:4B:6F
Certificate issuer:       /CN=29be02dea0a086e9880f564c86872bbc597cc672
Certificate serial:       0194228E0EC8EB76265BD5DF4A4BA13BB9B7
Authority key identifier: 29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/zvPA1UGui-igyOCxkJMwtvZ5S28.roa
Signing time:             Wed 01 Jan 2025 15:48:42 +0000
ROA not before:           Wed 01 Jan 2025 15:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200473
IP address blocks:        185.82.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 21:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:0e:c8:eb:76:26:5b:d5:df:4a:4b:a1:3b:b9:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29be02dea0a086e9880f564c86872bbc597cc672
        Validity
            Not Before: Jan  1 15:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cef3c0d541ae8be8a0c8e0b1909330b6f6794b6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:1b:d0:18:c1:4e:93:b2:66:2b:82:79:6b:3b:
                    d2:7a:7a:e0:ed:7c:25:8e:ef:ee:d4:51:ab:d2:b2:
                    04:5d:f8:c5:b0:56:f3:50:10:9c:57:e9:b6:ed:13:
                    84:d3:3e:1c:b8:b8:63:cf:bd:92:c0:cd:40:97:86:
                    f3:f7:fd:aa:ed:83:8d:19:b9:ab:b0:24:c1:66:d6:
                    f4:5c:70:59:8d:01:9b:2d:74:b7:ee:7c:c7:15:aa:
                    ca:97:c0:c8:8f:64:99:75:c5:52:8e:0c:28:ca:99:
                    87:c7:67:a8:e4:62:f4:75:9c:dd:a9:87:a6:6a:48:
                    9a:fb:5c:a7:b1:be:6d:52:03:1c:69:aa:64:8e:1a:
                    69:36:d2:7b:de:9d:ee:2a:11:1a:2b:31:46:17:63:
                    23:b3:9c:37:09:93:b3:fd:0a:c9:4f:85:e5:a4:6a:
                    d7:2e:f8:45:11:1c:3e:0a:42:43:11:8d:3c:b9:b2:
                    fd:3e:b1:49:f8:ab:04:ef:0b:f0:96:1b:81:3a:29:
                    81:17:e5:77:73:a1:a4:f1:be:87:c7:0a:2f:16:32:
                    92:85:3a:1a:68:b8:e2:31:68:99:6c:fc:1e:9c:5c:
                    e7:59:cf:db:b7:94:62:7c:90:2e:89:5c:10:6d:49:
                    24:62:e4:d4:33:b1:f8:d6:df:44:24:76:6c:04:6a:
                    23:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:F3:C0:D5:41:AE:8B:E8:A0:C8:E0:B1:90:93:30:B6:F6:79:4B:6F
            X509v3 Authority Key Identifier:
                keyid:29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/zvPA1UGui-igyOCxkJMwtvZ5S28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.82.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:b7:9e:b7:d4:28:e2:12:1d:3c:f0:de:01:45:66:9a:37:af:
         ca:3c:19:89:7e:56:22:78:10:cd:fc:10:20:a0:ac:c4:62:c5:
         f6:23:dd:f5:9f:31:18:ed:6c:6a:f8:23:c3:0f:4d:ae:c6:8b:
         3e:5e:ba:0f:35:e4:b8:e3:86:e6:60:6a:c0:c9:00:5a:69:21:
         8d:6a:f4:99:27:bd:56:ec:1e:08:4e:52:96:85:e1:45:11:a8:
         66:62:4c:86:29:23:ce:be:d9:69:6c:32:07:22:6d:02:2c:d3:
         66:ff:ed:48:b9:d6:20:ec:42:d9:7e:58:67:da:cd:63:01:3b:
         5d:bb:fa:d0:af:95:e3:52:49:0a:12:ea:1b:43:7a:a7:e0:b9:
         67:ac:35:83:88:a6:2b:ae:b8:42:96:25:22:e5:d6:07:62:b6:
         68:4d:b0:11:6c:c8:f3:74:97:a2:9c:60:31:3d:1c:ef:0c:c6:
         5d:d0:cb:07:74:f6:73:4c:b5:01:c2:61:ea:d3:6b:61:58:84:
         e0:e8:3e:ed:d5:86:2c:a6:84:5e:bb:c3:9c:f1:0d:89:fa:cb:
         13:3f:2f:99:6e:24:c0:d9:44:bd:c8:d4:54:6e:55:bf:c6:c7:
         07:b0:da:65:dc:1a:43:f5:55:4f:75:32:ee:a7:b5:1e:5d:49:
         b7:a2:79:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijg7I63YmW9XfSkuhO7m3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5YmUwMmRlYTBhMDg2ZTk4ODBmNTY0Yzg2ODcyYmJjNTk3
Y2M2NzIwHhcNMjUwMTAxMTU0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWYzYzBkNTQxYWU4YmU4YTBjOGUwYjE5MDkzMzBiNmY2Nzk0YjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuBvQGMFOk7JmK4J5azvSenrg7Xwl
ju/u1FGr0rIEXfjFsFbzUBCcV+m27ROE0z4cuLhjz72SwM1Al4bz9/2q7YONGbmr
sCTBZtb0XHBZjQGbLXS37nzHFarKl8DIj2SZdcVSjgwoypmHx2eo5GL0dZzdqYem
akia+1ynsb5tUgMcaapkjhppNtJ73p3uKhEaKzFGF2Mjs5w3CZOz/QrJT4XlpGrX
LvhFERw+CkJDEY08ubL9PrFJ+KsE7wvwlhuBOimBF+V3c6Gk8b6HxwovFjKShToa
aLjiMWiZbPwenFznWc/bt5RifJAuiVwQbUkkYuTUM7H41t9EJHZsBGojsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM7zwNVBrovooMjgsZCTMLb2eUtvMB8GA1UdIwQY
MBaAFCm+At6goIbpiA9WTIaHK7xZfMZyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMt
MDAzYTE1NjhiZjNmLzEvenZQQTFVR3VpLWlneU9DeGtKTXd0dlo1UzI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMtMDAzYTE1NjhiZjNm
LzEvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVILMA0G
CSqGSIb3DQEBCwUAA4IBAQAot5631CjiEh088N4BRWaaN6/KPBmJflYieBDN/BAg
oKzEYsX2I931nzEY7Wxq+CPDD02uxos+XroPNeS444bmYGrAyQBaaSGNavSZJ71W
7B4ITlKWheFFEahmYkyGKSPOvtlpbDIHIm0CLNNm/+1IudYg7ELZflhn2s1jATtd
u/rQr5XjUkkKEuobQ3qn4LlnrDWDiKYrrrhCliUi5dYHYrZoTbARbMjzdJeinGAx
PRzvDMZd0MsHdPZzTLUBwmHq02thWITg6D7t1YYspoReu8Oc8Q2J+ssTPy+ZbiTA
2US9yNRUblW/xscHsNpl3BpD9VVPdTLup7UeXUm3onnO
-----END CERTIFICATE-----