Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/def555-9651-4e81-828c-7a94da7d9ee2/1/W8HdoS1T8uaMpM9YFeme5afjmm8.roa
File:                     W8HdoS1T8uaMpM9YFeme5afjmm8.roa (raw, json)
Hash identifier:          MVcxUXAqk+tB4gBwDZOl3zZvyfrQXKh2vGJmtjrVMqc=
Subject key identifier:   5B:C1:DD:A1:2D:53:F2:E6:8C:A4:CF:58:15:E9:9E:E5:A7:E3:9A:6F
Certificate issuer:       /CN=ae6af0d5f38289d34c21ba67c4c39787a42a669e
Certificate serial:       0194206844F8F0758ECDEF2CD2AE2C4101FA
Authority key identifier: AE:6A:F0:D5:F3:82:89:D3:4C:21:BA:67:C4:C3:97:87:A4:2A:66:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rmrw1fOCidNMIbpnxMOXh6QqZp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/def555-9651-4e81-828c-7a94da7d9ee2/1/W8HdoS1T8uaMpM9YFeme5afjmm8.roa
Signing time:             Wed 01 Jan 2025 05:48:11 +0000
ROA not before:           Wed 01 Jan 2025 05:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        185.11.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/def555-9651-4e81-828c-7a94da7d9ee2/1/rmrw1fOCidNMIbpnxMOXh6QqZp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/def555-9651-4e81-828c-7a94da7d9ee2/1/rmrw1fOCidNMIbpnxMOXh6QqZp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rmrw1fOCidNMIbpnxMOXh6QqZp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:44:f8:f0:75:8e:cd:ef:2c:d2:ae:2c:41:01:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae6af0d5f38289d34c21ba67c4c39787a42a669e
        Validity
            Not Before: Jan  1 05:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5bc1dda12d53f2e68ca4cf5815e99ee5a7e39a6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fb:40:cc:e1:64:b7:c3:d8:ca:15:ff:cc:eb:9f:
                    32:1c:9d:f1:2e:bb:4f:63:f9:74:c8:54:76:4a:c2:
                    41:36:3b:3c:a6:f4:fe:c5:04:05:90:39:fb:81:5f:
                    dc:c7:10:15:b1:74:e5:48:08:2a:57:34:d3:c2:89:
                    31:8c:83:fa:f9:20:2d:8c:6a:fb:d3:57:14:22:b6:
                    da:93:66:4a:d0:f3:5b:2e:45:ad:fb:6d:04:99:56:
                    da:e1:1e:ea:a0:d5:e4:51:01:48:33:a1:2d:fd:63:
                    1a:5f:2d:16:e4:f3:e7:73:0d:69:6e:5a:fb:13:ac:
                    a0:76:f0:06:06:3c:59:05:7a:21:c8:39:4c:c2:7e:
                    bf:13:60:58:c5:9a:03:d2:e5:86:ec:33:0c:c4:3e:
                    ac:e3:2d:f3:65:17:f7:6c:83:f0:4a:b0:c4:07:9f:
                    5f:66:60:e0:0e:a3:bb:6d:ec:e5:70:29:d5:4f:d1:
                    c2:09:03:43:c7:35:35:0d:79:3b:bf:3e:96:30:4c:
                    5b:3e:d2:bf:ee:89:3e:39:30:1c:25:74:67:16:2d:
                    34:47:f0:da:da:69:4a:c8:f3:fe:87:11:b0:34:60:
                    f9:f8:07:21:ae:fd:20:5f:2e:7e:eb:e2:6d:04:a0:
                    11:d7:50:d8:8e:c9:fa:ef:57:3a:1c:ae:66:58:64:
                    ab:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:C1:DD:A1:2D:53:F2:E6:8C:A4:CF:58:15:E9:9E:E5:A7:E3:9A:6F
            X509v3 Authority Key Identifier:
                keyid:AE:6A:F0:D5:F3:82:89:D3:4C:21:BA:67:C4:C3:97:87:A4:2A:66:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rmrw1fOCidNMIbpnxMOXh6QqZp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/def555-9651-4e81-828c-7a94da7d9ee2/1/W8HdoS1T8uaMpM9YFeme5afjmm8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/def555-9651-4e81-828c-7a94da7d9ee2/1/rmrw1fOCidNMIbpnxMOXh6QqZp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.11.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:8c:c8:f6:9e:a5:28:78:73:b9:30:e9:a4:24:14:ba:3e:8e:
         05:d0:5b:28:87:65:d9:87:15:a9:48:6a:04:c8:e3:ea:8c:54:
         27:65:e6:21:17:34:26:b1:a4:5f:ae:fa:28:47:62:39:b0:4b:
         39:2a:1d:58:0b:e6:23:b2:df:53:5f:b2:55:ca:f3:43:e2:cb:
         5c:4c:fe:65:22:9b:2b:0e:9f:e0:08:f4:74:33:61:fd:7a:d9:
         d3:47:d3:63:32:9e:0c:46:a4:43:3f:0e:ca:06:2c:ef:98:60:
         14:89:15:77:83:5b:53:f3:d7:74:03:86:a1:3c:10:a7:7c:db:
         29:26:1a:b3:ec:2f:4c:3c:e1:f6:51:2b:28:5e:61:7e:78:b9:
         fa:2e:0c:55:f0:8e:58:df:d4:f0:aa:c1:21:08:4e:33:b5:c9:
         4f:16:d3:18:e6:03:64:73:fe:be:f0:1e:b0:b7:cb:59:19:0e:
         c6:ed:f5:be:63:df:84:33:b7:cd:8b:93:1c:76:21:01:00:8e:
         17:48:dd:db:ef:ff:8d:5b:c4:55:ca:6d:ce:64:11:9c:fb:3f:
         76:5d:4e:b9:b0:6f:2c:97:d9:f0:c1:6f:82:ea:de:1a:8d:5a:
         68:d8:ac:a5:c4:04:80:20:88:d5:66:4d:db:43:df:c4:9a:90:
         f8:d8:8f:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaET48HWOze8s0q4sQQH6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlNmFmMGQ1ZjM4Mjg5ZDM0YzIxYmE2N2M0YzM5Nzg3YTQy
YTY2OWUwHhcNMjUwMTAxMDU0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmMxZGRhMTJkNTNmMmU2OGNhNGNmNTgxNWU5OWVlNWE3ZTM5YTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+0DM4WS3w9jKFf/M658yHJ3xLrtP
Y/l0yFR2SsJBNjs8pvT+xQQFkDn7gV/cxxAVsXTlSAgqVzTTwokxjIP6+SAtjGr7
01cUIrbak2ZK0PNbLkWt+20EmVba4R7qoNXkUQFIM6Et/WMaXy0W5PPncw1pblr7
E6ygdvAGBjxZBXohyDlMwn6/E2BYxZoD0uWG7DMMxD6s4y3zZRf3bIPwSrDEB59f
ZmDgDqO7bezlcCnVT9HCCQNDxzU1DXk7vz6WMExbPtK/7ok+OTAcJXRnFi00R/Da
2mlKyPP+hxGwNGD5+Achrv0gXy5+6+JtBKAR11DYjsn671c6HK5mWGSrQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFvB3aEtU/LmjKTPWBXpnuWn45pvMB8GA1UdIwQY
MBaAFK5q8NXzgonTTCG6Z8TDl4ekKmaeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcm1ydzFmT0NpZE5NSWJwbnhNT1hoNlFxWnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9kZWY1NTUtOTY1MS00ZTgxLTgyOGMt
N2E5NGRhN2Q5ZWUyLzEvVzhIZG9TMVQ4dWFNcE05WUZlbWU1YWZqbW04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9kZWY1NTUtOTY1MS00ZTgxLTgyOGMtN2E5NGRhN2Q5ZWUy
LzEvcm1ydzFmT0NpZE5NSWJwbnhNT1hoNlFxWnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQtoMA0G
CSqGSIb3DQEBCwUAA4IBAQAtjMj2nqUoeHO5MOmkJBS6Po4F0Fsoh2XZhxWpSGoE
yOPqjFQnZeYhFzQmsaRfrvooR2I5sEs5Kh1YC+Yjst9TX7JVyvND4stcTP5lIpsr
Dp/gCPR0M2H9etnTR9NjMp4MRqRDPw7KBizvmGAUiRV3g1tT89d0A4ahPBCnfNsp
Jhqz7C9MPOH2USsoXmF+eLn6LgxV8I5Y39TwqsEhCE4ztclPFtMY5gNkc/6+8B6w
t8tZGQ7G7fW+Y9+EM7fNi5McdiEBAI4XSN3b7/+NW8RVym3OZBGc+z92XU65sG8s
l9nwwW+C6t4ajVpo2KylxASAIIjVZk3bQ9/EmpD42I/w
-----END CERTIFICATE-----