Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/def555-9651-4e81-828c-7a94da7d9ee2/1/dtR5QRxrJ-bRpJ-E3u_Ij0wSb-U.roa
File:                     dtR5QRxrJ-bRpJ-E3u_Ij0wSb-U.roa (raw, json)
Hash identifier:          QFx4GS/XFluhLnMBBUmfoq2fT7Zis1+0U5rHDtRTTU8=
Subject key identifier:   76:D4:79:41:1C:6B:27:E6:D1:A4:9F:84:DE:EF:C8:8F:4C:12:6F:E5
Certificate issuer:       /CN=ae6af0d5f38289d34c21ba67c4c39787a42a669e
Certificate serial:       01906F30A9B81E42976686ED977EF6E58C2E
Authority key identifier: AE:6A:F0:D5:F3:82:89:D3:4C:21:BA:67:C4:C3:97:87:A4:2A:66:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rmrw1fOCidNMIbpnxMOXh6QqZp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/def555-9651-4e81-828c-7a94da7d9ee2/1/dtR5QRxrJ-bRpJ-E3u_Ij0wSb-U.roa
Signing time:             Mon 01 Jul 2024 16:46:18 +0000
ROA not before:           Mon 01 Jul 2024 16:46:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.11.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/def555-9651-4e81-828c-7a94da7d9ee2/1/rmrw1fOCidNMIbpnxMOXh6QqZp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/def555-9651-4e81-828c-7a94da7d9ee2/1/rmrw1fOCidNMIbpnxMOXh6QqZp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rmrw1fOCidNMIbpnxMOXh6QqZp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 13:03:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:6f:30:a9:b8:1e:42:97:66:86:ed:97:7e:f6:e5:8c:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae6af0d5f38289d34c21ba67c4c39787a42a669e
        Validity
            Not Before: Jul  1 16:46:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=76d479411c6b27e6d1a49f84deefc88f4c126fe5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:ba:ab:77:16:a2:65:19:0e:97:01:2c:e4:23:
                    41:a2:3e:bb:54:e4:6a:c3:b2:41:e1:4c:94:12:e7:
                    7e:65:20:21:9c:5a:e4:3b:b3:1f:d2:eb:8c:22:5a:
                    5f:8a:5a:4c:33:bd:ea:6f:6a:8d:dd:a9:d5:8c:d9:
                    d4:7a:fc:df:2b:d1:b0:c2:4b:53:0e:63:30:1c:38:
                    ec:aa:06:13:e4:26:8c:eb:4e:75:16:60:57:0f:7d:
                    ab:3d:5c:00:34:1e:62:87:06:d0:89:a5:a9:32:9c:
                    88:2c:01:e0:6b:25:23:52:af:30:a2:be:10:51:9d:
                    b5:12:96:86:90:88:49:1e:3b:3a:f4:db:3c:08:d6:
                    b1:21:42:19:b2:13:66:22:62:fd:7f:06:51:e1:f6:
                    dd:9b:66:71:98:9c:73:5b:fd:5e:88:e8:66:78:fc:
                    69:e5:cc:9d:90:52:30:49:d5:15:a5:7e:98:8c:bd:
                    78:ed:b6:e5:8e:57:4e:1c:b3:d8:00:0a:27:25:08:
                    2d:10:cf:fb:18:09:e6:f0:2b:ad:33:d9:34:f0:3b:
                    95:17:a5:7f:5d:73:22:fe:f7:39:88:89:11:cb:b8:
                    ec:eb:3d:4b:0a:4c:80:15:e1:5f:08:ca:36:3d:d9:
                    44:4b:8a:5c:6e:69:9b:80:bd:f3:ec:35:22:ac:47:
                    31:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:D4:79:41:1C:6B:27:E6:D1:A4:9F:84:DE:EF:C8:8F:4C:12:6F:E5
            X509v3 Authority Key Identifier:
                keyid:AE:6A:F0:D5:F3:82:89:D3:4C:21:BA:67:C4:C3:97:87:A4:2A:66:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rmrw1fOCidNMIbpnxMOXh6QqZp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/def555-9651-4e81-828c-7a94da7d9ee2/1/dtR5QRxrJ-bRpJ-E3u_Ij0wSb-U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/def555-9651-4e81-828c-7a94da7d9ee2/1/rmrw1fOCidNMIbpnxMOXh6QqZp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.11.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:32:09:61:23:09:29:18:d2:91:b7:4e:53:13:94:3d:d5:e0:
         45:2e:6d:b0:8e:4f:38:48:79:c9:5f:13:df:02:4d:e5:e1:3e:
         c7:ac:7e:f2:21:4a:84:9e:54:78:a1:cb:1c:16:42:73:b5:5b:
         3b:04:ad:42:6b:28:40:11:e9:7d:c2:76:9a:2e:f2:17:9b:4f:
         18:90:05:dc:db:e4:25:55:4e:0f:e0:cd:08:8b:ce:e9:9d:9b:
         34:20:07:2f:66:d8:78:3b:a7:0a:0e:e2:fc:30:25:d2:a9:8f:
         c5:25:40:32:98:3e:bf:80:e9:c1:3a:35:b6:39:4f:18:47:00:
         fa:68:9e:b7:0e:fc:df:31:13:62:54:74:b6:7d:72:ed:f3:93:
         7e:74:42:7b:d1:60:36:94:7e:e7:df:5d:77:95:44:45:b1:48:
         d1:92:b1:39:ce:6f:77:04:c0:b7:8f:47:60:b8:2b:ab:5f:bf:
         a8:b6:fe:3a:b1:e8:92:7a:be:7a:e3:ef:e9:87:d8:08:63:92:
         52:43:c4:7a:6c:2e:d6:10:81:65:a7:77:e0:68:2c:54:81:a0:
         ea:be:27:78:20:88:1b:38:9b:6e:46:61:6c:09:c8:b0:6e:10:
         9a:d5:f6:bb:4e:dc:79:43:9e:50:cf:fa:11:95:d5:5d:a4:02:
         4c:58:74:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBvMKm4HkKXZobtl3725YwuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlNmFmMGQ1ZjM4Mjg5ZDM0YzIxYmE2N2M0YzM5Nzg3YTQy
YTY2OWUwHhcNMjQwNzAxMTY0NjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmQ0Nzk0MTFjNmIyN2U2ZDFhNDlmODRkZWVmYzg4ZjRjMTI2ZmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5LqrdxaiZRkOlwEs5CNBoj67VORq
w7JB4UyUEud+ZSAhnFrkO7Mf0uuMIlpfilpMM73qb2qN3anVjNnUevzfK9GwwktT
DmMwHDjsqgYT5CaM6051FmBXD32rPVwANB5ihwbQiaWpMpyILAHgayUjUq8wor4Q
UZ21EpaGkIhJHjs69Ns8CNaxIUIZshNmImL9fwZR4fbdm2ZxmJxzW/1eiOhmePxp
5cydkFIwSdUVpX6YjL147bbljldOHLPYAAonJQgtEM/7GAnm8CutM9k08DuVF6V/
XXMi/vc5iIkRy7js6z1LCkyAFeFfCMo2PdlES4pcbmmbgL3z7DUirEcxiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHbUeUEcayfm0aSfhN7vyI9MEm/lMB8GA1UdIwQY
MBaAFK5q8NXzgonTTCG6Z8TDl4ekKmaeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcm1ydzFmT0NpZE5NSWJwbnhNT1hoNlFxWnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9kZWY1NTUtOTY1MS00ZTgxLTgyOGMt
N2E5NGRhN2Q5ZWUyLzEvZHRSNVFSeHJKLWJScEotRTN1X0lqMHdTYi1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9kZWY1NTUtOTY1MS00ZTgxLTgyOGMtN2E5NGRhN2Q5ZWUy
LzEvcm1ydzFmT0NpZE5NSWJwbnhNT1hoNlFxWnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQtoMA0G
CSqGSIb3DQEBCwUAA4IBAQCoMglhIwkpGNKRt05TE5Q91eBFLm2wjk84SHnJXxPf
Ak3l4T7HrH7yIUqEnlR4ocscFkJztVs7BK1CayhAEel9wnaaLvIXm08YkAXc2+Ql
VU4P4M0Ii87pnZs0IAcvZth4O6cKDuL8MCXSqY/FJUAymD6/gOnBOjW2OU8YRwD6
aJ63DvzfMRNiVHS2fXLt85N+dEJ70WA2lH7n3113lURFsUjRkrE5zm93BMC3j0dg
uCurX7+otv46seiSer564+/ph9gIY5JSQ8R6bC7WEIFlp3fgaCxUgaDqvid4IIgb
OJtuRmFsCciwbhCa1fa7Ttx5Q55Qz/oRldVdpAJMWHS6
-----END CERTIFICATE-----