Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/a43f79-f728-4645-a71e-c305c8d9a319/1/f_4bnJXdMBrWxpYtFBJpH8Bqm-U.roa
File:                     f_4bnJXdMBrWxpYtFBJpH8Bqm-U.roa (raw, json)
Hash identifier:          7mT2nXJRoDTq1rwwF8w2+5XwWETvVnI796Gd4d+Aoxw=
Subject key identifier:   7F:FE:1B:9C:95:DD:30:1A:D6:C6:96:2D:14:12:69:1F:C0:6A:9B:E5
Certificate issuer:       /CN=11145fde01af810760ee61bcf354cf962ac460d9
Certificate serial:       019763C05227DA5ACC4D67E9FF0008892DE6
Authority key identifier: 11:14:5F:DE:01:AF:81:07:60:EE:61:BC:F3:54:CF:96:2A:C4:60:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ERRf3gGvgQdg7mG881TPlirEYNk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/a43f79-f728-4645-a71e-c305c8d9a319/1/f_4bnJXdMBrWxpYtFBJpH8Bqm-U.roa
Signing time:             Thu 12 Jun 2025 10:47:17 +0000
ROA not before:           Thu 12 Jun 2025 10:47:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     11232
IP address blocks:        185.102.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/a43f79-f728-4645-a71e-c305c8d9a319/1/ERRf3gGvgQdg7mG881TPlirEYNk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/a43f79-f728-4645-a71e-c305c8d9a319/1/ERRf3gGvgQdg7mG881TPlirEYNk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ERRf3gGvgQdg7mG881TPlirEYNk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:63:c0:52:27:da:5a:cc:4d:67:e9:ff:00:08:89:2d:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11145fde01af810760ee61bcf354cf962ac460d9
        Validity
            Not Before: Jun 12 10:47:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7ffe1b9c95dd301ad6c6962d1412691fc06a9be5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:76:7a:3c:60:08:0d:d8:24:cd:99:d1:23:c3:
                    2c:30:4b:9a:52:22:ae:e8:58:5c:10:d6:08:43:b0:
                    85:cf:f3:01:a9:c1:2e:3c:1f:d7:da:f1:d0:97:2b:
                    3f:ca:be:c9:2d:10:77:f8:c6:d0:86:c5:63:49:cc:
                    3b:1a:83:ce:91:55:39:8b:63:d8:6b:04:bc:71:4c:
                    5f:9b:71:fd:34:ad:72:64:77:9d:07:6c:61:f3:2a:
                    53:e1:d2:9e:1c:6f:fa:3c:16:46:01:89:3d:7b:0d:
                    b0:72:61:29:ca:40:cc:72:d4:99:e5:5b:43:09:6c:
                    10:1b:7d:b0:39:f0:f2:ba:1e:2f:e8:f3:68:a3:d2:
                    bb:17:6c:39:23:8e:3c:83:d9:1b:d9:8b:2d:e4:0e:
                    3b:77:4f:89:99:60:d4:c6:0a:1b:2b:ff:97:97:65:
                    6f:1b:69:57:2c:17:7e:ee:73:4b:fe:cf:b4:4c:25:
                    d9:50:64:74:24:86:9f:bc:22:2b:a2:58:a4:c0:0a:
                    4e:ab:d9:4c:4d:46:a2:f4:f8:00:20:b8:85:17:d2:
                    9f:77:d8:4d:45:5e:0c:92:aa:3c:96:de:a5:ca:a9:
                    1e:fc:de:fd:89:04:a4:4a:1b:54:af:df:86:f4:08:
                    3c:c0:33:e9:54:31:99:a6:01:e1:95:ce:a6:d2:d0:
                    3f:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:FE:1B:9C:95:DD:30:1A:D6:C6:96:2D:14:12:69:1F:C0:6A:9B:E5
            X509v3 Authority Key Identifier:
                keyid:11:14:5F:DE:01:AF:81:07:60:EE:61:BC:F3:54:CF:96:2A:C4:60:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ERRf3gGvgQdg7mG881TPlirEYNk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/a43f79-f728-4645-a71e-c305c8d9a319/1/f_4bnJXdMBrWxpYtFBJpH8Bqm-U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/a43f79-f728-4645-a71e-c305c8d9a319/1/ERRf3gGvgQdg7mG881TPlirEYNk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.102.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:97:78:0d:b6:1a:7f:1c:fa:6a:37:e0:3a:5c:44:bf:9f:b0:
         6b:4e:d8:54:1c:af:90:21:86:bb:66:ae:5a:5e:05:dc:78:0e:
         01:f4:ce:8b:97:ca:c0:db:7d:5e:c2:c0:79:5a:83:97:ea:c4:
         2a:f0:7b:72:83:4d:1d:a6:ba:66:61:f6:80:65:ed:d6:5f:bd:
         52:d0:cf:b8:3d:b5:96:98:e7:a3:81:46:ea:84:6f:d1:b4:2c:
         ea:2f:ef:5c:7c:b7:f3:8c:e1:40:94:ed:17:1c:60:1a:f0:76:
         e5:f9:2f:e1:bc:67:3c:9d:7a:10:a3:59:a1:07:6d:6f:83:52:
         a6:fc:20:b5:97:85:26:9b:38:8b:ca:1d:ba:6c:3b:f6:7e:cd:
         41:32:ef:e8:5a:ca:d8:4c:99:9a:92:01:f9:8c:30:18:0a:5c:
         eb:be:03:8d:4b:7d:45:b0:ad:03:c0:06:7c:65:83:53:5e:7a:
         f2:ea:f1:27:6e:f8:9e:b0:20:8c:83:9a:5d:6f:94:cf:26:0d:
         fb:ff:95:ae:33:d5:7a:5b:4b:4c:50:cb:d8:8e:78:1f:64:5d:
         2e:56:14:fc:a0:9e:15:4f:53:84:10:a0:42:91:0b:ef:0f:00:
         be:03:e6:d0:d7:e4:98:2f:ea:40:94:65:0f:12:ed:9b:26:20:
         8a:4f:ee:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdjwFIn2lrMTWfp/wAIiS3mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExMTQ1ZmRlMDFhZjgxMDc2MGVlNjFiY2YzNTRjZjk2MmFj
NDYwZDkwHhcNMjUwNjEyMTA0NzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmZlMWI5Yzk1ZGQzMDFhZDZjNjk2MmQxNDEyNjkxZmMwNmE5YmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8nZ6PGAIDdgkzZnRI8MsMEuaUiKu
6FhcENYIQ7CFz/MBqcEuPB/X2vHQlys/yr7JLRB3+MbQhsVjScw7GoPOkVU5i2PY
awS8cUxfm3H9NK1yZHedB2xh8ypT4dKeHG/6PBZGAYk9ew2wcmEpykDMctSZ5VtD
CWwQG32wOfDyuh4v6PNoo9K7F2w5I448g9kb2Yst5A47d0+JmWDUxgobK/+Xl2Vv
G2lXLBd+7nNL/s+0TCXZUGR0JIafvCIrolikwApOq9lMTUai9PgAILiFF9Kfd9hN
RV4Mkqo8lt6lyqke/N79iQSkShtUr9+G9Ag8wDPpVDGZpgHhlc6m0tA/cQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH/+G5yV3TAa1saWLRQSaR/AapvlMB8GA1UdIwQY
MBaAFBEUX94Br4EHYO5hvPNUz5YqxGDZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVJSZjNnR3ZnUWRnN21HODgxVFBsaXJFWU5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC9hNDNmNzktZjcyOC00NjQ1LWE3MWUt
YzMwNWM4ZDlhMzE5LzEvZl80Ym5KWGRNQnJXeHBZdEZCSnBIOEJxbS1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC9hNDNmNzktZjcyOC00NjQ1LWE3MWUtYzMwNWM4ZDlhMzE5
LzEvRVJSZjNnR3ZnUWRnN21HODgxVFBsaXJFWU5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWZvMA0G
CSqGSIb3DQEBCwUAA4IBAQBjl3gNthp/HPpqN+A6XES/n7BrTthUHK+QIYa7Zq5a
XgXceA4B9M6Ll8rA231ewsB5WoOX6sQq8Htyg00dprpmYfaAZe3WX71S0M+4PbWW
mOejgUbqhG/RtCzqL+9cfLfzjOFAlO0XHGAa8Hbl+S/hvGc8nXoQo1mhB21vg1Km
/CC1l4UmmziLyh26bDv2fs1BMu/oWsrYTJmakgH5jDAYClzrvgONS31FsK0DwAZ8
ZYNTXnry6vEnbviesCCMg5pdb5TPJg37/5WuM9V6W0tMUMvYjngfZF0uVhT8oJ4V
T1OEEKBCkQvvDwC+A+bQ1+SYL+pAlGUPEu2bJiCKT+4E
-----END CERTIFICATE-----