Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/Q-Np8U7SuDdfbOZheYnL8etRgWQ.roa
File:                     Q-Np8U7SuDdfbOZheYnL8etRgWQ.roa (raw, json)
Hash identifier:          Milt1CHeFzwAnTN6xV4QdEwg7aWe26jDWeQILVqlw20=
Subject key identifier:   43:E3:69:F1:4E:D2:B8:37:5F:6C:E6:61:79:89:CB:F1:EB:51:81:64
Certificate issuer:       /CN=a7fd3f89335dcf828666b28fad8ae993bd448878
Certificate serial:       0195D7590445A4DDAA97090452D557D3BBEA
Authority key identifier: A7:FD:3F:89:33:5D:CF:82:86:66:B2:8F:AD:8A:E9:93:BD:44:88:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/Q-Np8U7SuDdfbOZheYnL8etRgWQ.roa
Signing time:             Thu 27 Mar 2025 11:24:49 +0000
ROA not before:           Thu 27 Mar 2025 11:24:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58061
IP address blocks:        185.113.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/p_0_iTNdz4KGZrKPrYrpk71EiHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/p_0_iTNdz4KGZrKPrYrpk71EiHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 02:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:d7:59:04:45:a4:dd:aa:97:09:04:52:d5:57:d3:bb:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7fd3f89335dcf828666b28fad8ae993bd448878
        Validity
            Not Before: Mar 27 11:24:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=43e369f14ed2b8375f6ce6617989cbf1eb518164
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:4a:44:73:37:a3:b1:c3:a4:75:a2:9d:c6:a0:
                    f9:bb:e0:af:4e:e1:4d:7e:0d:1b:d1:cf:fa:27:4c:
                    62:07:c0:4e:cb:3b:b7:5a:ad:14:8e:ac:72:c4:ad:
                    60:69:f3:b8:2f:5f:5b:a7:3c:db:ab:50:53:c3:87:
                    67:81:b6:5a:5f:37:6d:ef:32:14:66:ee:8f:00:1b:
                    b6:91:81:a9:79:fe:59:df:1c:f2:b4:58:d1:a1:9b:
                    31:32:b3:0e:fc:a2:f1:91:bf:59:4d:73:9e:83:6b:
                    3e:85:5e:ad:ca:e9:4d:c7:45:59:d1:48:28:ad:e9:
                    da:d9:6c:81:c9:ec:ff:38:18:bf:e3:4b:c3:20:39:
                    a8:93:9e:46:0b:ec:b5:b0:c1:1c:5d:44:fc:fe:bb:
                    88:a6:05:1c:d3:bc:de:4a:b8:10:fd:e4:a1:11:1e:
                    e5:32:25:5d:70:09:3d:ce:a9:2c:2b:40:c4:f4:57:
                    f5:47:b1:b3:46:1e:f3:16:b5:fe:4c:d9:44:e1:7c:
                    57:33:68:f2:94:bd:08:81:c4:58:64:35:80:2b:45:
                    c6:76:28:61:2f:b4:1d:70:10:2a:36:b8:e6:b0:ba:
                    b5:8e:8c:a9:72:50:22:ba:c5:01:48:8f:00:f5:f7:
                    80:4e:c3:d0:21:c0:d3:86:46:fe:92:03:d8:cd:04:
                    26:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:E3:69:F1:4E:D2:B8:37:5F:6C:E6:61:79:89:CB:F1:EB:51:81:64
            X509v3 Authority Key Identifier:
                keyid:A7:FD:3F:89:33:5D:CF:82:86:66:B2:8F:AD:8A:E9:93:BD:44:88:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/Q-Np8U7SuDdfbOZheYnL8etRgWQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/p_0_iTNdz4KGZrKPrYrpk71EiHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.113.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:e7:58:83:97:fa:39:87:24:3c:d9:ed:1e:d7:3f:0e:a7:76:
         d4:85:ab:8d:ad:f8:ce:a9:b7:d1:9b:32:99:ce:10:5c:db:97:
         f0:37:91:17:9c:18:02:04:41:50:3c:65:98:c8:30:e2:06:a1:
         98:bb:27:34:27:64:67:bb:52:15:9e:fe:b9:c2:5c:68:35:ab:
         b4:1d:2c:8a:53:b6:25:e7:97:c1:c3:71:d3:c2:c7:ba:7e:3a:
         28:19:e9:43:1a:e1:9a:52:a0:69:26:8c:0d:c3:3f:b8:85:94:
         d3:79:5b:6e:63:41:85:c6:4e:f5:a7:d1:37:d4:d0:72:57:57:
         7c:9c:d5:1c:2c:ac:f3:ed:d7:1d:2f:8d:61:6d:27:bf:82:8a:
         c7:b6:d0:9f:ea:b7:fd:89:ff:5b:5e:2d:f6:71:e3:7e:80:64:
         35:33:e1:66:cf:c6:58:0f:0b:03:8c:26:b4:4d:a1:48:4f:4b:
         94:c9:6e:c2:ea:ae:82:d2:3b:1f:47:e4:68:4a:b6:6e:42:c8:
         23:87:93:44:86:79:34:cd:c0:05:63:8d:39:5d:af:0f:61:ed:
         2a:e5:3c:fb:16:fc:e1:46:b9:eb:33:3a:89:bb:ff:f4:01:99:
         01:da:03:94:9c:cc:04:03:d4:a4:3c:28:a0:ec:93:3e:ed:62:
         ea:8f:99:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXXWQRFpN2qlwkEUtVX07vqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3ZmQzZjg5MzM1ZGNmODI4NjY2YjI4ZmFkOGFlOTkzYmQ0
NDg4NzgwHhcNMjUwMzI3MTEyNDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2UzNjlmMTRlZDJiODM3NWY2Y2U2NjE3OTg5Y2JmMWViNTE4MTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiEpEczejscOkdaKdxqD5u+CvTuFN
fg0b0c/6J0xiB8BOyzu3Wq0UjqxyxK1gafO4L19bpzzbq1BTw4dngbZaXzdt7zIU
Zu6PABu2kYGpef5Z3xzytFjRoZsxMrMO/KLxkb9ZTXOeg2s+hV6tyulNx0VZ0Ugo
rena2WyByez/OBi/40vDIDmok55GC+y1sMEcXUT8/ruIpgUc07zeSrgQ/eShER7l
MiVdcAk9zqksK0DE9Ff1R7GzRh7zFrX+TNlE4XxXM2jylL0IgcRYZDWAK0XGdihh
L7QdcBAqNrjmsLq1joypclAiusUBSI8A9feATsPQIcDThkb+kgPYzQQmHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEPjafFO0rg3X2zmYXmJy/HrUYFkMB8GA1UdIwQY
MBaAFKf9P4kzXc+Chmayj62K6ZO9RIh4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcF8wX2lUTmR6NEtHWnJLUHJZcnBrNzFFaUhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC8zODhmZDgtYzgxZi00ZTcxLWFmNTIt
YzBiMWFkNDM1Yjk1LzEvUS1OcDhVN1N1RGRmYk9aaGVZbkw4ZXRSZ1dRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC8zODhmZDgtYzgxZi00ZTcxLWFmNTItYzBiMWFkNDM1Yjk1
LzEvcF8wX2lUTmR6NEtHWnJLUHJZcnBrNzFFaUhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXELMA0G
CSqGSIb3DQEBCwUAA4IBAQBH51iDl/o5hyQ82e0e1z8Op3bUhauNrfjOqbfRmzKZ
zhBc25fwN5EXnBgCBEFQPGWYyDDiBqGYuyc0J2Rnu1IVnv65wlxoNau0HSyKU7Yl
55fBw3HTwse6fjooGelDGuGaUqBpJowNwz+4hZTTeVtuY0GFxk71p9E31NByV1d8
nNUcLKzz7dcdL41hbSe/gorHttCf6rf9if9bXi32ceN+gGQ1M+Fmz8ZYDwsDjCa0
TaFIT0uUyW7C6q6C0jsfR+RoSrZuQsgjh5NEhnk0zcAFY405Xa8PYe0q5Tz7Fvzh
RrnrMzqJu//0AZkB2gOUnMwEA9SkPCig7JM+7WLqj5lY
-----END CERTIFICATE-----