Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/22f570-0b26-4004-8ed0-d9509473072c/1/c11G98pS8ILaEOF2_3L9HAeUf9I.roa
File:                     c11G98pS8ILaEOF2_3L9HAeUf9I.roa (raw, json)
Hash identifier:          uRYcMVIfJAEYXhtPlexM5i5ThRxiANNNj091XwthG9g=
Subject key identifier:   73:5D:46:F7:CA:52:F0:82:DA:10:E1:76:FF:72:FD:1C:07:94:7F:D2
Certificate issuer:       /CN=3eb1788fe220e46434692d1cc437072d792d7888
Certificate serial:       018CC26D0FAA808066046E4EDC49780E25AB
Authority key identifier: 3E:B1:78:8F:E2:20:E4:64:34:69:2D:1C:C4:37:07:2D:79:2D:78:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PrF4j-Ig5GQ0aS0cxDcHLXkteIg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/22f570-0b26-4004-8ed0-d9509473072c/1/c11G98pS8ILaEOF2_3L9HAeUf9I.roa
Signing time:             Mon 01 Jan 2024 00:29:36 +0000
ROA not before:           Mon 01 Jan 2024 00:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        185.1.189.0/24 maxlen: 24
                          2001:7f8:103::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/22f570-0b26-4004-8ed0-d9509473072c/1/PrF4j-Ig5GQ0aS0cxDcHLXkteIg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/22f570-0b26-4004-8ed0-d9509473072c/1/PrF4j-Ig5GQ0aS0cxDcHLXkteIg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PrF4j-Ig5GQ0aS0cxDcHLXkteIg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 27 Apr 2024 07:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:0f:aa:80:80:66:04:6e:4e:dc:49:78:0e:25:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3eb1788fe220e46434692d1cc437072d792d7888
        Validity
            Not Before: Jan  1 00:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=735d46f7ca52f082da10e176ff72fd1c07947fd2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:db:77:56:96:f3:e1:2a:f5:1f:0f:48:93:db:
                    06:82:5a:66:b3:90:b9:b1:c2:72:18:35:c2:b7:29:
                    bc:72:b4:07:b8:c8:61:52:03:da:19:87:c5:20:ce:
                    a6:f3:21:93:f0:72:92:b5:11:9a:49:4d:ba:93:a6:
                    80:9f:48:a6:14:0f:be:9b:de:aa:fa:71:04:41:0c:
                    a0:a7:14:6f:f7:ad:56:f5:c4:2d:ef:90:7b:ab:31:
                    75:83:73:a3:01:c3:5d:ef:75:89:45:a7:d4:28:87:
                    dc:bd:a2:15:fc:fd:23:c0:a6:49:3d:af:84:b4:44:
                    07:ef:99:90:fd:9e:c3:95:53:16:ab:08:6b:00:f8:
                    69:93:56:e1:e6:69:cb:14:a6:85:6f:58:7f:5f:9d:
                    c0:63:46:0a:f6:a7:b2:f5:07:d8:69:a6:eb:27:9a:
                    6e:f1:cd:d0:42:3a:45:1a:dc:f3:48:0d:e0:2e:44:
                    cc:1d:d2:58:c5:ad:91:62:ec:f5:fc:39:90:4f:6a:
                    ca:1d:07:2f:a7:a4:a2:be:4d:2a:ed:b0:5b:89:63:
                    0d:3e:32:9f:8d:d0:a4:b4:ac:a7:4a:9c:1b:ca:67:
                    ae:ef:ea:2a:4f:9b:ef:73:84:2f:82:94:a5:2d:1b:
                    3f:83:80:fb:c1:8f:61:e1:4a:f4:ab:28:4c:60:cf:
                    92:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:5D:46:F7:CA:52:F0:82:DA:10:E1:76:FF:72:FD:1C:07:94:7F:D2
            X509v3 Authority Key Identifier:
                keyid:3E:B1:78:8F:E2:20:E4:64:34:69:2D:1C:C4:37:07:2D:79:2D:78:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PrF4j-Ig5GQ0aS0cxDcHLXkteIg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/22f570-0b26-4004-8ed0-d9509473072c/1/c11G98pS8ILaEOF2_3L9HAeUf9I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/22f570-0b26-4004-8ed0-d9509473072c/1/PrF4j-Ig5GQ0aS0cxDcHLXkteIg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.189.0/24
                IPv6:
                  2001:7f8:103::/48

    Signature Algorithm: sha256WithRSAEncryption
         2f:c4:d1:7e:9c:9f:7f:db:a4:8d:19:93:b3:48:1f:2d:dd:46:
         0a:9e:91:61:9f:ad:3a:e4:ec:10:cb:a4:68:d1:fc:57:c9:c4:
         b8:da:e4:74:72:9c:e9:bf:00:26:5d:f6:42:39:1e:2d:23:80:
         22:6f:50:0d:31:19:a8:b6:83:60:d0:ec:86:d6:86:35:fb:bf:
         b2:82:d7:86:b3:8c:35:28:27:19:99:d4:c8:2d:84:95:0e:e6:
         ee:48:f3:7d:a8:93:f2:06:20:01:32:7b:24:f5:5a:24:92:15:
         49:7f:f2:08:a9:b7:2a:ca:3d:b0:2b:14:20:78:7b:f0:d0:86:
         c8:6a:4c:87:d9:18:f3:a5:19:a1:d6:fe:ca:da:42:47:bf:f5:
         5c:81:7b:70:53:47:de:b2:b3:ab:15:a3:ce:0e:ce:35:30:01:
         dd:e2:f9:f5:d6:72:24:27:a6:3e:24:8c:65:c3:a5:62:44:ce:
         41:15:27:16:46:17:d8:34:98:93:af:86:f6:2d:5f:65:80:7d:
         5e:6b:2f:9a:e8:71:39:30:ca:b8:26:f4:66:ee:a2:09:0f:c6:
         b2:01:5f:80:44:39:6f:ab:42:b1:18:bf:cd:43:40:0e:68:09:
         c0:ec:7d:8c:96:e9:c2:ef:7b:13:2d:db:43:90:26:2f:eb:e0:
         68:e4:32:18
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzCbQ+qgIBmBG5O3El4DiWrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYjE3ODhmZTIyMGU0NjQzNDY5MmQxY2M0MzcwNzJkNzky
ZDc4ODgwHhcNMjQwMTAxMDAyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzVkNDZmN2NhNTJmMDgyZGExMGUxNzZmZjcyZmQxYzA3OTQ3ZmQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAttt3Vpbz4Sr1Hw9Ik9sGglpms5C5
scJyGDXCtym8crQHuMhhUgPaGYfFIM6m8yGT8HKStRGaSU26k6aAn0imFA++m96q
+nEEQQygpxRv961W9cQt75B7qzF1g3OjAcNd73WJRafUKIfcvaIV/P0jwKZJPa+E
tEQH75mQ/Z7DlVMWqwhrAPhpk1bh5mnLFKaFb1h/X53AY0YK9qey9QfYaabrJ5pu
8c3QQjpFGtzzSA3gLkTMHdJYxa2RYuz1/DmQT2rKHQcvp6Sivk0q7bBbiWMNPjKf
jdCktKynSpwbymeu7+oqT5vvc4QvgpSlLRs/g4D7wY9h4Ur0qyhMYM+S+QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHNdRvfKUvCC2hDhdv9y/RwHlH/SMB8GA1UdIwQY
MBaAFD6xeI/iIORkNGktHMQ3By15LXiIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHJGNGotSWc1R1EwYVMwY3hEY0hMWGt0ZUlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8yMmY1NzAtMGIyNi00MDA0LThlZDAt
ZDk1MDk0NzMwNzJjLzEvYzExRzk4cFM4SUxhRU9GMl8zTDlIQWVVZjlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8yMmY1NzAtMGIyNi00MDA0LThlZDAtZDk1MDk0NzMwNzJj
LzEvUHJGNGotSWc1R1EwYVMwY3hEY0hMWGt0ZUlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuQG9MA8E
AgACMAkDBwAgAQf4AQMwDQYJKoZIhvcNAQELBQADggEBAC/E0X6cn3/bpI0Zk7NI
Hy3dRgqekWGfrTrk7BDLpGjR/FfJxLja5HRynOm/ACZd9kI5Hi0jgCJvUA0xGai2
g2DQ7IbWhjX7v7KC14azjDUoJxmZ1MgthJUO5u5I832ok/IGIAEyeyT1WiSSFUl/
8giptyrKPbArFCB4e/DQhshqTIfZGPOlGaHW/sraQke/9VyBe3BTR96ys6sVo84O
zjUwAd3i+fXWciQnpj4kjGXDpWJEzkEVJxZGF9g0mJOvhvYtX2WAfV5rL5rocTkw
yrgm9GbuogkPxrIBX4BEOW+rQrEYv81DQA5oCcDsfYyW6cLvexMt20OQJi/r4Gjk
Mhg=
-----END CERTIFICATE-----