Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/097278-eab6-41f7-82ac-a078c6ccbe6b/1/O2rPzQEDO_2snNs6qT34OfEOmcI.roa
File:                     O2rPzQEDO_2snNs6qT34OfEOmcI.roa (raw, json)
Hash identifier:          ZoSe8BdTJM9q/ZTcW4Z5+30cQaeCkXULpFqNbWVsB60=
Subject key identifier:   3B:6A:CF:CD:01:03:3B:FD:AC:9C:DB:3A:A9:3D:F8:39:F1:0E:99:C2
Certificate issuer:       /CN=f6b54e15714c23f35fdcf5a316c6b99a35410588
Certificate serial:       018CC4245EB270D8960FA06EB6A66CAC788F
Authority key identifier: F6:B5:4E:15:71:4C:23:F3:5F:DC:F5:A3:16:C6:B9:9A:35:41:05:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9rVOFXFMI_Nf3PWjFsa5mjVBBYg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/097278-eab6-41f7-82ac-a078c6ccbe6b/1/O2rPzQEDO_2snNs6qT34OfEOmcI.roa
Signing time:             Mon 01 Jan 2024 08:29:27 +0000
ROA not before:           Mon 01 Jan 2024 08:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211785
IP address blocks:        185.241.11.0/24 maxlen: 24
                          2a10:9ec0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/097278-eab6-41f7-82ac-a078c6ccbe6b/1/9rVOFXFMI_Nf3PWjFsa5mjVBBYg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/097278-eab6-41f7-82ac-a078c6ccbe6b/1/9rVOFXFMI_Nf3PWjFsa5mjVBBYg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9rVOFXFMI_Nf3PWjFsa5mjVBBYg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 13:04:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:5e:b2:70:d8:96:0f:a0:6e:b6:a6:6c:ac:78:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f6b54e15714c23f35fdcf5a316c6b99a35410588
        Validity
            Not Before: Jan  1 08:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b6acfcd01033bfdac9cdb3aa93df839f10e99c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:08:8e:9a:f4:bd:ec:71:34:a3:47:80:a5:7d:
                    2d:a3:00:8e:4a:5d:bd:56:85:f0:ff:fc:b3:e8:c2:
                    d3:df:f3:e1:3a:9b:dc:fd:87:ac:32:36:c6:b0:7a:
                    fb:a3:1b:74:d5:18:42:f7:5b:53:e7:cf:9e:1d:e0:
                    ea:c0:c9:5e:3a:1d:ce:c9:4e:69:85:b5:46:3b:10:
                    41:0a:85:1a:bb:77:8d:a4:04:5c:86:86:3d:f7:9e:
                    83:2b:7c:44:49:6d:34:f1:b9:1e:7a:2c:19:8e:db:
                    88:c7:4f:76:0e:62:57:27:83:75:cd:58:4f:9c:ac:
                    93:8f:f7:5e:12:fe:90:21:e2:53:46:0d:b0:20:09:
                    52:b7:c0:83:f5:73:f3:de:a1:9b:fe:21:2d:de:fe:
                    06:6f:ab:74:40:f2:0c:ea:ec:d6:ba:f1:7b:43:36:
                    39:e3:a2:bf:57:15:2d:1b:a9:54:81:33:97:54:86:
                    7c:46:70:65:3c:c1:01:10:42:fc:46:be:b2:fd:f5:
                    84:cf:bf:77:9f:cc:f4:6b:0e:a8:99:7c:1b:87:62:
                    91:1c:ee:e5:4c:de:2d:6c:b6:1e:c7:49:33:7d:4a:
                    c5:23:da:f4:ee:91:07:63:44:ca:79:ad:38:ab:4e:
                    1c:4a:9f:d6:90:d4:a5:3d:07:37:90:97:6f:b0:15:
                    0a:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:6A:CF:CD:01:03:3B:FD:AC:9C:DB:3A:A9:3D:F8:39:F1:0E:99:C2
            X509v3 Authority Key Identifier:
                keyid:F6:B5:4E:15:71:4C:23:F3:5F:DC:F5:A3:16:C6:B9:9A:35:41:05:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9rVOFXFMI_Nf3PWjFsa5mjVBBYg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/097278-eab6-41f7-82ac-a078c6ccbe6b/1/O2rPzQEDO_2snNs6qT34OfEOmcI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/097278-eab6-41f7-82ac-a078c6ccbe6b/1/9rVOFXFMI_Nf3PWjFsa5mjVBBYg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.241.11.0/24
                IPv6:
                  2a10:9ec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         81:cd:2b:42:9a:45:78:64:3d:c1:72:41:f7:83:8f:4f:fc:83:
         ff:0a:d9:d3:87:7e:d4:13:c3:9a:9f:7f:15:04:cf:fa:b4:df:
         83:c7:c4:f5:3e:4a:c6:58:f2:90:5e:fa:3e:f4:b7:b0:67:84:
         39:4e:43:3f:38:32:a3:3a:95:e5:8a:11:13:d1:b4:12:5c:4c:
         67:f5:8b:a4:aa:81:e6:d7:d1:82:ed:31:af:4d:9c:64:7f:59:
         59:58:de:cb:81:51:21:66:0d:9e:4c:82:b6:6b:96:af:87:95:
         bd:4d:d6:69:ab:f8:50:a9:3a:17:04:90:2d:29:a9:ee:69:c1:
         88:19:57:47:73:a6:73:fd:60:5c:62:9d:e0:14:30:e6:a1:1c:
         27:20:38:4f:4b:ac:f1:6f:da:75:57:d6:14:8c:58:ca:a9:3a:
         cb:39:58:ba:79:57:90:93:a2:5e:84:28:b0:39:6c:f0:98:9f:
         84:f0:b8:41:51:7e:14:cb:55:d5:a9:92:08:3a:d6:5a:bf:a5:
         24:2b:5c:d7:9b:cd:6e:97:65:7f:09:18:ab:b0:c2:8f:91:d9:
         b0:c4:55:db:26:17:cf:60:ed:7d:4c:1c:fb:2b:a0:8c:da:4b:
         1e:47:14:d9:dc:11:96:2a:91:da:46:5a:fb:36:ed:19:b7:f7:
         10:a7:53:33
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJF6ycNiWD6ButqZsrHiPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2YjU0ZTE1NzE0YzIzZjM1ZmRjZjVhMzE2YzZiOTlhMzU0
MTA1ODgwHhcNMjQwMTAxMDgyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjZhY2ZjZDAxMDMzYmZkYWM5Y2RiM2FhOTNkZjgzOWYxMGU5OWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8QiOmvS97HE0o0eApX0towCOSl29
VoXw//yz6MLT3/PhOpvc/YesMjbGsHr7oxt01RhC91tT58+eHeDqwMleOh3OyU5p
hbVGOxBBCoUau3eNpARchoY9956DK3xESW008bkeeiwZjtuIx092DmJXJ4N1zVhP
nKyTj/deEv6QIeJTRg2wIAlSt8CD9XPz3qGb/iEt3v4Gb6t0QPIM6uzWuvF7QzY5
46K/VxUtG6lUgTOXVIZ8RnBlPMEBEEL8Rr6y/fWEz793n8z0aw6omXwbh2KRHO7l
TN4tbLYex0kzfUrFI9r07pEHY0TKea04q04cSp/WkNSlPQc3kJdvsBUKAwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDtqz80BAzv9rJzbOqk9+DnxDpnCMB8GA1UdIwQY
MBaAFPa1ThVxTCPzX9z1oxbGuZo1QQWIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXJWT0ZYRk1JX05mM1BXakZzYTVtalZCQllnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC8wOTcyNzgtZWFiNi00MWY3LTgyYWMt
YTA3OGM2Y2NiZTZiLzEvTzJyUHpRRURPXzJzbk5zNnFUMzRPZkVPbWNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC8wOTcyNzgtZWFiNi00MWY3LTgyYWMtYTA3OGM2Y2NiZTZi
LzEvOXJWT0ZYRk1JX05mM1BXakZzYTVtalZCQllnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAufELMA0E
AgACMAcDBQMqEJ7AMA0GCSqGSIb3DQEBCwUAA4IBAQCBzStCmkV4ZD3BckH3g49P
/IP/CtnTh37UE8Oan38VBM/6tN+Dx8T1PkrGWPKQXvo+9LewZ4Q5TkM/ODKjOpXl
ihET0bQSXExn9YukqoHm19GC7TGvTZxkf1lZWN7LgVEhZg2eTIK2a5avh5W9TdZp
q/hQqToXBJAtKanuacGIGVdHc6Zz/WBcYp3gFDDmoRwnIDhPS6zxb9p1V9YUjFjK
qTrLOVi6eVeQk6JehCiwOWzwmJ+E8LhBUX4Uy1XVqZIIOtZav6UkK1zXm81ul2V/
CRirsMKPkdmwxFXbJhfPYO19TBz7K6CM2kseRxTZ3BGWKpHaRlr7Nu0Zt/cQp1Mz
-----END CERTIFICATE-----