Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/8lmNy5Yj60QUcRGQEadeJre2rk4.roa
File:                     8lmNy5Yj60QUcRGQEadeJre2rk4.roa (raw, json)
Hash identifier:          AlUF45g3noekUknA4pLJPQakHJF5Mt9ZC5CZFQlsxDc=
Subject key identifier:   F2:59:8D:CB:96:23:EB:44:14:71:11:90:11:A7:5E:26:B7:B6:AE:4E
Certificate issuer:       /CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
Certificate serial:       018CC94D8A9A6C662BB51DDB77D0B5910B01
Authority key identifier: A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/8lmNy5Yj60QUcRGQEadeJre2rk4.roa
Signing time:             Tue 02 Jan 2024 08:32:31 +0000
ROA not before:           Tue 02 Jan 2024 08:32:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211771
IP address blocks:        185.11.27.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:8a:9a:6c:66:2b:b5:1d:db:77:d0:b5:91:0b:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
        Validity
            Not Before: Jan  2 08:32:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f2598dcb9623eb441471119011a75e26b7b6ae4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:1d:5c:e4:e3:01:11:22:12:d8:24:48:f8:db:
                    b4:d2:d3:d7:21:45:de:3a:65:f9:49:2f:fb:e6:ae:
                    22:a1:0f:c8:c1:09:cc:3c:d2:ee:74:ff:0d:72:e5:
                    f9:22:6f:8b:88:42:72:cc:80:d3:c5:ba:39:dc:3f:
                    10:16:b3:93:33:5b:6d:19:a2:d9:7f:62:22:bc:03:
                    e0:22:f3:21:63:29:6b:5e:4f:56:be:24:1e:b3:37:
                    76:3b:68:a2:68:06:f5:a3:8a:03:e9:b6:9b:6b:62:
                    18:3d:5d:75:1f:cf:cc:f7:55:0f:bf:66:f9:be:03:
                    0e:d4:05:43:5b:51:fd:c5:14:92:50:39:c7:79:a2:
                    e2:5e:fa:97:e8:fb:bc:1f:24:1b:92:02:ac:3e:f7:
                    9e:b5:68:98:a4:63:77:bc:71:80:de:1b:c1:92:b0:
                    10:c7:73:95:f0:f2:2c:db:2e:c4:36:d1:7a:8c:b3:
                    31:75:d2:7f:b2:14:17:c8:1e:2e:46:0f:87:34:34:
                    1a:a2:db:23:17:3f:05:24:1e:ca:fd:e2:e3:ad:af:
                    2a:4a:5c:2f:95:3a:a5:1d:79:42:52:cd:dc:03:10:
                    96:60:99:5c:17:17:56:fd:a4:52:49:05:cc:1a:bb:
                    53:3e:06:6c:cb:f6:6f:78:0d:55:c9:05:25:bf:86:
                    e9:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:59:8D:CB:96:23:EB:44:14:71:11:90:11:A7:5E:26:B7:B6:AE:4E
            X509v3 Authority Key Identifier:
                keyid:A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/8lmNy5Yj60QUcRGQEadeJre2rk4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.11.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:6f:75:af:42:43:60:c3:e2:b4:05:9c:67:88:87:31:ae:60:
         e8:97:c3:f4:da:76:f3:96:a2:73:fc:85:27:97:b6:86:85:64:
         c6:60:d0:57:a1:53:ef:8e:44:ea:41:ab:c2:35:28:9b:a2:12:
         92:9f:57:ff:81:de:f9:af:d4:ad:7e:10:89:b6:5c:7c:48:2f:
         40:e9:6e:5d:06:08:61:91:1b:89:6d:1e:9e:d3:0c:04:ab:9a:
         24:fc:a4:a1:7c:ad:1f:45:47:70:4f:da:7e:ba:87:05:87:ea:
         b3:18:23:c7:57:2d:a0:10:6e:ee:d9:54:03:c5:1c:ea:df:7d:
         34:8a:81:70:55:31:aa:a9:00:20:0f:d3:20:78:90:bf:25:54:
         17:8e:7d:da:16:32:f2:f6:3f:5f:55:8c:ef:ce:93:33:2c:f4:
         42:8b:f6:29:ec:0a:5d:ff:f8:80:f0:98:db:ec:d3:9e:69:28:
         ab:a9:8c:56:ec:7a:38:7c:50:3a:9f:54:7d:71:47:3e:2d:11:
         60:3d:01:18:f8:c7:3f:71:f1:3a:fa:1e:03:cf:23:1a:b9:5f:
         3e:79:34:b9:b0:05:3a:62:2f:98:54:12:35:d7:f4:ee:af:da:
         b7:ee:01:c3:44:8c:9b:91:4d:26:9c:bd:9b:91:ed:c2:9d:40:
         da:d4:ea:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTYqabGYrtR3bd9C1kQsBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyNTRhOWYzYTI2NjUxM2RkYzY5MzVkOGJlMDIyZTdlNTIz
MGVhMTAwHhcNMjQwMTAyMDgzMjMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjU5OGRjYjk2MjNlYjQ0MTQ3MTExOTAxMWE3NWUyNmI3YjZhZTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgh1c5OMBESIS2CRI+Nu00tPXIUXe
OmX5SS/75q4ioQ/IwQnMPNLudP8NcuX5Im+LiEJyzIDTxbo53D8QFrOTM1ttGaLZ
f2IivAPgIvMhYylrXk9WviQeszd2O2iiaAb1o4oD6baba2IYPV11H8/M91UPv2b5
vgMO1AVDW1H9xRSSUDnHeaLiXvqX6Pu8HyQbkgKsPveetWiYpGN3vHGA3hvBkrAQ
x3OV8PIs2y7ENtF6jLMxddJ/shQXyB4uRg+HNDQaotsjFz8FJB7K/eLjra8qSlwv
lTqlHXlCUs3cAxCWYJlcFxdW/aRSSQXMGrtTPgZsy/ZveA1VyQUlv4bpBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPJZjcuWI+tEFHERkBGnXia3tq5OMB8GA1UdIwQY
MBaAFKJUqfOiZlE93Gk12L4CLn5SMOoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTkt
YWRkZjBlMTg0OWViLzEvOGxtTnk1WWo2MFFVY1JHUUVhZGVKcmUycms0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTktYWRkZjBlMTg0OWVi
LzEvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQsbMA0G
CSqGSIb3DQEBCwUAA4IBAQC5b3WvQkNgw+K0BZxniIcxrmDol8P02nbzlqJz/IUn
l7aGhWTGYNBXoVPvjkTqQavCNSibohKSn1f/gd75r9StfhCJtlx8SC9A6W5dBghh
kRuJbR6e0wwEq5ok/KShfK0fRUdwT9p+uocFh+qzGCPHVy2gEG7u2VQDxRzq3300
ioFwVTGqqQAgD9MgeJC/JVQXjn3aFjLy9j9fVYzvzpMzLPRCi/Yp7Apd//iA8Jjb
7NOeaSirqYxW7Ho4fFA6n1R9cUc+LRFgPQEY+Mc/cfE6+h4DzyMauV8+eTS5sAU6
Yi+YVBI11/Tur9q37gHDRIybkU0mnL2bke3CnUDa1Oo+
-----END CERTIFICATE-----