Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/11-wKdjiBdnKa36o8deffMLUDMo.roa
File:                     11-wKdjiBdnKa36o8deffMLUDMo.roa (raw, json)
Hash identifier:          f1KcSoFqGTSffm/xFZt/4G9XHQuZVzYFK9jioxsb4uk=
Subject key identifier:   D7:5F:B0:29:D8:E2:05:D9:CA:6B:7E:A8:F1:D7:9F:7C:C2:D4:0C:CA
Certificate issuer:       /CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
Certificate serial:       01935391961E4EDBB74E30F043794F69F3FF
Authority key identifier: 51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/11-wKdjiBdnKa36o8deffMLUDMo.roa
Signing time:             Fri 22 Nov 2024 11:11:10 +0000
ROA not before:           Fri 22 Nov 2024 11:11:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        88.80.141.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:53:91:96:1e:4e:db:b7:4e:30:f0:43:79:4f:69:f3:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
        Validity
            Not Before: Nov 22 11:11:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d75fb029d8e205d9ca6b7ea8f1d79f7cc2d40cca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:72:c6:bd:20:62:dc:69:8d:e7:3a:12:91:c7:
                    dd:0f:5a:f9:9a:3c:e0:c7:5c:ed:93:a8:9e:3b:fa:
                    cb:f8:9b:85:9b:ef:c9:e0:08:e1:56:be:39:49:d4:
                    b4:32:9f:64:bf:43:df:09:81:b0:e4:99:c3:0c:0e:
                    d6:87:72:86:33:f0:60:2c:1c:23:fb:8b:02:13:54:
                    b6:59:1b:8f:08:72:f2:de:3d:02:d8:4d:63:51:71:
                    30:1d:29:e4:34:fc:51:16:ee:5b:f0:ab:41:98:d7:
                    fc:d7:99:82:6b:ce:1e:54:c2:4e:18:25:9c:37:67:
                    27:be:d9:52:13:89:4b:18:20:d4:c7:3f:a5:19:c1:
                    92:dc:48:58:29:13:04:c3:80:f7:e3:0b:c1:ce:60:
                    1a:ca:6e:8a:7e:cf:99:5c:5c:a6:0a:e2:1a:d5:86:
                    78:02:ac:cb:71:5d:02:0d:1d:13:c9:d4:77:0f:0a:
                    63:37:0d:ee:e0:0a:d7:c6:75:60:70:cd:cd:c6:aa:
                    44:ce:1e:68:34:e5:03:c7:77:9b:37:3a:e6:c7:5e:
                    73:63:06:2c:cc:e1:60:d0:29:35:6d:00:48:ba:98:
                    fc:96:a5:f1:0c:01:aa:4e:ff:79:1f:bb:eb:f5:b2:
                    9f:ae:9b:52:4b:a0:fa:34:54:04:11:09:1c:7e:57:
                    68:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:5F:B0:29:D8:E2:05:D9:CA:6B:7E:A8:F1:D7:9F:7C:C2:D4:0C:CA
            X509v3 Authority Key Identifier:
                keyid:51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/11-wKdjiBdnKa36o8deffMLUDMo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.80.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:69:fd:4e:7d:d5:8d:22:93:5d:04:bf:f8:d3:05:98:b4:f8:
         0b:49:c0:33:db:89:9b:5c:54:c9:d5:e1:cf:20:58:17:45:45:
         55:54:ed:46:0b:17:2c:f1:6a:6f:31:04:82:48:2d:37:d6:90:
         20:45:46:96:60:a9:d3:07:4f:b8:73:3f:03:55:98:74:6e:04:
         e7:dd:6c:39:2f:bb:39:2e:53:ec:b8:50:0e:1b:88:1a:69:94:
         76:4f:fa:a0:07:48:89:d4:70:ad:d2:f3:fe:d4:62:8f:52:bd:
         ce:27:22:cd:95:a0:ae:90:1a:55:f5:ff:01:be:0d:e1:2a:31:
         06:26:b7:71:10:a5:1a:8f:00:74:08:eb:7c:1a:af:04:29:3b:
         a6:13:08:40:5e:f4:50:4a:da:12:41:dc:97:6e:c7:a3:99:3a:
         29:2c:98:bf:c3:12:ca:b3:1c:13:c6:dc:14:40:73:1d:a4:f8:
         be:e5:de:1d:97:73:18:e9:9c:a4:82:08:84:4c:da:e2:46:6e:
         bc:d0:a0:05:f1:b2:18:7b:e5:bc:02:73:d2:4e:1e:b8:67:44:
         c4:bd:66:62:60:15:bd:68:88:8a:3c:a3:73:25:53:0e:b8:c8:
         a5:83:04:5e:df:d4:ce:b7:15:55:56:c7:5c:27:dc:2d:3e:9d:
         31:4c:00:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNTkZYeTtu3TjDwQ3lPafP/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxMjRmYmExZTQwMWMwM2U1YmExY2Q3N2FlOWVlMzljZmQ2
MzFiZmIwHhcNMjQxMTIyMTExMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzVmYjAyOWQ4ZTIwNWQ5Y2E2YjdlYThmMWQ3OWY3Y2MyZDQwY2NhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApnLGvSBi3GmN5zoSkcfdD1r5mjzg
x1ztk6ieO/rL+JuFm+/J4AjhVr45SdS0Mp9kv0PfCYGw5JnDDA7Wh3KGM/BgLBwj
+4sCE1S2WRuPCHLy3j0C2E1jUXEwHSnkNPxRFu5b8KtBmNf815mCa84eVMJOGCWc
N2cnvtlSE4lLGCDUxz+lGcGS3EhYKRMEw4D34wvBzmAaym6Kfs+ZXFymCuIa1YZ4
AqzLcV0CDR0TydR3DwpjNw3u4ArXxnVgcM3NxqpEzh5oNOUDx3ebNzrmx15zYwYs
zOFg0Ck1bQBIupj8lqXxDAGqTv95H7vr9bKfrptSS6D6NFQEEQkcfldoHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNdfsCnY4gXZymt+qPHXn3zC1AzKMB8GA1UdIwQY
MBaAFFEk+6HkAcA+W6HNd66e45z9Yxv7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEt
YWI4ZjFmMzM4N2VlLzEvMTEtd0tkamlCZG5LYTM2bzhkZWZmTUxVRE1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEtYWI4ZjFmMzM4N2Vl
LzEvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWFCNMA0G
CSqGSIb3DQEBCwUAA4IBAQCjaf1OfdWNIpNdBL/40wWYtPgLScAz24mbXFTJ1eHP
IFgXRUVVVO1GCxcs8WpvMQSCSC031pAgRUaWYKnTB0+4cz8DVZh0bgTn3Ww5L7s5
LlPsuFAOG4gaaZR2T/qgB0iJ1HCt0vP+1GKPUr3OJyLNlaCukBpV9f8Bvg3hKjEG
JrdxEKUajwB0COt8Gq8EKTumEwhAXvRQStoSQdyXbsejmTopLJi/wxLKsxwTxtwU
QHMdpPi+5d4dl3MY6ZykggiETNriRm680KAF8bIYe+W8AnPSTh64Z0TEvWZiYBW9
aIiKPKNzJVMOuMilgwRe39TOtxVVVsdcJ9wtPp0xTAD1
-----END CERTIFICATE-----