Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/rgbZMHH29MHz1bBuGmeBd7lRy-8.roa
File:                     rgbZMHH29MHz1bBuGmeBd7lRy-8.roa (raw, json)
Hash identifier:          7ZxVlzwNyo1yDu0kqp7CpcCXdRtykY3OuJtEcqsQLbk=
Subject key identifier:   AE:06:D9:30:71:F6:F4:C1:F3:D5:B0:6E:1A:67:81:77:B9:51:CB:EF
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       01942220440401CBBC09E98489570765020B
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/rgbZMHH29MHz1bBuGmeBd7lRy-8.roa
Signing time:             Wed 01 Jan 2025 13:48:47 +0000
ROA not before:           Wed 01 Jan 2025 13:48:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208528
IP address blocks:        185.232.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:44:04:01:cb:bc:09:e9:84:89:57:07:65:02:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  1 13:48:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ae06d93071f6f4c1f3d5b06e1a678177b951cbef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:e4:27:3c:fd:76:7e:80:11:e7:e0:a9:2a:24:
                    56:06:bd:39:5f:a4:e1:8a:54:8c:ec:53:27:13:75:
                    e7:cf:9a:67:d3:c8:24:d7:a3:c6:e3:71:80:cb:a4:
                    2d:bb:8e:b3:51:3e:45:31:de:cb:47:eb:79:52:2c:
                    32:8f:7d:2f:21:b1:ee:e6:11:c4:a9:fe:4f:d4:b8:
                    4a:54:9d:eb:25:04:10:b2:5c:d6:ee:4d:4f:a2:48:
                    c2:fa:ec:1c:ed:6d:8c:b6:9f:d4:c8:7a:94:2e:95:
                    19:e8:0b:5b:fd:b3:b6:a5:e0:7e:54:ea:96:57:09:
                    18:6f:b5:85:8e:43:25:8a:24:6b:08:c2:76:d1:f2:
                    d3:bd:0d:c4:99:f4:23:38:3b:0a:51:7e:bd:72:19:
                    17:1e:c8:7e:e1:cc:4f:0f:93:31:57:5e:1c:5c:f9:
                    ec:47:7c:d3:82:05:83:f3:4f:80:a0:42:1e:f9:4e:
                    67:65:17:4f:5d:44:15:32:23:75:3b:80:ec:64:45:
                    df:de:09:1d:ce:7c:13:00:27:84:88:77:51:52:de:
                    37:eb:16:62:bc:1f:ed:29:2f:45:0d:16:d7:8c:14:
                    80:01:02:49:97:2a:d2:a1:fc:a8:a3:fa:54:c5:8b:
                    cc:e4:d9:84:19:b1:ec:76:e7:e0:97:9c:50:a4:4e:
                    81:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:06:D9:30:71:F6:F4:C1:F3:D5:B0:6E:1A:67:81:77:B9:51:CB:EF
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/rgbZMHH29MHz1bBuGmeBd7lRy-8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.232.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c2:a1:44:e9:6b:9d:f9:58:40:0b:1f:b5:c2:25:87:12:f0:70:
         76:c9:6c:b4:13:8e:60:eb:bf:6d:33:62:00:0a:2b:30:1f:f4:
         b6:26:a1:1c:40:5d:7f:9c:8c:44:35:d3:c3:2d:98:50:fb:82:
         82:03:a9:bb:bb:f9:48:bb:ac:39:96:e5:d8:4e:24:59:54:78:
         ad:98:2d:1f:9a:43:5d:2d:db:0c:ee:0c:b2:47:2b:fd:89:1c:
         10:89:7f:b6:f1:33:88:9d:a1:42:75:da:7c:c3:21:7f:8e:96:
         1c:63:4c:2d:73:2e:d3:3c:70:53:f2:b4:6d:3b:27:b8:a4:cb:
         26:4e:f3:3f:af:d6:fb:71:f4:0f:e5:6e:92:39:e7:c9:7e:f7:
         78:e0:6a:b5:0d:32:19:7b:19:04:a6:8c:7e:23:d9:c3:5e:94:
         25:eb:44:1f:a5:43:ce:e0:b9:e3:10:f0:91:67:b8:67:41:39:
         45:7d:b4:cc:ab:cf:bd:1b:75:ba:78:bf:e3:24:0c:4f:48:3a:
         1c:b0:89:26:f3:dd:d7:fb:b9:1f:03:19:c0:89:fe:29:81:ee:
         c1:85:5c:bd:8b:3b:50:3a:2d:64:12:66:da:c1:82:86:95:71:
         36:21:35:78:26:6e:eb:00:0f:4f:60:ef:98:c0:4e:07:eb:13:
         45:25:b7:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIEQEAcu8CemEiVcHZQILMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwMTAxMTM0ODQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTA2ZDkzMDcxZjZmNGMxZjNkNWIwNmUxYTY3ODE3N2I5NTFjYmVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2uQnPP12foAR5+CpKiRWBr05X6Th
ilSM7FMnE3Xnz5pn08gk16PG43GAy6Qtu46zUT5FMd7LR+t5Uiwyj30vIbHu5hHE
qf5P1LhKVJ3rJQQQslzW7k1PokjC+uwc7W2Mtp/UyHqULpUZ6Atb/bO2peB+VOqW
VwkYb7WFjkMliiRrCMJ20fLTvQ3EmfQjODsKUX69chkXHsh+4cxPD5MxV14cXPns
R3zTggWD80+AoEIe+U5nZRdPXUQVMiN1O4DsZEXf3gkdznwTACeEiHdRUt436xZi
vB/tKS9FDRbXjBSAAQJJlyrSofyoo/pUxYvM5NmEGbHsdufgl5xQpE6BnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK4G2TBx9vTB89WwbhpngXe5UcvvMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvcmdiWk1ISDI5TUh6MWJCdUdtZUJkN2xSeS04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuegLMA0G
CSqGSIb3DQEBCwUAA4IBAQDCoUTpa535WEALH7XCJYcS8HB2yWy0E45g679tM2IA
CiswH/S2JqEcQF1/nIxENdPDLZhQ+4KCA6m7u/lIu6w5luXYTiRZVHitmC0fmkNd
LdsM7gyyRyv9iRwQiX+28TOInaFCddp8wyF/jpYcY0wtcy7TPHBT8rRtOye4pMsm
TvM/r9b7cfQP5W6SOefJfvd44Gq1DTIZexkEpox+I9nDXpQl60QfpUPO4LnjEPCR
Z7hnQTlFfbTMq8+9G3W6eL/jJAxPSDocsIkm893X+7kfAxnAif4pge7BhVy9iztQ
Oi1kEmbawYKGlXE2ITV4Jm7rAA9PYO+YwE4H6xNFJbcJ
-----END CERTIFICATE-----