Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/sAe7p8pMr4O2BpdwkW5dQ7FLjJM.roa
File:                     sAe7p8pMr4O2BpdwkW5dQ7FLjJM.roa (raw, json)
Hash identifier:          p8vdOu41Og2B1ABjk88TS2dGAV7mYKSs+PZZ9e3cVwI=
Subject key identifier:   B0:07:BB:A7:CA:4C:AF:83:B6:06:97:70:91:6E:5D:43:B1:4B:8C:93
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018CC8028EBE2A6CF3E42C96934108189394
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/sAe7p8pMr4O2BpdwkW5dQ7FLjJM.roa
Signing time:             Tue 02 Jan 2024 02:30:59 +0000
ROA not before:           Tue 02 Jan 2024 02:30:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208528
IP address blocks:        185.232.11.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:8e:be:2a:6c:f3:e4:2c:96:93:41:08:18:93:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 02:30:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b007bba7ca4caf83b6069770916e5d43b14b8c93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:8d:04:2b:6b:b5:9b:14:04:b3:f3:7f:b2:83:
                    28:c6:d2:e8:08:e8:22:20:ae:90:9c:a6:ac:e8:db:
                    24:10:0f:c5:18:f3:cc:31:7c:48:66:f4:f2:0e:64:
                    5f:3a:11:3a:2e:a1:1e:07:bf:00:f6:96:03:e8:10:
                    9f:d0:69:6f:7b:87:e6:5d:f3:58:7a:9d:56:e6:42:
                    2a:2f:50:c0:02:3f:f1:70:91:fb:52:c3:13:87:8f:
                    f5:11:93:62:cc:13:39:ae:76:2c:f2:66:8c:b1:2f:
                    eb:58:9b:58:e2:87:c2:c4:2c:a1:dc:d7:6f:83:76:
                    6e:6a:d6:19:37:c4:87:25:7a:92:af:1c:54:f8:af:
                    23:db:46:20:d0:3f:71:91:8b:9e:38:d1:fb:02:d0:
                    a8:0b:df:27:1a:5b:4e:7f:0c:e2:94:28:a9:fb:b3:
                    4f:c1:b6:71:ae:fa:6d:1e:86:34:a2:19:26:aa:41:
                    21:fc:2b:9f:de:84:62:c2:cb:40:aa:11:f8:d4:d1:
                    d1:85:e9:ce:45:b7:62:2e:2c:22:54:31:8e:3b:df:
                    54:42:25:3d:f0:2a:73:51:9c:44:6d:97:0b:79:58:
                    3b:98:52:8c:0a:4a:2e:e4:8f:b4:51:00:94:cd:91:
                    e6:0c:df:b0:6d:0c:9d:28:07:66:bd:f3:bc:f6:3b:
                    73:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:07:BB:A7:CA:4C:AF:83:B6:06:97:70:91:6E:5D:43:B1:4B:8C:93
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/sAe7p8pMr4O2BpdwkW5dQ7FLjJM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.232.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:12:4e:ff:c4:bc:57:57:b0:fe:36:a9:35:5d:fd:48:52:b6:
         fd:d5:36:fc:4f:21:c6:5f:45:fc:56:42:75:1d:7b:07:80:ff:
         d9:54:b6:bd:18:a2:6f:82:43:8c:2a:9a:e8:ba:77:f7:0a:b8:
         1b:4d:f5:3d:fd:04:72:31:cb:6b:67:f1:aa:96:f2:67:22:b8:
         14:31:ca:1a:f5:df:39:f0:5d:57:ce:60:59:f8:e5:e0:79:bc:
         0a:f6:69:02:1a:c8:55:bc:32:1c:e7:9f:0b:cc:d2:e4:14:08:
         e3:b4:87:ef:d5:74:6c:a6:66:b3:c9:35:24:7a:50:80:29:b7:
         3f:7e:f6:61:6a:b6:6d:05:43:5b:cd:9c:bf:c7:7f:7e:07:d6:
         17:26:75:cf:04:0e:30:da:da:55:d0:88:85:2f:ab:7e:e3:04:
         16:d3:ea:74:ff:43:8e:2d:65:10:bd:1c:18:41:98:0d:a5:52:
         6e:dc:18:bd:c4:90:c2:c7:33:60:52:57:57:aa:65:2f:d7:9a:
         94:3b:e7:16:7d:2c:39:d2:9a:03:33:a0:b5:c4:fa:f7:6e:fc:
         46:d6:40:66:c6:f7:e6:b2:9b:a2:f5:9b:44:c9:2c:af:06:80:
         4b:83:ff:16:d4:be:10:30:7a:50:de:21:1d:ee:d5:b9:3b:40:
         9c:5e:cc:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAo6+Kmzz5CyWk0EIGJOUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTAyMDIzMDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDA3YmJhN2NhNGNhZjgzYjYwNjk3NzA5MTZlNWQ0M2IxNGI4YzkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgo0EK2u1mxQEs/N/soMoxtLoCOgi
IK6QnKas6NskEA/FGPPMMXxIZvTyDmRfOhE6LqEeB78A9pYD6BCf0Glve4fmXfNY
ep1W5kIqL1DAAj/xcJH7UsMTh4/1EZNizBM5rnYs8maMsS/rWJtY4ofCxCyh3Ndv
g3ZuatYZN8SHJXqSrxxU+K8j20Yg0D9xkYueONH7AtCoC98nGltOfwzilCip+7NP
wbZxrvptHoY0ohkmqkEh/Cuf3oRiwstAqhH41NHRhenORbdiLiwiVDGOO99UQiU9
8CpzUZxEbZcLeVg7mFKMCkou5I+0UQCUzZHmDN+wbQydKAdmvfO89jtzzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLAHu6fKTK+DtgaXcJFuXUOxS4yTMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvc0FlN3A4cE1yNE8yQnBkd2tXNWRRN0ZMakpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuegLMA0G
CSqGSIb3DQEBCwUAA4IBAQCQEk7/xLxXV7D+Nqk1Xf1IUrb91Tb8TyHGX0X8VkJ1
HXsHgP/ZVLa9GKJvgkOMKprounf3CrgbTfU9/QRyMctrZ/GqlvJnIrgUMcoa9d85
8F1XzmBZ+OXgebwK9mkCGshVvDIc558LzNLkFAjjtIfv1XRspmazyTUkelCAKbc/
fvZharZtBUNbzZy/x39+B9YXJnXPBA4w2tpV0IiFL6t+4wQW0+p0/0OOLWUQvRwY
QZgNpVJu3Bi9xJDCxzNgUldXqmUv15qUO+cWfSw50poDM6C1xPr3bvxG1kBmxvfm
spui9ZtEySyvBoBLg/8W1L4QMHpQ3iEd7tW5O0CcXszb
-----END CERTIFICATE-----