Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/892a27-fdb6-4285-829a-87f5b6479d1e/1/lCQgGsc2M_wcfNZvAAgSmg1J-vA.roa
File:                     lCQgGsc2M_wcfNZvAAgSmg1J-vA.roa (raw, json)
Hash identifier:          iHxFIqem6L0881lUjATCMsom3+kS582GKI+oAwgSOeA=
Subject key identifier:   94:24:20:1A:C7:36:33:FC:1C:7C:D6:6F:00:08:12:9A:0D:49:FA:F0
Certificate issuer:       /CN=18a84a8e475f6606e7a12f92b330d63d8f880be0
Certificate serial:       018CC26D0C993B2CE4584D1CEA4906904C3E
Authority key identifier: 18:A8:4A:8E:47:5F:66:06:E7:A1:2F:92:B3:30:D6:3D:8F:88:0B:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GKhKjkdfZgbnoS-SszDWPY-IC-A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/892a27-fdb6-4285-829a-87f5b6479d1e/1/lCQgGsc2M_wcfNZvAAgSmg1J-vA.roa
Signing time:             Mon 01 Jan 2024 00:29:35 +0000
ROA not before:           Mon 01 Jan 2024 00:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206092
IP address blocks:        185.208.11.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/892a27-fdb6-4285-829a-87f5b6479d1e/1/GKhKjkdfZgbnoS-SszDWPY-IC-A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/892a27-fdb6-4285-829a-87f5b6479d1e/1/GKhKjkdfZgbnoS-SszDWPY-IC-A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GKhKjkdfZgbnoS-SszDWPY-IC-A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 07:02:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:0c:99:3b:2c:e4:58:4d:1c:ea:49:06:90:4c:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18a84a8e475f6606e7a12f92b330d63d8f880be0
        Validity
            Not Before: Jan  1 00:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9424201ac73633fc1c7cd66f0008129a0d49faf0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:d4:5f:79:8d:b4:f3:a2:df:13:03:a2:ac:56:
                    92:e3:e1:11:83:24:9d:9d:b4:d2:55:6f:ad:c0:72:
                    12:8f:27:76:80:dd:95:83:63:16:db:a6:33:f6:8f:
                    d3:ca:b3:41:11:8b:5a:ea:cd:55:37:b9:eb:b3:ce:
                    19:73:8e:c2:fe:9a:0a:f9:2c:69:d7:d7:d8:13:55:
                    26:46:81:56:b7:a7:05:66:97:1a:14:7b:39:77:7e:
                    0e:47:bf:45:68:2b:fd:55:70:bf:b1:ad:f1:4c:31:
                    a4:6b:a9:a4:ee:03:c3:33:e8:88:33:d5:b5:09:15:
                    1e:17:4e:b5:cf:66:b8:a6:0d:aa:5e:dd:1f:2c:ab:
                    bb:3c:29:1f:9e:79:13:b7:2f:9e:cf:70:99:99:48:
                    97:88:e7:2b:c1:59:d4:98:45:d4:17:d9:75:1a:b9:
                    b6:fa:17:97:d5:c3:b6:8b:d2:f9:e4:ba:05:59:31:
                    72:af:29:58:e6:44:a3:1e:29:3a:76:57:ac:7b:98:
                    86:26:bf:a4:ec:2d:1a:cc:de:5a:74:54:51:19:5c:
                    66:e6:f5:d0:6c:47:81:3e:5c:60:7f:7d:7d:73:8a:
                    5b:f3:25:04:36:2c:d7:52:12:89:5d:c6:fc:53:08:
                    d1:fe:0b:7e:66:15:29:61:4a:63:15:19:ba:69:43:
                    a3:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:24:20:1A:C7:36:33:FC:1C:7C:D6:6F:00:08:12:9A:0D:49:FA:F0
            X509v3 Authority Key Identifier:
                keyid:18:A8:4A:8E:47:5F:66:06:E7:A1:2F:92:B3:30:D6:3D:8F:88:0B:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GKhKjkdfZgbnoS-SszDWPY-IC-A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/892a27-fdb6-4285-829a-87f5b6479d1e/1/lCQgGsc2M_wcfNZvAAgSmg1J-vA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/892a27-fdb6-4285-829a-87f5b6479d1e/1/GKhKjkdfZgbnoS-SszDWPY-IC-A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.208.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:f7:9d:a5:84:7f:62:b5:6f:fb:d5:b3:04:e8:b9:5d:0f:75:
         5d:9b:09:09:68:29:fa:23:b1:1a:84:19:e0:87:f0:97:8e:22:
         2a:43:5b:81:a7:d0:ea:e6:14:a5:0a:15:39:aa:a4:10:bc:5e:
         8d:1f:69:7c:e0:af:53:74:db:33:9a:1e:52:cb:32:10:29:4b:
         ec:c0:0a:ac:fe:f4:68:d9:43:a2:06:b5:b6:16:79:6d:e9:39:
         ae:cd:95:4f:33:e2:ed:d5:7a:45:c5:d0:f4:03:2f:44:60:71:
         17:79:3a:4e:77:51:cb:7e:f9:20:7e:e3:ac:bc:70:64:de:1f:
         5a:c8:05:fc:c2:14:a8:67:fb:23:36:ca:b5:90:6b:a8:04:25:
         77:1e:64:12:27:2f:57:ed:a8:1e:f1:27:a3:d1:50:ed:0e:dd:
         10:96:0b:da:af:25:b5:04:84:d9:09:a0:ca:45:bb:f8:95:00:
         95:cd:90:43:e9:32:66:6e:84:49:d7:24:94:e6:40:05:88:80:
         0c:7b:fb:cf:be:7c:cf:3c:87:42:8b:95:98:fe:ab:bc:9b:3b:
         56:6b:e9:c5:f6:6d:95:77:1d:0f:42:41:9b:36:7f:4b:fd:b3:
         e8:60:10:94:53:dc:c2:49:e3:d0:f8:f6:3c:bc:d3:aa:cf:6b:
         cd:6a:70:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbQyZOyzkWE0c6kkGkEw+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4YTg0YThlNDc1ZjY2MDZlN2ExMmY5MmIzMzBkNjNkOGY4
ODBiZTAwHhcNMjQwMTAxMDAyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDI0MjAxYWM3MzYzM2ZjMWM3Y2Q2NmYwMDA4MTI5YTBkNDlmYWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAptRfeY2086LfEwOirFaS4+ERgySd
nbTSVW+twHISjyd2gN2Vg2MW26Yz9o/TyrNBEYta6s1VN7nrs84Zc47C/poK+Sxp
19fYE1UmRoFWt6cFZpcaFHs5d34OR79FaCv9VXC/sa3xTDGka6mk7gPDM+iIM9W1
CRUeF061z2a4pg2qXt0fLKu7PCkfnnkTty+ez3CZmUiXiOcrwVnUmEXUF9l1Grm2
+heX1cO2i9L55LoFWTFyrylY5kSjHik6dlese5iGJr+k7C0azN5adFRRGVxm5vXQ
bEeBPlxgf319c4pb8yUENizXUhKJXcb8UwjR/gt+ZhUpYUpjFRm6aUOjzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJQkIBrHNjP8HHzWbwAIEpoNSfrwMB8GA1UdIwQY
MBaAFBioSo5HX2YG56EvkrMw1j2PiAvgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0toS2prZGZaZ2Jub1MtU3N6RFdQWS1JQy1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC84OTJhMjctZmRiNi00Mjg1LTgyOWEt
ODdmNWI2NDc5ZDFlLzEvbENRZ0dzYzJNX3djZk5adkFBZ1NtZzFKLXZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC84OTJhMjctZmRiNi00Mjg1LTgyOWEtODdmNWI2NDc5ZDFl
LzEvR0toS2prZGZaZ2Jub1MtU3N6RFdQWS1JQy1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudALMA0G
CSqGSIb3DQEBCwUAA4IBAQAS952lhH9itW/71bME6LldD3VdmwkJaCn6I7EahBng
h/CXjiIqQ1uBp9Dq5hSlChU5qqQQvF6NH2l84K9TdNszmh5SyzIQKUvswAqs/vRo
2UOiBrW2Fnlt6TmuzZVPM+Lt1XpFxdD0Ay9EYHEXeTpOd1HLfvkgfuOsvHBk3h9a
yAX8whSoZ/sjNsq1kGuoBCV3HmQSJy9X7age8Sej0VDtDt0QlgvaryW1BITZCaDK
Rbv4lQCVzZBD6TJmboRJ1ySU5kAFiIAMe/vPvnzPPIdCi5WY/qu8mztWa+nF9m2V
dx0PQkGbNn9L/bPoYBCUU9zCSePQ+PY8vNOqz2vNanCB
-----END CERTIFICATE-----