Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/ba1f88-707f-41bd-b9bd-fb6983ce9dff/1/fgBVP-p2zmTya0_4qFVlHpogzj8.roa
File:                     fgBVP-p2zmTya0_4qFVlHpogzj8.roa (raw, json)
Hash identifier:          bS/DWNViHxGcmHSoDDhkfhplvAMKypbICmsWzuWRKNU=
Subject key identifier:   7E:00:55:3F:EA:76:CE:64:F2:6B:4F:F8:A8:55:65:1E:9A:20:CE:3F
Certificate issuer:       /CN=a0a647dac729f47b06369c4c9741cf943953dc59
Certificate serial:       01965DF4DBDF754ABCC9B9DDEA1106617FEB
Authority key identifier: A0:A6:47:DA:C7:29:F4:7B:06:36:9C:4C:97:41:CF:94:39:53:DC:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oKZH2scp9HsGNpxMl0HPlDlT3Fk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/ba1f88-707f-41bd-b9bd-fb6983ce9dff/1/fgBVP-p2zmTya0_4qFVlHpogzj8.roa
Signing time:             Tue 22 Apr 2025 14:44:10 +0000
ROA not before:           Tue 22 Apr 2025 14:44:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31898
IP address blocks:        185.113.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/ba1f88-707f-41bd-b9bd-fb6983ce9dff/1/oKZH2scp9HsGNpxMl0HPlDlT3Fk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/ba1f88-707f-41bd-b9bd-fb6983ce9dff/1/oKZH2scp9HsGNpxMl0HPlDlT3Fk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oKZH2scp9HsGNpxMl0HPlDlT3Fk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 08:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:5d:f4:db:df:75:4a:bc:c9:b9:dd:ea:11:06:61:7f:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0a647dac729f47b06369c4c9741cf943953dc59
        Validity
            Not Before: Apr 22 14:44:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7e00553fea76ce64f26b4ff8a855651e9a20ce3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:2e:5b:1b:1d:de:38:b8:28:ca:63:08:51:33:
                    48:8d:ad:3f:0f:7b:f2:0d:41:9a:e5:35:76:88:ef:
                    fb:f1:02:b8:a3:aa:cb:e0:50:0a:04:9d:5d:cf:0f:
                    08:bc:56:4a:3d:d6:88:7b:2e:5a:72:44:01:6f:76:
                    13:31:72:89:eb:19:d5:40:49:57:e8:98:0e:bc:77:
                    1f:f3:4b:e4:bb:31:89:09:4d:a1:09:87:81:16:fe:
                    04:d0:41:cc:b5:6b:bc:7b:90:97:7a:de:56:25:19:
                    5f:7d:7b:60:c6:bc:ea:45:54:2f:9f:0e:66:83:71:
                    8a:fc:e7:fa:1d:4a:34:cd:67:d0:1c:9d:c0:ee:98:
                    30:a7:75:18:b4:91:eb:fe:ca:03:fd:c1:78:69:ee:
                    0b:aa:8e:86:20:2a:7b:37:c8:69:70:ac:f6:df:f2:
                    36:d0:b8:56:4a:65:ed:38:5c:ba:31:b0:60:45:91:
                    7f:e4:52:37:a6:08:e0:b1:f2:87:48:72:25:8f:c5:
                    3c:b3:d3:bf:c5:3b:cc:c2:c3:fe:8a:31:a6:55:3c:
                    b5:9f:af:99:30:3a:c9:28:04:bc:f5:02:9c:72:ae:
                    3b:30:fe:89:4b:7a:aa:14:98:d5:43:c6:30:51:f9:
                    af:10:70:3a:80:e3:c9:11:cc:e1:62:3a:49:dd:8f:
                    d4:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:00:55:3F:EA:76:CE:64:F2:6B:4F:F8:A8:55:65:1E:9A:20:CE:3F
            X509v3 Authority Key Identifier:
                keyid:A0:A6:47:DA:C7:29:F4:7B:06:36:9C:4C:97:41:CF:94:39:53:DC:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oKZH2scp9HsGNpxMl0HPlDlT3Fk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/ba1f88-707f-41bd-b9bd-fb6983ce9dff/1/fgBVP-p2zmTya0_4qFVlHpogzj8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/ba1f88-707f-41bd-b9bd-fb6983ce9dff/1/oKZH2scp9HsGNpxMl0HPlDlT3Fk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.113.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:eb:6e:56:81:14:3d:b0:1e:71:a0:63:c9:7b:eb:c4:44:f6:
         d3:80:be:e0:a4:da:e7:4a:5c:e3:67:4e:3a:a6:b2:92:81:53:
         ee:1f:c7:98:e9:61:8f:04:58:54:48:a2:14:21:2f:f6:4f:b9:
         72:1f:a8:cf:e2:d5:8f:0c:af:5f:d0:ec:b0:5b:d3:04:c3:96:
         63:bb:07:0e:4f:e6:02:db:f5:e9:55:00:0b:71:7c:73:75:d8:
         9b:29:a8:34:3c:4c:6f:b3:43:cf:e8:7c:93:f3:f2:06:de:3c:
         67:7d:31:26:1c:13:79:07:be:44:6f:7b:71:cb:e5:4d:32:2d:
         49:3e:af:49:e9:58:49:79:e7:68:fe:cf:03:4c:e4:98:fe:44:
         a9:ba:ea:55:dc:30:e9:bd:41:39:30:6e:18:73:a4:09:c4:c6:
         f8:ad:72:fc:75:97:2a:a2:34:6a:d0:04:4f:87:e5:b9:8e:09:
         99:db:49:37:fb:4d:53:4f:01:19:4f:3c:be:52:98:b3:70:35:
         26:f6:2d:9c:de:b5:30:24:8c:3c:fe:5b:db:bc:5b:6c:64:29:
         e7:12:7b:08:3b:7d:b1:38:9a:ae:0c:e5:2f:fe:f9:58:4a:aa:
         8a:03:12:97:46:ef:50:28:1e:ec:65:0c:42:44:01:f7:1b:75:
         85:cd:d5:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZd9NvfdUq8ybnd6hEGYX/rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwYTY0N2RhYzcyOWY0N2IwNjM2OWM0Yzk3NDFjZjk0Mzk1
M2RjNTkwHhcNMjUwNDIyMTQ0NDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTAwNTUzZmVhNzZjZTY0ZjI2YjRmZjhhODU1NjUxZTlhMjBjZTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAji5bGx3eOLgoymMIUTNIja0/D3vy
DUGa5TV2iO/78QK4o6rL4FAKBJ1dzw8IvFZKPdaIey5ackQBb3YTMXKJ6xnVQElX
6JgOvHcf80vkuzGJCU2hCYeBFv4E0EHMtWu8e5CXet5WJRlffXtgxrzqRVQvnw5m
g3GK/Of6HUo0zWfQHJ3A7pgwp3UYtJHr/soD/cF4ae4Lqo6GICp7N8hpcKz23/I2
0LhWSmXtOFy6MbBgRZF/5FI3pgjgsfKHSHIlj8U8s9O/xTvMwsP+ijGmVTy1n6+Z
MDrJKAS89QKccq47MP6JS3qqFJjVQ8YwUfmvEHA6gOPJEczhYjpJ3Y/UjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH4AVT/qds5k8mtP+KhVZR6aIM4/MB8GA1UdIwQY
MBaAFKCmR9rHKfR7BjacTJdBz5Q5U9xZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0taSDJzY3A5SHNHTnB4TWwwSFBsRGxUM0ZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9iYTFmODgtNzA3Zi00MWJkLWI5YmQt
ZmI2OTgzY2U5ZGZmLzEvZmdCVlAtcDJ6bVR5YTBfNHFGVmxIcG9nemo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9iYTFmODgtNzA3Zi00MWJkLWI5YmQtZmI2OTgzY2U5ZGZm
LzEvb0taSDJzY3A5SHNHTnB4TWwwSFBsRGxUM0ZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXELMA0G
CSqGSIb3DQEBCwUAA4IBAQAw625WgRQ9sB5xoGPJe+vERPbTgL7gpNrnSlzjZ046
prKSgVPuH8eY6WGPBFhUSKIUIS/2T7lyH6jP4tWPDK9f0OywW9MEw5ZjuwcOT+YC
2/XpVQALcXxzddibKag0PExvs0PP6HyT8/IG3jxnfTEmHBN5B75Eb3txy+VNMi1J
Pq9J6VhJeedo/s8DTOSY/kSpuupV3DDpvUE5MG4Yc6QJxMb4rXL8dZcqojRq0ARP
h+W5jgmZ20k3+01TTwEZTzy+UpizcDUm9i2c3rUwJIw8/lvbvFtsZCnnEnsIO32x
OJquDOUv/vlYSqqKAxKXRu9QKB7sZQxCRAH3G3WFzdXJ
-----END CERTIFICATE-----