Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/A3E9_0So1p68noM0QrlWLwSLDPk.roa
File:                     A3E9_0So1p68noM0QrlWLwSLDPk.roa (raw, json)
Hash identifier:          KQBTWnGwwV4bwGGk8PYYtdjAlC6Mu1JxzVvAgRxQl4g=
Subject key identifier:   03:71:3D:FF:44:A8:D6:9E:BC:9E:83:34:42:B9:56:2F:04:8B:0C:F9
Certificate issuer:       /CN=60998d3c9d8bdc9c1dff8e319424412b6cdc1dd3
Certificate serial:       019426D9DFDC3534B80CAE01E743834168CB
Authority key identifier: 60:99:8D:3C:9D:8B:DC:9C:1D:FF:8E:31:94:24:41:2B:6C:DC:1D:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YJmNPJ2L3Jwd_44xlCRBK2zcHdM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/A3E9_0So1p68noM0QrlWLwSLDPk.roa
Signing time:             Thu 02 Jan 2025 11:50:00 +0000
ROA not before:           Thu 02 Jan 2025 11:50:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49581
IP address blocks:        212.11.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/YJmNPJ2L3Jwd_44xlCRBK2zcHdM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/YJmNPJ2L3Jwd_44xlCRBK2zcHdM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YJmNPJ2L3Jwd_44xlCRBK2zcHdM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 14:13:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:df:dc:35:34:b8:0c:ae:01:e7:43:83:41:68:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60998d3c9d8bdc9c1dff8e319424412b6cdc1dd3
        Validity
            Not Before: Jan  2 11:50:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=03713dff44a8d69ebc9e833442b9562f048b0cf9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:a9:a9:43:67:9e:92:5b:39:9d:e6:43:1a:64:
                    ac:5f:6e:e5:24:17:72:5c:c5:b5:b4:6e:fb:df:69:
                    cd:c2:13:ca:35:7c:57:94:9b:97:d1:10:b2:51:af:
                    0f:f1:69:ae:86:88:c6:f3:46:03:d7:78:72:8e:2d:
                    6b:13:c7:7f:99:e3:88:df:79:47:3b:5e:6a:72:26:
                    42:10:cd:3f:d2:d7:6e:f9:15:38:12:92:c6:f6:be:
                    0f:97:cc:d0:9b:ef:6f:e9:db:06:c2:8a:21:28:f0:
                    97:62:ee:4e:6d:b0:3b:ec:69:da:b2:10:96:db:33:
                    aa:f4:2e:b9:ac:c7:31:2d:98:32:66:34:86:21:00:
                    9f:34:84:1b:1e:88:fa:9d:9c:55:ce:a8:fa:8a:5c:
                    0f:bf:ec:2f:e9:38:58:fe:cc:79:d2:78:0c:48:30:
                    4e:f1:3c:49:9f:82:bb:d4:25:a3:89:04:b6:02:d3:
                    83:3c:d8:ef:94:1e:ad:f2:85:14:8f:0d:54:c2:2d:
                    00:cb:6d:59:c1:d7:fd:06:38:b8:04:2a:81:aa:18:
                    74:b3:75:ae:b5:54:a2:70:a9:98:51:9c:13:19:fe:
                    a2:2f:23:9a:b5:46:43:50:14:c1:bb:ff:1a:34:8e:
                    5d:d9:a7:b6:2e:7d:57:cc:46:ec:7c:16:73:bf:ae:
                    89:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:71:3D:FF:44:A8:D6:9E:BC:9E:83:34:42:B9:56:2F:04:8B:0C:F9
            X509v3 Authority Key Identifier:
                keyid:60:99:8D:3C:9D:8B:DC:9C:1D:FF:8E:31:94:24:41:2B:6C:DC:1D:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YJmNPJ2L3Jwd_44xlCRBK2zcHdM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/A3E9_0So1p68noM0QrlWLwSLDPk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/YJmNPJ2L3Jwd_44xlCRBK2zcHdM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.11.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:8f:c4:2a:59:53:24:57:4d:f3:ae:b1:d1:32:28:6d:93:a7:
         bb:e0:18:b7:94:74:57:a0:5f:35:4c:af:9f:c7:83:c0:8f:99:
         78:0c:d7:f2:80:e2:02:58:c4:8d:96:b8:45:f1:3d:ac:37:07:
         7c:b0:a6:98:68:e2:fb:fe:e2:6f:0e:d6:11:db:5b:97:e2:e2:
         ec:fb:45:23:13:63:24:a3:83:c7:2e:59:31:ae:f8:cb:c2:9c:
         83:7c:02:69:5c:a1:c8:4e:cf:fb:bc:a4:9a:1e:de:62:4d:a0:
         57:97:ac:d5:57:e7:23:2c:d3:fb:0c:b5:68:b0:f9:3b:9c:8f:
         87:21:31:6e:24:ae:76:a4:d8:39:f8:a3:bd:31:69:c2:29:3d:
         1d:55:db:76:8e:ba:21:92:c3:fc:9a:50:43:6a:37:04:5e:90:
         4d:0c:09:a2:c7:0d:ae:e0:e3:cc:44:9a:0c:b8:96:d2:64:68:
         b0:89:c9:5f:17:4d:97:2c:08:34:07:9e:7b:b4:01:3d:3a:d6:
         78:85:2a:4f:a1:b3:15:92:25:3d:f7:4a:47:80:87:9e:cf:bd:
         ed:0e:64:e9:c6:57:28:51:86:8e:36:86:0a:70:3f:4a:99:ca:
         36:9f:ca:12:df:13:41:6f:6d:ba:49:a3:b5:b8:20:a5:d8:e4:
         a5:b7:fa:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2d/cNTS4DK4B50ODQWjLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwOTk4ZDNjOWQ4YmRjOWMxZGZmOGUzMTk0MjQ0MTJiNmNk
YzFkZDMwHhcNMjUwMTAyMTE1MDAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzcxM2RmZjQ0YThkNjllYmM5ZTgzMzQ0MmI5NTYyZjA0OGIwY2Y5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr6mpQ2eekls5neZDGmSsX27lJBdy
XMW1tG7732nNwhPKNXxXlJuX0RCyUa8P8WmuhojG80YD13hyji1rE8d/meOI33lH
O15qciZCEM0/0tdu+RU4EpLG9r4Pl8zQm+9v6dsGwoohKPCXYu5ObbA77GnashCW
2zOq9C65rMcxLZgyZjSGIQCfNIQbHoj6nZxVzqj6ilwPv+wv6ThY/sx50ngMSDBO
8TxJn4K71CWjiQS2AtODPNjvlB6t8oUUjw1Uwi0Ay21Zwdf9Bji4BCqBqhh0s3Wu
tVSicKmYUZwTGf6iLyOatUZDUBTBu/8aNI5d2ae2Ln1XzEbsfBZzv66J0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFANxPf9EqNaevJ6DNEK5Vi8Eiwz5MB8GA1UdIwQY
MBaAFGCZjTydi9ycHf+OMZQkQSts3B3TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUptTlBKMkwzSndkXzQ0eGxDUkJLMnpjSGRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83NzlhZTktN2QyMi00MjUyLThjNWIt
MGVhNGQ1MzFiNzkzLzEvQTNFOV8wU28xcDY4bm9NMFFybFdMd1NMRFBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83NzlhZTktN2QyMi00MjUyLThjNWItMGVhNGQ1MzFiNzkz
LzEvWUptTlBKMkwzSndkXzQ0eGxDUkJLMnpjSGRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1AtAMA0G
CSqGSIb3DQEBCwUAA4IBAQByj8QqWVMkV03zrrHRMihtk6e74Bi3lHRXoF81TK+f
x4PAj5l4DNfygOICWMSNlrhF8T2sNwd8sKaYaOL7/uJvDtYR21uX4uLs+0UjE2Mk
o4PHLlkxrvjLwpyDfAJpXKHITs/7vKSaHt5iTaBXl6zVV+cjLNP7DLVosPk7nI+H
ITFuJK52pNg5+KO9MWnCKT0dVdt2jrohksP8mlBDajcEXpBNDAmixw2u4OPMRJoM
uJbSZGiwiclfF02XLAg0B557tAE9OtZ4hSpPobMVkiU990pHgIeez73tDmTpxlco
UYaONoYKcD9Kmco2n8oS3xNBb226SaO1uCCl2OSlt/rk
-----END CERTIFICATE-----