Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/bnAPUFuvdJnnmwNhr7IXOo7sGhw.roa
File:                     bnAPUFuvdJnnmwNhr7IXOo7sGhw.roa (raw, json)
Hash identifier:          0IawnZvl2KO6IBFWtgqQ5CQJq1k/KdlykID8F7AM6kQ=
Subject key identifier:   6E:70:0F:50:5B:AF:74:99:E7:9B:03:61:AF:B2:17:3A:8E:EC:1A:1C
Certificate issuer:       /CN=60998d3c9d8bdc9c1dff8e319424412b6cdc1dd3
Certificate serial:       019426D9E11CAF108BBAB1818E546D41F8B4
Authority key identifier: 60:99:8D:3C:9D:8B:DC:9C:1D:FF:8E:31:94:24:41:2B:6C:DC:1D:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YJmNPJ2L3Jwd_44xlCRBK2zcHdM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/bnAPUFuvdJnnmwNhr7IXOo7sGhw.roa
Signing time:             Thu 02 Jan 2025 11:50:00 +0000
ROA not before:           Thu 02 Jan 2025 11:50:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200482
IP address blocks:        212.11.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/YJmNPJ2L3Jwd_44xlCRBK2zcHdM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/YJmNPJ2L3Jwd_44xlCRBK2zcHdM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YJmNPJ2L3Jwd_44xlCRBK2zcHdM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:e1:1c:af:10:8b:ba:b1:81:8e:54:6d:41:f8:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60998d3c9d8bdc9c1dff8e319424412b6cdc1dd3
        Validity
            Not Before: Jan  2 11:50:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6e700f505baf7499e79b0361afb2173a8eec1a1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:9b:19:f3:7f:fd:a7:06:cd:a3:70:a4:e2:e6:
                    66:b0:13:7f:c9:83:54:6b:3f:ee:74:a4:66:d0:75:
                    ac:db:94:e1:4c:d9:fd:c1:21:ee:dd:9d:b9:08:f9:
                    fc:5e:ba:f3:37:4e:94:53:81:0c:55:8e:81:42:82:
                    00:d1:b3:42:8d:c1:ff:86:5c:be:60:8a:8f:dd:6a:
                    e6:82:5c:30:3c:60:51:52:d9:40:64:a3:50:71:f4:
                    d7:b3:dd:29:ba:1a:cb:6f:f2:5c:a9:d8:c0:30:37:
                    b3:66:57:b5:ab:ee:91:de:bf:5f:09:9f:0e:ea:ee:
                    e2:55:6a:19:82:ca:bf:a0:2b:52:64:a2:92:98:09:
                    5c:bd:97:9b:e8:4e:f4:d4:5e:ad:e7:08:24:77:d5:
                    ba:79:7a:28:56:f1:3b:b1:b0:4a:e1:a7:30:ba:ec:
                    93:b6:54:f8:c2:fc:c2:91:4b:33:e9:3d:4c:40:7d:
                    00:b8:fa:ac:f6:69:85:44:e8:f2:0e:28:b5:7a:4c:
                    8d:a0:3c:f9:b9:83:61:ee:21:6e:5e:3b:30:2e:63:
                    b7:58:c5:b2:c5:60:fc:2c:06:b3:49:bf:2c:c5:32:
                    75:da:f8:c0:8e:30:87:46:9b:7c:58:1b:b7:b7:d9:
                    e1:f5:c9:3b:7d:a6:42:cb:15:f9:99:ea:36:b3:5b:
                    93:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:70:0F:50:5B:AF:74:99:E7:9B:03:61:AF:B2:17:3A:8E:EC:1A:1C
            X509v3 Authority Key Identifier:
                keyid:60:99:8D:3C:9D:8B:DC:9C:1D:FF:8E:31:94:24:41:2B:6C:DC:1D:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YJmNPJ2L3Jwd_44xlCRBK2zcHdM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/bnAPUFuvdJnnmwNhr7IXOo7sGhw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/YJmNPJ2L3Jwd_44xlCRBK2zcHdM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.11.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:cd:36:30:57:a6:45:9e:e7:38:f6:78:c2:a9:25:89:f5:bd:
         b8:d6:96:45:26:7d:43:08:ad:3b:27:1b:ab:65:4c:ea:91:22:
         e4:bf:bf:83:48:ca:6f:8b:c2:51:8e:0f:94:89:20:4c:35:4f:
         c9:9d:93:e0:52:9f:6d:de:0b:bb:09:50:c2:3a:a0:d9:5a:66:
         a9:56:16:97:70:2c:89:20:e4:e6:a6:a3:3e:cc:18:bd:10:af:
         ec:bc:ab:92:13:87:41:4d:48:5e:13:96:6c:7f:ab:6b:3d:25:
         8c:c3:da:21:1f:4d:ed:38:7c:37:16:c3:c1:5f:56:2f:68:08:
         f6:c9:ac:af:ae:fc:25:09:d7:f5:04:01:03:77:be:e7:27:84:
         7d:9e:2c:04:30:f7:84:5d:1b:b9:40:99:cb:9c:db:b7:04:eb:
         e5:3e:13:5b:1d:4f:de:83:cb:6d:d2:20:ce:09:b4:96:b1:ec:
         96:e4:e2:49:21:d0:3a:bb:2f:5c:c2:f3:a4:fb:97:47:99:15:
         6d:f8:b2:d9:da:c5:4c:5a:85:45:e2:0c:cb:bf:5b:30:13:88:
         be:02:23:fc:fc:1f:8d:ce:24:95:9e:62:99:d7:1c:64:1a:6d:
         a8:0c:dc:37:a5:3b:3f:69:5b:d3:d4:00:14:ca:26:48:35:66:
         59:04:a4:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2eEcrxCLurGBjlRtQfi0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwOTk4ZDNjOWQ4YmRjOWMxZGZmOGUzMTk0MjQ0MTJiNmNk
YzFkZDMwHhcNMjUwMTAyMTE1MDAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTcwMGY1MDViYWY3NDk5ZTc5YjAzNjFhZmIyMTczYThlZWMxYTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA45sZ83/9pwbNo3Ck4uZmsBN/yYNU
az/udKRm0HWs25ThTNn9wSHu3Z25CPn8XrrzN06UU4EMVY6BQoIA0bNCjcH/hly+
YIqP3WrmglwwPGBRUtlAZKNQcfTXs90puhrLb/JcqdjAMDezZle1q+6R3r9fCZ8O
6u7iVWoZgsq/oCtSZKKSmAlcvZeb6E701F6t5wgkd9W6eXooVvE7sbBK4acwuuyT
tlT4wvzCkUsz6T1MQH0AuPqs9mmFROjyDii1ekyNoDz5uYNh7iFuXjswLmO3WMWy
xWD8LAazSb8sxTJ12vjAjjCHRpt8WBu3t9nh9ck7faZCyxX5meo2s1uTVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG5wD1Bbr3SZ55sDYa+yFzqO7BocMB8GA1UdIwQY
MBaAFGCZjTydi9ycHf+OMZQkQSts3B3TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUptTlBKMkwzSndkXzQ0eGxDUkJLMnpjSGRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83NzlhZTktN2QyMi00MjUyLThjNWIt
MGVhNGQ1MzFiNzkzLzEvYm5BUFVGdXZkSm5ubXdOaHI3SVhPbzdzR2h3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83NzlhZTktN2QyMi00MjUyLThjNWItMGVhNGQ1MzFiNzkz
LzEvWUptTlBKMkwzSndkXzQ0eGxDUkJLMnpjSGRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1AtAMA0G
CSqGSIb3DQEBCwUAA4IBAQCWzTYwV6ZFnuc49njCqSWJ9b241pZFJn1DCK07Jxur
ZUzqkSLkv7+DSMpvi8JRjg+UiSBMNU/JnZPgUp9t3gu7CVDCOqDZWmapVhaXcCyJ
IOTmpqM+zBi9EK/svKuSE4dBTUheE5Zsf6trPSWMw9ohH03tOHw3FsPBX1YvaAj2
yayvrvwlCdf1BAEDd77nJ4R9niwEMPeEXRu5QJnLnNu3BOvlPhNbHU/eg8tt0iDO
CbSWseyW5OJJIdA6uy9cwvOk+5dHmRVt+LLZ2sVMWoVF4gzLv1swE4i+AiP8/B+N
ziSVnmKZ1xxkGm2oDNw3pTs/aVvT1AAUyiZINWZZBKSJ
-----END CERTIFICATE-----