Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/333ab1-af9b-434c-8d13-9ca98f4950cf/1/jxv2C5982Ccg_jEpftvAMhLewtw.roa
File:                     jxv2C5982Ccg_jEpftvAMhLewtw.roa (raw, json)
Hash identifier:          ueLKoc7Uurshn1hvFPw53fM94VCiIuFDiqRrlZVXFno=
Subject key identifier:   8F:1B:F6:0B:9F:7C:D8:27:20:FE:31:29:7E:DB:C0:32:12:DE:C2:DC
Certificate issuer:       /CN=1e14eb1eef66c2d349f3f7d7bafa68e49fbfec9c
Certificate serial:       01941F8C14E2A346499D91868F5E22AD80DB
Authority key identifier: 1E:14:EB:1E:EF:66:C2:D3:49:F3:F7:D7:BA:FA:68:E4:9F:BF:EC:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HhTrHu9mwtNJ8_fXuvpo5J-_7Jw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/333ab1-af9b-434c-8d13-9ca98f4950cf/1/jxv2C5982Ccg_jEpftvAMhLewtw.roa
Signing time:             Wed 01 Jan 2025 01:47:41 +0000
ROA not before:           Wed 01 Jan 2025 01:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199447
IP address blocks:        185.12.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/333ab1-af9b-434c-8d13-9ca98f4950cf/1/HhTrHu9mwtNJ8_fXuvpo5J-_7Jw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/333ab1-af9b-434c-8d13-9ca98f4950cf/1/HhTrHu9mwtNJ8_fXuvpo5J-_7Jw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HhTrHu9mwtNJ8_fXuvpo5J-_7Jw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:14:e2:a3:46:49:9d:91:86:8f:5e:22:ad:80:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e14eb1eef66c2d349f3f7d7bafa68e49fbfec9c
        Validity
            Not Before: Jan  1 01:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8f1bf60b9f7cd82720fe31297edbc03212dec2dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:c3:46:22:25:80:76:a1:d7:87:ea:e3:5a:12:
                    d1:3b:65:3d:1a:c8:d0:e7:71:5c:2c:55:76:84:f5:
                    52:2a:37:28:ce:1e:1b:6f:57:4c:a4:9f:51:41:ee:
                    ee:22:41:17:31:c3:80:89:17:b6:3a:fd:98:dd:64:
                    0c:46:03:a2:5a:c9:07:64:1e:47:83:55:a9:9a:06:
                    9c:2a:f0:1c:11:b0:14:40:80:8f:42:a2:8e:de:6f:
                    0a:7b:05:36:a1:6f:0a:7d:3d:13:ef:1c:56:55:f5:
                    d7:ff:f7:97:00:fd:a1:88:36:48:e7:54:b9:0b:72:
                    4f:d0:e3:6b:01:97:12:7b:ed:34:19:58:af:26:44:
                    76:38:e2:dd:1f:19:8e:e2:e8:d2:79:9d:d0:7b:84:
                    85:bc:05:0b:c8:d7:47:9e:dd:34:7d:2f:e3:1e:3e:
                    37:46:ec:0e:2d:69:6e:89:08:e6:6b:56:7c:8e:26:
                    5f:db:80:90:93:4e:48:49:f9:3c:aa:b4:c6:1c:ea:
                    92:52:32:f1:fd:13:a8:6c:79:ad:9f:43:ae:4a:e6:
                    f3:54:c2:7f:51:92:63:ae:52:43:ed:04:7a:ae:fd:
                    0f:e5:b7:0d:b3:12:d6:d8:f4:9d:e8:2d:3f:e4:6a:
                    9c:bc:1f:68:ee:f3:cc:81:f4:89:11:b6:1c:2d:36:
                    d0:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:1B:F6:0B:9F:7C:D8:27:20:FE:31:29:7E:DB:C0:32:12:DE:C2:DC
            X509v3 Authority Key Identifier:
                keyid:1E:14:EB:1E:EF:66:C2:D3:49:F3:F7:D7:BA:FA:68:E4:9F:BF:EC:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HhTrHu9mwtNJ8_fXuvpo5J-_7Jw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/333ab1-af9b-434c-8d13-9ca98f4950cf/1/jxv2C5982Ccg_jEpftvAMhLewtw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/333ab1-af9b-434c-8d13-9ca98f4950cf/1/HhTrHu9mwtNJ8_fXuvpo5J-_7Jw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.12.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:dd:42:8b:37:2d:3c:c8:b3:e0:46:fe:83:8a:e4:07:38:a4:
         c8:50:67:9c:aa:fe:dc:a0:68:3b:09:52:67:c5:8f:07:e7:a7:
         6d:44:04:6e:85:7d:cb:d2:f3:df:62:85:ec:a6:0b:57:f1:05:
         9f:9e:00:5f:d1:12:fa:09:2b:64:cb:c5:b8:32:77:02:62:b4:
         1a:d4:e1:0f:4b:72:51:8c:af:4d:a9:47:92:d5:11:04:1f:8c:
         5d:c1:2a:27:c5:61:f1:81:d3:41:9f:c2:6e:9e:4c:1a:71:63:
         37:0a:d0:40:60:a6:3b:3f:ee:c5:5a:d4:02:72:57:df:e6:79:
         87:b2:c9:34:bd:b2:f9:db:a3:52:e1:38:ac:9c:3b:0f:b8:15:
         56:b2:62:00:33:17:12:3b:fd:46:70:c6:0c:1d:75:07:2c:e2:
         e2:2a:b2:66:4e:d2:de:f3:85:58:ab:cc:c3:47:12:26:e3:c0:
         22:14:0a:a1:77:05:c1:ff:16:3b:1b:a6:6b:9e:49:b9:23:4c:
         1f:67:35:b1:8a:dd:bb:0c:00:09:43:c1:11:c6:97:54:75:1f:
         8e:a6:11:b6:81:a8:3d:d6:58:6a:a6:fe:a9:85:5d:22:d7:99:
         f4:83:31:b0:af:4d:00:9c:69:63:ee:97:85:79:f1:7f:55:fe:
         4a:80:ad:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjBTio0ZJnZGGj14irYDbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlMTRlYjFlZWY2NmMyZDM0OWYzZjdkN2JhZmE2OGU0OWZi
ZmVjOWMwHhcNMjUwMTAxMDE0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjFiZjYwYjlmN2NkODI3MjBmZTMxMjk3ZWRiYzAzMjEyZGVjMmRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvMNGIiWAdqHXh+rjWhLRO2U9GsjQ
53FcLFV2hPVSKjcozh4bb1dMpJ9RQe7uIkEXMcOAiRe2Ov2Y3WQMRgOiWskHZB5H
g1WpmgacKvAcEbAUQICPQqKO3m8KewU2oW8KfT0T7xxWVfXX//eXAP2hiDZI51S5
C3JP0ONrAZcSe+00GVivJkR2OOLdHxmO4ujSeZ3Qe4SFvAULyNdHnt00fS/jHj43
RuwOLWluiQjma1Z8jiZf24CQk05ISfk8qrTGHOqSUjLx/ROobHmtn0OuSubzVMJ/
UZJjrlJD7QR6rv0P5bcNsxLW2PSd6C0/5GqcvB9o7vPMgfSJEbYcLTbQhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI8b9guffNgnIP4xKX7bwDIS3sLcMB8GA1UdIwQY
MBaAFB4U6x7vZsLTSfP317r6aOSfv+ycMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGhUckh1OW13dE5KOF9mWHV2cG81Si1fN0p3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy8zMzNhYjEtYWY5Yi00MzRjLThkMTMt
OWNhOThmNDk1MGNmLzEvanh2MkM1OTgyQ2NnX2pFcGZ0dkFNaExld3R3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy8zMzNhYjEtYWY5Yi00MzRjLThkMTMtOWNhOThmNDk1MGNm
LzEvSGhUckh1OW13dE5KOF9mWHV2cG81Si1fN0p3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQwLMA0G
CSqGSIb3DQEBCwUAA4IBAQCj3UKLNy08yLPgRv6DiuQHOKTIUGecqv7coGg7CVJn
xY8H56dtRARuhX3L0vPfYoXspgtX8QWfngBf0RL6CStky8W4MncCYrQa1OEPS3JR
jK9NqUeS1REEH4xdwSonxWHxgdNBn8JunkwacWM3CtBAYKY7P+7FWtQCclff5nmH
ssk0vbL526NS4TisnDsPuBVWsmIAMxcSO/1GcMYMHXUHLOLiKrJmTtLe84VYq8zD
RxIm48AiFAqhdwXB/xY7G6Zrnkm5I0wfZzWxit27DAAJQ8ERxpdUdR+OphG2gag9
1lhqpv6phV0i15n0gzGwr00AnGlj7peFefF/Vf5KgK2l
-----END CERTIFICATE-----