Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/qW3rUv4Bh-h12x7opQaoRMowTBQ.roa
File:                     qW3rUv4Bh-h12x7opQaoRMowTBQ.roa (raw, json)
Hash identifier:          nJllUC3JPWQjtaOIg/UfHt32FtfVoPg2qGxqBfygLro=
Subject key identifier:   A9:6D:EB:52:FE:01:87:E8:75:DB:1E:E8:A5:06:A8:44:CA:30:4C:14
Certificate issuer:       /CN=fa3d0bc11b29da44ad57304c3f8568870a019c24
Certificate serial:       0193634DE7E6BAAD92275A4F710FBA0EA54F
Authority key identifier: FA:3D:0B:C1:1B:29:DA:44:AD:57:30:4C:3F:85:68:87:0A:01:9C:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-j0LwRsp2kStVzBMP4VohwoBnCQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/qW3rUv4Bh-h12x7opQaoRMowTBQ.roa
Signing time:             Mon 25 Nov 2024 12:31:10 +0000
ROA not before:           Mon 25 Nov 2024 12:31:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200436
IP address blocks:        185.118.12.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/1-j0LwRsp2kStVzBMP4VohwoBnCQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/1-j0LwRsp2kStVzBMP4VohwoBnCQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-j0LwRsp2kStVzBMP4VohwoBnCQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 12:35:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:63:4d:e7:e6:ba:ad:92:27:5a:4f:71:0f:ba:0e:a5:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fa3d0bc11b29da44ad57304c3f8568870a019c24
        Validity
            Not Before: Nov 25 12:31:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a96deb52fe0187e875db1ee8a506a844ca304c14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:51:98:bb:f4:ac:c7:39:37:cb:53:39:f3:19:
                    0b:2e:77:be:70:e7:22:a0:9a:3a:b9:2d:78:79:61:
                    77:b4:48:e9:9e:a8:cc:6d:c8:97:46:6f:2e:20:0d:
                    e7:49:67:00:48:e4:b0:0c:b6:6f:45:fb:71:1c:b4:
                    0f:2e:dd:71:1b:f0:b1:89:f3:83:eb:16:8a:30:40:
                    54:17:cd:ef:cf:2a:fb:f3:9b:c9:b3:9f:6b:37:52:
                    04:97:a2:9a:32:15:50:c3:6a:bb:50:d9:56:44:87:
                    62:31:1c:28:52:ff:91:43:3f:a1:31:7f:7e:35:c0:
                    92:5f:71:98:f1:b5:c7:14:05:df:f2:55:cd:89:a6:
                    07:dc:1b:f8:ff:1e:d2:6f:04:cd:7f:b2:b5:bd:ba:
                    f1:3d:9d:44:ff:6b:a4:e4:bd:62:bd:40:15:1d:e2:
                    1a:bd:9d:c2:af:0c:76:fd:68:d1:3a:4b:bf:7c:f5:
                    50:2c:cb:45:82:19:f6:e9:f4:ea:5b:88:6b:99:ba:
                    00:59:47:97:f5:b3:c1:9a:78:14:f9:33:1e:02:a3:
                    56:fd:a7:91:74:bc:d7:fa:42:84:fa:c4:e4:3e:35:
                    8f:26:0b:47:8e:42:2a:40:de:ce:bd:42:0f:db:06:
                    94:1d:01:20:9c:2f:2c:8d:66:ec:d1:44:6f:ba:fb:
                    57:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:6D:EB:52:FE:01:87:E8:75:DB:1E:E8:A5:06:A8:44:CA:30:4C:14
            X509v3 Authority Key Identifier:
                keyid:FA:3D:0B:C1:1B:29:DA:44:AD:57:30:4C:3F:85:68:87:0A:01:9C:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-j0LwRsp2kStVzBMP4VohwoBnCQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/qW3rUv4Bh-h12x7opQaoRMowTBQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/1-j0LwRsp2kStVzBMP4VohwoBnCQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.118.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:b0:f9:c1:83:08:0e:eb:38:e0:77:bc:c2:b1:51:46:c0:e6:
         98:6b:d1:66:50:8a:b3:e9:71:08:33:24:f2:f6:a0:37:4b:56:
         0b:e1:61:48:cc:d3:3e:88:09:57:ff:24:d5:55:24:c7:e1:ae:
         bb:2d:f7:de:2c:db:ab:3b:9e:14:09:b3:87:c8:67:50:10:b5:
         30:82:c9:3d:b7:fe:b6:ec:9f:34:57:20:68:64:c9:9e:3a:da:
         74:81:a6:91:f9:95:07:1b:cc:c7:9e:d9:f9:d9:22:2f:94:86:
         94:51:54:0d:29:78:4a:69:7c:ec:ab:d6:e4:b4:e3:76:78:a0:
         ed:4f:a3:38:f4:96:78:64:73:40:e3:d8:0e:2d:3f:eb:85:2e:
         d3:f0:49:c4:a8:3b:f9:f6:9e:62:8a:46:8e:4c:44:71:ca:3d:
         1c:2d:3f:1c:5e:b4:d2:a2:2f:ef:0d:cc:b1:48:0b:c4:1e:e6:
         3e:f0:05:9d:a7:4d:2f:c3:c4:64:e3:68:90:48:b4:1a:d1:f6:
         61:10:39:9c:85:89:29:9b:2f:a8:7f:0f:07:e0:5a:c5:38:1f:
         1a:f7:49:65:97:44:b5:14:8d:a5:f9:8f:e0:8b:e3:53:23:11:
         bd:6f:e0:d8:85:31:e3:38:56:f5:07:1f:d8:81:68:8e:77:d6:
         95:9a:48:e7
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZNjTefmuq2SJ1pPcQ+6DqVPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhM2QwYmMxMWIyOWRhNDRhZDU3MzA0YzNmODU2ODg3MGEw
MTljMjQwHhcNMjQxMTI1MTIzMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTZkZWI1MmZlMDE4N2U4NzVkYjFlZThhNTA2YTg0NGNhMzA0YzE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqFGYu/Ssxzk3y1M58xkLLne+cOci
oJo6uS14eWF3tEjpnqjMbciXRm8uIA3nSWcASOSwDLZvRftxHLQPLt1xG/CxifOD
6xaKMEBUF83vzyr785vJs59rN1IEl6KaMhVQw2q7UNlWRIdiMRwoUv+RQz+hMX9+
NcCSX3GY8bXHFAXf8lXNiaYH3Bv4/x7SbwTNf7K1vbrxPZ1E/2uk5L1ivUAVHeIa
vZ3Crwx2/WjROku/fPVQLMtFghn26fTqW4hrmboAWUeX9bPBmngU+TMeAqNW/aeR
dLzX+kKE+sTkPjWPJgtHjkIqQN7OvUIP2waUHQEgnC8sjWbs0URvuvtXbQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFKlt61L+AYfoddse6KUGqETKMEwUMB8GA1UdIwQY
MBaAFPo9C8EbKdpErVcwTD+FaIcKAZwkMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1qMEx3UnNwMmtTdFZ6Qk1QNFZvaHdvQm5DUS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzMvYWE2NjI5LWQxNDktNDE5Ny1hMzE1
LWQyMTA3MWVmNzM1Yi8xL3FXM3JVdjRCaC1oMTJ4N29wUWFvUk1vd1RCUS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzMvYWE2NjI5LWQxNDktNDE5Ny1hMzE1LWQyMTA3MWVmNzM1
Yi8xLzEtajBMd1JzcDJrU3RWekJNUDRWb2h3b0JuQ1EuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5dgww
DQYJKoZIhvcNAQELBQADggEBAGmw+cGDCA7rOOB3vMKxUUbA5phr0WZQirPpcQgz
JPL2oDdLVgvhYUjM0z6ICVf/JNVVJMfhrrst994s26s7nhQJs4fIZ1AQtTCCyT23
/rbsnzRXIGhkyZ462nSBppH5lQcbzMee2fnZIi+UhpRRVA0peEppfOyr1uS043Z4
oO1Pozj0lnhkc0Dj2A4tP+uFLtPwScSoO/n2nmKKRo5MRHHKPRwtPxxetNKiL+8N
zLFIC8Qe5j7wBZ2nTS/DxGTjaJBItBrR9mEQOZyFiSmbL6h/DwfgWsU4Hxr3SWWX
RLUUjaX5j+CL41MjEb1v4NiFMeM4VvUHH9iBaI531pWaSOc=
-----END CERTIFICATE-----