Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/XQSdpYywXniH-4RrFE8ADb_IkFg.roa
File:                     XQSdpYywXniH-4RrFE8ADb_IkFg.roa (raw, json)
Hash identifier:          p9OQSem/8VfhwT/7ja70OsbXAHFO0qdQ0IRvRySU44M=
Subject key identifier:   5D:04:9D:A5:8C:B0:5E:78:87:FB:84:6B:14:4F:00:0D:BF:C8:90:58
Certificate issuer:       /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial:       019712ED0DB595E671D6E7B807157F81FC01
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/XQSdpYywXniH-4RrFE8ADb_IkFg.roa
Signing time:             Tue 27 May 2025 18:06:54 +0000
ROA not before:           Tue 27 May 2025 18:06:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     32780
IP address blocks:        212.60.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:12:ed:0d:b5:95:e6:71:d6:e7:b8:07:15:7f:81:fc:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
        Validity
            Not Before: May 27 18:06:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5d049da58cb05e7887fb846b144f000dbfc89058
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:3f:be:32:ae:e2:11:94:6c:ac:7f:c7:b3:8b:
                    9d:9a:16:e5:35:8c:eb:c1:90:0a:9f:60:5f:9d:65:
                    94:3f:43:0f:a6:40:03:cc:37:88:9f:47:62:75:5f:
                    12:98:f8:80:64:bd:a4:0c:85:5c:3f:cb:c7:21:ba:
                    2b:9b:16:1e:c2:25:c9:21:00:1e:a9:d7:ad:f2:63:
                    07:98:89:05:28:87:36:a1:0d:ca:0e:ab:48:6a:b0:
                    ff:97:42:b8:6c:bc:62:3a:a2:e8:0c:81:c2:82:88:
                    d7:47:08:1d:d0:b2:d4:33:a7:9c:5f:94:72:0a:80:
                    c6:55:56:ab:08:79:c5:07:79:0d:29:b4:49:e2:52:
                    11:3e:66:e4:35:74:4b:25:e9:a5:25:9b:58:d3:39:
                    ee:35:e3:1f:75:02:72:ae:7f:d9:2a:95:7b:c6:05:
                    45:7e:4a:56:ff:19:78:ef:c3:69:76:9a:39:a8:1e:
                    ee:29:59:cd:5a:41:72:36:15:80:0e:d6:9c:f4:f7:
                    3f:e1:ce:6c:d4:15:63:f6:03:f2:10:b8:61:00:5b:
                    6a:18:0a:7e:31:71:5d:8a:8b:10:ba:fe:3b:1a:3b:
                    5e:7f:3d:86:ac:e7:1c:9e:38:66:5e:ea:18:7f:f3:
                    f0:9c:1b:dd:e6:dc:9e:52:e3:12:45:fd:0c:57:01:
                    9d:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:04:9D:A5:8C:B0:5E:78:87:FB:84:6B:14:4F:00:0D:BF:C8:90:58
            X509v3 Authority Key Identifier:
                keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/XQSdpYywXniH-4RrFE8ADb_IkFg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.60.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:4d:3e:b1:05:5a:01:a4:7e:45:d6:2b:fa:b4:13:9f:d0:d3:
         60:a8:ba:af:a9:ca:47:0f:9b:42:e6:b0:28:c1:79:72:92:db:
         9f:cd:9f:d2:cc:08:83:ad:8b:fe:7d:21:f7:b0:8b:d3:32:60:
         30:56:4d:6f:d0:6b:a3:94:65:b0:9f:b6:a6:b0:ad:c8:84:3a:
         14:89:02:75:0e:0e:0d:64:74:d3:cf:00:07:1d:64:27:26:2c:
         7c:ec:7d:f5:2c:4b:8c:0f:7d:70:77:a4:f0:b4:a3:72:67:88:
         da:59:2b:f7:7e:d6:16:dd:4d:b1:d3:8b:b4:ee:6f:8b:14:c9:
         4c:82:96:db:22:4e:79:4f:ec:50:25:60:81:92:1e:a5:94:45:
         41:28:29:09:a4:c5:8e:c9:fd:bd:88:52:63:16:d7:72:9b:2d:
         b7:7e:5f:dd:e3:9d:e2:9d:73:88:3d:e4:ba:5f:78:86:b3:15:
         ac:0b:27:7d:ca:9e:0f:81:c2:7f:e5:0d:4b:77:93:bd:9b:02:
         ac:6e:72:98:e2:68:27:de:cd:1a:0a:10:d5:61:d6:c1:e5:ae:
         d7:25:19:7b:a7:cd:11:94:5a:46:19:c9:35:a3:a9:60:6b:3e:
         b7:a1:3a:6f:8f:df:2f:ec:fd:4f:e4:6b:f4:75:ba:57:1d:1f:
         9a:0c:33:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcS7Q21leZx1ue4BxV/gfwBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjc4ZjY2ODJmYzM5YzU1YjQxZDQ4ZjgwYjg4MzhkNWQy
ZGJmMDcwHhcNMjUwNTI3MTgwNjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDA0OWRhNThjYjA1ZTc4ODdmYjg0NmIxNDRmMDAwZGJmYzg5MDU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtT++Mq7iEZRsrH/Hs4udmhblNYzr
wZAKn2BfnWWUP0MPpkADzDeIn0didV8SmPiAZL2kDIVcP8vHIbormxYewiXJIQAe
qdet8mMHmIkFKIc2oQ3KDqtIarD/l0K4bLxiOqLoDIHCgojXRwgd0LLUM6ecX5Ry
CoDGVVarCHnFB3kNKbRJ4lIRPmbkNXRLJemlJZtY0znuNeMfdQJyrn/ZKpV7xgVF
fkpW/xl478Npdpo5qB7uKVnNWkFyNhWADtac9Pc/4c5s1BVj9gPyELhhAFtqGAp+
MXFdiosQuv47Gjtefz2GrOccnjhmXuoYf/PwnBvd5tyeUuMSRf0MVwGd9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF0EnaWMsF54h/uEaxRPAA2/yJBYMB8GA1UdIwQY
MBaAFHK3j2aC/DnFW0HUj4C4g41dLb8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEt
ZjNlNTA2YWVhYTAxLzEvWFFTZHBZeXdYbmlILTRSckZFOEFEYl9Ja0ZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEtZjNlNTA2YWVhYTAx
LzEvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1DwMMA0G
CSqGSIb3DQEBCwUAA4IBAQA0TT6xBVoBpH5F1iv6tBOf0NNgqLqvqcpHD5tC5rAo
wXlyktufzZ/SzAiDrYv+fSH3sIvTMmAwVk1v0GujlGWwn7amsK3IhDoUiQJ1Dg4N
ZHTTzwAHHWQnJix87H31LEuMD31wd6TwtKNyZ4jaWSv3ftYW3U2x04u07m+LFMlM
gpbbIk55T+xQJWCBkh6llEVBKCkJpMWOyf29iFJjFtdymy23fl/d453inXOIPeS6
X3iGsxWsCyd9yp4PgcJ/5Q1Ld5O9mwKsbnKY4mgn3s0aChDVYdbB5a7XJRl7p80R
lFpGGck1o6lgaz63oTpvj98v7P1P5Gv0dbpXHR+aDDP/
-----END CERTIFICATE-----