Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/bmqkA80pr4vo9LBw5jf9WENmXyM.roa
File:                     bmqkA80pr4vo9LBw5jf9WENmXyM.roa (raw, json)
Hash identifier:          GfCiAUJS2zYIKRhmR2J5s7yCccX26jfET5bMvpXh8wA=
Subject key identifier:   6E:6A:A4:03:CD:29:AF:8B:E8:F4:B0:70:E6:37:FD:58:43:66:5F:23
Certificate issuer:       /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial:       019425FCE119623E9926866DEA373D21586B
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/bmqkA80pr4vo9LBw5jf9WENmXyM.roa
Signing time:             Thu 02 Jan 2025 07:48:37 +0000
ROA not before:           Thu 02 Jan 2025 07:48:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35913
IP address blocks:        212.60.16.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 00:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:e1:19:62:3e:99:26:86:6d:ea:37:3d:21:58:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
        Validity
            Not Before: Jan  2 07:48:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6e6aa403cd29af8be8f4b070e637fd5843665f23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:ee:fd:95:4d:39:72:4c:bd:53:87:55:4b:95:
                    bc:c7:15:1a:fe:76:14:82:d0:d9:4d:4d:6e:bc:38:
                    e7:d3:e6:9d:6d:dd:8a:52:be:97:f0:3b:4d:8b:fc:
                    db:00:15:da:2e:73:d1:5e:7e:5c:c5:59:b6:b2:c2:
                    22:97:f0:fb:b8:2b:dd:7c:39:7c:86:25:d2:c1:79:
                    47:62:44:11:3a:3d:f3:e9:35:b9:66:16:ed:5d:6c:
                    67:8c:a8:4d:d9:d6:c4:03:be:4f:19:17:30:de:b5:
                    db:18:61:a0:04:d6:62:9d:a8:91:ba:36:df:bc:a7:
                    09:65:9d:99:f2:95:5b:95:18:b1:30:3f:82:d0:83:
                    5e:a6:23:c6:2b:16:32:c2:94:0d:30:31:e7:7d:ba:
                    20:e8:7e:65:4d:45:ad:0a:9b:53:7f:b7:82:65:49:
                    4f:bb:07:f1:1b:a7:fa:0b:18:64:d2:c6:b6:f3:0f:
                    8e:24:87:07:ca:fc:f2:89:c9:ac:b6:01:cc:cf:f8:
                    14:81:5b:71:d2:f9:a6:fa:3e:1c:ba:99:71:c3:7a:
                    3d:fb:13:ef:60:96:3a:d6:61:6f:31:35:a6:46:ba:
                    33:4a:45:b6:a9:58:af:ba:8f:08:a6:36:09:e7:ff:
                    60:24:8c:f1:76:ca:1c:e5:6d:3b:9c:9e:91:ad:7d:
                    48:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:6A:A4:03:CD:29:AF:8B:E8:F4:B0:70:E6:37:FD:58:43:66:5F:23
            X509v3 Authority Key Identifier:
                keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/bmqkA80pr4vo9LBw5jf9WENmXyM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.60.16.0/23

    Signature Algorithm: sha256WithRSAEncryption
         77:cd:c7:86:75:da:6d:8d:ff:a7:78:41:98:18:93:30:96:13:
         67:83:d1:4d:9c:b5:89:e2:ca:94:64:78:33:78:0c:e7:5c:04:
         8b:25:d1:f8:5d:e6:a0:69:be:7b:5c:01:10:60:62:b7:40:02:
         79:e3:13:bc:ae:c6:92:08:25:ca:cf:75:3e:e7:90:59:8c:8c:
         5c:c8:26:6e:39:e4:d3:7c:a1:7f:7a:86:88:3d:b0:dd:9b:d1:
         22:be:cb:e0:ff:4d:de:21:2a:27:9f:d0:4d:cf:27:30:4d:99:
         b4:cc:79:d6:ed:13:2e:be:56:27:c0:4f:6a:b6:c7:6f:0d:8a:
         1d:d3:f5:d2:67:79:0d:43:df:63:1b:39:fe:82:27:73:d2:0e:
         c1:e8:93:f2:43:96:74:28:f5:e6:79:ef:7f:06:49:4c:0f:80:
         6d:a0:8e:85:6b:18:cc:2b:b6:35:a4:62:b0:28:df:3e:c9:1e:
         5b:7f:40:4b:da:ed:32:ee:8b:5b:4f:7e:0c:52:18:44:30:49:
         26:aa:8f:23:67:27:e1:4d:59:f8:96:d9:54:36:b3:21:22:a6:
         16:f1:b3:f9:93:c8:5c:a9:3f:11:f3:1e:fa:5b:ba:02:7d:5e:
         d2:5f:0e:1b:85:d8:9c:40:6f:66:47:e7:a7:34:9a:eb:f4:f9:
         4f:9c:77:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/OEZYj6ZJoZt6jc9IVhrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjc4ZjY2ODJmYzM5YzU1YjQxZDQ4ZjgwYjg4MzhkNWQy
ZGJmMDcwHhcNMjUwMTAyMDc0ODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTZhYTQwM2NkMjlhZjhiZThmNGIwNzBlNjM3ZmQ1ODQzNjY1ZjIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqu79lU05cky9U4dVS5W8xxUa/nYU
gtDZTU1uvDjn0+adbd2KUr6X8DtNi/zbABXaLnPRXn5cxVm2ssIil/D7uCvdfDl8
hiXSwXlHYkQROj3z6TW5ZhbtXWxnjKhN2dbEA75PGRcw3rXbGGGgBNZinaiRujbf
vKcJZZ2Z8pVblRixMD+C0INepiPGKxYywpQNMDHnfbog6H5lTUWtCptTf7eCZUlP
uwfxG6f6Cxhk0sa28w+OJIcHyvzyicmstgHMz/gUgVtx0vmm+j4cuplxw3o9+xPv
YJY61mFvMTWmRrozSkW2qVivuo8IpjYJ5/9gJIzxdsoc5W07nJ6RrX1IDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG5qpAPNKa+L6PSwcOY3/VhDZl8jMB8GA1UdIwQY
MBaAFHK3j2aC/DnFW0HUj4C4g41dLb8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEt
ZjNlNTA2YWVhYTAxLzEvYm1xa0E4MHByNHZvOUxCdzVqZjlXRU5tWHlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEtZjNlNTA2YWVhYTAx
LzEvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1DwQMA0G
CSqGSIb3DQEBCwUAA4IBAQB3zceGddptjf+neEGYGJMwlhNng9FNnLWJ4sqUZHgz
eAznXASLJdH4Xeagab57XAEQYGK3QAJ54xO8rsaSCCXKz3U+55BZjIxcyCZuOeTT
fKF/eoaIPbDdm9Eivsvg/03eISonn9BNzycwTZm0zHnW7RMuvlYnwE9qtsdvDYod
0/XSZ3kNQ99jGzn+gidz0g7B6JPyQ5Z0KPXmee9/BklMD4BtoI6FaxjMK7Y1pGKw
KN8+yR5bf0BL2u0y7otbT34MUhhEMEkmqo8jZyfhTVn4ltlUNrMhIqYW8bP5k8hc
qT8R8x76W7oCfV7SXw4bhdicQG9mR+enNJrr9PlPnHc8
-----END CERTIFICATE-----