Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/60e376-993c-4baf-b590-6e6481e5765c/1/SqW3-Pav388bYoCFb9onFjXDUEM.roa
File:                     SqW3-Pav388bYoCFb9onFjXDUEM.roa (raw, json)
Hash identifier:          rQ+0p4O5Q843ntXsLKc+VAqP1ejZ7AJIeWPPGt1vzco=
Subject key identifier:   4A:A5:B7:F8:F6:AF:DF:CF:1B:62:80:85:6F:DA:27:16:35:C3:50:43
Certificate issuer:       /CN=2050df51f0e5bc81db4b05f449f74308d7fcfa2e
Certificate serial:       019422FBE8CFE553970ABC8AF4B374D14E24
Authority key identifier: 20:50:DF:51:F0:E5:BC:81:DB:4B:05:F4:49:F7:43:08:D7:FC:FA:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IFDfUfDlvIHbSwX0SfdDCNf8-i4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/60e376-993c-4baf-b590-6e6481e5765c/1/SqW3-Pav388bYoCFb9onFjXDUEM.roa
Signing time:             Wed 01 Jan 2025 17:48:41 +0000
ROA not before:           Wed 01 Jan 2025 17:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12858
IP address blocks:        212.101.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/60e376-993c-4baf-b590-6e6481e5765c/1/IFDfUfDlvIHbSwX0SfdDCNf8-i4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/60e376-993c-4baf-b590-6e6481e5765c/1/IFDfUfDlvIHbSwX0SfdDCNf8-i4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IFDfUfDlvIHbSwX0SfdDCNf8-i4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:e8:cf:e5:53:97:0a:bc:8a:f4:b3:74:d1:4e:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2050df51f0e5bc81db4b05f449f74308d7fcfa2e
        Validity
            Not Before: Jan  1 17:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4aa5b7f8f6afdfcf1b6280856fda271635c35043
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:c4:54:2d:ec:71:0a:9b:c0:2a:91:8d:b2:82:
                    1e:56:55:6c:17:fe:24:96:8f:06:ec:d6:83:06:8f:
                    c1:d4:5a:5f:72:88:83:a2:12:d9:20:62:5b:d6:ab:
                    46:19:e9:c1:b2:55:7e:4e:10:82:c0:2d:f9:83:be:
                    2f:34:2a:95:92:f8:f6:66:87:04:fc:9a:ae:ac:5e:
                    d5:38:87:45:9d:71:15:62:ff:13:08:77:95:83:a4:
                    a8:43:b2:39:d3:3d:b5:7a:ae:fb:db:e9:4c:13:ef:
                    e6:34:4f:80:af:95:63:32:2d:23:a7:b2:d8:3c:05:
                    32:a2:ab:b1:c6:d0:45:76:6f:10:73:fd:72:95:0c:
                    1d:23:09:88:b9:a8:b8:2f:a3:7d:2e:ed:2a:0a:52:
                    03:1f:f1:ec:eb:cc:77:e5:6f:b6:c2:ce:3f:01:07:
                    55:17:7f:ca:c6:be:fe:95:2d:5a:18:a4:78:fa:62:
                    4b:dd:8b:aa:14:05:4f:95:8c:ae:7a:9a:37:83:c7:
                    e7:f7:97:53:ff:58:8e:29:38:ad:ad:72:8c:66:a7:
                    20:0a:29:b2:cc:42:1c:6c:1b:4d:63:ac:6c:2c:78:
                    dc:1e:eb:0d:30:07:9f:0b:6e:6a:8e:9d:59:cc:ce:
                    77:08:20:ff:b4:17:3a:ef:10:47:af:ba:40:3e:4c:
                    af:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:A5:B7:F8:F6:AF:DF:CF:1B:62:80:85:6F:DA:27:16:35:C3:50:43
            X509v3 Authority Key Identifier:
                keyid:20:50:DF:51:F0:E5:BC:81:DB:4B:05:F4:49:F7:43:08:D7:FC:FA:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IFDfUfDlvIHbSwX0SfdDCNf8-i4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/60e376-993c-4baf-b590-6e6481e5765c/1/SqW3-Pav388bYoCFb9onFjXDUEM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/60e376-993c-4baf-b590-6e6481e5765c/1/IFDfUfDlvIHbSwX0SfdDCNf8-i4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.101.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:b2:fa:54:a4:6e:af:b3:f9:7b:9c:54:72:8e:63:97:79:1f:
         57:78:6f:84:f9:89:96:f3:97:59:b7:53:1f:40:e3:75:c4:d5:
         54:74:86:4b:01:f1:9c:8e:01:43:ed:8d:d7:4a:87:c1:9d:c1:
         20:23:97:3a:3b:85:e7:92:df:25:56:25:b9:15:e0:98:71:54:
         7e:2f:b4:a3:8c:da:f9:8e:08:83:48:2a:b5:f4:c5:cc:98:81:
         f2:5c:b1:9e:85:99:5f:4d:c7:4b:9e:a3:60:0b:b0:fb:9d:f0:
         8a:0b:9f:c9:c0:28:72:2c:85:63:ff:ba:25:b5:2c:27:39:ec:
         45:ca:29:4b:4d:de:6a:c3:33:e7:a3:98:ea:5b:fe:e7:47:25:
         d6:28:25:6d:0f:fb:4d:0a:79:44:2c:1f:d3:e5:39:21:ab:7f:
         54:9c:55:6c:e0:7a:98:7f:55:6a:ca:f9:5d:81:ee:6f:52:bc:
         bf:d7:ba:b0:9d:1d:6f:2b:6d:97:c3:03:8c:b8:09:c4:26:8f:
         5f:f0:aa:44:53:45:e4:c6:a5:53:39:ca:e4:ea:e2:56:c5:36:
         fa:07:1c:39:04:41:d1:cd:75:6d:0e:9a:ad:6c:13:44:2f:2d:
         c0:1b:34:73:3e:78:d9:0b:be:74:b5:16:08:21:c4:87:a4:8e:
         9b:55:97:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi++jP5VOXCryK9LN00U4kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwNTBkZjUxZjBlNWJjODFkYjRiMDVmNDQ5Zjc0MzA4ZDdm
Y2ZhMmUwHhcNMjUwMTAxMTc0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWE1YjdmOGY2YWZkZmNmMWI2MjgwODU2ZmRhMjcxNjM1YzM1MDQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArcRULexxCpvAKpGNsoIeVlVsF/4k
lo8G7NaDBo/B1FpfcoiDohLZIGJb1qtGGenBslV+ThCCwC35g74vNCqVkvj2ZocE
/JqurF7VOIdFnXEVYv8TCHeVg6SoQ7I50z21eq772+lME+/mNE+Ar5VjMi0jp7LY
PAUyoquxxtBFdm8Qc/1ylQwdIwmIuai4L6N9Lu0qClIDH/Hs68x35W+2ws4/AQdV
F3/Kxr7+lS1aGKR4+mJL3YuqFAVPlYyuepo3g8fn95dT/1iOKTitrXKMZqcgCimy
zEIcbBtNY6xsLHjcHusNMAefC25qjp1ZzM53CCD/tBc67xBHr7pAPkyvPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEqlt/j2r9/PG2KAhW/aJxY1w1BDMB8GA1UdIwQY
MBaAFCBQ31Hw5byB20sF9En3QwjX/PouMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUZEZlVmRGx2SUhiU3dYMFNmZERDTmY4LWk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS82MGUzNzYtOTkzYy00YmFmLWI1OTAt
NmU2NDgxZTU3NjVjLzEvU3FXMy1QYXYzODhiWW9DRmI5b25GalhEVUVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS82MGUzNzYtOTkzYy00YmFmLWI1OTAtNmU2NDgxZTU3NjVj
LzEvSUZEZlVmRGx2SUhiU3dYMFNmZERDTmY4LWk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1GV3MA0G
CSqGSIb3DQEBCwUAA4IBAQB1svpUpG6vs/l7nFRyjmOXeR9XeG+E+YmW85dZt1Mf
QON1xNVUdIZLAfGcjgFD7Y3XSofBncEgI5c6O4Xnkt8lViW5FeCYcVR+L7SjjNr5
jgiDSCq19MXMmIHyXLGehZlfTcdLnqNgC7D7nfCKC5/JwChyLIVj/7oltSwnOexF
yilLTd5qwzPno5jqW/7nRyXWKCVtD/tNCnlELB/T5Tkhq39UnFVs4HqYf1Vqyvld
ge5vUry/17qwnR1vK22XwwOMuAnEJo9f8KpEU0XkxqVTOcrk6uJWxTb6Bxw5BEHR
zXVtDpqtbBNELy3AGzRzPnjZC750tRYIIcSHpI6bVZeW
-----END CERTIFICATE-----