Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/1-_pkhqy77yXJobQSKKf2OxMtrPY.roa
File:                     1-_pkhqy77yXJobQSKKf2OxMtrPY.roa (raw, json)
Hash identifier:          oM1whLnGUdae/Tke7seBv5294wRLaf+v6WPVXoAAu9Y=
Subject key identifier:   FB:FA:64:86:AC:BB:EF:25:C9:A1:B4:12:28:A7:F6:3B:13:2D:AC:F6
Certificate issuer:       /CN=60998d3c9d8bdc9c1dff8e319424412b6cdc1dd3
Certificate serial:       018CC6B7A64CB546991FFBF28882D13C0B46
Authority key identifier: 60:99:8D:3C:9D:8B:DC:9C:1D:FF:8E:31:94:24:41:2B:6C:DC:1D:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YJmNPJ2L3Jwd_44xlCRBK2zcHdM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/1-_pkhqy77yXJobQSKKf2OxMtrPY.roa
Signing time:             Mon 01 Jan 2024 20:29:33 +0000
ROA not before:           Mon 01 Jan 2024 20:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200482
IP address blocks:        212.11.64.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/YJmNPJ2L3Jwd_44xlCRBK2zcHdM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/YJmNPJ2L3Jwd_44xlCRBK2zcHdM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YJmNPJ2L3Jwd_44xlCRBK2zcHdM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:a6:4c:b5:46:99:1f:fb:f2:88:82:d1:3c:0b:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60998d3c9d8bdc9c1dff8e319424412b6cdc1dd3
        Validity
            Not Before: Jan  1 20:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fbfa6486acbbef25c9a1b41228a7f63b132dacf6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:5b:f8:d8:a6:28:ca:74:a0:25:e5:6a:5c:5a:
                    85:2e:b6:8d:14:be:0c:58:0f:fd:c2:4a:c5:49:0c:
                    6c:24:7e:09:63:5a:9e:5a:ce:a2:69:d8:a3:bb:09:
                    88:5e:0a:89:75:14:83:f4:46:ed:23:53:d8:22:31:
                    5d:d3:05:25:ab:36:57:10:79:b4:89:d6:57:45:1c:
                    41:f7:9c:08:51:57:62:01:49:23:fa:bf:10:d7:95:
                    e3:dd:f9:49:80:4f:3f:18:58:f1:da:41:85:3f:35:
                    9b:05:62:54:f2:01:ab:da:20:6a:b0:7a:e7:e5:7e:
                    85:c1:3a:1c:e9:fa:1a:ad:44:dd:74:39:9f:e3:0d:
                    9f:f4:4e:e3:e9:30:3c:3f:b7:16:e8:a9:3f:8b:c5:
                    9f:e1:c1:2e:42:67:70:a0:58:cc:20:81:91:96:9f:
                    ef:35:a5:69:e9:a0:61:e0:b5:7e:ad:a1:f9:4b:a5:
                    08:37:5d:50:96:fe:83:b9:c6:47:da:a3:56:63:a3:
                    a4:94:70:18:df:6f:9d:ef:dd:c8:a3:f2:44:c8:8c:
                    22:b6:57:f0:5a:db:cd:8a:0e:0e:02:00:33:62:b3:
                    75:cc:0d:f6:fe:a9:5b:60:08:48:c4:84:b6:f9:0d:
                    34:af:4c:99:a1:71:ca:9a:66:f2:db:23:30:c7:a0:
                    49:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:FA:64:86:AC:BB:EF:25:C9:A1:B4:12:28:A7:F6:3B:13:2D:AC:F6
            X509v3 Authority Key Identifier:
                keyid:60:99:8D:3C:9D:8B:DC:9C:1D:FF:8E:31:94:24:41:2B:6C:DC:1D:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YJmNPJ2L3Jwd_44xlCRBK2zcHdM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/1-_pkhqy77yXJobQSKKf2OxMtrPY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/YJmNPJ2L3Jwd_44xlCRBK2zcHdM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.11.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         be:80:67:df:ed:c1:00:1f:f6:f1:ee:32:ec:b3:d6:8e:2c:2b:
         ce:c6:07:c8:cf:b8:2b:91:62:95:be:be:92:8a:f3:06:7f:b2:
         0f:65:ec:bf:9f:12:df:5c:7e:55:26:e3:84:2e:65:bf:3c:e5:
         5f:92:69:64:bc:e9:c0:47:06:0d:3b:f1:af:73:61:04:6e:4e:
         a1:79:e1:d1:f5:e4:a3:97:f9:7d:32:e2:49:3a:44:0e:c7:1f:
         1d:58:c4:a3:de:e1:25:50:26:e9:a0:06:1a:b3:77:6e:63:c4:
         c1:83:25:63:78:b2:73:3b:83:4e:91:80:85:95:7b:6b:ff:5f:
         a8:aa:4e:b0:17:15:cc:95:d1:49:e8:e6:db:87:bb:7f:26:ce:
         19:49:ae:e3:fa:38:80:60:ac:a5:4f:02:b0:1e:1d:4f:fe:a4:
         fc:8a:48:21:87:2f:a9:b7:97:2f:9f:43:3d:93:0e:d6:11:16:
         e0:d2:7b:37:bd:6d:36:7f:45:e7:6b:25:bb:6c:8b:68:0a:7a:
         0d:64:77:91:c0:f7:44:c1:c8:af:44:cd:9e:ed:f9:97:d4:0a:
         33:ac:7b:e0:ea:83:08:be:67:a0:35:d2:49:16:3a:97:6b:3c:
         bd:51:b8:98:8b:da:6c:9e:b7:0a:a6:e6:0f:e0:71:61:4f:46:
         c6:17:ea:29
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzGt6ZMtUaZH/vyiILRPAtGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwOTk4ZDNjOWQ4YmRjOWMxZGZmOGUzMTk0MjQ0MTJiNmNk
YzFkZDMwHhcNMjQwMTAxMjAyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYmZhNjQ4NmFjYmJlZjI1YzlhMWI0MTIyOGE3ZjYzYjEzMmRhY2Y2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg1v42KYoynSgJeVqXFqFLraNFL4M
WA/9wkrFSQxsJH4JY1qeWs6iadijuwmIXgqJdRSD9EbtI1PYIjFd0wUlqzZXEHm0
idZXRRxB95wIUVdiAUkj+r8Q15Xj3flJgE8/GFjx2kGFPzWbBWJU8gGr2iBqsHrn
5X6FwToc6foarUTddDmf4w2f9E7j6TA8P7cW6Kk/i8Wf4cEuQmdwoFjMIIGRlp/v
NaVp6aBh4LV+raH5S6UIN11Qlv6DucZH2qNWY6OklHAY32+d793Io/JEyIwitlfw
WtvNig4OAgAzYrN1zA32/qlbYAhIxIS2+Q00r0yZoXHKmmby2yMwx6BJiwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPv6ZIasu+8lyaG0Eiin9jsTLaz2MB8GA1UdIwQY
MBaAFGCZjTydi9ycHf+OMZQkQSts3B3TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUptTlBKMkwzSndkXzQ0eGxDUkJLMnpjSGRNLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83NzlhZTktN2QyMi00MjUyLThjNWIt
MGVhNGQ1MzFiNzkzLzEvMS1fcGtocXk3N3lYSm9iUVNLS2YyT3hNdHJQWS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZWMvNzc5YWU5LTdkMjItNDI1Mi04YzViLTBlYTRkNTMxYjc5
My8xL1lKbU5QSjJMM0p3ZF80NHhsQ1JCSzJ6Y0hkTS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANQLQDAN
BgkqhkiG9w0BAQsFAAOCAQEAvoBn3+3BAB/28e4y7LPWjiwrzsYHyM+4K5Filb6+
korzBn+yD2Xsv58S31x+VSbjhC5lvzzlX5JpZLzpwEcGDTvxr3NhBG5OoXnh0fXk
o5f5fTLiSTpEDscfHVjEo97hJVAm6aAGGrN3bmPEwYMlY3iyczuDTpGAhZV7a/9f
qKpOsBcVzJXRSejm24e7fybOGUmu4/o4gGCspU8CsB4dT/6k/IpIIYcvqbeXL59D
PZMO1hEW4NJ7N71tNn9F52slu2yLaAp6DWR3kcD3RMHIr0TNnu35l9QKM6x74OqD
CL5noDXSSRY6l2s8vVG4mIvabJ63CqbmD+BxYU9GxhfqKQ==
-----END CERTIFICATE-----