Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/IlZoR2x97_iv64zVcVhi-DpZ6zQ.roa
File:                     IlZoR2x97_iv64zVcVhi-DpZ6zQ.roa (raw, json)
Hash identifier:          rgsurAG/aokLBHbdQ0ahkUNa3xNf3FIAuAdgZCMWqqs=
Subject key identifier:   22:56:68:47:6C:7D:EF:F8:AF:EB:8C:D5:71:58:62:F8:3A:59:EB:34
Certificate issuer:       /CN=60998d3c9d8bdc9c1dff8e319424412b6cdc1dd3
Certificate serial:       018CC6B7A44F71ACF558588E907591A48BB9
Authority key identifier: 60:99:8D:3C:9D:8B:DC:9C:1D:FF:8E:31:94:24:41:2B:6C:DC:1D:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YJmNPJ2L3Jwd_44xlCRBK2zcHdM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/IlZoR2x97_iv64zVcVhi-DpZ6zQ.roa
Signing time:             Mon 01 Jan 2024 20:29:33 +0000
ROA not before:           Mon 01 Jan 2024 20:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49581
IP address blocks:        212.11.64.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/YJmNPJ2L3Jwd_44xlCRBK2zcHdM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/YJmNPJ2L3Jwd_44xlCRBK2zcHdM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YJmNPJ2L3Jwd_44xlCRBK2zcHdM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:a4:4f:71:ac:f5:58:58:8e:90:75:91:a4:8b:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60998d3c9d8bdc9c1dff8e319424412b6cdc1dd3
        Validity
            Not Before: Jan  1 20:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=225668476c7deff8afeb8cd5715862f83a59eb34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:67:7f:ee:41:2d:7f:e9:e5:2e:d9:eb:b7:37:
                    82:69:f5:4c:0f:ee:c4:2b:fa:0f:70:bf:2c:24:57:
                    5f:10:52:39:a0:e1:88:c3:ce:8c:d5:bc:65:5b:47:
                    dd:f9:a2:82:60:33:d3:8e:d2:c6:0f:f5:a0:0d:df:
                    c4:26:6e:d4:3e:48:a6:85:53:c0:9f:72:de:f4:4e:
                    fe:eb:8c:b3:37:30:ae:3b:e3:43:69:0a:d3:ba:fe:
                    6b:5e:06:ce:cb:1b:52:5d:f0:07:0d:af:93:99:3e:
                    96:b2:94:b2:2f:f7:e5:3f:b8:68:d3:26:14:21:4d:
                    d3:e0:e1:ea:b0:ee:1a:66:00:26:4d:05:fe:22:11:
                    52:15:30:64:4f:c2:7c:4b:1e:46:f2:30:ba:95:c5:
                    f5:05:81:81:5f:9b:74:c3:0d:e2:31:f1:f7:36:f4:
                    44:32:96:34:a5:71:68:eb:62:0d:a0:f1:6b:24:be:
                    d6:03:2c:0e:da:da:5c:d4:47:3f:12:bb:b6:84:e0:
                    12:82:00:68:fc:af:00:09:92:4d:db:42:c4:5e:d2:
                    72:be:da:b0:be:75:d9:d4:1a:dc:fb:cb:f8:45:96:
                    94:72:60:f7:93:07:f4:bb:3d:9d:90:ba:b5:d2:d1:
                    15:d9:19:b0:92:e9:cc:d9:cf:87:9a:ed:51:fc:e6:
                    ac:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:56:68:47:6C:7D:EF:F8:AF:EB:8C:D5:71:58:62:F8:3A:59:EB:34
            X509v3 Authority Key Identifier:
                keyid:60:99:8D:3C:9D:8B:DC:9C:1D:FF:8E:31:94:24:41:2B:6C:DC:1D:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YJmNPJ2L3Jwd_44xlCRBK2zcHdM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/IlZoR2x97_iv64zVcVhi-DpZ6zQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/YJmNPJ2L3Jwd_44xlCRBK2zcHdM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.11.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:f4:36:02:98:be:fd:d7:b1:bf:f5:22:a7:32:16:f9:c5:9f:
         29:8b:19:bb:a0:17:61:1c:18:01:df:34:37:95:ec:54:78:e3:
         d2:9a:29:df:42:89:a1:e6:4e:35:aa:65:c3:28:58:1e:83:c1:
         e8:11:15:18:0d:bc:e7:b2:5b:99:04:e9:72:07:ac:34:00:c9:
         6b:ce:ce:05:65:81:5e:0a:f0:ee:e1:23:72:0c:8f:f0:f8:58:
         07:4c:db:07:71:42:b9:71:2e:59:94:54:2a:97:de:55:2b:52:
         23:b6:88:70:27:8f:ca:50:cd:33:0f:61:ab:96:65:2b:fc:e4:
         a6:61:81:cb:36:ff:16:61:e7:15:ec:65:43:2b:57:dc:fe:20:
         9c:f9:e1:fe:01:6d:52:ff:21:60:93:0c:c5:20:5f:10:c8:b8:
         9e:29:ea:e7:cc:ba:42:10:36:32:68:d4:4d:62:a9:da:d2:ac:
         26:6a:51:09:7f:38:48:1e:1e:95:5d:7c:a2:ff:0a:81:a7:96:
         54:bd:d2:be:ff:60:29:0c:d4:d9:25:33:99:a8:35:1f:0b:3d:
         23:ea:d6:e3:af:53:25:10:0d:99:9b:ef:44:72:b5:b0:d5:24:
         86:74:e4:67:7d:a1:d8:63:39:7a:44:00:a8:ba:d2:fb:6c:c9:
         77:61:47:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt6RPcaz1WFiOkHWRpIu5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwOTk4ZDNjOWQ4YmRjOWMxZGZmOGUzMTk0MjQ0MTJiNmNk
YzFkZDMwHhcNMjQwMTAxMjAyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjU2Njg0NzZjN2RlZmY4YWZlYjhjZDU3MTU4NjJmODNhNTllYjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjWd/7kEtf+nlLtnrtzeCafVMD+7E
K/oPcL8sJFdfEFI5oOGIw86M1bxlW0fd+aKCYDPTjtLGD/WgDd/EJm7UPkimhVPA
n3Le9E7+64yzNzCuO+NDaQrTuv5rXgbOyxtSXfAHDa+TmT6WspSyL/flP7ho0yYU
IU3T4OHqsO4aZgAmTQX+IhFSFTBkT8J8Sx5G8jC6lcX1BYGBX5t0ww3iMfH3NvRE
MpY0pXFo62INoPFrJL7WAywO2tpc1Ec/Eru2hOASggBo/K8ACZJN20LEXtJyvtqw
vnXZ1Brc+8v4RZaUcmD3kwf0uz2dkLq10tEV2RmwkunM2c+Hmu1R/OasAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCJWaEdsfe/4r+uM1XFYYvg6Wes0MB8GA1UdIwQY
MBaAFGCZjTydi9ycHf+OMZQkQSts3B3TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUptTlBKMkwzSndkXzQ0eGxDUkJLMnpjSGRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83NzlhZTktN2QyMi00MjUyLThjNWIt
MGVhNGQ1MzFiNzkzLzEvSWxab1IyeDk3X2l2NjR6VmNWaGktRHBaNnpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83NzlhZTktN2QyMi00MjUyLThjNWItMGVhNGQ1MzFiNzkz
LzEvWUptTlBKMkwzSndkXzQ0eGxDUkJLMnpjSGRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1AtAMA0G
CSqGSIb3DQEBCwUAA4IBAQAr9DYCmL7917G/9SKnMhb5xZ8pixm7oBdhHBgB3zQ3
lexUeOPSminfQomh5k41qmXDKFgeg8HoERUYDbznsluZBOlyB6w0AMlrzs4FZYFe
CvDu4SNyDI/w+FgHTNsHcUK5cS5ZlFQql95VK1IjtohwJ4/KUM0zD2GrlmUr/OSm
YYHLNv8WYecV7GVDK1fc/iCc+eH+AW1S/yFgkwzFIF8QyLieKernzLpCEDYyaNRN
Yqna0qwmalEJfzhIHh6VXXyi/wqBp5ZUvdK+/2ApDNTZJTOZqDUfCz0j6tbjr1Ml
EA2Zm+9EcrWw1SSGdORnfaHYYzl6RACoutL7bMl3YUcc
-----END CERTIFICATE-----