Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/qqE_Ngb0aIs9tQpiJ_Nq_h7NWR0.roa
File:                     qqE_Ngb0aIs9tQpiJ_Nq_h7NWR0.roa (raw, json)
Hash identifier:          WxGoQEuON6PfFsBakqCHNtSE8H3fTHChCkzgmpOGNbE=
Subject key identifier:   AA:A1:3F:36:06:F4:68:8B:3D:B5:0A:62:27:F3:6A:FE:1E:CD:59:1D
Certificate issuer:       /CN=60998d3c9d8bdc9c1dff8e319424412b6cdc1dd3
Certificate serial:       019426D9E09D45FCA5B988C2A110A4FA3FD7
Authority key identifier: 60:99:8D:3C:9D:8B:DC:9C:1D:FF:8E:31:94:24:41:2B:6C:DC:1D:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YJmNPJ2L3Jwd_44xlCRBK2zcHdM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/qqE_Ngb0aIs9tQpiJ_Nq_h7NWR0.roa
Signing time:             Thu 02 Jan 2025 11:50:00 +0000
ROA not before:           Thu 02 Jan 2025 11:50:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197071
IP address blocks:        212.11.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/YJmNPJ2L3Jwd_44xlCRBK2zcHdM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/YJmNPJ2L3Jwd_44xlCRBK2zcHdM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YJmNPJ2L3Jwd_44xlCRBK2zcHdM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:e0:9d:45:fc:a5:b9:88:c2:a1:10:a4:fa:3f:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60998d3c9d8bdc9c1dff8e319424412b6cdc1dd3
        Validity
            Not Before: Jan  2 11:50:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aaa13f3606f4688b3db50a6227f36afe1ecd591d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:c1:4a:ac:14:50:ff:82:18:4f:f3:d0:c6:77:
                    d4:e7:85:a4:5b:05:1c:38:fc:70:9f:29:6e:12:ee:
                    21:00:40:ce:92:49:76:8b:30:98:12:80:c7:19:43:
                    f3:ed:86:74:ec:a9:c1:2d:21:86:b2:cc:da:2c:67:
                    9a:b8:95:05:f6:ad:b6:ab:ce:8f:10:80:84:dd:bb:
                    c9:7f:d8:5d:20:53:91:fd:f4:41:a9:5f:8a:af:ee:
                    b1:3a:fe:16:4d:bf:14:67:31:ec:df:47:06:90:76:
                    b6:1f:fe:77:5f:4a:39:48:03:65:fd:52:b7:02:53:
                    54:c4:34:61:61:aa:18:ae:7c:53:f5:57:38:62:d5:
                    6e:fd:aa:96:49:fa:bc:29:1d:a9:9c:f8:b1:01:fa:
                    27:9f:b8:c0:de:0c:40:0c:87:4f:9d:ad:f8:f7:81:
                    8b:cf:39:e3:3e:4d:a5:39:95:29:7d:fe:3a:72:73:
                    9f:cc:54:7d:5a:30:35:66:a8:fe:7d:ca:79:ab:98:
                    ba:f2:d4:ca:9d:81:16:87:47:0b:d8:32:29:1a:5e:
                    fd:79:9c:5e:83:45:fd:af:4b:6a:ed:e5:25:24:da:
                    18:41:27:95:34:39:22:55:02:f1:57:ea:93:a3:fb:
                    3f:17:80:aa:f4:35:fd:95:dd:50:fb:3f:66:f6:c7:
                    74:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:A1:3F:36:06:F4:68:8B:3D:B5:0A:62:27:F3:6A:FE:1E:CD:59:1D
            X509v3 Authority Key Identifier:
                keyid:60:99:8D:3C:9D:8B:DC:9C:1D:FF:8E:31:94:24:41:2B:6C:DC:1D:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YJmNPJ2L3Jwd_44xlCRBK2zcHdM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/qqE_Ngb0aIs9tQpiJ_Nq_h7NWR0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/779ae9-7d22-4252-8c5b-0ea4d531b793/1/YJmNPJ2L3Jwd_44xlCRBK2zcHdM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.11.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:95:f4:8b:d4:0f:34:5f:df:ec:b3:30:a9:8a:9c:09:0e:f3:
         e4:b9:f3:27:4b:73:e0:3d:64:4c:1c:39:c4:21:f4:79:34:84:
         ac:25:60:f1:f6:0f:8d:24:86:9c:c2:2b:a2:4d:f6:fe:fb:7d:
         94:d7:82:dc:f5:4a:67:03:f7:3a:e6:f6:b2:6e:8d:af:50:e5:
         76:0e:ed:83:e6:a7:e1:76:93:99:80:4a:11:66:9d:b0:f6:ec:
         c8:6f:d0:93:05:4d:55:9d:35:81:93:73:ae:72:39:0d:44:97:
         45:7a:88:c1:68:53:36:f9:50:66:66:c0:aa:1f:4c:e0:bf:b6:
         86:11:51:5e:6f:df:c1:e6:38:98:bc:b8:1e:77:4a:aa:da:49:
         97:58:a9:c8:cf:d3:44:ae:d6:55:4a:c7:bf:3f:0a:a6:b3:38:
         58:97:a1:a3:08:ec:ea:82:e8:f0:56:c6:dd:81:91:b0:bb:65:
         d5:c4:8c:b2:9b:e2:13:6c:c0:c1:5f:3e:25:4b:77:2c:b7:ec:
         05:91:73:84:98:6f:61:93:42:f0:86:a3:3f:73:16:16:9b:ba:
         40:39:3a:9e:2d:39:ad:ca:6a:76:fb:b0:d5:f3:67:3c:a8:51:
         bf:28:e6:5e:48:1e:1c:be:cc:64:e6:08:b6:7a:93:26:33:ee:
         44:0d:26:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2eCdRfyluYjCoRCk+j/XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwOTk4ZDNjOWQ4YmRjOWMxZGZmOGUzMTk0MjQ0MTJiNmNk
YzFkZDMwHhcNMjUwMTAyMTE1MDAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWExM2YzNjA2ZjQ2ODhiM2RiNTBhNjIyN2YzNmFmZTFlY2Q1OTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxsFKrBRQ/4IYT/PQxnfU54WkWwUc
OPxwnyluEu4hAEDOkkl2izCYEoDHGUPz7YZ07KnBLSGGsszaLGeauJUF9q22q86P
EICE3bvJf9hdIFOR/fRBqV+Kr+6xOv4WTb8UZzHs30cGkHa2H/53X0o5SANl/VK3
AlNUxDRhYaoYrnxT9Vc4YtVu/aqWSfq8KR2pnPixAfonn7jA3gxADIdPna3494GL
zznjPk2lOZUpff46cnOfzFR9WjA1Zqj+fcp5q5i68tTKnYEWh0cL2DIpGl79eZxe
g0X9r0tq7eUlJNoYQSeVNDkiVQLxV+qTo/s/F4Cq9DX9ld1Q+z9m9sd0AwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKqhPzYG9GiLPbUKYifzav4ezVkdMB8GA1UdIwQY
MBaAFGCZjTydi9ycHf+OMZQkQSts3B3TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUptTlBKMkwzSndkXzQ0eGxDUkJLMnpjSGRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83NzlhZTktN2QyMi00MjUyLThjNWIt
MGVhNGQ1MzFiNzkzLzEvcXFFX05nYjBhSXM5dFFwaUpfTnFfaDdOV1IwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83NzlhZTktN2QyMi00MjUyLThjNWItMGVhNGQ1MzFiNzkz
LzEvWUptTlBKMkwzSndkXzQ0eGxDUkJLMnpjSGRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1AtAMA0G
CSqGSIb3DQEBCwUAA4IBAQBVlfSL1A80X9/sszCpipwJDvPkufMnS3PgPWRMHDnE
IfR5NISsJWDx9g+NJIacwiuiTfb++32U14Lc9UpnA/c65vaybo2vUOV2Du2D5qfh
dpOZgEoRZp2w9uzIb9CTBU1VnTWBk3OucjkNRJdFeojBaFM2+VBmZsCqH0zgv7aG
EVFeb9/B5jiYvLged0qq2kmXWKnIz9NErtZVSse/PwqmszhYl6GjCOzqgujwVsbd
gZGwu2XVxIyym+ITbMDBXz4lS3cst+wFkXOEmG9hk0LwhqM/cxYWm7pAOTqeLTmt
ymp2+7DV82c8qFG/KOZeSB4cvsxk5gi2epMmM+5EDSbl
-----END CERTIFICATE-----