Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/ee03ca-197e-4d1a-a3dc-86e342a85f9b/1/fZGvsUetBJkmVdfbvT9He_e-hkg.roa
File:                     fZGvsUetBJkmVdfbvT9He_e-hkg.roa (raw, json)
Hash identifier:          2GiAH1SnHoGtPdnbNCHflKCsbiVAA9vOKcTs2+ZrRfM=
Subject key identifier:   7D:91:AF:B1:47:AD:04:99:26:55:D7:DB:BD:3F:47:7B:F7:BE:86:48
Certificate issuer:       /CN=6a2bc13767ad2d214062c9cfcf209817d1e161dd
Certificate serial:       018DA71FE549A1EFF03B3C69C5EE6246DB91
Authority key identifier: 6A:2B:C1:37:67:AD:2D:21:40:62:C9:CF:CF:20:98:17:D1:E1:61:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aivBN2etLSFAYsnPzyCYF9HhYd0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/ee03ca-197e-4d1a-a3dc-86e342a85f9b/1/fZGvsUetBJkmVdfbvT9He_e-hkg.roa
Signing time:             Wed 14 Feb 2024 10:18:21 +0000
ROA not before:           Wed 14 Feb 2024 10:18:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        194.99.156.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/ee03ca-197e-4d1a-a3dc-86e342a85f9b/1/aivBN2etLSFAYsnPzyCYF9HhYd0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/ee03ca-197e-4d1a-a3dc-86e342a85f9b/1/aivBN2etLSFAYsnPzyCYF9HhYd0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aivBN2etLSFAYsnPzyCYF9HhYd0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 27 Apr 2024 08:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a7:1f:e5:49:a1:ef:f0:3b:3c:69:c5:ee:62:46:db:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a2bc13767ad2d214062c9cfcf209817d1e161dd
        Validity
            Not Before: Feb 14 10:18:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d91afb147ad04992655d7dbbd3f477bf7be8648
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:dd:81:b5:a4:17:6b:d4:a6:ce:b0:a7:0a:34:
                    ed:c0:09:dd:b3:71:d0:5d:53:fe:65:fa:41:63:2f:
                    e7:be:9f:02:89:7b:96:4f:0c:23:0b:a1:de:5f:09:
                    46:b6:9b:5d:f6:16:b5:21:40:b1:65:9f:32:5a:b4:
                    f5:08:87:cf:0f:a2:a3:67:47:5f:7d:df:0a:30:53:
                    3f:f5:c2:4d:31:9b:c8:05:e4:76:bf:21:37:89:08:
                    28:46:cc:53:5c:04:33:b0:c1:9e:d7:a5:b5:8f:be:
                    51:da:da:f2:b8:3a:f4:56:27:1b:62:36:28:ef:b9:
                    c4:c2:20:de:c5:69:c2:cf:ce:27:a8:1e:32:e8:f4:
                    0c:d2:da:81:ca:65:cd:48:d5:db:53:3f:c0:bb:44:
                    6c:0c:87:aa:8e:f5:d0:17:c2:29:c6:7d:5f:f4:36:
                    02:e9:d0:59:37:60:37:6f:cb:93:ba:98:21:7e:56:
                    67:24:35:c9:cb:47:5e:fc:3c:4f:9c:72:e0:79:1a:
                    cd:40:d5:97:c9:50:95:c6:be:0a:07:8e:1b:cf:f2:
                    ac:61:13:7b:33:fb:00:8f:30:3e:6a:61:e0:f7:53:
                    a2:6a:4a:d0:14:60:b7:52:e0:5a:94:8a:13:d3:17:
                    80:b2:13:64:fc:14:58:c8:8a:30:18:da:c3:ba:ba:
                    d8:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:91:AF:B1:47:AD:04:99:26:55:D7:DB:BD:3F:47:7B:F7:BE:86:48
            X509v3 Authority Key Identifier:
                keyid:6A:2B:C1:37:67:AD:2D:21:40:62:C9:CF:CF:20:98:17:D1:E1:61:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aivBN2etLSFAYsnPzyCYF9HhYd0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/ee03ca-197e-4d1a-a3dc-86e342a85f9b/1/fZGvsUetBJkmVdfbvT9He_e-hkg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/ee03ca-197e-4d1a-a3dc-86e342a85f9b/1/aivBN2etLSFAYsnPzyCYF9HhYd0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.99.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:73:c7:a1:05:bd:ab:3f:33:cd:f2:cd:16:ee:2d:5b:96:c1:
         00:1a:c1:36:3a:83:10:30:b1:40:ea:45:51:dd:22:97:08:6f:
         3a:a6:91:80:36:bd:79:a9:be:6d:39:59:24:20:70:82:ae:5b:
         b8:ba:29:05:92:4b:99:a3:49:a6:35:8d:e1:0a:99:58:7d:94:
         ba:58:53:24:b1:8c:d7:d2:bd:7a:47:3f:b3:4d:49:43:db:bd:
         d9:9e:f2:61:43:d4:9e:fc:e1:d1:6c:58:22:aa:00:75:f7:42:
         93:26:0f:db:2c:a0:9d:72:20:32:82:a7:66:62:4a:d5:d3:09:
         b8:2c:d8:b4:6f:2b:f0:70:c2:96:2d:e3:a3:5c:88:74:77:3d:
         21:a8:e6:ac:ac:a2:6e:0c:c7:02:af:9c:23:cd:39:3a:5e:35:
         28:29:ff:7b:88:70:1d:b5:ad:67:74:db:c9:d3:b4:b5:95:0c:
         23:09:d7:78:30:2a:43:d6:a0:49:8a:2b:48:a1:d5:1c:f2:c2:
         1b:b3:46:4f:03:d7:e6:39:e3:70:c4:58:2e:59:b6:de:8f:5b:
         25:86:a7:ae:24:c8:01:d1:64:a0:5e:2a:74:ef:d1:7f:d9:55:
         54:33:a0:73:d2:78:5b:05:43:a0:84:f1:06:7d:7a:09:07:b9:
         d5:aa:7c:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2nH+VJoe/wOzxpxe5iRtuRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhMmJjMTM3NjdhZDJkMjE0MDYyYzljZmNmMjA5ODE3ZDFl
MTYxZGQwHhcNMjQwMjE0MTAxODIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDkxYWZiMTQ3YWQwNDk5MjY1NWQ3ZGJiZDNmNDc3YmY3YmU4NjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApd2BtaQXa9SmzrCnCjTtwAnds3HQ
XVP+ZfpBYy/nvp8CiXuWTwwjC6HeXwlGtptd9ha1IUCxZZ8yWrT1CIfPD6KjZ0df
fd8KMFM/9cJNMZvIBeR2vyE3iQgoRsxTXAQzsMGe16W1j75R2tryuDr0VicbYjYo
77nEwiDexWnCz84nqB4y6PQM0tqBymXNSNXbUz/Au0RsDIeqjvXQF8Ipxn1f9DYC
6dBZN2A3b8uTupghflZnJDXJy0de/DxPnHLgeRrNQNWXyVCVxr4KB44bz/KsYRN7
M/sAjzA+amHg91OiakrQFGC3UuBalIoT0xeAshNk/BRYyIowGNrDurrYgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH2Rr7FHrQSZJlXX270/R3v3voZIMB8GA1UdIwQY
MBaAFGorwTdnrS0hQGLJz88gmBfR4WHdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWl2Qk4yZXRMU0ZBWXNuUHp5Q1lGOUhoWWQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC9lZTAzY2EtMTk3ZS00ZDFhLWEzZGMt
ODZlMzQyYTg1ZjliLzEvZlpHdnNVZXRCSmttVmRmYnZUOUhlX2UtaGtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC9lZTAzY2EtMTk3ZS00ZDFhLWEzZGMtODZlMzQyYTg1Zjli
LzEvYWl2Qk4yZXRMU0ZBWXNuUHp5Q1lGOUhoWWQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwmOcMA0G
CSqGSIb3DQEBCwUAA4IBAQBmc8ehBb2rPzPN8s0W7i1blsEAGsE2OoMQMLFA6kVR
3SKXCG86ppGANr15qb5tOVkkIHCCrlu4uikFkkuZo0mmNY3hCplYfZS6WFMksYzX
0r16Rz+zTUlD273ZnvJhQ9Se/OHRbFgiqgB190KTJg/bLKCdciAygqdmYkrV0wm4
LNi0byvwcMKWLeOjXIh0dz0hqOasrKJuDMcCr5wjzTk6XjUoKf97iHAdta1ndNvJ
07S1lQwjCdd4MCpD1qBJiitIodUc8sIbs0ZPA9fmOeNwxFguWbbej1slhqeuJMgB
0WSgXip079F/2VVUM6Bz0nhbBUOghPEGfXoJB7nVqnyo
-----END CERTIFICATE-----