Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/5a4341-bc5f-4246-92ea-1bf75f75fa87/1/Hspj5PzkfsluTEqLIOwJGoQGOOc.roa
File:                     Hspj5PzkfsluTEqLIOwJGoQGOOc.roa (raw, json)
Hash identifier:          gOBFADglYE5G0b4X+8zSKnsYq9fnevgLZFWvJSsuL9M=
Subject key identifier:   1E:CA:63:E4:FC:E4:7E:C9:6E:4C:4A:8B:20:EC:09:1A:84:06:38:E7
Certificate issuer:       /CN=c77549551405d9948c662dfe4de24de055daff5e
Certificate serial:       019425216FCC191302B198A0C6BA146AD947
Authority key identifier: C7:75:49:55:14:05:D9:94:8C:66:2D:FE:4D:E2:4D:E0:55:DA:FF:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x3VJVRQF2ZSMZi3-TeJN4FXa_14.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/5a4341-bc5f-4246-92ea-1bf75f75fa87/1/Hspj5PzkfsluTEqLIOwJGoQGOOc.roa
Signing time:             Thu 02 Jan 2025 03:48:55 +0000
ROA not before:           Thu 02 Jan 2025 03:48:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209256
IP address blocks:        217.20.96.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/5a4341-bc5f-4246-92ea-1bf75f75fa87/1/x3VJVRQF2ZSMZi3-TeJN4FXa_14.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/5a4341-bc5f-4246-92ea-1bf75f75fa87/1/x3VJVRQF2ZSMZi3-TeJN4FXa_14.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x3VJVRQF2ZSMZi3-TeJN4FXa_14.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:6f:cc:19:13:02:b1:98:a0:c6:ba:14:6a:d9:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c77549551405d9948c662dfe4de24de055daff5e
        Validity
            Not Before: Jan  2 03:48:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1eca63e4fce47ec96e4c4a8b20ec091a840638e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:54:e3:c4:1e:42:99:84:dd:8d:95:b4:8e:12:
                    44:2d:e7:39:33:7d:f3:b3:86:61:95:2c:9b:fb:5b:
                    32:fa:ab:74:0d:6f:81:7c:1f:36:8f:48:96:39:2b:
                    b0:ba:f9:aa:4f:4a:2e:7e:79:5f:f5:45:b2:8d:ff:
                    f7:69:e2:e2:1f:ca:52:cc:ac:d0:3a:59:fd:d1:4f:
                    53:28:46:cc:00:19:97:26:42:7c:17:2b:e3:14:3d:
                    9c:b7:8a:05:3e:c0:a3:0c:32:7c:60:0e:84:6c:90:
                    c5:3e:f9:2c:11:aa:46:93:0d:27:ba:d7:26:7a:b6:
                    a1:7d:ca:49:d1:dd:f1:2f:fa:92:fd:f0:5d:3d:45:
                    bb:3f:38:12:ac:31:73:cc:43:83:3e:aa:ba:15:b2:
                    72:05:6b:45:c5:03:b7:99:bb:9a:70:fa:54:0b:4f:
                    fc:cf:7d:cd:36:2f:27:97:a5:85:ec:d5:9e:74:09:
                    80:e4:db:65:cd:ac:f7:aa:6d:fe:0c:bc:29:92:32:
                    85:8c:dd:44:3e:22:0e:fa:82:83:c4:00:db:6a:5e:
                    ee:5c:ec:13:c3:95:6d:eb:0f:41:f5:17:7b:96:71:
                    b3:4e:09:35:a9:55:51:4b:35:36:b0:a8:c7:e9:ff:
                    8b:e8:5b:5a:f8:34:be:ad:04:30:13:ab:c4:c0:50:
                    a1:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:CA:63:E4:FC:E4:7E:C9:6E:4C:4A:8B:20:EC:09:1A:84:06:38:E7
            X509v3 Authority Key Identifier:
                keyid:C7:75:49:55:14:05:D9:94:8C:66:2D:FE:4D:E2:4D:E0:55:DA:FF:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x3VJVRQF2ZSMZi3-TeJN4FXa_14.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/5a4341-bc5f-4246-92ea-1bf75f75fa87/1/Hspj5PzkfsluTEqLIOwJGoQGOOc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/5a4341-bc5f-4246-92ea-1bf75f75fa87/1/x3VJVRQF2ZSMZi3-TeJN4FXa_14.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.20.96.0/20

    Signature Algorithm: sha256WithRSAEncryption
         85:3c:1e:c1:d3:be:ec:96:c6:51:2d:32:42:c3:59:97:10:49:
         1d:8a:14:4a:fa:f9:84:7d:a0:00:cb:f5:79:f3:f0:c0:cc:6f:
         31:71:9e:d4:3c:5f:71:22:5f:c0:ab:9b:dc:51:27:1c:db:94:
         3e:ee:c7:36:b4:05:a8:a7:de:28:73:a3:3f:41:d9:ce:a9:6c:
         22:22:0f:15:ec:73:c5:20:6b:0e:be:c6:49:23:f1:30:31:29:
         bb:d7:86:d3:7f:f3:9b:79:46:d6:9e:66:d7:7c:f6:31:33:d6:
         b2:8a:f4:ff:6c:1a:15:cc:51:e2:92:d7:51:d3:1a:3c:17:19:
         a4:d8:e9:3b:36:4b:0a:41:1d:ca:f2:fb:22:96:21:ff:80:f5:
         e4:90:f5:17:92:57:c6:4f:6f:c3:2b:0b:84:05:bc:47:90:fa:
         6c:6b:96:c9:99:cb:0a:cd:20:49:28:37:42:84:bd:9c:9b:ca:
         8a:33:46:95:7c:e5:9e:07:52:8e:a0:ba:7d:24:26:d0:53:ae:
         8d:e4:e2:1f:c3:c7:d4:73:2d:7b:98:ab:9e:c9:cd:70:51:db:
         18:f7:9c:d8:7c:42:22:ae:cd:5b:68:5e:d1:a7:47:ae:ca:6b:
         dd:fc:b4:b1:bc:61:d2:6c:19:81:a1:a4:df:7e:a5:98:bd:35:
         0f:65:21:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIW/MGRMCsZigxroUatlHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NzU0OTU1MTQwNWQ5OTQ4YzY2MmRmZTRkZTI0ZGUwNTVk
YWZmNWUwHhcNMjUwMTAyMDM0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWNhNjNlNGZjZTQ3ZWM5NmU0YzRhOGIyMGVjMDkxYTg0MDYzOGU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1FTjxB5CmYTdjZW0jhJELec5M33z
s4ZhlSyb+1sy+qt0DW+BfB82j0iWOSuwuvmqT0oufnlf9UWyjf/3aeLiH8pSzKzQ
Oln90U9TKEbMABmXJkJ8FyvjFD2ct4oFPsCjDDJ8YA6EbJDFPvksEapGkw0nutcm
erahfcpJ0d3xL/qS/fBdPUW7PzgSrDFzzEODPqq6FbJyBWtFxQO3mbuacPpUC0/8
z33NNi8nl6WF7NWedAmA5Ntlzaz3qm3+DLwpkjKFjN1EPiIO+oKDxADbal7uXOwT
w5Vt6w9B9Rd7lnGzTgk1qVVRSzU2sKjH6f+L6Fta+DS+rQQwE6vEwFChaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB7KY+T85H7JbkxKiyDsCRqEBjjnMB8GA1UdIwQY
MBaAFMd1SVUUBdmUjGYt/k3iTeBV2v9eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDNWSlZSUUYyWlNNWmkzLVRlSk40RlhhXzE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC81YTQzNDEtYmM1Zi00MjQ2LTkyZWEt
MWJmNzVmNzVmYTg3LzEvSHNwajVQemtmc2x1VEVxTElPd0pHb1FHT09jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC81YTQzNDEtYmM1Zi00MjQ2LTkyZWEtMWJmNzVmNzVmYTg3
LzEveDNWSlZSUUYyWlNNWmkzLVRlSk40RlhhXzE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE2RRgMA0G
CSqGSIb3DQEBCwUAA4IBAQCFPB7B077slsZRLTJCw1mXEEkdihRK+vmEfaAAy/V5
8/DAzG8xcZ7UPF9xIl/Aq5vcUScc25Q+7sc2tAWop94oc6M/QdnOqWwiIg8V7HPF
IGsOvsZJI/EwMSm714bTf/ObeUbWnmbXfPYxM9ayivT/bBoVzFHiktdR0xo8Fxmk
2Ok7NksKQR3K8vsiliH/gPXkkPUXklfGT2/DKwuEBbxHkPpsa5bJmcsKzSBJKDdC
hL2cm8qKM0aVfOWeB1KOoLp9JCbQU66N5OIfw8fUcy17mKueyc1wUdsY95zYfEIi
rs1baF7Rp0euymvd/LSxvGHSbBmBoaTffqWYvTUPZSFu
-----END CERTIFICATE-----