Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/0d0755-1897-47ef-8df7-8cf41cafdce2/1/H6_j121nwrBmCty1wbdXDXgyav8.roa
File:                     H6_j121nwrBmCty1wbdXDXgyav8.roa (raw, json)
Hash identifier:          vaRQnvr04lMFV87aznhgmJYTb/5VAEUEaBeFpioyQ+k=
Subject key identifier:   1F:AF:E3:D7:6D:67:C2:B0:66:0A:DC:B5:C1:B7:57:0D:78:32:6A:FF
Certificate issuer:       /CN=f5d9a9282c9d2547c566634f3bacccbcf2588827
Certificate serial:       019547AD4EEB2FF1CE3AD2759517E99B62A0
Authority key identifier: F5:D9:A9:28:2C:9D:25:47:C5:66:63:4F:3B:AC:CC:BC:F2:58:88:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9dmpKCydJUfFZmNPO6zMvPJYiCc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/0d0755-1897-47ef-8df7-8cf41cafdce2/1/H6_j121nwrBmCty1wbdXDXgyav8.roa
Signing time:             Thu 27 Feb 2025 13:51:35 +0000
ROA not before:           Thu 27 Feb 2025 13:51:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215929
IP address blocks:        193.24.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/0d0755-1897-47ef-8df7-8cf41cafdce2/1/9dmpKCydJUfFZmNPO6zMvPJYiCc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/0d0755-1897-47ef-8df7-8cf41cafdce2/1/9dmpKCydJUfFZmNPO6zMvPJYiCc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9dmpKCydJUfFZmNPO6zMvPJYiCc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:47:ad:4e:eb:2f:f1:ce:3a:d2:75:95:17:e9:9b:62:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5d9a9282c9d2547c566634f3bacccbcf2588827
        Validity
            Not Before: Feb 27 13:51:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1fafe3d76d67c2b0660adcb5c1b7570d78326aff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:69:30:af:13:ee:6e:24:c8:4e:92:ae:08:1d:
                    aa:dd:5a:db:33:25:a3:2a:19:76:e8:be:e5:c3:b6:
                    ae:01:ac:73:da:3e:73:4a:fe:33:86:ce:d1:a3:ca:
                    23:c4:7e:e2:1d:8e:47:4a:be:12:78:99:11:94:c3:
                    7b:1e:0d:a6:e4:69:a2:d9:7d:e6:15:70:26:ad:a5:
                    24:bb:a9:46:23:6e:bf:10:20:12:e8:ce:6a:e0:be:
                    e9:0a:ec:67:4f:10:d1:7a:56:ed:7d:c4:fd:0c:ac:
                    3e:e8:c9:ea:19:6c:64:e2:d3:a6:11:2e:89:de:d9:
                    27:df:d7:e4:d9:8a:08:ee:7a:a0:74:bd:fd:9d:d7:
                    66:c3:a0:2e:5e:ba:6d:10:b0:dd:f9:46:3a:d9:fb:
                    01:1e:60:11:0b:71:01:6b:32:54:34:c0:c7:47:d8:
                    66:d3:40:d6:06:45:af:9e:c5:0e:99:3b:4f:fc:ce:
                    15:b2:bd:9c:55:83:2c:eb:82:44:81:3c:e0:81:fd:
                    02:d2:a0:71:1f:83:e9:64:1c:5b:ea:73:b4:8c:07:
                    1c:9d:e5:ca:55:43:db:5f:40:6b:da:af:17:29:0e:
                    44:61:9c:6f:c8:b5:14:fc:eb:3b:22:bc:99:2e:88:
                    65:5e:56:e6:03:00:64:1b:de:74:3e:fe:9e:07:15:
                    a8:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:AF:E3:D7:6D:67:C2:B0:66:0A:DC:B5:C1:B7:57:0D:78:32:6A:FF
            X509v3 Authority Key Identifier:
                keyid:F5:D9:A9:28:2C:9D:25:47:C5:66:63:4F:3B:AC:CC:BC:F2:58:88:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9dmpKCydJUfFZmNPO6zMvPJYiCc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/0d0755-1897-47ef-8df7-8cf41cafdce2/1/H6_j121nwrBmCty1wbdXDXgyav8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/0d0755-1897-47ef-8df7-8cf41cafdce2/1/9dmpKCydJUfFZmNPO6zMvPJYiCc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.24.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:61:c1:18:de:99:1d:72:24:36:68:39:0e:b5:79:c5:b5:2b:
         4e:04:62:17:90:17:6b:69:55:24:8c:fd:9d:e1:34:d8:e8:47:
         58:90:d2:24:0f:f5:e6:2e:08:fd:cd:6d:ae:36:26:ab:8b:4a:
         04:d6:64:eb:5d:d9:5f:47:26:29:39:e4:2c:2f:36:65:ba:69:
         96:2d:fa:9c:68:c5:f4:aa:5c:70:ec:4f:73:8f:47:b2:38:c8:
         52:5d:a0:0b:b3:ad:2d:47:8b:73:f5:f1:0a:b5:38:c8:69:6e:
         1c:fc:33:c5:e2:f8:4a:35:c3:bd:8d:fd:9f:b0:66:2e:31:20:
         ba:d4:31:9f:25:5e:75:8b:ed:60:77:c7:e5:34:3f:b2:da:74:
         85:0e:f4:b3:29:3a:f0:19:79:b0:32:13:dd:0d:d5:ad:c5:33:
         a7:59:cd:24:04:7c:57:99:3d:2b:d7:a2:76:02:ed:ab:71:a4:
         0f:a0:a3:9b:46:46:45:07:14:d4:e0:aa:49:29:2c:f7:27:51:
         91:64:5e:3b:fa:3f:4f:3a:8c:ab:e2:c3:06:db:9b:e9:30:40:
         85:b8:ea:7a:65:93:64:39:ed:85:83:9b:f0:9b:4e:d8:90:21:
         4b:80:9b:e4:f6:74:bb:03:b0:93:86:29:07:31:e2:9b:e0:d4:
         a4:8e:71:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVHrU7rL/HOOtJ1lRfpm2KgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1ZDlhOTI4MmM5ZDI1NDdjNTY2NjM0ZjNiYWNjY2JjZjI1
ODg4MjcwHhcNMjUwMjI3MTM1MTM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmFmZTNkNzZkNjdjMmIwNjYwYWRjYjVjMWI3NTcwZDc4MzI2YWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA42kwrxPubiTITpKuCB2q3VrbMyWj
Khl26L7lw7auAaxz2j5zSv4zhs7Ro8ojxH7iHY5HSr4SeJkRlMN7Hg2m5Gmi2X3m
FXAmraUku6lGI26/ECAS6M5q4L7pCuxnTxDRelbtfcT9DKw+6MnqGWxk4tOmES6J
3tkn39fk2YoI7nqgdL39nddmw6AuXrptELDd+UY62fsBHmARC3EBazJUNMDHR9hm
00DWBkWvnsUOmTtP/M4Vsr2cVYMs64JEgTzggf0C0qBxH4PpZBxb6nO0jAccneXK
VUPbX0Br2q8XKQ5EYZxvyLUU/Os7IryZLohlXlbmAwBkG950Pv6eBxWoowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB+v49dtZ8KwZgrctcG3Vw14Mmr/MB8GA1UdIwQY
MBaAFPXZqSgsnSVHxWZjTzuszLzyWIgnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWRtcEtDeWRKVWZGWm1OUE82ek12UEpZaUNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8wZDA3NTUtMTg5Ny00N2VmLThkZjct
OGNmNDFjYWZkY2UyLzEvSDZfajEyMW53ckJtQ3R5MXdiZFhEWGd5YXY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8wZDA3NTUtMTg5Ny00N2VmLThkZjctOGNmNDFjYWZkY2Uy
LzEvOWRtcEtDeWRKVWZGWm1OUE82ek12UEpZaUNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRjTMA0G
CSqGSIb3DQEBCwUAA4IBAQACYcEY3pkdciQ2aDkOtXnFtStOBGIXkBdraVUkjP2d
4TTY6EdYkNIkD/XmLgj9zW2uNiari0oE1mTrXdlfRyYpOeQsLzZlummWLfqcaMX0
qlxw7E9zj0eyOMhSXaALs60tR4tz9fEKtTjIaW4c/DPF4vhKNcO9jf2fsGYuMSC6
1DGfJV51i+1gd8flND+y2nSFDvSzKTrwGXmwMhPdDdWtxTOnWc0kBHxXmT0r16J2
Au2rcaQPoKObRkZFBxTU4KpJKSz3J1GRZF47+j9POoyr4sMG25vpMECFuOp6ZZNk
Oe2Fg5vwm07YkCFLgJvk9nS7A7CThikHMeKb4NSkjnGO
-----END CERTIFICATE-----