Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/8d1167-0c4d-488f-9a83-c0177dfda847/1/hEsT4nq2POMNMSgena1zDS9L0RA.roa
File:                     hEsT4nq2POMNMSgena1zDS9L0RA.roa (raw, json)
Hash identifier:          +cARdSWQUiU67KF99S8NG/nQAX9WC+AtaZe38triRWk=
Subject key identifier:   84:4B:13:E2:7A:B6:3C:E3:0D:31:28:1E:9D:AD:73:0D:2F:4B:D1:10
Certificate issuer:       /CN=374f6f3e3cb973bac8a43f6c0b806b3d11c9adc3
Certificate serial:       01923D335B2C2770B3DA894DBBFEE0C7640F
Authority key identifier: 37:4F:6F:3E:3C:B9:73:BA:C8:A4:3F:6C:0B:80:6B:3D:11:C9:AD:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N09vPjy5c7rIpD9sC4BrPRHJrcM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/8d1167-0c4d-488f-9a83-c0177dfda847/1/hEsT4nq2POMNMSgena1zDS9L0RA.roa
Signing time:             Sun 29 Sep 2024 09:53:48 +0000
ROA not before:           Sun 29 Sep 2024 09:53:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214171
IP address blocks:        5.22.203.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/8d1167-0c4d-488f-9a83-c0177dfda847/1/N09vPjy5c7rIpD9sC4BrPRHJrcM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/8d1167-0c4d-488f-9a83-c0177dfda847/1/N09vPjy5c7rIpD9sC4BrPRHJrcM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N09vPjy5c7rIpD9sC4BrPRHJrcM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:3d:33:5b:2c:27:70:b3:da:89:4d:bb:fe:e0:c7:64:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=374f6f3e3cb973bac8a43f6c0b806b3d11c9adc3
        Validity
            Not Before: Sep 29 09:53:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=844b13e27ab63ce30d31281e9dad730d2f4bd110
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:e3:9e:32:43:7e:af:76:8e:84:0e:8b:50:b2:
                    70:86:ea:6b:4b:20:01:f4:f4:52:a0:8d:f2:38:fe:
                    4c:3b:3a:ac:c1:b5:65:d7:30:c3:5e:ba:d3:97:e7:
                    b6:a7:4e:3d:8c:19:24:79:22:35:7e:ea:e8:a9:6d:
                    63:00:15:70:90:92:df:70:09:40:8e:a5:20:ef:90:
                    2d:fe:73:8a:5c:cf:6b:a4:87:bf:fb:30:d2:93:4c:
                    2e:ac:9e:0f:12:f5:94:5e:3b:67:e1:90:ab:b5:67:
                    b4:c3:88:40:12:2f:b7:0e:60:12:1f:89:f5:b8:f0:
                    ae:b7:6c:94:5a:2e:17:98:a1:af:4f:cc:61:9c:76:
                    b0:0a:8e:7b:f7:54:65:f3:24:01:a6:53:49:64:8d:
                    5b:44:ed:73:de:db:83:7f:2e:b6:4c:4c:89:7a:3d:
                    68:a6:75:7c:d3:96:7e:3f:02:6b:15:21:5a:5c:db:
                    e9:76:ff:1e:b5:a3:4a:ee:25:01:d0:56:61:d0:05:
                    60:0f:a9:a5:07:6a:37:41:38:5b:56:2b:4d:f6:a1:
                    bc:76:d3:5e:fa:0e:f1:ee:55:c6:fc:a8:63:12:9c:
                    b9:df:cd:3d:89:01:6a:bd:ef:ae:39:ad:d7:32:f9:
                    54:79:03:d6:39:da:54:65:fd:d4:9c:78:18:8a:1b:
                    3e:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:4B:13:E2:7A:B6:3C:E3:0D:31:28:1E:9D:AD:73:0D:2F:4B:D1:10
            X509v3 Authority Key Identifier:
                keyid:37:4F:6F:3E:3C:B9:73:BA:C8:A4:3F:6C:0B:80:6B:3D:11:C9:AD:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N09vPjy5c7rIpD9sC4BrPRHJrcM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/8d1167-0c4d-488f-9a83-c0177dfda847/1/hEsT4nq2POMNMSgena1zDS9L0RA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/8d1167-0c4d-488f-9a83-c0177dfda847/1/N09vPjy5c7rIpD9sC4BrPRHJrcM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.22.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:1d:9b:7d:2f:b2:b3:73:62:e2:ed:22:ac:9f:d6:c6:be:3c:
         49:05:24:a7:4a:04:3b:5a:95:f7:c8:ab:f9:ec:6e:03:ce:18:
         93:a8:05:c2:93:d3:c0:18:42:c7:b6:93:d2:4b:19:90:c3:22:
         d1:1b:83:e8:ca:a4:96:37:5b:37:1b:34:9d:1e:39:71:f8:89:
         c3:ea:68:e5:95:ea:a3:81:e6:b6:c4:9e:4e:fb:3c:0f:87:05:
         77:f3:ea:43:a0:34:36:c9:2c:c8:d0:09:cc:71:3a:1e:a9:87:
         06:db:20:62:a1:01:68:d9:41:de:2c:33:06:4e:ae:48:f9:65:
         39:39:b7:34:92:4d:b2:0b:a4:10:d8:17:f2:d5:04:eb:a4:f9:
         43:59:9b:f7:f4:90:46:7f:ab:cd:53:31:c6:98:60:54:fd:d0:
         de:a7:ed:fb:fe:a8:48:02:8d:b6:c3:fc:de:52:6e:f0:1b:65:
         fd:73:3e:79:25:33:2e:b7:26:c1:7b:2c:af:b4:66:07:bb:27:
         d3:6c:4e:14:1f:bf:b3:80:85:0b:08:5b:b6:e7:74:20:cc:87:
         f7:e8:45:6b:50:80:00:8a:a8:0a:52:70:f3:37:b4:0f:9e:30:
         98:62:91:0b:f7:02:82:2d:46:d4:f7:7b:f6:ba:98:37:56:d3:
         dc:f5:8e:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZI9M1ssJ3Cz2olNu/7gx2QPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3NGY2ZjNlM2NiOTczYmFjOGE0M2Y2YzBiODA2YjNkMTFj
OWFkYzMwHhcNMjQwOTI5MDk1MzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDRiMTNlMjdhYjYzY2UzMGQzMTI4MWU5ZGFkNzMwZDJmNGJkMTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr+OeMkN+r3aOhA6LULJwhuprSyAB
9PRSoI3yOP5MOzqswbVl1zDDXrrTl+e2p049jBkkeSI1furoqW1jABVwkJLfcAlA
jqUg75At/nOKXM9rpIe/+zDSk0wurJ4PEvWUXjtn4ZCrtWe0w4hAEi+3DmASH4n1
uPCut2yUWi4XmKGvT8xhnHawCo5791Rl8yQBplNJZI1bRO1z3tuDfy62TEyJej1o
pnV805Z+PwJrFSFaXNvpdv8etaNK7iUB0FZh0AVgD6mlB2o3QThbVitN9qG8dtNe
+g7x7lXG/KhjEpy53809iQFqve+uOa3XMvlUeQPWOdpUZf3UnHgYihs+wwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIRLE+J6tjzjDTEoHp2tcw0vS9EQMB8GA1UdIwQY
MBaAFDdPbz48uXO6yKQ/bAuAaz0Rya3DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjA5dlBqeTVjN3JJcEQ5c0M0QnJQUkhKcmNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi84ZDExNjctMGM0ZC00ODhmLTlhODMt
YzAxNzdkZmRhODQ3LzEvaEVzVDRucTJQT01OTVNnZW5hMXpEUzlMMFJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi84ZDExNjctMGM0ZC00ODhmLTlhODMtYzAxNzdkZmRhODQ3
LzEvTjA5dlBqeTVjN3JJcEQ5c0M0QnJQUkhKcmNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABRbLMA0G
CSqGSIb3DQEBCwUAA4IBAQB9HZt9L7Kzc2Li7SKsn9bGvjxJBSSnSgQ7WpX3yKv5
7G4DzhiTqAXCk9PAGELHtpPSSxmQwyLRG4PoyqSWN1s3GzSdHjlx+InD6mjlleqj
gea2xJ5O+zwPhwV38+pDoDQ2ySzI0AnMcToeqYcG2yBioQFo2UHeLDMGTq5I+WU5
Obc0kk2yC6QQ2Bfy1QTrpPlDWZv39JBGf6vNUzHGmGBU/dDep+37/qhIAo22w/ze
Um7wG2X9cz55JTMutybBeyyvtGYHuyfTbE4UH7+zgIULCFu253QgzIf36EVrUIAA
iqgKUnDzN7QPnjCYYpEL9wKCLUbU93v2upg3VtPc9Y4m
-----END CERTIFICATE-----