Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/1b9637-2795-4e7c-b33f-e28295e54c3c/1/crQDwPKnBJicTRXTQVQ_64_9WnU.roa
File:                     crQDwPKnBJicTRXTQVQ_64_9WnU.roa (raw, json)
Hash identifier:          wgp3cvIZ/JUUnPutDQ0+I+wCEaki3UUS1B3Hznd+kO8=
Subject key identifier:   72:B4:03:C0:F2:A7:04:98:9C:4D:15:D3:41:54:3F:EB:8F:FD:5A:75
Certificate issuer:       /CN=24d470214c69e430f8b385e0936ad960166acdf0
Certificate serial:       018CC3493ED2204D3F6193A5179C43735F24
Authority key identifier: 24:D4:70:21:4C:69:E4:30:F8:B3:85:E0:93:6A:D9:60:16:6A:CD:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JNRwIUxp5DD4s4Xgk2rZYBZqzfA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/1b9637-2795-4e7c-b33f-e28295e54c3c/1/crQDwPKnBJicTRXTQVQ_64_9WnU.roa
Signing time:             Mon 01 Jan 2024 04:30:06 +0000
ROA not before:           Mon 01 Jan 2024 04:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        213.255.206.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/1b9637-2795-4e7c-b33f-e28295e54c3c/1/JNRwIUxp5DD4s4Xgk2rZYBZqzfA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/1b9637-2795-4e7c-b33f-e28295e54c3c/1/JNRwIUxp5DD4s4Xgk2rZYBZqzfA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JNRwIUxp5DD4s4Xgk2rZYBZqzfA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 16:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:3e:d2:20:4d:3f:61:93:a5:17:9c:43:73:5f:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=24d470214c69e430f8b385e0936ad960166acdf0
        Validity
            Not Before: Jan  1 04:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=72b403c0f2a704989c4d15d341543feb8ffd5a75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:41:02:4a:71:bb:ab:c4:25:ef:24:41:b4:8b:
                    53:45:77:1f:fc:d3:34:51:ee:47:d6:f5:ac:9e:d7:
                    c6:99:20:da:49:50:ad:88:cb:1a:0b:55:5f:a3:00:
                    6e:5e:5d:0a:57:b3:be:e8:21:90:80:0a:64:f8:72:
                    cc:44:76:c8:84:93:e3:56:fc:52:80:30:61:b6:2b:
                    0e:0f:ad:31:f6:13:90:7f:82:4a:88:e1:56:44:6d:
                    8e:62:cb:39:2f:1e:29:e0:72:e4:d1:d2:02:b7:ee:
                    fa:ae:fc:d9:d0:ae:19:84:2f:36:9f:0c:8c:6f:8d:
                    aa:ae:ba:3b:0b:ae:a4:8c:be:32:94:3d:8f:72:6d:
                    9f:40:f4:f8:54:0f:0a:07:47:cc:76:24:1a:ce:e9:
                    26:ba:46:cf:bf:c4:49:7d:f6:b3:80:e1:0a:e0:ff:
                    c3:ea:e3:d3:a9:de:a3:f3:ff:4e:8c:bb:95:5d:67:
                    9b:b2:a3:53:14:90:1e:22:fc:7e:3a:76:ed:9a:7f:
                    fc:1e:59:ba:dd:64:b8:b4:18:90:7d:14:44:c5:c0:
                    22:0f:78:09:54:ed:8d:7c:7e:ed:10:e2:71:0a:de:
                    be:dd:46:b1:f6:80:87:34:2f:f3:5b:c5:3e:32:fc:
                    00:30:d3:0c:f6:38:0e:ff:32:51:87:5c:79:4d:16:
                    10:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:B4:03:C0:F2:A7:04:98:9C:4D:15:D3:41:54:3F:EB:8F:FD:5A:75
            X509v3 Authority Key Identifier:
                keyid:24:D4:70:21:4C:69:E4:30:F8:B3:85:E0:93:6A:D9:60:16:6A:CD:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JNRwIUxp5DD4s4Xgk2rZYBZqzfA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/1b9637-2795-4e7c-b33f-e28295e54c3c/1/crQDwPKnBJicTRXTQVQ_64_9WnU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/1b9637-2795-4e7c-b33f-e28295e54c3c/1/JNRwIUxp5DD4s4Xgk2rZYBZqzfA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.255.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:bd:85:57:3c:76:d1:be:39:af:c3:af:95:b1:d5:b1:49:3f:
         16:77:53:76:45:86:54:7f:5e:fb:3c:20:e0:d3:4b:6a:90:fd:
         75:cb:de:39:ed:00:26:f9:22:d2:02:f5:0b:56:9b:50:66:1e:
         bc:9b:09:b0:c7:e5:4f:8e:1c:bf:b7:16:84:1c:9e:04:9a:54:
         29:3c:fa:8e:dd:36:61:71:a7:16:f5:6a:11:63:39:c7:80:07:
         7d:f1:3b:f1:8a:0c:5f:9c:a3:c6:ee:5b:06:c5:94:96:16:c1:
         5e:fb:8c:15:85:c3:12:b0:b0:5e:0d:3c:3a:c3:32:01:4e:b9:
         a9:97:4e:f1:29:a1:61:dc:33:7e:ea:e2:77:94:c1:30:4f:6d:
         b6:74:8c:0d:fd:77:d8:c6:a1:ec:5a:ba:b2:38:57:e1:57:78:
         e0:da:05:95:8a:e9:ab:4f:45:88:28:cf:8e:32:76:d7:f6:77:
         c9:6e:15:00:f0:15:71:de:65:e1:a9:b7:c0:81:cf:b9:50:4f:
         ae:1d:a8:26:49:db:68:e3:5c:95:52:f6:ca:49:1d:e7:9b:d5:
         af:1d:34:94:c4:be:d3:c8:34:e9:be:bf:f6:61:36:fb:ca:30:
         79:a5:e7:74:67:cc:9f:21:a7:3e:8e:66:2b:ab:5d:77:fa:a7:
         56:93:f6:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDST7SIE0/YZOlF5xDc18kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0ZDQ3MDIxNGM2OWU0MzBmOGIzODVlMDkzNmFkOTYwMTY2
YWNkZjAwHhcNMjQwMTAxMDQzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmI0MDNjMGYyYTcwNDk4OWM0ZDE1ZDM0MTU0M2ZlYjhmZmQ1YTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo0ECSnG7q8Ql7yRBtItTRXcf/NM0
Ue5H1vWsntfGmSDaSVCtiMsaC1VfowBuXl0KV7O+6CGQgApk+HLMRHbIhJPjVvxS
gDBhtisOD60x9hOQf4JKiOFWRG2OYss5Lx4p4HLk0dICt+76rvzZ0K4ZhC82nwyM
b42qrro7C66kjL4ylD2Pcm2fQPT4VA8KB0fMdiQazukmukbPv8RJffazgOEK4P/D
6uPTqd6j8/9OjLuVXWebsqNTFJAeIvx+Onbtmn/8Hlm63WS4tBiQfRRExcAiD3gJ
VO2NfH7tEOJxCt6+3Uax9oCHNC/zW8U+MvwAMNMM9jgO/zJRh1x5TRYQuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHK0A8DypwSYnE0V00FUP+uP/Vp1MB8GA1UdIwQY
MBaAFCTUcCFMaeQw+LOF4JNq2WAWas3wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSk5Sd0lVeHA1REQ0czRYZ2syclpZQlpxemZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8xYjk2MzctMjc5NS00ZTdjLWIzM2Yt
ZTI4Mjk1ZTU0YzNjLzEvY3JRRHdQS25CSmljVFJYVFFWUV82NF85V25VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8xYjk2MzctMjc5NS00ZTdjLWIzM2YtZTI4Mjk1ZTU0YzNj
LzEvSk5Sd0lVeHA1REQ0czRYZ2syclpZQlpxemZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1f/OMA0G
CSqGSIb3DQEBCwUAA4IBAQCVvYVXPHbRvjmvw6+VsdWxST8Wd1N2RYZUf177PCDg
00tqkP11y9457QAm+SLSAvULVptQZh68mwmwx+VPjhy/txaEHJ4EmlQpPPqO3TZh
cacW9WoRYznHgAd98TvxigxfnKPG7lsGxZSWFsFe+4wVhcMSsLBeDTw6wzIBTrmp
l07xKaFh3DN+6uJ3lMEwT222dIwN/XfYxqHsWrqyOFfhV3jg2gWViumrT0WIKM+O
MnbX9nfJbhUA8BVx3mXhqbfAgc+5UE+uHagmSdto41yVUvbKSR3nm9WvHTSUxL7T
yDTpvr/2YTb7yjB5ped0Z8yfIac+jmYrq113+qdWk/b8
-----END CERTIFICATE-----