Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/H9PkNOG4tC_wRhc6JbvoTmEWdJs.roa
File:                     H9PkNOG4tC_wRhc6JbvoTmEWdJs.roa (raw, json)
Hash identifier:          BQZtiEUhe7tsKR4tfXUNgLYoNvh7AaYXT14+u75VKOQ=
Subject key identifier:   1F:D3:E4:34:E1:B8:B4:2F:F0:46:17:3A:25:BB:E8:4E:61:16:74:9B
Certificate issuer:       /CN=c1098a1905bbd3381533828f6b7fd227170431ef
Certificate serial:       018D364471B70CE71703A077408893802F28
Authority key identifier: C1:09:8A:19:05:BB:D3:38:15:33:82:8F:6B:7F:D2:27:17:04:31:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wQmKGQW70zgVM4KPa3_SJxcEMe8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/H9PkNOG4tC_wRhc6JbvoTmEWdJs.roa
Signing time:             Tue 23 Jan 2024 12:21:11 +0000
ROA not before:           Tue 23 Jan 2024 12:21:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211513
IP address blocks:        202.164.206.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/wQmKGQW70zgVM4KPa3_SJxcEMe8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/wQmKGQW70zgVM4KPa3_SJxcEMe8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wQmKGQW70zgVM4KPa3_SJxcEMe8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 12:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:36:44:71:b7:0c:e7:17:03:a0:77:40:88:93:80:2f:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1098a1905bbd3381533828f6b7fd227170431ef
        Validity
            Not Before: Jan 23 12:21:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1fd3e434e1b8b42ff046173a25bbe84e6116749b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:c1:72:51:cd:11:f0:2b:d9:4f:a6:c7:b6:1b:
                    9a:b7:a2:54:46:77:bf:9a:fa:f7:69:52:01:6c:c2:
                    2d:1f:16:04:81:e0:83:8c:1f:2e:89:79:ee:8a:b4:
                    bf:a4:e1:6c:01:5b:2c:95:84:8b:b2:34:42:2f:94:
                    5b:ee:58:32:72:70:92:84:95:16:f3:a3:fe:72:f0:
                    e9:b4:9a:e6:e1:be:75:f7:bc:f8:20:6e:85:12:e6:
                    0a:ff:6f:df:bc:8f:9b:46:7a:1b:3b:51:7a:c1:d1:
                    0a:c1:00:91:fc:33:8a:0f:d1:1c:c1:c1:9c:98:5e:
                    51:b3:15:6a:6c:ae:3a:b6:ba:de:04:6f:ee:11:94:
                    6d:c4:4e:df:30:71:6d:38:04:54:e1:02:23:74:83:
                    44:77:d7:d1:fd:ad:1f:d0:84:64:ea:8b:df:5f:96:
                    fb:ed:dd:22:f4:ec:38:eb:26:8a:6b:78:dd:72:29:
                    60:2c:36:71:81:78:c0:75:33:53:ac:ce:4c:60:14:
                    df:9d:fe:a6:d5:35:57:dc:77:4a:b4:a8:c9:db:d9:
                    f7:b6:56:48:f8:7b:ce:a3:92:96:76:5d:8c:54:83:
                    37:73:28:d0:2f:62:89:4a:3c:d7:54:f4:16:3d:a4:
                    88:cb:6a:f7:c7:cb:8e:b5:2a:a1:4f:f2:34:02:1d:
                    26:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:D3:E4:34:E1:B8:B4:2F:F0:46:17:3A:25:BB:E8:4E:61:16:74:9B
            X509v3 Authority Key Identifier:
                keyid:C1:09:8A:19:05:BB:D3:38:15:33:82:8F:6B:7F:D2:27:17:04:31:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wQmKGQW70zgVM4KPa3_SJxcEMe8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/H9PkNOG4tC_wRhc6JbvoTmEWdJs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/wQmKGQW70zgVM4KPa3_SJxcEMe8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.164.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:e1:95:ff:ce:c5:c4:07:22:42:1e:3b:df:fb:3c:31:04:8c:
         c1:0d:a7:32:f0:b4:56:7f:e1:ce:f9:39:19:b4:e6:74:70:13:
         6f:3f:07:e8:19:fb:f9:de:7d:f3:9f:a7:13:6d:22:7a:63:43:
         eb:7d:44:c9:67:a7:7e:3a:dc:1c:d2:01:43:24:91:4e:1b:6a:
         4e:d8:78:58:62:d4:7f:71:ee:0c:b9:8f:29:6e:48:b2:a0:cc:
         40:8b:96:25:89:b3:5d:59:68:58:d8:bd:af:97:6a:26:57:bb:
         6c:a7:43:f6:19:65:69:0b:42:9e:e8:ed:9f:f6:fa:2d:06:c4:
         3a:14:db:bb:b5:78:fc:a6:3a:31:04:3c:3d:e3:ea:f9:5c:86:
         8f:51:1b:ea:cc:32:46:7f:d0:6c:09:ec:16:cf:92:3e:06:01:
         c6:ff:72:7a:1e:d9:3f:9b:8f:0d:42:20:d5:f8:7e:56:eb:8a:
         0e:5a:f5:38:1d:56:4f:8b:82:95:9f:c0:6a:93:9d:23:0d:25:
         41:68:6b:46:f5:c1:92:b9:ec:8a:41:8c:2c:1c:e1:8d:e4:a9:
         fc:a7:2d:e7:8d:e1:a5:d9:8c:9e:1b:06:8c:88:bf:a6:ed:1a:
         48:16:1b:14:55:d8:b3:8b:a4:0b:57:6b:be:a0:3b:3e:13:48:
         f4:07:dc:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY02RHG3DOcXA6B3QIiTgC8oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxMDk4YTE5MDViYmQzMzgxNTMzODI4ZjZiN2ZkMjI3MTcw
NDMxZWYwHhcNMjQwMTIzMTIyMTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmQzZTQzNGUxYjhiNDJmZjA0NjE3M2EyNWJiZTg0ZTYxMTY3NDliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvMFyUc0R8CvZT6bHthuat6JURne/
mvr3aVIBbMItHxYEgeCDjB8uiXnuirS/pOFsAVsslYSLsjRCL5Rb7lgycnCShJUW
86P+cvDptJrm4b5197z4IG6FEuYK/2/fvI+bRnobO1F6wdEKwQCR/DOKD9EcwcGc
mF5RsxVqbK46trreBG/uEZRtxE7fMHFtOARU4QIjdINEd9fR/a0f0IRk6ovfX5b7
7d0i9Ow46yaKa3jdcilgLDZxgXjAdTNTrM5MYBTfnf6m1TVX3HdKtKjJ29n3tlZI
+HvOo5KWdl2MVIM3cyjQL2KJSjzXVPQWPaSIy2r3x8uOtSqhT/I0Ah0mQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB/T5DThuLQv8EYXOiW76E5hFnSbMB8GA1UdIwQY
MBaAFMEJihkFu9M4FTOCj2t/0icXBDHvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1FtS0dRVzcwemdWTTRLUGEzX1NKeGNFTWU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8yZWVkNzEtNDY2NS00OTQ4LWEzYzUt
YjJhNzEzZDJlYWIyLzEvSDlQa05PRzR0Q193UmhjNkpidm9UbUVXZEpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8yZWVkNzEtNDY2NS00OTQ4LWEzYzUtYjJhNzEzZDJlYWIy
LzEvd1FtS0dRVzcwemdWTTRLUGEzX1NKeGNFTWU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAyqTOMA0G
CSqGSIb3DQEBCwUAA4IBAQCv4ZX/zsXEByJCHjvf+zwxBIzBDacy8LRWf+HO+TkZ
tOZ0cBNvPwfoGfv53n3zn6cTbSJ6Y0PrfUTJZ6d+Otwc0gFDJJFOG2pO2HhYYtR/
ce4MuY8pbkiyoMxAi5YlibNdWWhY2L2vl2omV7tsp0P2GWVpC0Ke6O2f9votBsQ6
FNu7tXj8pjoxBDw94+r5XIaPURvqzDJGf9BsCewWz5I+BgHG/3J6Htk/m48NQiDV
+H5W64oOWvU4HVZPi4KVn8Bqk50jDSVBaGtG9cGSueyKQYwsHOGN5Kn8py3njeGl
2YyeGwaMiL+m7RpIFhsUVdizi6QLV2u+oDs+E0j0B9wo
-----END CERTIFICATE-----