Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/af601e-c2bf-4a6a-aa32-d2ee15399d06/1/h_lcjhsZRd-WoNkwUeJTA-cn-HU.roa
File:                     h_lcjhsZRd-WoNkwUeJTA-cn-HU.roa (raw, json)
Hash identifier:          MoTuYke9XnON66W6lzgS1xcgPTaCQPNgcBaF3y/k338=
Subject key identifier:   87:F9:5C:8E:1B:19:45:DF:96:A0:D9:30:51:E2:53:03:E7:27:F8:75
Certificate issuer:       /CN=20d4bd499f58494ac0e82263b5520a2c64d6477e
Certificate serial:       019423D7F1CD68A1ACB7BEF78B7FBC858ADB
Authority key identifier: 20:D4:BD:49:9F:58:49:4A:C0:E8:22:63:B5:52:0A:2C:64:D6:47:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/INS9SZ9YSUrA6CJjtVIKLGTWR34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/af601e-c2bf-4a6a-aa32-d2ee15399d06/1/h_lcjhsZRd-WoNkwUeJTA-cn-HU.roa
Signing time:             Wed 01 Jan 2025 21:49:02 +0000
ROA not before:           Wed 01 Jan 2025 21:49:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     680
IP address blocks:        192.109.19.0/24 maxlen: 24
                          192.109.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/af601e-c2bf-4a6a-aa32-d2ee15399d06/1/INS9SZ9YSUrA6CJjtVIKLGTWR34.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/af601e-c2bf-4a6a-aa32-d2ee15399d06/1/INS9SZ9YSUrA6CJjtVIKLGTWR34.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/INS9SZ9YSUrA6CJjtVIKLGTWR34.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:f1:cd:68:a1:ac:b7:be:f7:8b:7f:bc:85:8a:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20d4bd499f58494ac0e82263b5520a2c64d6477e
        Validity
            Not Before: Jan  1 21:49:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=87f95c8e1b1945df96a0d93051e25303e727f875
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:25:a0:14:c2:15:f6:02:02:fe:63:9a:0e:de:
                    e4:e0:c7:01:89:49:7a:00:4c:aa:c4:79:8e:fa:6b:
                    5b:2b:53:92:93:da:ab:1f:65:7a:9c:7a:27:8c:37:
                    2d:d8:65:59:29:e3:fb:0d:34:12:bd:e0:26:e8:30:
                    e6:b4:04:7f:71:f3:14:08:e0:0f:ae:45:33:71:f2:
                    d8:70:13:e1:1e:5a:c7:71:47:9b:c2:85:13:fd:66:
                    50:8a:4c:7f:e5:81:af:ec:85:a2:77:cb:bf:c8:d0:
                    9b:06:e4:da:7f:c4:de:e9:55:35:ab:64:78:c2:54:
                    25:78:dd:5f:a3:46:7b:fc:1d:56:d8:1d:6f:85:f1:
                    af:2b:16:7e:d1:ab:77:b9:18:aa:31:07:9c:3f:a9:
                    34:03:c7:cf:fd:ed:03:c6:18:8c:5f:85:b8:ab:1b:
                    63:78:bf:df:1f:1d:71:18:ba:11:1f:6b:ec:57:06:
                    da:86:b0:02:4e:ef:5c:3a:6a:2d:c3:d3:e0:61:c6:
                    83:2a:fe:df:37:6b:b7:0a:6b:55:26:a8:da:fd:8a:
                    d9:ae:97:c6:06:5d:3c:e0:5f:73:63:80:c0:39:35:
                    2c:39:93:ae:75:28:ea:c4:e1:3c:0f:ad:8e:e5:99:
                    97:6d:1d:81:59:a3:92:e6:5e:86:92:2d:5d:43:a2:
                    d1:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:F9:5C:8E:1B:19:45:DF:96:A0:D9:30:51:E2:53:03:E7:27:F8:75
            X509v3 Authority Key Identifier:
                keyid:20:D4:BD:49:9F:58:49:4A:C0:E8:22:63:B5:52:0A:2C:64:D6:47:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/INS9SZ9YSUrA6CJjtVIKLGTWR34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/af601e-c2bf-4a6a-aa32-d2ee15399d06/1/h_lcjhsZRd-WoNkwUeJTA-cn-HU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/af601e-c2bf-4a6a-aa32-d2ee15399d06/1/INS9SZ9YSUrA6CJjtVIKLGTWR34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.19.0/24
                  192.109.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:fe:2b:51:f7:9a:bd:8f:25:57:55:3c:67:62:37:62:b3:27:
         fb:c0:7d:25:f7:60:33:0e:f4:a4:9e:67:0a:30:0d:42:e8:95:
         91:a4:5a:f8:dc:0a:ca:7a:6b:54:92:de:e1:4f:8a:34:48:58:
         48:6a:d2:e0:1f:42:4a:4d:9e:8b:1c:20:13:22:73:b7:57:73:
         e4:49:36:7d:66:e9:70:87:d1:91:68:78:50:dd:2e:a4:f3:35:
         44:f2:2a:39:d2:29:d4:d4:b8:f4:32:c9:19:02:b7:95:3d:96:
         0e:29:e0:da:ff:bc:34:df:06:85:dc:00:fc:bc:52:16:c0:c8:
         3b:0d:c3:ed:a1:d8:2d:69:fc:d3:84:92:34:d6:39:3d:f7:14:
         9d:65:a9:c9:1b:60:a0:84:8c:ae:28:8a:a5:14:21:9f:78:a5:
         c0:79:11:99:89:2f:cf:f6:53:ce:23:dd:64:39:a5:15:48:c9:
         25:c8:ad:1d:9e:4e:a1:62:2f:7a:74:98:2a:59:69:18:4a:c2:
         83:e2:f7:19:ee:ff:63:0b:8f:b4:f0:75:2b:aa:33:d3:ec:22:
         07:0d:6e:6d:f5:7b:f6:f7:7f:4a:27:d7:2c:a7:84:7f:76:13:
         87:42:f9:4d:8e:82:d7:42:53:5a:60:b5:fa:db:5d:4b:94:a6:
         3d:57:ab:77
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQj1/HNaKGst773i3+8hYrbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwZDRiZDQ5OWY1ODQ5NGFjMGU4MjI2M2I1NTIwYTJjNjRk
NjQ3N2UwHhcNMjUwMTAxMjE0OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2Y5NWM4ZTFiMTk0NWRmOTZhMGQ5MzA1MWUyNTMwM2U3MjdmODc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyCWgFMIV9gIC/mOaDt7k4McBiUl6
AEyqxHmO+mtbK1OSk9qrH2V6nHonjDct2GVZKeP7DTQSveAm6DDmtAR/cfMUCOAP
rkUzcfLYcBPhHlrHcUebwoUT/WZQikx/5YGv7IWid8u/yNCbBuTaf8Te6VU1q2R4
wlQleN1fo0Z7/B1W2B1vhfGvKxZ+0at3uRiqMQecP6k0A8fP/e0DxhiMX4W4qxtj
eL/fHx1xGLoRH2vsVwbahrACTu9cOmotw9PgYcaDKv7fN2u3CmtVJqja/YrZrpfG
Bl084F9zY4DAOTUsOZOudSjqxOE8D62O5ZmXbR2BWaOS5l6Gki1dQ6LRFwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIf5XI4bGUXflqDZMFHiUwPnJ/h1MB8GA1UdIwQY
MBaAFCDUvUmfWElKwOgiY7VSCixk1kd+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSU5TOVNaOVlTVXJBNkNKanRWSUtMR1RXUjM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS9hZjYwMWUtYzJiZi00YTZhLWFhMzIt
ZDJlZTE1Mzk5ZDA2LzEvaF9sY2poc1pSZC1Xb05rd1VlSlRBLWNuLUhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS9hZjYwMWUtYzJiZi00YTZhLWFhMzItZDJlZTE1Mzk5ZDA2
LzEvSU5TOVNaOVlTVXJBNkNKanRWSUtMR1RXUjM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwG0TAwQA
wG3KMA0GCSqGSIb3DQEBCwUAA4IBAQB6/itR95q9jyVXVTxnYjdisyf7wH0l92Az
DvSknmcKMA1C6JWRpFr43ArKemtUkt7hT4o0SFhIatLgH0JKTZ6LHCATInO3V3Pk
STZ9Zulwh9GRaHhQ3S6k8zVE8io50inU1Lj0MskZAreVPZYOKeDa/7w03waF3AD8
vFIWwMg7DcPtodgtafzThJI01jk99xSdZanJG2CghIyuKIqlFCGfeKXAeRGZiS/P
9lPOI91kOaUVSMklyK0dnk6hYi96dJgqWWkYSsKD4vcZ7v9jC4+08HUrqjPT7CIH
DW5t9Xv2939KJ9csp4R/dhOHQvlNjoLXQlNaYLX6211LlKY9V6t3
-----END CERTIFICATE-----