Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/936806-bb6d-45f3-8837-c50734d020f0/1/H3U-XbfX-hpsZalplHzr25wWkRc.roa
File:                     H3U-XbfX-hpsZalplHzr25wWkRc.roa (raw, json)
Hash identifier:          hHV1nrCAiEBy+cwmUMGBEGZfn4DT3vzBQZMzloqpOwc=
Subject key identifier:   1F:75:3E:5D:B7:D7:FA:1A:6C:65:A9:69:94:7C:EB:DB:9C:16:91:17
Certificate issuer:       /CN=6aa6f9e3e2622a7815a259e58d552439c255a31b
Certificate serial:       0192673C771AF6CE6CB2513CCDA30637D7E2
Authority key identifier: 6A:A6:F9:E3:E2:62:2A:78:15:A2:59:E5:8D:55:24:39:C2:55:A3:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aqb54-JiKngVolnljVUkOcJVoxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/936806-bb6d-45f3-8837-c50734d020f0/1/H3U-XbfX-hpsZalplHzr25wWkRc.roa
Signing time:             Mon 07 Oct 2024 13:47:48 +0000
ROA not before:           Mon 07 Oct 2024 13:47:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207211
IP address blocks:        185.157.204.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/936806-bb6d-45f3-8837-c50734d020f0/1/aqb54-JiKngVolnljVUkOcJVoxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/936806-bb6d-45f3-8837-c50734d020f0/1/aqb54-JiKngVolnljVUkOcJVoxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aqb54-JiKngVolnljVUkOcJVoxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:67:3c:77:1a:f6:ce:6c:b2:51:3c:cd:a3:06:37:d7:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6aa6f9e3e2622a7815a259e58d552439c255a31b
        Validity
            Not Before: Oct  7 13:47:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f753e5db7d7fa1a6c65a969947cebdb9c169117
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:ab:03:bf:7c:c8:95:e0:a2:ec:10:14:de:24:
                    08:e8:15:62:1f:ba:6a:57:29:a3:78:64:41:a9:9b:
                    f4:71:a6:0f:69:03:6f:9c:f9:4f:3e:a4:88:56:d2:
                    db:33:ac:b2:0e:d7:ff:c4:4f:2f:55:2b:36:eb:cf:
                    2c:4d:a9:59:49:01:72:9e:db:bf:eb:f3:67:1c:a7:
                    97:6f:d1:90:7a:ee:fe:6f:b3:39:a8:63:ba:6e:04:
                    0c:6f:e0:2e:b1:a1:2e:82:bd:17:b0:7e:6f:0a:93:
                    dc:0e:7f:2f:50:01:e0:8a:93:8a:0f:4c:41:9b:75:
                    96:51:63:28:4a:cf:aa:d7:04:18:12:d1:9c:97:a4:
                    c5:7e:d2:c1:9c:67:21:1c:74:b9:0b:e8:ff:20:b3:
                    68:20:00:78:ad:dd:31:e3:d9:7c:b7:80:42:c1:d0:
                    83:98:91:1a:4e:26:cb:b2:d0:b3:3c:4d:83:4b:00:
                    fc:8e:ec:5a:2a:e9:f2:1c:1e:c8:fc:23:21:eb:e7:
                    f8:62:cc:ae:29:80:c1:c3:55:b6:38:3e:f6:38:75:
                    19:04:60:b3:ba:b7:a5:e7:31:d2:a3:65:3e:9d:19:
                    4e:b5:dd:1a:23:0b:21:db:33:e0:59:3b:6b:b1:9b:
                    a6:8a:52:4a:8e:f6:7b:c7:b5:fd:1b:4f:8c:e6:7a:
                    35:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:75:3E:5D:B7:D7:FA:1A:6C:65:A9:69:94:7C:EB:DB:9C:16:91:17
            X509v3 Authority Key Identifier:
                keyid:6A:A6:F9:E3:E2:62:2A:78:15:A2:59:E5:8D:55:24:39:C2:55:A3:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aqb54-JiKngVolnljVUkOcJVoxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/936806-bb6d-45f3-8837-c50734d020f0/1/H3U-XbfX-hpsZalplHzr25wWkRc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/936806-bb6d-45f3-8837-c50734d020f0/1/aqb54-JiKngVolnljVUkOcJVoxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.157.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:f6:2b:7a:29:b8:dc:0b:74:48:6a:1a:bb:80:9a:5c:99:67:
         15:87:c3:cf:04:5b:08:d4:91:0c:71:19:78:2d:93:4c:2c:5a:
         89:12:12:1b:a6:7c:94:32:e0:17:b6:96:63:f2:24:bf:76:47:
         36:5d:88:d2:54:94:0b:87:25:36:42:76:37:b7:39:1a:7f:65:
         b8:48:8a:52:d5:59:c6:31:bc:c8:fb:3a:85:cb:62:9a:bc:46:
         40:9f:58:43:71:b4:bf:71:0a:2f:f1:61:3d:d3:4b:e3:92:fe:
         af:04:55:3d:f1:44:c1:52:b9:dc:71:29:0b:a9:2c:aa:09:2c:
         f9:2b:16:86:ed:8e:f4:97:83:32:02:ad:73:60:53:14:1f:57:
         7b:a0:11:7e:c3:39:86:c7:ec:4f:6a:a9:99:9a:30:9c:1f:53:
         c3:2f:f6:23:34:c6:aa:05:10:a8:85:7c:0d:2f:99:19:2b:3f:
         c1:87:ef:45:eb:44:f7:c8:96:de:1c:79:64:3c:f0:a6:8e:c2:
         e3:25:82:8d:7b:54:20:b2:87:bc:11:9c:45:11:6f:a1:cf:da:
         56:27:44:a5:c6:81:41:f2:be:4b:35:5a:5c:af:5a:5b:ac:08:
         d8:3d:0e:b6:6c:24:0d:5e:46:f8:3e:3a:12:1c:3d:f1:1e:23:
         c6:97:17:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJnPHca9s5sslE8zaMGN9fiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhYTZmOWUzZTI2MjJhNzgxNWEyNTllNThkNTUyNDM5YzI1
NWEzMWIwHhcNMjQxMDA3MTM0NzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjc1M2U1ZGI3ZDdmYTFhNmM2NWE5Njk5NDdjZWJkYjljMTY5MTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuKsDv3zIleCi7BAU3iQI6BViH7pq
VymjeGRBqZv0caYPaQNvnPlPPqSIVtLbM6yyDtf/xE8vVSs2688sTalZSQFyntu/
6/NnHKeXb9GQeu7+b7M5qGO6bgQMb+AusaEugr0XsH5vCpPcDn8vUAHgipOKD0xB
m3WWUWMoSs+q1wQYEtGcl6TFftLBnGchHHS5C+j/ILNoIAB4rd0x49l8t4BCwdCD
mJEaTibLstCzPE2DSwD8juxaKunyHB7I/CMh6+f4YsyuKYDBw1W2OD72OHUZBGCz
urel5zHSo2U+nRlOtd0aIwsh2zPgWTtrsZumilJKjvZ7x7X9G0+M5no1IQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB91Pl231/oabGWpaZR869ucFpEXMB8GA1UdIwQY
MBaAFGqm+ePiYip4FaJZ5Y1VJDnCVaMbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXFiNTQtSmlLbmdWb2xubGpWVWtPY0pWb3hzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS85MzY4MDYtYmI2ZC00NWYzLTg4Mzct
YzUwNzM0ZDAyMGYwLzEvSDNVLVhiZlgtaHBzWmFscGxIenIyNXdXa1JjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS85MzY4MDYtYmI2ZC00NWYzLTg4MzctYzUwNzM0ZDAyMGYw
LzEvYXFiNTQtSmlLbmdWb2xubGpWVWtPY0pWb3hzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZ3MMA0G
CSqGSIb3DQEBCwUAA4IBAQB79it6KbjcC3RIahq7gJpcmWcVh8PPBFsI1JEMcRl4
LZNMLFqJEhIbpnyUMuAXtpZj8iS/dkc2XYjSVJQLhyU2QnY3tzkaf2W4SIpS1VnG
MbzI+zqFy2KavEZAn1hDcbS/cQov8WE900vjkv6vBFU98UTBUrnccSkLqSyqCSz5
KxaG7Y70l4MyAq1zYFMUH1d7oBF+wzmGx+xPaqmZmjCcH1PDL/YjNMaqBRCohXwN
L5kZKz/Bh+9F60T3yJbeHHlkPPCmjsLjJYKNe1Qgsoe8EZxFEW+hz9pWJ0SlxoFB
8r5LNVpcr1pbrAjYPQ62bCQNXkb4PjoSHD3xHiPGlxdC
-----END CERTIFICATE-----