Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/e7549e-5b25-4200-88b9-4e4a35dd3677/1/H_TLsPIgEGDD_RE_XHqJUvlqj8E.roa
File:                     H_TLsPIgEGDD_RE_XHqJUvlqj8E.roa (raw, json)
Hash identifier:          jVZCYNBVF7woByDpZwClsmu07rKLPUQko61SrEyrK1s=
Subject key identifier:   1F:F4:CB:B0:F2:20:10:60:C3:FD:11:3F:5C:7A:89:52:F9:6A:8F:C1
Certificate issuer:       /CN=8c060040ef3a0823aa973f0d0592b1dda808f782
Certificate serial:       0194274812529B592A8063979B9E5F402474
Authority key identifier: 8C:06:00:40:EF:3A:08:23:AA:97:3F:0D:05:92:B1:DD:A8:08:F7:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jAYAQO86CCOqlz8NBZKx3agI94I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/e7549e-5b25-4200-88b9-4e4a35dd3677/1/H_TLsPIgEGDD_RE_XHqJUvlqj8E.roa
Signing time:             Thu 02 Jan 2025 13:50:22 +0000
ROA not before:           Thu 02 Jan 2025 13:50:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204516
IP address blocks:        213.190.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/e7549e-5b25-4200-88b9-4e4a35dd3677/1/jAYAQO86CCOqlz8NBZKx3agI94I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/e7549e-5b25-4200-88b9-4e4a35dd3677/1/jAYAQO86CCOqlz8NBZKx3agI94I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jAYAQO86CCOqlz8NBZKx3agI94I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:12:52:9b:59:2a:80:63:97:9b:9e:5f:40:24:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c060040ef3a0823aa973f0d0592b1dda808f782
        Validity
            Not Before: Jan  2 13:50:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1ff4cbb0f2201060c3fd113f5c7a8952f96a8fc1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:3e:32:89:3f:6a:1e:ba:2d:0d:a9:00:b3:39:
                    bc:97:8c:d5:0a:4c:0f:30:f9:3b:8e:c6:a5:c6:46:
                    ba:95:bd:28:38:76:3d:ca:3e:52:57:da:76:01:5c:
                    72:78:9b:2d:38:ee:9e:fb:65:c1:0b:b7:c8:1e:b0:
                    4d:69:e9:95:bb:8f:44:24:40:d6:fe:3d:d6:62:d2:
                    e9:b7:ff:cb:83:78:db:95:a4:85:c5:ee:e2:0e:f3:
                    07:75:e4:5f:eb:b6:75:02:69:e4:74:6b:c3:c5:2f:
                    e7:e6:dd:40:de:ea:3c:94:ca:8c:60:0a:c0:fd:98:
                    18:ee:80:b0:f7:31:2e:b4:2f:5d:e6:4c:b0:d0:f4:
                    73:c7:f7:07:43:e5:a9:a5:27:7c:9e:38:23:a7:4b:
                    d4:50:9f:cc:46:0e:ea:9c:36:84:25:70:f4:9c:b2:
                    a7:bc:3e:14:a3:a0:bb:dc:79:0d:a8:a0:d9:a5:59:
                    59:01:2c:88:d2:4b:19:18:88:67:13:ec:b7:5d:d4:
                    0a:3e:8c:9f:9e:46:d8:c7:a6:4d:a7:c1:4d:f3:88:
                    50:f3:0f:97:aa:4f:72:a8:5a:c1:52:35:da:d3:73:
                    ed:f9:e4:2a:f8:44:37:26:19:11:8e:48:37:fc:10:
                    3c:6a:7e:ab:a8:ae:ee:df:44:23:d9:97:21:8d:9b:
                    12:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:F4:CB:B0:F2:20:10:60:C3:FD:11:3F:5C:7A:89:52:F9:6A:8F:C1
            X509v3 Authority Key Identifier:
                keyid:8C:06:00:40:EF:3A:08:23:AA:97:3F:0D:05:92:B1:DD:A8:08:F7:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jAYAQO86CCOqlz8NBZKx3agI94I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/e7549e-5b25-4200-88b9-4e4a35dd3677/1/H_TLsPIgEGDD_RE_XHqJUvlqj8E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/e7549e-5b25-4200-88b9-4e4a35dd3677/1/jAYAQO86CCOqlz8NBZKx3agI94I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.190.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:5f:fc:35:32:31:25:a9:2c:2f:28:cf:b2:ea:af:69:2b:37:
         10:bd:45:9f:e7:47:5e:f8:17:0e:89:76:ca:67:29:2b:c8:10:
         b1:08:f0:8e:0e:8c:7e:1e:1b:2f:f7:f9:d8:66:f2:f0:2f:e3:
         6f:66:62:94:11:d7:60:d3:fb:66:c5:3d:84:ab:c7:5e:71:a2:
         09:54:94:30:40:ca:99:40:9d:eb:69:ae:67:8c:10:dc:64:1a:
         68:5c:c6:aa:c4:a0:63:2a:33:98:49:aa:2f:34:d6:5e:c8:14:
         49:01:17:d4:43:cc:8e:56:9e:4d:63:de:4a:94:7e:ef:8e:5d:
         01:3b:f9:57:54:de:01:70:e8:3b:f4:47:36:01:38:14:9f:63:
         97:56:c0:e7:c5:f5:42:19:ea:51:4f:45:72:8c:f9:f6:23:13:
         71:7d:fc:09:2d:df:fd:f9:12:4a:95:56:56:25:c0:30:97:80:
         56:54:55:1e:c0:22:18:a7:f7:37:f4:a1:6b:ac:c7:56:af:54:
         dd:3d:72:e4:89:e1:b8:32:5d:32:1e:cb:1e:eb:3f:c4:89:7f:
         f0:a8:5e:5a:17:5b:92:28:28:f3:f9:de:e6:7a:29:a5:86:bd:
         ce:e9:1e:2c:d5:00:ea:24:01:cb:0a:55:31:af:4d:0f:13:7d:
         b5:32:44:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSBJSm1kqgGOXm55fQCR0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjMDYwMDQwZWYzYTA4MjNhYTk3M2YwZDA1OTJiMWRkYTgw
OGY3ODIwHhcNMjUwMTAyMTM1MDIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmY0Y2JiMGYyMjAxMDYwYzNmZDExM2Y1YzdhODk1MmY5NmE4ZmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqD4yiT9qHrotDakAszm8l4zVCkwP
MPk7jsalxka6lb0oOHY9yj5SV9p2AVxyeJstOO6e+2XBC7fIHrBNaemVu49EJEDW
/j3WYtLpt//Lg3jblaSFxe7iDvMHdeRf67Z1AmnkdGvDxS/n5t1A3uo8lMqMYArA
/ZgY7oCw9zEutC9d5kyw0PRzx/cHQ+WppSd8njgjp0vUUJ/MRg7qnDaEJXD0nLKn
vD4Uo6C73HkNqKDZpVlZASyI0ksZGIhnE+y3XdQKPoyfnkbYx6ZNp8FN84hQ8w+X
qk9yqFrBUjXa03Pt+eQq+EQ3JhkRjkg3/BA8an6rqK7u30Qj2ZchjZsSYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB/0y7DyIBBgw/0RP1x6iVL5ao/BMB8GA1UdIwQY
MBaAFIwGAEDvOggjqpc/DQWSsd2oCPeCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvakFZQVFPODZDQ09xbHo4TkJaS3gzYWdJOTRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS9lNzU0OWUtNWIyNS00MjAwLTg4Yjkt
NGU0YTM1ZGQzNjc3LzEvSF9UTHNQSWdFR0REX1JFX1hIcUpVdmxxajhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS9lNzU0OWUtNWIyNS00MjAwLTg4YjktNGU0YTM1ZGQzNjc3
LzEvakFZQVFPODZDQ09xbHo4TkJaS3gzYWdJOTRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1b5GMA0G
CSqGSIb3DQEBCwUAA4IBAQBYX/w1MjElqSwvKM+y6q9pKzcQvUWf50de+BcOiXbK
ZykryBCxCPCODox+Hhsv9/nYZvLwL+NvZmKUEddg0/tmxT2Eq8decaIJVJQwQMqZ
QJ3raa5njBDcZBpoXMaqxKBjKjOYSaovNNZeyBRJARfUQ8yOVp5NY95KlH7vjl0B
O/lXVN4BcOg79Ec2ATgUn2OXVsDnxfVCGepRT0VyjPn2IxNxffwJLd/9+RJKlVZW
JcAwl4BWVFUewCIYp/c39KFrrMdWr1TdPXLkieG4Ml0yHsse6z/EiX/wqF5aF1uS
KCjz+d7meimlhr3O6R4s1QDqJAHLClUxr00PE321MkSy
-----END CERTIFICATE-----