Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/_OPDLsr99DGm0ecItRhYtSZLU2g.roa
File:                     _OPDLsr99DGm0ecItRhYtSZLU2g.roa (raw, json)
Hash identifier:          9akMvvStamF/TegSHWOg2lx/TDstXxhr5Z6b97huTUo=
Subject key identifier:   FC:E3:C3:2E:CA:FD:F4:31:A6:D1:E7:08:B5:18:58:B5:26:4B:53:68
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018CC42552C649E12C745C0BF60B43023FCD
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/_OPDLsr99DGm0ecItRhYtSZLU2g.roa
Signing time:             Mon 01 Jan 2024 08:30:29 +0000
ROA not before:           Mon 01 Jan 2024 08:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5638
IP address blocks:        194.50.19.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 22:35:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:52:c6:49:e1:2c:74:5c:0b:f6:0b:43:02:3f:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  1 08:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fce3c32ecafdf431a6d1e708b51858b5264b5368
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:a6:fe:b4:05:5e:9b:a3:59:a4:8a:41:a7:6e:
                    1e:c4:c7:88:c3:3a:eb:1e:7f:c0:6c:c3:34:41:f9:
                    09:d3:4e:b3:08:8b:91:3b:2e:8a:36:88:94:ae:68:
                    65:c1:94:99:b5:e6:03:0d:d9:36:a0:30:77:09:22:
                    39:5f:26:6a:d1:d9:1e:f2:1e:ed:e7:b7:44:d3:83:
                    64:46:da:69:4a:aa:c2:75:04:d1:68:f1:4f:96:ba:
                    ad:c6:b1:c9:e9:c7:17:f5:b5:dd:c0:05:45:a0:e8:
                    ca:86:54:32:81:89:45:5d:19:63:d4:5b:c1:ff:4a:
                    bb:72:f2:3d:c2:d2:38:07:38:af:66:44:3a:ae:fc:
                    80:5b:f2:7f:2b:b3:aa:56:c3:1e:a1:47:e1:07:73:
                    cd:f8:5b:bd:47:29:e0:f9:6a:f3:7e:f6:ab:8a:19:
                    1e:bb:1a:99:bb:6d:7c:02:fc:98:32:ba:d5:db:62:
                    52:14:23:5a:e4:81:ec:ad:6c:41:96:23:35:91:a2:
                    68:2a:72:c8:fb:e7:fd:cc:40:13:3e:b7:3e:81:9c:
                    09:56:35:82:19:65:2f:0f:18:f8:52:11:99:1f:e6:
                    d5:8b:50:a2:96:d7:5c:a0:34:29:dc:ee:6f:57:14:
                    d1:49:33:94:c6:44:3a:d4:60:68:e3:6a:c4:4f:d5:
                    39:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:E3:C3:2E:CA:FD:F4:31:A6:D1:E7:08:B5:18:58:B5:26:4B:53:68
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/_OPDLsr99DGm0ecItRhYtSZLU2g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:0e:f4:04:15:37:a4:33:87:a1:02:6d:ef:61:b6:e3:b5:e3:
         ad:86:45:c3:5b:33:bb:9a:80:41:03:06:74:5a:2a:97:a5:58:
         f1:69:a0:e3:60:40:9d:aa:ae:08:43:c9:38:74:41:23:4f:c5:
         65:76:41:86:34:b5:65:bf:59:9f:2d:5b:b2:d6:bc:e8:cd:6e:
         cd:f3:36:a5:cf:02:fe:ee:68:5f:15:54:99:9a:08:44:6d:38:
         94:5a:83:5a:39:cc:07:b7:74:5d:64:6c:23:fd:e3:2b:7e:4a:
         27:43:52:f1:80:8e:de:15:dc:66:e1:18:23:91:19:1d:9d:78:
         50:49:72:90:d5:d7:8c:8a:c8:9a:a7:6a:5a:2f:7b:dd:69:4b:
         e5:13:c9:ff:78:b5:53:f0:0c:9a:d7:b0:c6:5e:c3:d0:80:33:
         81:7d:ac:7b:b7:58:ac:75:f4:7c:76:3f:78:b9:8b:1e:69:5b:
         f9:45:70:83:92:c7:94:f5:c1:5d:0f:f8:66:da:cc:0e:c8:fd:
         c3:dc:ca:ad:a3:e7:6d:da:85:49:4d:0e:78:0d:c3:d8:df:a9:
         cc:30:f6:9d:53:9a:95:ca:5c:35:32:5e:28:e5:ac:24:cc:99:
         f3:14:cc:5a:ac:9a:9c:58:09:2e:cb:c5:0d:2c:6e:e9:15:53:
         98:88:86:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJVLGSeEsdFwL9gtDAj/NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMTAxMDgzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2UzYzMyZWNhZmRmNDMxYTZkMWU3MDhiNTE4NThiNTI2NGI1MzY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1qb+tAVem6NZpIpBp24exMeIwzrr
Hn/AbMM0QfkJ006zCIuROy6KNoiUrmhlwZSZteYDDdk2oDB3CSI5XyZq0dke8h7t
57dE04NkRtppSqrCdQTRaPFPlrqtxrHJ6ccX9bXdwAVFoOjKhlQygYlFXRlj1FvB
/0q7cvI9wtI4BzivZkQ6rvyAW/J/K7OqVsMeoUfhB3PN+Fu9Ryng+Wrzfvarihke
uxqZu218AvyYMrrV22JSFCNa5IHsrWxBliM1kaJoKnLI++f9zEATPrc+gZwJVjWC
GWUvDxj4UhGZH+bVi1CiltdcoDQp3O5vVxTRSTOUxkQ61GBo42rET9U5eQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPzjwy7K/fQxptHnCLUYWLUmS1NoMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvX09QRExzcjk5REdtMGVjSXRSaFl0U1pMVTJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjITMA0G
CSqGSIb3DQEBCwUAA4IBAQBMDvQEFTekM4ehAm3vYbbjteOthkXDWzO7moBBAwZ0
WiqXpVjxaaDjYECdqq4IQ8k4dEEjT8VldkGGNLVlv1mfLVuy1rzozW7N8zalzwL+
7mhfFVSZmghEbTiUWoNaOcwHt3RdZGwj/eMrfkonQ1LxgI7eFdxm4RgjkRkdnXhQ
SXKQ1deMisiap2paL3vdaUvlE8n/eLVT8Aya17DGXsPQgDOBfax7t1isdfR8dj94
uYseaVv5RXCDkseU9cFdD/hm2swOyP3D3Mqto+dt2oVJTQ54DcPY36nMMPadU5qV
ylw1Ml4o5awkzJnzFMxarJqcWAkuy8UNLG7pFVOYiIbw
-----END CERTIFICATE-----