Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/CATiyerLh0vy6Woo8cgXwujiI2g.roa
File:                     CATiyerLh0vy6Woo8cgXwujiI2g.roa (raw, json)
Hash identifier:          DP0QTh3WZUb0mvr5CmCo1BJPQBR6RDpmGYtHEFdLECA=
Subject key identifier:   08:04:E2:C9:EA:CB:87:4B:F2:E9:6A:28:F1:C8:17:C2:E8:E2:23:68
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       018CC64B96E4ABC165D3FC602AF7ACC4704F
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/CATiyerLh0vy6Woo8cgXwujiI2g.roa
Signing time:             Mon 01 Jan 2024 18:31:31 +0000
ROA not before:           Mon 01 Jan 2024 18:31:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206632
IP address blocks:        85.202.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:96:e4:ab:c1:65:d3:fc:60:2a:f7:ac:c4:70:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 18:31:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0804e2c9eacb874bf2e96a28f1c817c2e8e22368
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:4e:0f:4d:71:ce:54:f1:86:31:f8:2f:ef:90:
                    6f:c9:60:90:7e:12:3b:92:e2:de:49:3c:db:fb:e5:
                    ba:b6:1b:60:d0:b0:27:14:2c:89:7a:29:0f:11:c8:
                    c4:b3:d2:c5:d7:47:12:b5:9b:50:59:25:45:c9:4c:
                    f6:e3:e7:12:be:37:4e:f3:a5:9c:54:26:eb:a0:2d:
                    d9:90:94:9d:04:af:35:cf:75:19:22:2b:d8:19:81:
                    22:0e:54:52:c2:e0:8e:45:d3:f8:60:0d:ad:75:ad:
                    8a:02:67:94:30:04:3e:bb:30:23:ff:4f:27:9d:d3:
                    6c:1a:22:ce:7a:26:c6:cf:d7:e1:3f:ef:3c:5c:df:
                    ce:80:5e:c5:63:75:1c:28:83:ca:ad:43:01:de:bc:
                    c8:74:6e:d4:79:db:9e:80:7a:eb:2d:47:dc:1b:e7:
                    9a:3c:f3:cc:be:5f:8c:46:2d:2a:0c:b1:bc:1b:20:
                    9f:63:62:72:97:ae:e9:08:89:55:96:b5:56:28:e1:
                    b5:08:e3:d6:56:8c:d2:28:8b:c9:ae:7e:31:47:30:
                    eb:2f:54:63:cd:0c:a2:d7:e7:2e:4a:bb:6f:16:65:
                    a0:2a:e1:35:2d:92:fa:96:7a:7b:e7:ad:70:d6:31:
                    65:2b:61:e9:4f:5b:1b:60:84:dc:9a:11:8d:47:d2:
                    58:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:04:E2:C9:EA:CB:87:4B:F2:E9:6A:28:F1:C8:17:C2:E8:E2:23:68
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/CATiyerLh0vy6Woo8cgXwujiI2g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.202.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:20:66:51:a6:b4:14:5b:e5:6f:03:75:12:32:3c:fc:73:d2:
         65:6a:84:32:80:99:45:85:b2:78:c5:b4:b7:f6:aa:87:d8:e1:
         f2:9d:37:6e:f2:18:e9:32:fa:c1:f6:1b:e0:12:ed:bf:e9:f2:
         e2:b0:e8:ff:33:bd:fa:ef:59:d8:52:93:2c:19:a4:f7:97:12:
         24:9f:b4:d6:71:cf:5e:2a:59:c4:a5:ea:0a:d2:6c:92:e8:8c:
         f0:41:e3:b3:2e:9a:8f:4c:37:79:c7:70:03:0e:dc:7a:03:61:
         e5:8b:5c:67:a3:d1:4f:4a:4b:eb:e2:a9:71:e8:19:be:cb:56:
         34:d4:32:41:24:58:ad:c2:7c:c5:a3:96:14:25:90:e8:82:36:
         8c:81:fe:fc:67:ba:19:25:e0:6a:6e:16:15:89:b7:d2:5f:95:
         15:fc:67:13:11:55:db:c8:86:e8:f3:2e:dc:c7:ff:12:91:36:
         b5:06:30:80:cb:84:8a:a1:af:69:59:69:d4:c4:9b:de:c4:b2:
         3a:01:67:5a:74:09:f8:04:ab:ea:54:6c:9a:ba:4e:cc:4a:05:
         80:d1:f1:63:ca:1d:ae:6c:01:eb:e0:af:3d:ec:f1:7f:7f:d5:
         c8:9c:30:01:dd:3a:09:18:ee:98:31:18:a2:fa:14:e0:1a:04:
         bc:24:4b:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS5bkq8Fl0/xgKvesxHBPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjQwMTAxMTgzMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODA0ZTJjOWVhY2I4NzRiZjJlOTZhMjhmMWM4MTdjMmU4ZTIyMzY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiU4PTXHOVPGGMfgv75BvyWCQfhI7
kuLeSTzb++W6thtg0LAnFCyJeikPEcjEs9LF10cStZtQWSVFyUz24+cSvjdO86Wc
VCbroC3ZkJSdBK81z3UZIivYGYEiDlRSwuCORdP4YA2tda2KAmeUMAQ+uzAj/08n
ndNsGiLOeibGz9fhP+88XN/OgF7FY3UcKIPKrUMB3rzIdG7UeduegHrrLUfcG+ea
PPPMvl+MRi0qDLG8GyCfY2Jyl67pCIlVlrVWKOG1COPWVozSKIvJrn4xRzDrL1Rj
zQyi1+cuSrtvFmWgKuE1LZL6lnp7561w1jFlK2HpT1sbYITcmhGNR9JYkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAgE4snqy4dL8ulqKPHIF8Lo4iNoMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvQ0FUaXllckxoMHZ5NldvbzhjZ1h3dWppSTJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVcoyMA0G
CSqGSIb3DQEBCwUAA4IBAQAgIGZRprQUW+VvA3USMjz8c9JlaoQygJlFhbJ4xbS3
9qqH2OHynTdu8hjpMvrB9hvgEu2/6fLisOj/M73671nYUpMsGaT3lxIkn7TWcc9e
KlnEpeoK0myS6IzwQeOzLpqPTDd5x3ADDtx6A2Hli1xno9FPSkvr4qlx6Bm+y1Y0
1DJBJFitwnzFo5YUJZDogjaMgf78Z7oZJeBqbhYVibfSX5UV/GcTEVXbyIbo8y7c
x/8SkTa1BjCAy4SKoa9pWWnUxJvexLI6AWdadAn4BKvqVGyauk7MSgWA0fFjyh2u
bAHr4K897PF/f9XInDAB3ToJGO6YMRii+hTgGgS8JEuf
-----END CERTIFICATE-----