Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/c8ea46-9dc2-4036-9096-4cd77b38f1b1/1/QjH-Zt_C8tEStTE3TJrzMvnpAfs.roa
File:                     QjH-Zt_C8tEStTE3TJrzMvnpAfs.roa (raw, json)
Hash identifier:          cVwLUWU32vfJLxt3FblKNtWXyltgYm8oWs5dQc8k/OY=
Subject key identifier:   42:31:FE:66:DF:C2:F2:D1:12:B5:31:37:4C:9A:F3:32:F9:E9:01:FB
Certificate issuer:       /CN=ed73c26609b1b21d87a681302ef2d26fc0a00fa3
Certificate serial:       018CC424884CEF18C71F2D5F45473C961BE7
Authority key identifier: ED:73:C2:66:09:B1:B2:1D:87:A6:81:30:2E:F2:D2:6F:C0:A0:0F:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7XPCZgmxsh2HpoEwLvLSb8CgD6M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/c8ea46-9dc2-4036-9096-4cd77b38f1b1/1/QjH-Zt_C8tEStTE3TJrzMvnpAfs.roa
Signing time:             Mon 01 Jan 2024 08:29:37 +0000
ROA not before:           Mon 01 Jan 2024 08:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8218
IP address blocks:        194.8.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/c8ea46-9dc2-4036-9096-4cd77b38f1b1/1/7XPCZgmxsh2HpoEwLvLSb8CgD6M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/c8ea46-9dc2-4036-9096-4cd77b38f1b1/1/7XPCZgmxsh2HpoEwLvLSb8CgD6M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7XPCZgmxsh2HpoEwLvLSb8CgD6M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 04:03:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:88:4c:ef:18:c7:1f:2d:5f:45:47:3c:96:1b:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed73c26609b1b21d87a681302ef2d26fc0a00fa3
        Validity
            Not Before: Jan  1 08:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4231fe66dfc2f2d112b531374c9af332f9e901fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:9e:eb:2e:94:b5:e6:ed:c9:23:1a:09:c1:69:
                    92:5c:2d:4b:16:66:6a:45:f2:ac:5f:5b:e4:2b:23:
                    59:a2:a8:51:35:20:01:9a:4b:4c:5d:d7:34:d8:70:
                    c7:07:38:42:8d:4e:0c:81:dd:bb:95:a7:07:4a:0d:
                    2c:5c:ab:8e:24:4e:a1:aa:d0:0b:4f:b7:47:73:b9:
                    4a:8c:02:99:c0:a2:1b:05:42:22:b4:f3:e7:45:58:
                    70:4e:40:18:d8:71:48:85:43:86:95:97:0a:a0:a8:
                    13:94:dd:f7:8c:0c:80:1f:b8:26:6a:59:b4:11:11:
                    6c:14:81:8e:b8:d7:fb:1d:4d:c0:78:c5:b7:14:39:
                    d9:c3:e0:2e:19:a1:91:e8:d1:0e:84:34:d7:8f:5a:
                    f7:8e:90:a3:d9:a9:b2:90:86:f6:59:80:de:bf:e2:
                    38:7d:3a:fa:60:10:1c:1a:f2:32:70:a4:1c:d7:2c:
                    ea:08:ba:33:48:80:9d:0e:f6:9f:15:42:80:d6:a7:
                    73:16:0e:1a:c4:05:c8:80:8c:6f:3f:d3:18:f6:1e:
                    a1:ee:de:7b:94:10:ed:20:3d:5a:a9:ca:61:39:ef:
                    25:c6:84:c0:80:67:1c:ac:13:54:0c:b9:14:b8:c7:
                    49:ed:ab:5c:05:19:bf:2b:27:ca:48:65:14:ea:f7:
                    c0:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:31:FE:66:DF:C2:F2:D1:12:B5:31:37:4C:9A:F3:32:F9:E9:01:FB
            X509v3 Authority Key Identifier:
                keyid:ED:73:C2:66:09:B1:B2:1D:87:A6:81:30:2E:F2:D2:6F:C0:A0:0F:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7XPCZgmxsh2HpoEwLvLSb8CgD6M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/c8ea46-9dc2-4036-9096-4cd77b38f1b1/1/QjH-Zt_C8tEStTE3TJrzMvnpAfs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/c8ea46-9dc2-4036-9096-4cd77b38f1b1/1/7XPCZgmxsh2HpoEwLvLSb8CgD6M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.8.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:95:3b:97:41:e7:17:fe:6b:84:ca:e9:06:ba:07:3e:7b:7f:
         6b:a4:54:7e:83:e7:54:50:74:d0:4b:d9:0b:02:fb:2b:10:0c:
         bb:d3:74:ca:50:57:95:e6:6d:11:9b:4d:18:f8:d3:db:c5:4f:
         82:35:0d:1f:79:bd:2f:5f:34:6d:44:76:2d:64:e6:89:e2:79:
         09:75:e9:47:fc:1a:1e:49:84:d0:90:19:6e:1a:b2:c4:0f:c5:
         56:c8:54:87:2d:f6:ff:5c:b0:69:96:d9:e5:7e:06:a5:71:6f:
         83:d6:d3:d1:34:fa:19:69:06:cc:1e:d1:32:83:54:38:0d:44:
         b3:92:ce:0c:9b:70:4b:ef:a3:9b:2b:2d:8a:c3:66:34:0c:65:
         c4:d6:11:ad:15:9f:7d:1f:a0:33:90:3b:92:b1:43:83:e9:79:
         c9:ce:b2:aa:e1:01:67:5b:33:fd:f7:7f:25:40:30:e3:1d:5e:
         32:9c:d8:98:44:e5:49:22:d5:80:96:f2:39:21:46:85:75:17:
         33:6f:64:d2:fa:30:83:36:81:bb:ce:38:cb:fc:40:ed:a6:98:
         34:87:75:b1:22:71:f5:96:0a:59:4a:90:cb:3f:ef:05:51:e2:
         ac:49:ef:9d:ca:e4:06:9d:8d:6d:e3:d6:0f:77:83:76:fc:4e:
         7f:1b:e4:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJIhM7xjHHy1fRUc8lhvnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkNzNjMjY2MDliMWIyMWQ4N2E2ODEzMDJlZjJkMjZmYzBh
MDBmYTMwHhcNMjQwMTAxMDgyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjMxZmU2NmRmYzJmMmQxMTJiNTMxMzc0YzlhZjMzMmY5ZTkwMWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqp7rLpS15u3JIxoJwWmSXC1LFmZq
RfKsX1vkKyNZoqhRNSABmktMXdc02HDHBzhCjU4Mgd27lacHSg0sXKuOJE6hqtAL
T7dHc7lKjAKZwKIbBUIitPPnRVhwTkAY2HFIhUOGlZcKoKgTlN33jAyAH7gmalm0
ERFsFIGOuNf7HU3AeMW3FDnZw+AuGaGR6NEOhDTXj1r3jpCj2amykIb2WYDev+I4
fTr6YBAcGvIycKQc1yzqCLozSICdDvafFUKA1qdzFg4axAXIgIxvP9MY9h6h7t57
lBDtID1aqcphOe8lxoTAgGccrBNUDLkUuMdJ7atcBRm/KyfKSGUU6vfALQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEIx/mbfwvLRErUxN0ya8zL56QH7MB8GA1UdIwQY
MBaAFO1zwmYJsbIdh6aBMC7y0m/AoA+jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1hQQ1pnbXhzaDJIcG9Fd0x2TFNiOENnRDZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9jOGVhNDYtOWRjMi00MDM2LTkwOTYt
NGNkNzdiMzhmMWIxLzEvUWpILVp0X0M4dEVTdFRFM1RKcnpNdm5wQWZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9jOGVhNDYtOWRjMi00MDM2LTkwOTYtNGNkNzdiMzhmMWIx
LzEvN1hQQ1pnbXhzaDJIcG9Fd0x2TFNiOENnRDZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwggyMA0G
CSqGSIb3DQEBCwUAA4IBAQCvlTuXQecX/muEyukGugc+e39rpFR+g+dUUHTQS9kL
AvsrEAy703TKUFeV5m0Rm00Y+NPbxU+CNQ0feb0vXzRtRHYtZOaJ4nkJdelH/Boe
SYTQkBluGrLED8VWyFSHLfb/XLBpltnlfgalcW+D1tPRNPoZaQbMHtEyg1Q4DUSz
ks4Mm3BL76ObKy2Kw2Y0DGXE1hGtFZ99H6AzkDuSsUOD6XnJzrKq4QFnWzP9938l
QDDjHV4ynNiYROVJItWAlvI5IUaFdRczb2TS+jCDNoG7zjjL/EDtppg0h3WxInH1
lgpZSpDLP+8FUeKsSe+dyuQGnY1t49YPd4N2/E5/G+QR
-----END CERTIFICATE-----