Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/vqPilwoZWNpRehjffgNgWdd8UAc.roa
File:                     vqPilwoZWNpRehjffgNgWdd8UAc.roa (raw, json)
Hash identifier:          4iFHbI+U+r9r+nLtq3lrVR14CELI1t8xBqQ+jMA99yo=
Subject key identifier:   BE:A3:E2:97:0A:19:58:DA:51:7A:18:DF:7E:03:60:59:D7:7C:50:07
Certificate issuer:       /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial:       018F97D9CDD357FCEA48DF896CF220B6FA68
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/vqPilwoZWNpRehjffgNgWdd8UAc.roa
Signing time:             Mon 20 May 2024 21:13:04 +0000
ROA not before:           Mon 20 May 2024 21:13:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2914
IP address blocks:        50.20.224.0/21 maxlen: 24
                          212.69.88.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:97:d9:cd:d3:57:fc:ea:48:df:89:6c:f2:20:b6:fa:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
        Validity
            Not Before: May 20 21:13:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bea3e2970a1958da517a18df7e036059d77c5007
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:22:9f:6f:97:ee:c6:b3:ea:7b:fe:43:30:f6:
                    5c:94:8d:00:13:ff:f0:06:a9:ab:59:10:86:23:93:
                    2b:67:e0:94:47:eb:72:eb:27:b1:ab:c3:d2:30:63:
                    0a:91:32:ab:aa:cb:28:f1:f6:42:eb:c6:0e:58:24:
                    66:c0:2b:d3:28:d0:27:d3:3c:a9:8f:f9:49:c3:d3:
                    23:7a:6f:78:44:0a:db:4a:f3:8b:94:6e:0e:6e:e6:
                    ce:96:e6:92:3d:91:78:d6:64:f6:01:68:e1:8d:0b:
                    5a:6b:d7:fb:06:80:70:4e:9f:57:88:8f:8e:60:9e:
                    2f:8e:ce:58:ee:1f:3e:b0:75:de:70:c4:0e:32:f7:
                    56:e6:16:40:a6:6b:51:6b:80:4e:a3:66:ac:c1:d8:
                    c7:74:8f:01:93:be:bb:95:ee:cc:ae:2a:02:12:86:
                    0b:d8:9e:45:9e:b2:32:6c:fd:ab:a8:0d:e6:62:04:
                    86:af:dc:e2:29:d4:1a:6b:1f:30:5c:ad:58:23:51:
                    f9:db:1b:a1:90:e4:2d:be:bd:a6:57:f1:c9:c2:50:
                    c3:16:f8:06:2c:51:61:56:ee:93:53:c2:fb:8d:df:
                    5a:d9:12:d3:a9:3a:12:a6:d1:b4:85:8d:8e:c4:06:
                    92:be:0a:69:a9:ef:a6:b3:74:bd:95:ef:cc:7e:da:
                    2d:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:A3:E2:97:0A:19:58:DA:51:7A:18:DF:7E:03:60:59:D7:7C:50:07
            X509v3 Authority Key Identifier:
                keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/vqPilwoZWNpRehjffgNgWdd8UAc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  50.20.224.0/21
                  212.69.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         53:b6:65:d6:8a:92:0c:62:a1:e6:3e:e8:e6:e0:37:e7:cd:02:
         66:c0:45:8c:24:bd:6a:bc:bf:e3:d8:82:ae:84:89:ef:35:af:
         1b:91:f0:d3:56:23:ba:f3:b2:54:80:62:71:8f:78:d6:18:f2:
         4c:fa:e1:5b:d2:a4:f2:39:a9:ca:11:1e:b3:29:4e:b3:db:d2:
         c0:84:42:77:cd:1f:91:4d:ec:99:f8:2e:16:9d:dd:fd:55:19:
         3f:2b:c8:d1:37:80:8f:80:2e:ba:16:62:50:45:f2:b8:7b:70:
         43:8b:32:56:36:66:6d:62:84:6b:8f:94:ff:4b:ae:76:94:5e:
         39:2e:7e:0a:fd:3b:66:a0:62:09:d0:dc:29:16:26:eb:c5:b0:
         01:0b:b7:96:d2:89:6a:e5:a3:67:8f:cb:75:89:32:c7:03:7b:
         93:30:b8:dd:2c:57:c1:b2:5a:a4:f0:ee:15:4d:79:0b:c9:58:
         42:dd:bb:f8:83:81:26:c2:22:72:df:3e:60:4a:01:97:e1:e1:
         e2:4e:7b:32:13:2b:1f:c4:04:27:c7:a7:fe:c4:0a:51:c5:3b:
         49:92:e5:48:76:9a:d3:7a:b7:61:40:c1:16:56:55:57:31:68:
         61:a4:bf:c0:9a:6c:8b:f5:36:ac:77:e8:fd:a2:76:fc:84:2b:
         f3:f5:08:05
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY+X2c3TV/zqSN+JbPIgtvpoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjQwNTIwMjExMzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWEzZTI5NzBhMTk1OGRhNTE3YTE4ZGY3ZTAzNjA1OWQ3N2M1MDA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzyKfb5fuxrPqe/5DMPZclI0AE//w
BqmrWRCGI5MrZ+CUR+ty6yexq8PSMGMKkTKrqsso8fZC68YOWCRmwCvTKNAn0zyp
j/lJw9Mjem94RArbSvOLlG4ObubOluaSPZF41mT2AWjhjQtaa9f7BoBwTp9XiI+O
YJ4vjs5Y7h8+sHXecMQOMvdW5hZApmtRa4BOo2aswdjHdI8Bk767le7MrioCEoYL
2J5FnrIybP2rqA3mYgSGr9ziKdQaax8wXK1YI1H52xuhkOQtvr2mV/HJwlDDFvgG
LFFhVu6TU8L7jd9a2RLTqToSptG0hY2OxAaSvgppqe+ms3S9le/Mftot6QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL6j4pcKGVjaUXoY334DYFnXfFAHMB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvdnFQaWx3b1pXTnBSZWhqZmZnTmdXZGQ4VUFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDMhTgAwQC
1EVYMA0GCSqGSIb3DQEBCwUAA4IBAQBTtmXWipIMYqHmPujm4DfnzQJmwEWMJL1q
vL/j2IKuhInvNa8bkfDTViO687JUgGJxj3jWGPJM+uFb0qTyOanKER6zKU6z29LA
hEJ3zR+RTeyZ+C4Wnd39VRk/K8jRN4CPgC66FmJQRfK4e3BDizJWNmZtYoRrj5T/
S652lF45Ln4K/TtmoGIJ0NwpFibrxbABC7eW0olq5aNnj8t1iTLHA3uTMLjdLFfB
slqk8O4VTXkLyVhC3bv4g4EmwiJy3z5gSgGX4eHiTnsyEysfxAQnx6f+xApRxTtJ
kuVIdprTerdhQMEWVlVXMWhhpL/AmmyL9Tasd+j9onb8hCvz9QgF
-----END CERTIFICATE-----