Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/77fa2a-13fc-4da6-aebb-7456f430c3f1/1/4IU66ltB5spMCU1NkhmnAMSEiws.roa
File:                     4IU66ltB5spMCU1NkhmnAMSEiws.roa (raw, json)
Hash identifier:          jkXsgCZ9AOwz4i9eeBiFtGjyKyqIabmttJku6EP5dW8=
Subject key identifier:   E0:85:3A:EA:5B:41:E6:CA:4C:09:4D:4D:92:19:A7:00:C4:84:8B:0B
Certificate issuer:       /CN=50f5fe99bc2232887116fdac82d4082adbc6acb7
Certificate serial:       019426D9F669897D4E403918180B6A8011C1
Authority key identifier: 50:F5:FE:99:BC:22:32:88:71:16:FD:AC:82:D4:08:2A:DB:C6:AC:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UPX-mbwiMohxFv2sgtQIKtvGrLc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/77fa2a-13fc-4da6-aebb-7456f430c3f1/1/4IU66ltB5spMCU1NkhmnAMSEiws.roa
Signing time:             Thu 02 Jan 2025 11:50:06 +0000
ROA not before:           Thu 02 Jan 2025 11:50:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44317
IP address blocks:        176.121.224.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/77fa2a-13fc-4da6-aebb-7456f430c3f1/1/UPX-mbwiMohxFv2sgtQIKtvGrLc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/77fa2a-13fc-4da6-aebb-7456f430c3f1/1/UPX-mbwiMohxFv2sgtQIKtvGrLc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UPX-mbwiMohxFv2sgtQIKtvGrLc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 20:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:f6:69:89:7d:4e:40:39:18:18:0b:6a:80:11:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50f5fe99bc2232887116fdac82d4082adbc6acb7
        Validity
            Not Before: Jan  2 11:50:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e0853aea5b41e6ca4c094d4d9219a700c4848b0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:ac:d4:f8:45:a1:f0:cf:bd:3c:09:6c:9a:7e:
                    66:69:81:9b:d2:bc:d0:6f:56:95:f7:b9:c1:da:2f:
                    21:16:c1:4e:ae:fa:d2:b1:ba:63:90:b4:21:40:40:
                    bd:f2:eb:2c:79:d5:45:9a:51:76:46:36:4b:12:f5:
                    88:b7:ce:e4:25:49:ca:b8:fd:b8:f7:6b:b1:44:f5:
                    ce:82:67:eb:58:d0:e6:93:4d:a1:7f:38:cd:81:49:
                    8d:ea:0c:6d:3a:3e:8b:25:75:4c:f9:f0:64:00:7d:
                    50:79:26:af:6c:2e:4c:5e:22:a1:ac:80:4e:ef:3b:
                    6f:60:8b:bc:08:95:b8:ac:e6:91:70:86:57:4a:90:
                    26:9e:42:79:a8:49:ac:4a:d6:59:48:bc:6c:f4:b8:
                    53:2d:af:7e:7f:3d:9c:ad:8a:a8:20:3b:ea:de:b2:
                    5b:68:72:f2:40:d9:15:28:04:d9:a8:f6:e2:28:0e:
                    0e:f5:bc:cb:ea:4a:1d:1a:96:47:89:01:30:a6:da:
                    3e:aa:cf:f3:b2:f0:d5:18:2a:4e:b9:ce:8c:28:c6:
                    28:7b:26:73:9c:0c:ac:86:c4:2f:30:3f:d4:39:98:
                    5c:a0:a3:42:38:e7:f3:4e:47:48:8e:94:29:76:21:
                    9e:6c:2a:bc:7b:b4:1b:f4:a8:03:2f:2b:73:4d:95:
                    23:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:85:3A:EA:5B:41:E6:CA:4C:09:4D:4D:92:19:A7:00:C4:84:8B:0B
            X509v3 Authority Key Identifier:
                keyid:50:F5:FE:99:BC:22:32:88:71:16:FD:AC:82:D4:08:2A:DB:C6:AC:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UPX-mbwiMohxFv2sgtQIKtvGrLc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/77fa2a-13fc-4da6-aebb-7456f430c3f1/1/4IU66ltB5spMCU1NkhmnAMSEiws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/77fa2a-13fc-4da6-aebb-7456f430c3f1/1/UPX-mbwiMohxFv2sgtQIKtvGrLc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.121.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         4d:c9:6b:c6:e0:ed:7d:93:47:e1:ae:2a:78:a8:d1:ca:45:a1:
         03:cd:2e:7d:72:5c:7c:3f:34:98:91:3f:93:71:a5:30:6d:73:
         dc:46:8f:5c:64:70:90:72:38:90:e7:05:3e:c2:cf:31:7d:d7:
         ea:1a:26:10:c8:71:13:62:b8:d3:56:3b:42:99:3f:9f:bc:6a:
         d7:9f:c6:1e:fc:df:51:03:4c:55:a4:5f:df:4e:dd:03:fc:eb:
         20:f0:4e:5d:d5:eb:3d:dd:92:2f:80:f4:db:43:ec:e9:84:e0:
         8d:58:cd:19:c8:cd:4d:7d:d0:37:1c:af:e6:3b:1f:40:06:79:
         18:10:64:1c:3e:55:8e:95:f7:99:e3:23:be:e0:e2:ce:17:34:
         6c:f2:42:2a:7f:68:96:cb:80:12:69:40:68:a1:bc:7e:8d:ef:
         fa:43:20:62:42:a5:d9:66:d0:63:c1:63:14:c4:f0:0b:08:62:
         f0:81:80:29:41:22:81:ce:b2:d6:ef:17:19:a2:87:4d:2e:98:
         d0:80:f3:86:8c:30:20:77:92:92:7a:34:ab:cb:2d:9f:34:91:
         c1:b4:f1:08:61:7a:cf:06:9a:46:18:4c:83:08:c3:70:32:04:
         e1:b2:fe:1a:0c:4d:26:69:d8:ee:05:ef:dd:42:ce:88:c0:11:
         a0:c6:25:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2fZpiX1OQDkYGAtqgBHBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwZjVmZTk5YmMyMjMyODg3MTE2ZmRhYzgyZDQwODJhZGJj
NmFjYjcwHhcNMjUwMTAyMTE1MDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDg1M2FlYTViNDFlNmNhNGMwOTRkNGQ5MjE5YTcwMGM0ODQ4YjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA26zU+EWh8M+9PAlsmn5maYGb0rzQ
b1aV97nB2i8hFsFOrvrSsbpjkLQhQEC98ussedVFmlF2RjZLEvWIt87kJUnKuP24
92uxRPXOgmfrWNDmk02hfzjNgUmN6gxtOj6LJXVM+fBkAH1QeSavbC5MXiKhrIBO
7ztvYIu8CJW4rOaRcIZXSpAmnkJ5qEmsStZZSLxs9LhTLa9+fz2crYqoIDvq3rJb
aHLyQNkVKATZqPbiKA4O9bzL6kodGpZHiQEwpto+qs/zsvDVGCpOuc6MKMYoeyZz
nAyshsQvMD/UOZhcoKNCOOfzTkdIjpQpdiGebCq8e7Qb9KgDLytzTZUjNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOCFOupbQebKTAlNTZIZpwDEhIsLMB8GA1UdIwQY
MBaAFFD1/pm8IjKIcRb9rILUCCrbxqy3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVBYLW1id2lNb2h4RnYyc2d0UUlLdHZHckxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC83N2ZhMmEtMTNmYy00ZGE2LWFlYmIt
NzQ1NmY0MzBjM2YxLzEvNElVNjZsdEI1c3BNQ1UxTmtobW5BTVNFaXdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC83N2ZhMmEtMTNmYy00ZGE2LWFlYmItNzQ1NmY0MzBjM2Yx
LzEvVVBYLW1id2lNb2h4RnYyc2d0UUlLdHZHckxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFsHngMA0G
CSqGSIb3DQEBCwUAA4IBAQBNyWvG4O19k0fhrip4qNHKRaEDzS59clx8PzSYkT+T
caUwbXPcRo9cZHCQcjiQ5wU+ws8xfdfqGiYQyHETYrjTVjtCmT+fvGrXn8Ye/N9R
A0xVpF/fTt0D/Osg8E5d1es93ZIvgPTbQ+zphOCNWM0ZyM1NfdA3HK/mOx9ABnkY
EGQcPlWOlfeZ4yO+4OLOFzRs8kIqf2iWy4ASaUBoobx+je/6QyBiQqXZZtBjwWMU
xPALCGLwgYApQSKBzrLW7xcZoodNLpjQgPOGjDAgd5KSejSryy2fNJHBtPEIYXrP
BppGGEyDCMNwMgThsv4aDE0madjuBe/dQs6IwBGgxiV9
-----END CERTIFICATE-----