Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/tuDBQSoMKmnwhB4uovh83x4jyxs.roa
File:                     tuDBQSoMKmnwhB4uovh83x4jyxs.roa (raw, json)
Hash identifier:          Whhchh8JYYLHpdAnHtF58DIiLkGlphZAVAHr3iVzLQ8=
Subject key identifier:   B6:E0:C1:41:2A:0C:2A:69:F0:84:1E:2E:A2:F8:7C:DF:1E:23:CB:1B
Certificate issuer:       /CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
Certificate serial:       018F76E936BD10F74A489B2BD458BD07F1D5
Authority key identifier: 7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/tuDBQSoMKmnwhB4uovh83x4jyxs.roa
Signing time:             Tue 14 May 2024 11:42:26 +0000
ROA not before:           Tue 14 May 2024 11:42:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205217
IP address blocks:        185.201.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:76:e9:36:bd:10:f7:4a:48:9b:2b:d4:58:bd:07:f1:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
        Validity
            Not Before: May 14 11:42:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b6e0c1412a0c2a69f0841e2ea2f87cdf1e23cb1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:5f:1e:de:dd:6d:47:de:1c:1b:27:b2:c5:f3:
                    19:28:e6:4c:69:08:7b:35:bc:73:4a:1c:97:b9:c4:
                    08:c5:b7:a8:b9:ce:b6:38:58:8b:82:5a:73:10:84:
                    95:8c:e5:77:d5:db:c4:0e:c8:24:e5:0e:67:1f:cc:
                    01:f8:fd:e6:a6:6f:b4:44:8a:35:80:c6:44:40:08:
                    69:d7:f5:b2:a7:e9:a3:e1:c8:d1:90:9f:1e:c9:85:
                    1f:ad:06:43:e1:1b:61:4a:f8:fe:23:cd:bf:04:94:
                    45:17:ef:e3:27:c2:e7:e4:d4:90:f3:95:60:57:ba:
                    af:b6:0f:aa:d0:ef:5a:4a:b5:75:5e:97:b1:6b:13:
                    1e:f5:52:28:8a:95:12:43:2b:2d:b5:8e:89:d2:02:
                    5f:88:07:83:d3:a1:ec:a4:70:4d:f8:b4:bd:a8:dc:
                    52:5a:28:bd:3a:5c:a4:55:0e:b9:3d:39:94:38:ba:
                    a4:b6:2a:b2:9a:98:6e:1a:2e:07:4d:fb:13:9a:05:
                    16:b3:96:3f:a7:aa:b5:0c:a4:b8:10:6a:70:da:57:
                    ed:c2:33:6f:6f:0a:b9:b4:58:0b:85:20:f6:80:27:
                    6e:91:d0:88:9d:38:88:e5:69:50:89:c7:d9:3d:5c:
                    fa:ed:b6:67:41:ab:89:0e:19:91:af:ce:4c:26:05:
                    cb:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:E0:C1:41:2A:0C:2A:69:F0:84:1E:2E:A2:F8:7C:DF:1E:23:CB:1B
            X509v3 Authority Key Identifier:
                keyid:7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/tuDBQSoMKmnwhB4uovh83x4jyxs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.201.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:d3:80:6a:11:17:ad:99:e4:83:56:77:87:e6:55:74:16:99:
         bb:05:3f:bc:6f:5a:d8:09:02:29:cd:9f:8c:93:e0:ac:8d:a8:
         61:d5:e3:f4:fe:e8:a6:ec:f7:d5:87:dc:a2:03:2c:b9:60:14:
         81:ab:06:30:0b:25:a5:81:4e:da:c8:d8:e0:c1:75:78:4f:1f:
         9d:e4:54:6a:59:2e:0b:56:62:80:8a:c2:ed:17:f6:ef:8d:16:
         fc:fb:8f:2c:c5:07:c6:de:da:1e:4f:2c:c1:c5:70:c0:2f:e8:
         c5:dc:0e:07:88:2a:b3:14:a5:6a:c8:29:8f:ef:2e:9f:0f:75:
         e4:96:4c:79:d1:c8:5e:1b:64:f3:50:b0:4e:17:7e:fd:9d:b2:
         1e:c6:99:24:f3:54:87:03:b3:66:61:f6:7a:96:05:9e:ab:36:
         24:70:7f:d3:24:b7:c2:a9:bc:cf:89:98:62:f6:ac:bd:61:2e:
         cb:7d:b3:03:22:2f:9b:10:8f:24:22:5b:68:3e:3e:7e:d2:62:
         9c:9b:06:33:f2:6b:29:b6:97:68:ee:bb:b6:44:13:25:5b:c1:
         56:7a:8f:30:ba:39:5f:d2:99:68:65:33:d6:9d:31:a1:55:c0:
         90:c5:bd:e3:e3:39:49:cc:e2:49:7f:bb:57:77:1b:0e:d6:16:
         8d:a6:8a:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY926Ta9EPdKSJsr1Fi9B/HVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2QwMjJhMjQwY2U3MWUwYTZlMWU5YWFlMDExMmRhODQw
Y2MzNGIwHhcNMjQwNTE0MTE0MjI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmUwYzE0MTJhMGMyYTY5ZjA4NDFlMmVhMmY4N2NkZjFlMjNjYjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApV8e3t1tR94cGyeyxfMZKOZMaQh7
NbxzShyXucQIxbeouc62OFiLglpzEISVjOV31dvEDsgk5Q5nH8wB+P3mpm+0RIo1
gMZEQAhp1/Wyp+mj4cjRkJ8eyYUfrQZD4RthSvj+I82/BJRFF+/jJ8Ln5NSQ85Vg
V7qvtg+q0O9aSrV1XpexaxMe9VIoipUSQysttY6J0gJfiAeD06HspHBN+LS9qNxS
Wii9OlykVQ65PTmUOLqktiqymphuGi4HTfsTmgUWs5Y/p6q1DKS4EGpw2lftwjNv
bwq5tFgLhSD2gCdukdCInTiI5WlQicfZPVz67bZnQauJDhmRr85MJgXLRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLbgwUEqDCpp8IQeLqL4fN8eI8sbMB8GA1UdIwQY
MBaAFHw9AiokDOceCm4emq4BEtqEDMNLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYt
MDk0ODk4OWU2ZDU1LzEvdHVEQlFTb01LbW53aEI0dW92aDgzeDRqeXhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYtMDk0ODk4OWU2ZDU1
LzEvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuckyMA0G
CSqGSIb3DQEBCwUAA4IBAQA804BqERetmeSDVneH5lV0Fpm7BT+8b1rYCQIpzZ+M
k+Csjahh1eP0/uim7PfVh9yiAyy5YBSBqwYwCyWlgU7ayNjgwXV4Tx+d5FRqWS4L
VmKAisLtF/bvjRb8+48sxQfG3toeTyzBxXDAL+jF3A4HiCqzFKVqyCmP7y6fD3Xk
lkx50cheG2TzULBOF379nbIexpkk81SHA7NmYfZ6lgWeqzYkcH/TJLfCqbzPiZhi
9qy9YS7LfbMDIi+bEI8kIltoPj5+0mKcmwYz8msptpdo7ru2RBMlW8FWeo8wujlf
0ploZTPWnTGhVcCQxb3j4zlJzOJJf7tXdxsO1haNpopP
-----END CERTIFICATE-----