Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/xt0orRn_8R8AoPkZMg7hV5K_W94.roa
File:                     xt0orRn_8R8AoPkZMg7hV5K_W94.roa (raw, json)
Hash identifier:          31dB2yB2lX9jASOTbxAsu3hVwwbkrWHxmSCsqR/9iBo=
Subject key identifier:   C6:DD:28:AD:19:FF:F1:1F:00:A0:F9:19:32:0E:E1:57:92:BF:5B:DE
Certificate issuer:       /CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
Certificate serial:       018CC79520E382377DF613A639B187CAD4CD
Authority key identifier: 48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/xt0orRn_8R8AoPkZMg7hV5K_W94.roa
Signing time:             Tue 02 Jan 2024 00:31:28 +0000
ROA not before:           Tue 02 Jan 2024 00:31:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200456
IP address blocks:        194.146.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 23:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:20:e3:82:37:7d:f6:13:a6:39:b1:87:ca:d4:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
        Validity
            Not Before: Jan  2 00:31:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c6dd28ad19fff11f00a0f919320ee15792bf5bde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:8c:30:b3:4b:6a:5c:79:48:f1:af:c4:ce:44:
                    62:00:c8:d1:89:c4:0a:9a:bc:ab:42:98:53:59:d6:
                    61:fc:03:e3:a8:2b:4d:bd:87:0b:67:6d:9c:6c:fb:
                    5c:ed:3f:79:ed:77:46:8e:10:21:93:16:c0:81:ce:
                    8a:06:42:59:9a:8c:f1:c3:75:5e:1a:73:21:21:0f:
                    1d:93:28:a0:56:4b:b9:d9:3f:4f:96:78:df:55:36:
                    69:ce:72:52:8e:ed:02:09:db:35:62:b6:6c:8e:e2:
                    5f:83:35:87:36:de:36:cc:42:23:a0:11:81:db:9a:
                    51:d7:99:f3:c6:d0:ba:4f:4d:b3:50:19:99:6f:af:
                    dc:c7:e9:17:62:5a:23:14:7f:3a:bb:31:47:26:71:
                    c6:db:f1:c6:fd:7b:32:15:a9:13:c0:fb:3d:68:cf:
                    da:a3:32:37:94:5f:57:5b:a5:d8:55:69:db:ea:e3:
                    81:e1:ff:0d:cd:ab:b4:9f:61:3c:5a:e7:05:57:9e:
                    ea:65:51:5d:8c:fd:d2:f3:e5:79:b6:29:21:dc:18:
                    ca:82:63:c0:14:99:d9:2c:60:21:b6:a9:f0:32:a6:
                    ed:0e:75:9c:a0:ab:e4:e1:52:aa:75:b8:d8:4d:27:
                    00:ab:c5:c0:22:48:1d:cd:0f:9e:57:3f:b5:b6:ab:
                    29:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:DD:28:AD:19:FF:F1:1F:00:A0:F9:19:32:0E:E1:57:92:BF:5B:DE
            X509v3 Authority Key Identifier:
                keyid:48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/xt0orRn_8R8AoPkZMg7hV5K_W94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.146.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:fa:91:66:10:fc:75:5f:f2:b7:69:24:e7:4a:50:a9:3b:ca:
         11:d7:ef:6c:97:0d:10:72:a1:db:d1:97:f9:01:2c:59:97:c2:
         63:74:45:95:4c:b2:15:a3:ac:9d:12:d6:00:2a:30:0b:38:33:
         5b:ec:bd:a5:c2:cb:80:fa:ba:4d:ca:0e:33:7e:9d:24:0e:a5:
         27:21:65:95:37:6e:34:b8:b4:81:8c:71:57:a8:cf:26:a1:77:
         0f:61:da:7f:cc:2d:1d:91:92:3b:cb:c1:50:e4:9e:0e:89:1e:
         09:3b:05:93:86:05:e5:08:aa:b7:76:15:7b:e7:3a:3b:ee:9b:
         c4:22:6e:70:ff:43:4e:43:04:20:c8:bd:bd:25:89:f3:2a:ed:
         59:92:fd:2f:e6:d5:ba:88:43:63:c3:eb:ff:d7:f5:a1:26:d6:
         0f:da:fd:6e:88:86:7d:d8:96:ae:3d:e2:45:d8:03:9c:0f:f0:
         41:18:b3:f9:76:65:93:61:25:bd:a6:35:56:aa:f9:79:0a:88:
         44:c8:cf:36:26:5d:57:b3:ed:33:0d:e1:38:ff:35:6c:8e:1d:
         12:fb:64:c3:93:6f:bf:bc:bc:c1:29:ec:41:94:11:64:fc:0c:
         c0:39:14:ed:f9:bb:bc:20:e8:59:23:94:6e:33:ea:66:f4:54:
         0f:cc:43:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlSDjgjd99hOmObGHytTNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MDVmMTdjMmQ3MTMzZDJkYWQzYThkZjdlMzUzMTVlMzdl
ZjVkYWYwHhcNMjQwMTAyMDAzMTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmRkMjhhZDE5ZmZmMTFmMDBhMGY5MTkzMjBlZTE1NzkyYmY1YmRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnYwws0tqXHlI8a/EzkRiAMjRicQK
mryrQphTWdZh/APjqCtNvYcLZ22cbPtc7T957XdGjhAhkxbAgc6KBkJZmozxw3Ve
GnMhIQ8dkyigVku52T9PlnjfVTZpznJSju0CCds1YrZsjuJfgzWHNt42zEIjoBGB
25pR15nzxtC6T02zUBmZb6/cx+kXYlojFH86uzFHJnHG2/HG/XsyFakTwPs9aM/a
ozI3lF9XW6XYVWnb6uOB4f8Nzau0n2E8WucFV57qZVFdjP3S8+V5tikh3BjKgmPA
FJnZLGAhtqnwMqbtDnWcoKvk4VKqdbjYTScAq8XAIkgdzQ+eVz+1tqsprQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMbdKK0Z//EfAKD5GTIO4VeSv1veMB8GA1UdIwQY
MBaAFEgF8XwtcTPS2tOo3341MV43712vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUt
NWRkNmUyMmViYWIwLzEveHQwb3JSbl84UjhBb1BrWk1nN2hWNUtfVzk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUtNWRkNmUyMmViYWIw
LzEvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpIyMA0G
CSqGSIb3DQEBCwUAA4IBAQCJ+pFmEPx1X/K3aSTnSlCpO8oR1+9slw0QcqHb0Zf5
ASxZl8JjdEWVTLIVo6ydEtYAKjALODNb7L2lwsuA+rpNyg4zfp0kDqUnIWWVN240
uLSBjHFXqM8moXcPYdp/zC0dkZI7y8FQ5J4OiR4JOwWThgXlCKq3dhV75zo77pvE
Im5w/0NOQwQgyL29JYnzKu1Zkv0v5tW6iENjw+v/1/WhJtYP2v1uiIZ92JauPeJF
2AOcD/BBGLP5dmWTYSW9pjVWqvl5CohEyM82Jl1Xs+0zDeE4/zVsjh0S+2TDk2+/
vLzBKexBlBFk/AzAORTt+bu8IOhZI5RuM+pm9FQPzEPf
-----END CERTIFICATE-----