Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ce58d5-126a-44aa-aa08-0f3c1658d0b7/1/BOwwbvm3oae7Foiw2wzEiWbrpTU.roa
File:                     BOwwbvm3oae7Foiw2wzEiWbrpTU.roa (raw, json)
Hash identifier:          OVy4QuT+Uc9YGU8UsoXG1QCx2e9Hyj/bbp+6BV+KiP8=
Subject key identifier:   04:EC:30:6E:F9:B7:A1:A7:BB:16:88:B0:DB:0C:C4:89:66:EB:A5:35
Certificate issuer:       /CN=50963f0e67f4d893cf3d701a23610e6f38959260
Certificate serial:       018E510A0DEB8A803788510CF11267C34994
Authority key identifier: 50:96:3F:0E:67:F4:D8:93:CF:3D:70:1A:23:61:0E:6F:38:95:92:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UJY_Dmf02JPPPXAaI2EObziVkmA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ce58d5-126a-44aa-aa08-0f3c1658d0b7/1/BOwwbvm3oae7Foiw2wzEiWbrpTU.roa
Signing time:             Mon 18 Mar 2024 10:09:57 +0000
ROA not before:           Mon 18 Mar 2024 10:09:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35625
IP address blocks:        185.118.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ce58d5-126a-44aa-aa08-0f3c1658d0b7/1/UJY_Dmf02JPPPXAaI2EObziVkmA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ce58d5-126a-44aa-aa08-0f3c1658d0b7/1/UJY_Dmf02JPPPXAaI2EObziVkmA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UJY_Dmf02JPPPXAaI2EObziVkmA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jul 2024 23:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:51:0a:0d:eb:8a:80:37:88:51:0c:f1:12:67:c3:49:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50963f0e67f4d893cf3d701a23610e6f38959260
        Validity
            Not Before: Mar 18 10:09:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=04ec306ef9b7a1a7bb1688b0db0cc48966eba535
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:36:c1:54:06:bd:e8:89:17:dd:29:bf:8e:5d:
                    78:66:e7:53:54:df:b5:36:77:5d:7e:5e:74:5b:5d:
                    6f:8f:38:ab:1a:f5:cc:2d:c7:e2:c3:59:f7:f6:a5:
                    91:ba:9f:34:bc:e6:85:d9:f3:f4:05:c3:61:a0:c5:
                    41:2e:ff:49:db:84:9c:f0:82:8e:4e:22:60:60:dd:
                    98:2f:c1:46:db:d3:2d:16:73:55:4e:c8:aa:b6:c7:
                    48:75:a8:00:d0:8c:cc:c9:e3:cb:44:3f:d4:79:94:
                    13:df:3e:11:8e:73:6c:5d:75:eb:dc:1d:a6:1c:7c:
                    15:59:06:cf:50:d9:e3:cb:4d:a8:3a:a6:6c:9b:62:
                    16:ce:b5:a5:59:9f:c1:ac:69:75:7a:91:17:97:f0:
                    37:4f:e9:f2:95:65:f9:59:b8:ee:41:a1:04:b7:a0:
                    fe:c9:04:be:ef:2f:a2:a9:b8:1f:2c:fe:af:f7:87:
                    de:44:bf:a5:e3:0e:c7:3d:d8:21:94:f4:ff:60:1d:
                    82:7b:bc:7e:a0:ef:08:8e:4a:fd:ad:00:5e:b7:80:
                    4f:d1:a1:a9:ec:f5:9e:13:47:7d:76:a0:79:d1:d6:
                    11:1f:98:e5:52:39:54:7a:18:e7:d8:b1:dd:66:aa:
                    9d:df:12:1c:6b:0a:bc:b1:ef:a2:dd:f0:8b:13:c5:
                    76:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:EC:30:6E:F9:B7:A1:A7:BB:16:88:B0:DB:0C:C4:89:66:EB:A5:35
            X509v3 Authority Key Identifier:
                keyid:50:96:3F:0E:67:F4:D8:93:CF:3D:70:1A:23:61:0E:6F:38:95:92:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UJY_Dmf02JPPPXAaI2EObziVkmA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ce58d5-126a-44aa-aa08-0f3c1658d0b7/1/BOwwbvm3oae7Foiw2wzEiWbrpTU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ce58d5-126a-44aa-aa08-0f3c1658d0b7/1/UJY_Dmf02JPPPXAaI2EObziVkmA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.118.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:21:36:9d:f4:69:21:94:47:41:5a:fc:01:aa:b2:25:24:b6:
         83:17:49:14:7e:49:1f:5d:86:76:ff:bf:df:bd:88:6b:80:99:
         d6:0d:64:00:d8:31:9d:66:32:0e:2c:7a:c4:25:d9:bf:bc:f0:
         74:7e:d3:77:70:84:a2:ac:e7:b7:32:8e:da:10:18:ad:e5:c3:
         f1:7f:8f:48:7a:c9:cf:06:ec:32:1d:43:f7:40:bc:f6:5a:fc:
         be:c5:a9:cb:a8:93:a3:02:29:cd:f6:44:68:bd:67:2d:2c:81:
         c9:17:8b:cb:29:09:fb:22:71:4d:80:a2:ae:34:50:1c:04:f0:
         1e:d5:2b:b8:71:9c:09:8c:ff:9e:23:2e:49:3a:27:f5:b4:5f:
         ed:4b:b7:75:a6:7e:b7:d1:fe:77:e3:e9:49:23:7f:56:84:f8:
         c0:b1:78:5e:df:15:43:52:1c:92:3f:28:bc:4b:99:7d:94:8c:
         5a:e9:94:58:5e:51:3c:15:7f:25:e7:c5:6c:cb:db:b6:af:05:
         94:6a:c5:bb:53:e2:5a:01:28:ba:3c:62:22:d4:8c:99:94:a2:
         a0:f1:b4:8f:93:8b:b7:9b:17:8c:b1:7c:72:e3:04:64:93:1b:
         ed:6a:3f:5b:9b:f4:9c:6f:41:b2:70:ed:6d:4e:c9:2e:fa:a1:
         45:c0:ff:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5RCg3rioA3iFEM8RJnw0mUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwOTYzZjBlNjdmNGQ4OTNjZjNkNzAxYTIzNjEwZTZmMzg5
NTkyNjAwHhcNMjQwMzE4MTAwOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGVjMzA2ZWY5YjdhMWE3YmIxNjg4YjBkYjBjYzQ4OTY2ZWJhNTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4DbBVAa96IkX3Sm/jl14ZudTVN+1
Nnddfl50W11vjzirGvXMLcfiw1n39qWRup80vOaF2fP0BcNhoMVBLv9J24Sc8IKO
TiJgYN2YL8FG29MtFnNVTsiqtsdIdagA0IzMyePLRD/UeZQT3z4RjnNsXXXr3B2m
HHwVWQbPUNnjy02oOqZsm2IWzrWlWZ/BrGl1epEXl/A3T+nylWX5WbjuQaEEt6D+
yQS+7y+iqbgfLP6v94feRL+l4w7HPdghlPT/YB2Ce7x+oO8Ijkr9rQBet4BP0aGp
7PWeE0d9dqB50dYRH5jlUjlUehjn2LHdZqqd3xIcawq8se+i3fCLE8V2MQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFATsMG75t6GnuxaIsNsMxIlm66U1MB8GA1UdIwQY
MBaAFFCWPw5n9NiTzz1wGiNhDm84lZJgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUpZX0RtZjAySlBQUFhBYUkyRU9iemlWa21BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9jZTU4ZDUtMTI2YS00NGFhLWFhMDgt
MGYzYzE2NThkMGI3LzEvQk93d2J2bTNvYWU3Rm9pdzJ3ekVpV2JycFRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9jZTU4ZDUtMTI2YS00NGFhLWFhMDgtMGYzYzE2NThkMGI3
LzEvVUpZX0RtZjAySlBQUFhBYUkyRU9iemlWa21BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXZ3MA0G
CSqGSIb3DQEBCwUAA4IBAQCVITad9GkhlEdBWvwBqrIlJLaDF0kUfkkfXYZ2/7/f
vYhrgJnWDWQA2DGdZjIOLHrEJdm/vPB0ftN3cISirOe3Mo7aEBit5cPxf49IesnP
BuwyHUP3QLz2Wvy+xanLqJOjAinN9kRovWctLIHJF4vLKQn7InFNgKKuNFAcBPAe
1Su4cZwJjP+eIy5JOif1tF/tS7d1pn630f534+lJI39WhPjAsXhe3xVDUhySPyi8
S5l9lIxa6ZRYXlE8FX8l58Vsy9u2rwWUasW7U+JaASi6PGIi1IyZlKKg8bSPk4u3
mxeMsXxy4wRkkxvtaj9bm/Scb0GycO1tTsku+qFFwP9v
-----END CERTIFICATE-----