Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/b42949-ee0a-4123-87bf-30189a5a4eba/1/lsGvSke7WiBxu7As3xtdo2tm8FM.roa
File:                     lsGvSke7WiBxu7As3xtdo2tm8FM.roa (raw, json)
Hash identifier:          MXzauXCzOAHoQhiLB4LbBDy1gGefx040R+U5hJWCAVY=
Subject key identifier:   96:C1:AF:4A:47:BB:5A:20:71:BB:B0:2C:DF:1B:5D:A3:6B:66:F0:53
Certificate issuer:       /CN=a85310f503137ae8b35d4f329f46f069dd703815
Certificate serial:       018CC3B6DF51206048B16D02DD869AAB059A
Authority key identifier: A8:53:10:F5:03:13:7A:E8:B3:5D:4F:32:9F:46:F0:69:DD:70:38:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qFMQ9QMTeuizXU8yn0bwad1wOBU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/b42949-ee0a-4123-87bf-30189a5a4eba/1/lsGvSke7WiBxu7As3xtdo2tm8FM.roa
Signing time:             Mon 01 Jan 2024 06:29:50 +0000
ROA not before:           Mon 01 Jan 2024 06:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35478
IP address blocks:        194.50.82.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/b42949-ee0a-4123-87bf-30189a5a4eba/1/qFMQ9QMTeuizXU8yn0bwad1wOBU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/b42949-ee0a-4123-87bf-30189a5a4eba/1/qFMQ9QMTeuizXU8yn0bwad1wOBU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qFMQ9QMTeuizXU8yn0bwad1wOBU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 06:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:df:51:20:60:48:b1:6d:02:dd:86:9a:ab:05:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a85310f503137ae8b35d4f329f46f069dd703815
        Validity
            Not Before: Jan  1 06:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=96c1af4a47bb5a2071bbb02cdf1b5da36b66f053
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:3d:19:f5:10:6a:4d:20:47:04:d3:99:95:1d:
                    50:b7:60:4f:30:52:a4:29:a4:5c:db:4c:5f:0d:94:
                    6f:83:a3:61:ce:92:3e:59:46:f7:35:a7:dc:7b:e6:
                    76:e3:96:dc:91:45:2d:e6:72:7e:43:fd:2d:c7:0d:
                    c9:29:98:54:eb:f1:b8:02:35:07:f7:e6:d3:2c:b9:
                    88:4e:a8:58:6e:5a:d0:cc:8a:99:cf:0a:8d:0c:15:
                    28:d4:06:d1:7e:ea:bc:21:43:c1:3d:2d:7a:ef:6e:
                    52:1e:49:c8:e1:21:5c:8f:ae:92:02:3c:39:4a:e9:
                    4c:d4:18:bd:95:25:d7:6d:42:93:3b:33:7b:05:82:
                    01:d1:72:c4:95:6b:58:bc:9b:41:57:2f:66:d6:90:
                    d7:f6:4c:61:22:aa:e2:4a:13:40:06:7b:09:46:ed:
                    ee:5f:38:f9:bf:96:3c:59:48:8f:06:55:b0:09:d3:
                    ef:80:4b:2e:66:1b:49:f5:1e:73:cf:49:9c:17:94:
                    f8:84:6f:d9:e9:d4:1f:2d:d8:ef:49:f7:a2:99:39:
                    62:07:4a:ca:f9:31:a2:c8:5a:f1:12:49:8a:cf:a4:
                    8d:fc:df:ac:63:fa:f5:58:b0:eb:9e:62:a9:ab:1d:
                    de:98:6e:f9:a5:57:6a:e4:0f:f5:42:b0:5e:83:15:
                    12:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:C1:AF:4A:47:BB:5A:20:71:BB:B0:2C:DF:1B:5D:A3:6B:66:F0:53
            X509v3 Authority Key Identifier:
                keyid:A8:53:10:F5:03:13:7A:E8:B3:5D:4F:32:9F:46:F0:69:DD:70:38:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qFMQ9QMTeuizXU8yn0bwad1wOBU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/b42949-ee0a-4123-87bf-30189a5a4eba/1/lsGvSke7WiBxu7As3xtdo2tm8FM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/b42949-ee0a-4123-87bf-30189a5a4eba/1/qFMQ9QMTeuizXU8yn0bwad1wOBU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:d5:a8:30:49:a2:b0:8f:37:5f:6b:28:f0:07:4b:c3:a5:3f:
         e6:bc:be:73:6b:de:a7:b9:33:51:62:3f:1e:27:91:ae:86:6c:
         79:02:93:56:30:bd:47:fb:94:05:7f:dc:91:e8:96:0d:e2:50:
         1f:ee:1e:2f:20:79:24:78:ba:0f:f3:e0:cd:e1:4e:61:63:a6:
         3f:ea:34:43:46:32:2a:64:93:70:74:eb:00:81:e1:bb:b3:7d:
         53:2b:ab:0a:0e:89:ae:6c:0e:75:ce:8d:51:1d:29:66:5e:36:
         b8:6c:be:c9:96:60:51:1a:d1:1d:34:f1:d0:93:07:8a:93:a8:
         c3:41:4a:68:35:b2:62:44:5d:b9:9d:37:97:d8:4e:80:24:00:
         93:da:6f:97:b5:f0:13:57:37:02:06:60:7c:7e:de:b7:54:69:
         53:a0:2a:88:93:1c:1f:a1:6a:d8:cc:4b:93:ae:55:fa:09:83:
         65:da:b3:71:e2:7c:e6:d8:51:fe:1d:93:2e:10:2e:73:13:c4:
         f1:19:56:32:54:70:41:79:d1:30:cf:d3:0b:99:d9:43:0b:50:
         5c:f2:47:83:f9:ec:48:ae:70:21:0a:ce:7e:3f:12:39:ea:83:
         43:a2:02:27:4d:17:b5:39:96:85:b7:7a:10:d6:9d:5c:d5:61:
         c8:2a:a4:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtt9RIGBIsW0C3YaaqwWaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NTMxMGY1MDMxMzdhZThiMzVkNGYzMjlmNDZmMDY5ZGQ3
MDM4MTUwHhcNMjQwMTAxMDYyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmMxYWY0YTQ3YmI1YTIwNzFiYmIwMmNkZjFiNWRhMzZiNjZmMDUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiD0Z9RBqTSBHBNOZlR1Qt2BPMFKk
KaRc20xfDZRvg6NhzpI+WUb3Nafce+Z245bckUUt5nJ+Q/0txw3JKZhU6/G4AjUH
9+bTLLmITqhYblrQzIqZzwqNDBUo1AbRfuq8IUPBPS16725SHknI4SFcj66SAjw5
SulM1Bi9lSXXbUKTOzN7BYIB0XLElWtYvJtBVy9m1pDX9kxhIqriShNABnsJRu3u
Xzj5v5Y8WUiPBlWwCdPvgEsuZhtJ9R5zz0mcF5T4hG/Z6dQfLdjvSfeimTliB0rK
+TGiyFrxEkmKz6SN/N+sY/r1WLDrnmKpqx3emG75pVdq5A/1QrBegxUSCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJbBr0pHu1ogcbuwLN8bXaNrZvBTMB8GA1UdIwQY
MBaAFKhTEPUDE3ros11PMp9G8GndcDgVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUZNUTlRTVRldWl6WFU4eW4wYndhZDF3T0JVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi9iNDI5NDktZWUwYS00MTIzLTg3YmYt
MzAxODlhNWE0ZWJhLzEvbHNHdlNrZTdXaUJ4dTdBczN4dGRvMnRtOEZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi9iNDI5NDktZWUwYS00MTIzLTg3YmYtMzAxODlhNWE0ZWJh
LzEvcUZNUTlRTVRldWl6WFU4eW4wYndhZDF3T0JVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjJSMA0G
CSqGSIb3DQEBCwUAA4IBAQAH1agwSaKwjzdfayjwB0vDpT/mvL5za96nuTNRYj8e
J5Guhmx5ApNWML1H+5QFf9yR6JYN4lAf7h4vIHkkeLoP8+DN4U5hY6Y/6jRDRjIq
ZJNwdOsAgeG7s31TK6sKDomubA51zo1RHSlmXja4bL7JlmBRGtEdNPHQkweKk6jD
QUpoNbJiRF25nTeX2E6AJACT2m+XtfATVzcCBmB8ft63VGlToCqIkxwfoWrYzEuT
rlX6CYNl2rNx4nzm2FH+HZMuEC5zE8TxGVYyVHBBedEwz9MLmdlDC1Bc8keD+exI
rnAhCs5+PxI56oNDogInTRe1OZaFt3oQ1p1c1WHIKqQE
-----END CERTIFICATE-----