Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS50385.roa
File:                     AS50385.roa (raw, json)
Hash identifier:          pw7KkLaPIFvJuIdjKdLsrFNwYH30dvhrvQXVRNqsywU=
Subject key identifier:   17:58:8B:76:F9:7F:B8:0E:A6:74:6D:C9:A5:AF:48:C2:EB:5E:0F:9F
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       6E23B683FC80A2CDE41AE67C8F76E23B46D0E3B3
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS50385.roa
Signing time:             Sun 19 May 2024 08:51:03 +0000
ROA not before:           Sun 19 May 2024 08:46:03 +0000
ROA not after:            Sun 18 May 2025 08:51:03 +0000
asID:                     50385
IP address blocks:        193.111.117.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 19:54:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:23:b6:83:fc:80:a2:cd:e4:1a:e6:7c:8f:76:e2:3b:46:d0:e3:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: May 19 08:46:03 2024 GMT
            Not After : May 18 08:51:03 2025 GMT
        Subject: CN=17588B76F97FB80EA6746DC9A5AF48C2EB5E0F9F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:08:5e:95:13:cf:11:85:9e:eb:66:4d:18:61:
                    ae:5d:1b:f9:c8:69:19:51:68:01:00:68:ff:dd:2d:
                    1e:a5:f3:ef:72:47:6a:8e:f8:c6:23:a6:69:48:24:
                    ea:7c:a4:f6:b1:15:02:1a:8c:db:43:35:a8:64:f9:
                    1c:1c:d6:11:3d:ab:85:1d:69:5f:d0:a1:1d:28:80:
                    b3:df:eb:81:76:a6:43:4f:ea:5d:ee:fb:8e:38:93:
                    b5:14:b2:0c:c7:52:e7:2f:ba:45:39:94:a3:54:5d:
                    f1:31:e5:81:29:cd:88:f7:e4:d1:e4:99:30:23:86:
                    a2:4a:c7:e0:9d:00:ec:7a:c6:e9:c7:53:5e:3f:bc:
                    5d:19:12:ee:1c:e7:1e:da:1f:93:f5:bf:3b:ba:6f:
                    8b:e1:e2:b7:a4:7c:bb:f5:8c:a3:0b:94:10:65:65:
                    61:0d:f0:cb:ce:15:63:8c:eb:6d:c6:e1:d0:90:96:
                    a0:d8:f6:82:19:5a:ba:17:35:85:f1:3a:48:b4:7d:
                    75:07:c7:51:c4:1f:c1:8c:dc:ac:ec:fb:1f:a1:a8:
                    35:49:71:9d:b9:ab:ca:f4:9e:37:a2:bf:f3:8f:e7:
                    a6:e8:48:6d:d3:c4:fc:04:2d:31:55:ec:2a:d4:54:
                    ea:bf:ca:23:58:dd:f8:4b:20:83:0e:94:0a:50:08:
                    1d:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:58:8B:76:F9:7F:B8:0E:A6:74:6D:C9:A5:AF:48:C2:EB:5E:0F:9F
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS50385.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.111.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:87:75:3a:5e:fa:ac:b7:2f:2f:02:dc:dd:c9:91:d5:c2:1a:
         d2:10:3a:f7:d8:4a:ef:3d:74:27:a8:af:f5:3b:41:69:02:ef:
         b4:ba:a0:87:3f:3b:ae:08:6b:6a:7e:e1:75:79:c0:2b:0f:52:
         ed:91:f4:b4:dc:9b:34:9d:8d:17:7e:32:48:1c:03:7a:31:ac:
         b5:18:45:70:9b:4f:68:fa:0d:11:4c:bf:11:69:03:2a:b0:e2:
         a1:80:b4:d0:74:fe:e6:63:73:57:79:01:4b:d8:09:fe:67:93:
         7b:18:0c:86:af:ec:4d:93:ae:a0:2b:e4:0a:b8:8c:1b:2a:9b:
         bf:3a:d7:3c:eb:85:4c:b0:c3:e7:f5:4b:67:d4:02:73:e7:b3:
         be:c5:88:49:d2:f2:63:8e:02:76:a8:30:9c:ee:f4:03:51:b8:
         dd:61:bd:c6:37:a8:90:3d:3e:f5:7c:39:fb:95:38:b0:2b:31:
         56:b0:57:8c:b5:ba:da:f1:07:9e:cd:cc:1e:08:76:40:65:ad:
         67:df:eb:18:b8:4e:a6:4e:ea:57:3a:d4:39:b7:fc:76:2d:f4:
         94:14:54:4f:c3:18:98:31:90:bc:b3:ac:0f:4a:ff:fe:27:56:
         9c:1a:6e:ad:92:32:64:60:e0:43:b6:e2:f5:b7:7b:52:e7:de:
         5c:b6:fb:ae
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUbiO2g/yAos3kGuZ8j3biO0bQ47MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDA1MTkwODQ2MDNaFw0yNTA1MTgwODUxMDNaMDMxMTAvBgNV
BAMTKDE3NTg4Qjc2Rjk3RkI4MEVBNjc0NkRDOUE1QUY0OEMyRUI1RTBGOUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxCF6VE88RhZ7rZk0YYa5dG/nI
aRlRaAEAaP/dLR6l8+9yR2qO+MYjpmlIJOp8pPaxFQIajNtDNahk+Rwc1hE9q4Ud
aV/QoR0ogLPf64F2pkNP6l3u+444k7UUsgzHUucvukU5lKNUXfEx5YEpzYj35NHk
mTAjhqJKx+CdAOx6xunHU14/vF0ZEu4c5x7aH5P1vzu6b4vh4rekfLv1jKMLlBBl
ZWEN8MvOFWOM623G4dCQlqDY9oIZWroXNYXxOki0fXUHx1HEH8GM3Kzs+x+hqDVJ
cZ25q8r0njeiv/OP56boSG3TxPwELTFV7CrUVOq/yiNY3fhLIIMOlApQCB03AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUF1iLdvl/uA6mdG3Jpa9IwuteD58wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNTAzODUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADBb3Uw
DQYJKoZIhvcNAQELBQADggEBALCHdTpe+qy3Ly8C3N3JkdXCGtIQOvfYSu89dCeo
r/U7QWkC77S6oIc/O64Ia2p+4XV5wCsPUu2R9LTcmzSdjRd+MkgcA3oxrLUYRXCb
T2j6DRFMvxFpAyqw4qGAtNB0/uZjc1d5AUvYCf5nk3sYDIav7E2TrqAr5Aq4jBsq
m7861zzrhUyww+f1S2fUAnPns77FiEnS8mOOAnaoMJzu9ANRuN1hvcY3qJA9PvV8
OfuVOLArMVawV4y1utrxB57NzB4IdkBlrWff6xi4TqZO6lc61Dm3/HYt9JQUVE/D
GJgxkLyzrA9K//4nVpwabq2SMmRg4EO24vW3e1Ln3ly2+64=
-----END CERTIFICATE-----