Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/dQx6JvUaI1nGbW9c6SC7fLaK0hI.roa
File:                     dQx6JvUaI1nGbW9c6SC7fLaK0hI.roa (raw, json)
Hash identifier:          qsV/riGhVTbNW5EYhiMcUOi2BclPfqBGuQiCrAwD+YY=
Subject key identifier:   75:0C:7A:26:F5:1A:23:59:C6:6D:6F:5C:E9:20:BB:7C:B6:8A:D2:12
Certificate issuer:       /CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
Certificate serial:       018CC9BC8C498B50290770D8797E779A1BB3
Authority key identifier: 4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/dQx6JvUaI1nGbW9c6SC7fLaK0hI.roa
Signing time:             Tue 02 Jan 2024 10:33:46 +0000
ROA not before:           Tue 02 Jan 2024 10:33:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2723
IP address blocks:        213.198.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:8c:49:8b:50:29:07:70:d8:79:7e:77:9a:1b:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
        Validity
            Not Before: Jan  2 10:33:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=750c7a26f51a2359c66d6f5ce920bb7cb68ad212
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:0a:fe:cb:29:89:c1:7c:ff:46:01:48:d0:4f:
                    a8:c7:2c:1e:a2:ad:73:f7:72:49:bd:6a:be:0d:bb:
                    ef:a8:17:db:47:6f:42:8e:ea:c6:6a:ef:e7:d6:1c:
                    75:cc:aa:45:ad:e0:14:eb:8a:6e:ef:4a:db:84:4f:
                    7d:f2:df:51:be:62:bc:26:88:df:81:3b:ec:6c:4a:
                    3a:77:74:09:7f:cb:57:4e:01:a3:b7:b2:a7:3e:07:
                    ba:23:dd:38:d1:08:85:82:4a:45:50:b2:29:d2:a6:
                    ab:03:76:5a:de:45:29:54:53:08:22:47:ab:9f:80:
                    53:2f:42:d4:f8:a8:15:ce:16:04:14:00:b8:c9:f7:
                    41:e1:38:0a:8b:7d:2d:bf:d5:17:2e:31:36:4d:b9:
                    77:73:dc:6b:b1:a9:b3:5e:bf:97:94:e6:49:ae:12:
                    31:b8:a8:ab:66:d5:f8:eb:40:45:d7:30:b2:ec:4b:
                    73:d5:0e:4e:58:6c:e6:32:13:1e:29:25:c6:d2:e8:
                    c4:72:e7:3b:3f:29:89:4c:c4:ad:f1:fb:b4:79:b2:
                    83:d7:69:6a:2f:e5:aa:af:ce:ac:66:8a:64:ff:66:
                    93:af:ef:cd:3e:3b:19:c1:c0:a6:fa:58:00:36:bc:
                    be:47:f6:78:ab:f6:93:d8:6a:95:3a:c4:38:18:8e:
                    59:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:0C:7A:26:F5:1A:23:59:C6:6D:6F:5C:E9:20:BB:7C:B6:8A:D2:12
            X509v3 Authority Key Identifier:
                keyid:4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/dQx6JvUaI1nGbW9c6SC7fLaK0hI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.198.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:ea:44:a7:df:81:98:59:b1:24:2e:6f:ae:a3:e0:dd:e0:dd:
         4a:ea:d7:92:7b:8f:ca:17:f1:89:bc:b2:4c:c7:6c:83:3f:6e:
         53:de:2f:69:d4:c1:7c:30:85:38:6a:61:d3:b3:63:98:72:4b:
         9f:22:93:b9:0b:b3:01:1f:89:04:09:ab:09:d9:e9:9d:f0:85:
         ca:03:f3:f1:28:2a:1e:2f:de:e2:92:4f:67:8e:56:d2:c9:f8:
         8d:77:12:ea:d1:ed:fc:a7:8a:0d:fd:16:0a:96:06:ac:dc:bf:
         2b:d0:56:12:ad:95:47:8a:43:5e:a5:24:3b:f9:12:c6:3d:b6:
         4a:d0:7d:9c:12:6e:da:ff:f9:e6:52:c8:2f:5b:91:3c:90:eb:
         11:8c:c6:b0:b4:aa:85:8c:6b:06:dd:be:4e:2d:4a:d2:97:75:
         ae:5f:5f:57:6c:64:52:e8:32:44:81:04:7b:13:6f:83:d6:32:
         03:a9:a6:92:b1:28:55:44:88:9c:ea:e5:2d:3a:51:16:56:9d:
         7a:ab:dc:c5:e7:40:e2:e8:3d:dd:f6:42:34:96:48:6a:d0:e7:
         97:25:3e:8d:76:af:77:44:36:9d:b5:db:5c:90:78:41:a6:8a:
         e8:ca:33:d7:74:b6:23:74:2e:cd:1b:2f:6c:67:f3:e6:7e:24:
         f1:19:5b:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvIxJi1ApB3DYeX53mhuzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkNWEyOTIxZmJlYjhhNDQ4ZTdhZTFlYzVhMTFiOGFiODk4
ZDIyZmQwHhcNMjQwMTAyMTAzMzQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTBjN2EyNmY1MWEyMzU5YzY2ZDZmNWNlOTIwYmI3Y2I2OGFkMjEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnQr+yymJwXz/RgFI0E+oxyweoq1z
93JJvWq+DbvvqBfbR29CjurGau/n1hx1zKpFreAU64pu70rbhE998t9RvmK8Jojf
gTvsbEo6d3QJf8tXTgGjt7KnPge6I9040QiFgkpFULIp0qarA3Za3kUpVFMIIker
n4BTL0LU+KgVzhYEFAC4yfdB4TgKi30tv9UXLjE2Tbl3c9xrsamzXr+XlOZJrhIx
uKirZtX460BF1zCy7Etz1Q5OWGzmMhMeKSXG0ujEcuc7PymJTMSt8fu0ebKD12lq
L+Wqr86sZopk/2aTr+/NPjsZwcCm+lgANry+R/Z4q/aT2GqVOsQ4GI5ZzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHUMeib1GiNZxm1vXOkgu3y2itISMB8GA1UdIwQY
MBaAFE1aKSH764pEjnrh7FoRuKuJjSL9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUt
NzgwYTI1Y2QwZGQ5LzEvZFF4Nkp2VWFJMW5HYlc5YzZTQzdmTGFLMGhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUtNzgwYTI1Y2QwZGQ5
LzEvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1cYyMA0G
CSqGSIb3DQEBCwUAA4IBAQBh6kSn34GYWbEkLm+uo+Dd4N1K6teSe4/KF/GJvLJM
x2yDP25T3i9p1MF8MIU4amHTs2OYckufIpO5C7MBH4kECasJ2emd8IXKA/PxKCoe
L97ikk9njlbSyfiNdxLq0e38p4oN/RYKlgas3L8r0FYSrZVHikNepSQ7+RLGPbZK
0H2cEm7a//nmUsgvW5E8kOsRjMawtKqFjGsG3b5OLUrSl3WuX19XbGRS6DJEgQR7
E2+D1jIDqaaSsShVRIic6uUtOlEWVp16q9zF50Di6D3d9kI0lkhq0OeXJT6Ndq93
RDadtdtckHhBporoyjPXdLYjdC7NGy9sZ/PmfiTxGVvU
-----END CERTIFICATE-----