Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/yXmBLTIEYAILWdo56f_HGk3cTrw.roa
File:                     yXmBLTIEYAILWdo56f_HGk3cTrw.roa (raw, json)
Hash identifier:          oNx7rrDa3VbMZqs96FQLdjk0oWiSoo47F2rgHZBnWyg=
Subject key identifier:   C9:79:81:2D:32:04:60:02:0B:59:DA:39:E9:FF:C7:1A:4D:DC:4E:BC
Certificate issuer:       /CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
Certificate serial:       0194258F46C5937364E4ACB586E25EC1CEE7
Authority key identifier: 4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/yXmBLTIEYAILWdo56f_HGk3cTrw.roa
Signing time:             Thu 02 Jan 2025 05:48:54 +0000
ROA not before:           Thu 02 Jan 2025 05:48:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2723
IP address blocks:        213.198.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:46:c5:93:73:64:e4:ac:b5:86:e2:5e:c1:ce:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
        Validity
            Not Before: Jan  2 05:48:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c979812d320460020b59da39e9ffc71a4ddc4ebc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:a3:c7:5a:fd:25:ad:1a:e5:6d:1a:a6:1c:5b:
                    13:7c:23:a3:ae:c3:52:85:5c:b9:3c:a7:88:79:91:
                    e4:65:c2:bc:65:6e:2a:99:19:77:a7:61:11:da:2b:
                    6d:04:e3:90:fc:ea:ce:d2:f1:c3:79:14:70:d9:be:
                    bd:17:04:dc:dd:d7:8a:24:46:69:6e:d8:db:94:1b:
                    f6:12:61:3d:91:ae:ec:3c:73:e3:69:fa:63:ec:fe:
                    a9:12:e6:ed:5c:2c:3b:b5:7c:e8:a9:1b:31:00:7f:
                    e1:4b:ed:ae:57:a0:95:d8:93:bf:46:b1:ec:1c:b6:
                    2d:b7:b4:05:a8:b4:d0:26:c0:a2:cd:89:23:13:22:
                    d7:dc:74:c2:66:de:31:58:c2:a0:e7:8c:22:ea:95:
                    e0:3f:a5:6c:2a:9d:66:85:c2:6b:4c:aa:41:20:78:
                    cd:e3:a1:16:dd:fa:3e:4a:0f:d3:d8:d9:6c:c7:c9:
                    8a:c2:c6:47:28:98:c8:88:f7:94:6e:29:e1:51:db:
                    ef:48:1b:99:b8:cb:6a:0b:6b:73:fe:65:6f:ad:36:
                    13:e1:f3:e6:ef:a4:28:ec:dd:d5:f3:da:28:e2:d4:
                    f7:a6:9b:67:c3:bb:8b:c7:20:66:34:b7:d2:e5:3a:
                    a0:28:63:12:12:f4:dd:5b:cd:21:5f:12:89:44:02:
                    b7:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:79:81:2D:32:04:60:02:0B:59:DA:39:E9:FF:C7:1A:4D:DC:4E:BC
            X509v3 Authority Key Identifier:
                keyid:4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/yXmBLTIEYAILWdo56f_HGk3cTrw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.198.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:ac:79:3a:e2:bf:7a:d8:47:b7:d8:bc:7e:53:90:a4:05:63:
         52:ee:3e:e5:2f:ce:03:72:13:87:68:d0:a7:c0:db:9b:08:20:
         d1:3e:aa:e4:af:8f:82:30:f4:8a:33:23:39:cc:20:47:29:e3:
         40:8e:55:5f:8f:4c:b4:b4:f3:15:de:72:42:7e:9a:9b:50:a2:
         27:82:de:6d:53:cb:c4:f8:b0:22:b7:4c:7b:a7:f4:1a:f1:30:
         1e:51:a8:76:e4:e2:d8:8a:cc:62:f8:b4:95:97:a9:4c:4a:ea:
         c3:c2:d0:7a:19:4e:cf:14:9e:5f:87:ab:0e:67:c0:c5:e2:77:
         31:b9:ad:79:2f:e7:50:05:af:5d:a8:8f:2d:02:bb:d1:c4:a3:
         cb:f1:74:16:fd:68:2b:6d:73:6f:d5:66:72:57:86:5d:b0:7c:
         84:f5:5c:4c:71:91:2a:c3:64:be:05:c8:2d:eb:05:eb:40:1d:
         71:ca:33:dd:e2:95:3f:99:84:49:79:29:2b:7e:fb:74:7d:b0:
         10:57:ce:06:aa:5b:7a:f4:12:6f:ef:94:4e:99:cd:51:5a:56:
         f3:4a:89:bb:13:cf:88:40:29:c0:3f:e3:60:af:0e:f6:0b:5c:
         2f:31:eb:81:81:03:5d:8c:91:17:00:c5:99:ce:88:38:99:7a:
         ce:22:c3:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj0bFk3Nk5Ky1huJewc7nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkNWEyOTIxZmJlYjhhNDQ4ZTdhZTFlYzVhMTFiOGFiODk4
ZDIyZmQwHhcNMjUwMTAyMDU0ODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTc5ODEyZDMyMDQ2MDAyMGI1OWRhMzllOWZmYzcxYTRkZGM0ZWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsKPHWv0lrRrlbRqmHFsTfCOjrsNS
hVy5PKeIeZHkZcK8ZW4qmRl3p2ER2ittBOOQ/OrO0vHDeRRw2b69FwTc3deKJEZp
btjblBv2EmE9ka7sPHPjafpj7P6pEubtXCw7tXzoqRsxAH/hS+2uV6CV2JO/RrHs
HLYtt7QFqLTQJsCizYkjEyLX3HTCZt4xWMKg54wi6pXgP6VsKp1mhcJrTKpBIHjN
46EW3fo+Sg/T2Nlsx8mKwsZHKJjIiPeUbinhUdvvSBuZuMtqC2tz/mVvrTYT4fPm
76Qo7N3V89oo4tT3pptnw7uLxyBmNLfS5TqgKGMSEvTdW80hXxKJRAK3/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMl5gS0yBGACC1naOen/xxpN3E68MB8GA1UdIwQY
MBaAFE1aKSH764pEjnrh7FoRuKuJjSL9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUt
NzgwYTI1Y2QwZGQ5LzEveVhtQkxUSUVZQUlMV2RvNTZmX0hHazNjVHJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUtNzgwYTI1Y2QwZGQ5
LzEvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1cYyMA0G
CSqGSIb3DQEBCwUAA4IBAQB4rHk64r962Ee32Lx+U5CkBWNS7j7lL84DchOHaNCn
wNubCCDRPqrkr4+CMPSKMyM5zCBHKeNAjlVfj0y0tPMV3nJCfpqbUKIngt5tU8vE
+LAit0x7p/Qa8TAeUah25OLYisxi+LSVl6lMSurDwtB6GU7PFJ5fh6sOZ8DF4ncx
ua15L+dQBa9dqI8tArvRxKPL8XQW/WgrbXNv1WZyV4ZdsHyE9VxMcZEqw2S+Bcgt
6wXrQB1xyjPd4pU/mYRJeSkrfvt0fbAQV84Gqlt69BJv75ROmc1RWlbzSom7E8+I
QCnAP+Ngrw72C1wvMeuBgQNdjJEXAMWZzog4mXrOIsOb
-----END CERTIFICATE-----