Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/c71636-edd8-4d11-85e8-b834faf6aced/1/_pJ5WosBdTYR38dZLLCr1Wy2QAo.roa
File:                     _pJ5WosBdTYR38dZLLCr1Wy2QAo.roa (raw, json)
Hash identifier:          x6o03n45ppIEEHBsFFFfX49yFf9PMhPr4neNR3rhLQo=
Subject key identifier:   FE:92:79:5A:8B:01:75:36:11:DF:C7:59:2C:B0:AB:D5:6C:B6:40:0A
Certificate issuer:       /CN=be40b3c2be7835d7b37b5826102f8746a5199d49
Certificate serial:       018CCA2A11EC616BCBB59F418187FA4908B5
Authority key identifier: BE:40:B3:C2:BE:78:35:D7:B3:7B:58:26:10:2F:87:46:A5:19:9D:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vkCzwr54Ndeze1gmEC-HRqUZnUk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/c71636-edd8-4d11-85e8-b834faf6aced/1/_pJ5WosBdTYR38dZLLCr1Wy2QAo.roa
Signing time:             Tue 02 Jan 2024 12:33:23 +0000
ROA not before:           Tue 02 Jan 2024 12:33:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50352
IP address blocks:        91.242.250.0/24 maxlen: 24
                          185.87.78.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/c71636-edd8-4d11-85e8-b834faf6aced/1/vkCzwr54Ndeze1gmEC-HRqUZnUk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/c71636-edd8-4d11-85e8-b834faf6aced/1/vkCzwr54Ndeze1gmEC-HRqUZnUk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vkCzwr54Ndeze1gmEC-HRqUZnUk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:11:ec:61:6b:cb:b5:9f:41:81:87:fa:49:08:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be40b3c2be7835d7b37b5826102f8746a5199d49
        Validity
            Not Before: Jan  2 12:33:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fe92795a8b01753611dfc7592cb0abd56cb6400a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:02:ce:b4:b1:76:b9:5f:32:76:41:12:00:c0:
                    0b:54:29:7a:91:10:a7:75:0a:04:c6:3b:e9:69:e1:
                    3a:fe:84:48:54:67:b4:dc:13:55:b4:76:f1:45:f4:
                    73:bf:67:4f:74:84:7a:3c:28:84:85:5a:ec:02:6f:
                    98:a8:7b:99:8f:9d:f0:76:34:07:dd:d3:b6:cd:78:
                    72:2f:6f:31:36:88:36:1a:3f:17:92:40:94:25:f5:
                    7f:eb:36:c1:bf:18:40:9f:4b:fd:4c:a0:1b:2a:e4:
                    b7:5c:df:e1:ac:9c:7c:6e:c1:62:38:52:da:90:a8:
                    dd:ca:b1:58:6f:e3:8a:2a:33:88:e6:f8:c0:92:42:
                    d8:05:bb:f6:8b:88:79:a5:74:5b:16:78:51:1c:2c:
                    31:58:34:9c:ab:a6:d9:ab:e5:4e:40:44:bb:03:fd:
                    8c:69:b7:e5:a6:96:1b:57:08:f0:87:cf:4c:8c:f6:
                    5d:d4:99:32:49:24:34:b6:59:de:a5:cf:8b:70:ee:
                    ac:db:cd:dc:ef:b7:34:07:45:2b:e2:a8:44:16:fd:
                    5f:e0:cb:f3:92:45:f0:21:79:89:5f:40:bf:28:bf:
                    a9:a0:a5:45:fd:fe:d4:ec:3f:06:8b:2a:a6:52:f1:
                    02:49:1f:68:94:13:90:7a:a2:c0:4f:d2:b7:7b:f9:
                    10:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:92:79:5A:8B:01:75:36:11:DF:C7:59:2C:B0:AB:D5:6C:B6:40:0A
            X509v3 Authority Key Identifier:
                keyid:BE:40:B3:C2:BE:78:35:D7:B3:7B:58:26:10:2F:87:46:A5:19:9D:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vkCzwr54Ndeze1gmEC-HRqUZnUk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/c71636-edd8-4d11-85e8-b834faf6aced/1/_pJ5WosBdTYR38dZLLCr1Wy2QAo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/c71636-edd8-4d11-85e8-b834faf6aced/1/vkCzwr54Ndeze1gmEC-HRqUZnUk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.242.250.0/24
                  185.87.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         83:9f:13:65:a0:fa:af:bc:8a:7f:8b:44:63:8d:b2:d6:bc:a7:
         27:ea:22:b7:83:53:1e:7a:73:5b:fc:9b:47:9c:31:00:eb:9d:
         ae:19:7d:14:8f:a8:09:76:58:79:5a:c1:ac:87:20:fc:cb:59:
         95:4b:cc:53:64:64:8a:be:57:7e:cf:5c:e3:3f:32:e9:dc:e3:
         a8:a3:7f:1d:1f:fe:8e:6b:56:00:11:bf:60:cf:77:b1:1c:3b:
         17:b7:7c:47:05:76:d8:66:5b:1c:74:8b:7f:d7:f2:b8:5d:dc:
         16:27:be:e1:c9:0c:f1:bf:9b:c5:7b:6b:20:57:f2:89:60:90:
         80:57:c8:2d:31:79:e8:90:31:3e:3e:31:77:f9:0c:9b:8f:80:
         a2:12:84:92:31:4c:be:67:ec:be:8f:b9:dc:bb:5d:bc:a0:38:
         d1:24:9e:8b:5f:f7:ff:4b:b0:1c:c5:5e:6e:81:20:6d:6d:ec:
         80:a7:36:c6:ad:6c:98:4a:29:63:17:1c:2a:bb:7e:e7:88:c4:
         63:73:65:bf:5e:67:94:b9:2c:32:d9:6e:9f:5a:6f:59:94:9b:
         4a:31:e1:93:a2:63:92:9e:b3:ab:69:02:9c:05:ef:e7:37:28:
         fd:b0:80:6b:03:bb:18:75:7e:3a:20:e9:22:07:80:eb:e4:5e:
         00:9c:a3:bd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKKhHsYWvLtZ9BgYf6SQi1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNDBiM2MyYmU3ODM1ZDdiMzdiNTgyNjEwMmY4NzQ2YTUx
OTlkNDkwHhcNMjQwMTAyMTIzMzIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTkyNzk1YThiMDE3NTM2MTFkZmM3NTkyY2IwYWJkNTZjYjY0MDBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArALOtLF2uV8ydkESAMALVCl6kRCn
dQoExjvpaeE6/oRIVGe03BNVtHbxRfRzv2dPdIR6PCiEhVrsAm+YqHuZj53wdjQH
3dO2zXhyL28xNog2Gj8XkkCUJfV/6zbBvxhAn0v9TKAbKuS3XN/hrJx8bsFiOFLa
kKjdyrFYb+OKKjOI5vjAkkLYBbv2i4h5pXRbFnhRHCwxWDScq6bZq+VOQES7A/2M
abflppYbVwjwh89MjPZd1JkySSQ0tlnepc+LcO6s283c77c0B0Ur4qhEFv1f4Mvz
kkXwIXmJX0C/KL+poKVF/f7U7D8GiyqmUvECSR9olBOQeqLAT9K3e/kQwQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFP6SeVqLAXU2Ed/HWSywq9VstkAKMB8GA1UdIwQY
MBaAFL5As8K+eDXXs3tYJhAvh0alGZ1JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmtDendyNTROZGV6ZTFnbUVDLUhScVVablVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC9jNzE2MzYtZWRkOC00ZDExLTg1ZTgt
YjgzNGZhZjZhY2VkLzEvX3BKNVdvc0JkVFlSMzhkWkxMQ3IxV3kyUUFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC9jNzE2MzYtZWRkOC00ZDExLTg1ZTgtYjgzNGZhZjZhY2Vk
LzEvdmtDendyNTROZGV6ZTFnbUVDLUhScVVablVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW/L6AwQB
uVdOMA0GCSqGSIb3DQEBCwUAA4IBAQCDnxNloPqvvIp/i0RjjbLWvKcn6iK3g1Me
enNb/JtHnDEA652uGX0Uj6gJdlh5WsGshyD8y1mVS8xTZGSKvld+z1zjPzLp3OOo
o38dH/6Oa1YAEb9gz3exHDsXt3xHBXbYZlscdIt/1/K4XdwWJ77hyQzxv5vFe2sg
V/KJYJCAV8gtMXnokDE+PjF3+Qybj4CiEoSSMUy+Z+y+j7ncu128oDjRJJ6LX/f/
S7AcxV5ugSBtbeyApzbGrWyYSiljFxwqu37niMRjc2W/XmeUuSwy2W6fWm9ZlJtK
MeGTomOSnrOraQKcBe/nNyj9sIBrA7sYdX46IOkiB4Dr5F4AnKO9
-----END CERTIFICATE-----