Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/a3735a-eccc-41d7-b723-e01237b5fc10/1/_ts1b7HtrA9QCfevKvQgPtebTtU.roa
File:                     _ts1b7HtrA9QCfevKvQgPtebTtU.roa (raw, json)
Hash identifier:          tDLsPnsEZGHrlU3PgBqWdD6wSWfhza/031YIqnxuPo0=
Subject key identifier:   FE:DB:35:6F:B1:ED:AC:0F:50:09:F7:AF:2A:F4:20:3E:D7:9B:4E:D5
Certificate issuer:       /CN=505cd61a9f6de9dacc0d3c921706df7d50afbd6f
Certificate serial:       018CC86FE479FEEAF2AF17E90715B20B48DC
Authority key identifier: 50:5C:D6:1A:9F:6D:E9:DA:CC:0D:3C:92:17:06:DF:7D:50:AF:BD:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UFzWGp9t6drMDTySFwbffVCvvW8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/a3735a-eccc-41d7-b723-e01237b5fc10/1/_ts1b7HtrA9QCfevKvQgPtebTtU.roa
Signing time:             Tue 02 Jan 2024 04:30:25 +0000
ROA not before:           Tue 02 Jan 2024 04:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49282
IP address blocks:        91.194.27.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/a3735a-eccc-41d7-b723-e01237b5fc10/1/UFzWGp9t6drMDTySFwbffVCvvW8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/a3735a-eccc-41d7-b723-e01237b5fc10/1/UFzWGp9t6drMDTySFwbffVCvvW8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UFzWGp9t6drMDTySFwbffVCvvW8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:e4:79:fe:ea:f2:af:17:e9:07:15:b2:0b:48:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=505cd61a9f6de9dacc0d3c921706df7d50afbd6f
        Validity
            Not Before: Jan  2 04:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fedb356fb1edac0f5009f7af2af4203ed79b4ed5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:8a:5d:83:22:ba:e1:92:45:ae:59:76:a1:54:
                    83:ce:d7:e4:23:7f:90:40:9e:46:de:3a:a4:a0:e9:
                    6b:16:98:52:f4:4b:e0:d2:12:a4:fe:67:a6:08:54:
                    55:67:e3:91:a4:c3:c8:c9:fa:4b:fd:a8:d0:70:7c:
                    57:b6:f2:9a:30:af:4e:98:98:e9:3c:c0:b9:5f:17:
                    60:36:d2:9b:b6:26:af:b8:8b:c1:ae:25:1c:fa:b9:
                    1c:95:b6:6a:2e:ae:88:ea:c0:fb:fd:84:6d:db:10:
                    f7:f2:2f:a2:71:8c:ec:9c:79:7c:08:99:37:f9:4e:
                    b5:56:3e:60:a8:70:27:56:00:4e:34:c4:2f:8f:c8:
                    72:d7:55:42:6d:51:26:ef:db:8a:20:c4:2a:b4:ee:
                    a0:1a:96:42:49:d0:32:60:22:13:83:d7:61:04:73:
                    6c:7b:37:86:fb:d7:7f:20:83:47:ed:33:eb:d3:dc:
                    09:91:0a:d0:fd:86:e3:41:60:99:df:62:5f:ce:8b:
                    ca:27:42:29:32:65:0b:65:d2:0f:83:73:3d:2e:0f:
                    d7:2c:2b:f1:7e:3d:cc:41:1e:0f:31:7c:1b:70:59:
                    1e:d6:d0:89:3e:92:e6:fc:26:26:52:30:c7:aa:44:
                    59:8c:11:0f:90:7e:60:01:43:90:52:6d:44:2d:8b:
                    41:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:DB:35:6F:B1:ED:AC:0F:50:09:F7:AF:2A:F4:20:3E:D7:9B:4E:D5
            X509v3 Authority Key Identifier:
                keyid:50:5C:D6:1A:9F:6D:E9:DA:CC:0D:3C:92:17:06:DF:7D:50:AF:BD:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UFzWGp9t6drMDTySFwbffVCvvW8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/a3735a-eccc-41d7-b723-e01237b5fc10/1/_ts1b7HtrA9QCfevKvQgPtebTtU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/a3735a-eccc-41d7-b723-e01237b5fc10/1/UFzWGp9t6drMDTySFwbffVCvvW8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.194.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:6f:f9:a0:f6:bf:ec:fe:82:f5:8e:6e:dd:6d:e7:28:b5:b0:
         39:ec:79:b3:9c:ae:26:30:e5:d0:44:5b:47:77:0d:dc:23:c1:
         47:8b:da:e7:a9:b7:b5:6e:4a:64:40:b3:fa:b6:67:a4:11:bf:
         45:6b:fd:3e:82:3a:f9:c2:21:9f:f6:4d:c2:16:ea:ec:19:0e:
         e4:e0:53:11:9f:73:b4:5e:aa:98:0f:4b:37:56:f1:a3:c6:87:
         0f:70:a6:53:cc:06:00:0a:3f:53:d4:1d:fb:4a:21:29:43:cb:
         71:2d:1d:c8:37:13:28:b7:f0:61:bb:ea:b5:cd:e1:1f:bd:68:
         b2:0e:f2:ec:58:14:d7:e8:a1:77:0c:22:2f:e3:3b:b4:f9:b6:
         d6:03:86:e3:55:b9:33:e8:3d:fa:b1:f4:0c:22:65:5c:08:9e:
         69:c5:84:26:a6:50:78:86:a8:8e:0d:b0:34:ad:d0:30:7b:d8:
         58:09:e9:f5:ca:ee:96:fa:64:5a:dc:55:52:cd:f9:f2:88:f9:
         db:5c:5d:a4:21:bc:42:e1:9d:aa:8a:d9:1f:16:b3:53:36:58:
         94:9e:f0:7b:7d:a5:f6:76:0c:70:30:51:cd:88:3d:87:f7:57:
         c1:1b:12:72:aa:42:e4:0a:8a:99:63:a3:46:3a:d9:09:5f:29:
         a7:68:29:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb+R5/uryrxfpBxWyC0jcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwNWNkNjFhOWY2ZGU5ZGFjYzBkM2M5MjE3MDZkZjdkNTBh
ZmJkNmYwHhcNMjQwMTAyMDQzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWRiMzU2ZmIxZWRhYzBmNTAwOWY3YWYyYWY0MjAzZWQ3OWI0ZWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyopdgyK64ZJFrll2oVSDztfkI3+Q
QJ5G3jqkoOlrFphS9Evg0hKk/memCFRVZ+ORpMPIyfpL/ajQcHxXtvKaMK9OmJjp
PMC5XxdgNtKbtiavuIvBriUc+rkclbZqLq6I6sD7/YRt2xD38i+icYzsnHl8CJk3
+U61Vj5gqHAnVgBONMQvj8hy11VCbVEm79uKIMQqtO6gGpZCSdAyYCITg9dhBHNs
ezeG+9d/IINH7TPr09wJkQrQ/YbjQWCZ32JfzovKJ0IpMmULZdIPg3M9Lg/XLCvx
fj3MQR4PMXwbcFke1tCJPpLm/CYmUjDHqkRZjBEPkH5gAUOQUm1ELYtBzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP7bNW+x7awPUAn3ryr0ID7Xm07VMB8GA1UdIwQY
MBaAFFBc1hqfbenazA08khcG331Qr71vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUZ6V0dwOXQ2ZHJNRFR5U0Z3YmZmVkN2dlc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi9hMzczNWEtZWNjYy00MWQ3LWI3MjMt
ZTAxMjM3YjVmYzEwLzEvX3RzMWI3SHRyQTlRQ2Zldkt2UWdQdGViVHRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi9hMzczNWEtZWNjYy00MWQ3LWI3MjMtZTAxMjM3YjVmYzEw
LzEvVUZ6V0dwOXQ2ZHJNRFR5U0Z3YmZmVkN2dlc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8IbMA0G
CSqGSIb3DQEBCwUAA4IBAQBMb/mg9r/s/oL1jm7dbecotbA57HmznK4mMOXQRFtH
dw3cI8FHi9rnqbe1bkpkQLP6tmekEb9Fa/0+gjr5wiGf9k3CFursGQ7k4FMRn3O0
XqqYD0s3VvGjxocPcKZTzAYACj9T1B37SiEpQ8txLR3INxMot/Bhu+q1zeEfvWiy
DvLsWBTX6KF3DCIv4zu0+bbWA4bjVbkz6D36sfQMImVcCJ5pxYQmplB4hqiODbA0
rdAwe9hYCen1yu6W+mRa3FVSzfnyiPnbXF2kIbxC4Z2qitkfFrNTNliUnvB7faX2
dgxwMFHNiD2H91fBGxJyqkLkCoqZY6NGOtkJXymnaClO
-----END CERTIFICATE-----