Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/N-5DWgkMbbp8AkQewUx7ybtyQ7I.roa
File:                     N-5DWgkMbbp8AkQewUx7ybtyQ7I.roa (raw, json)
Hash identifier:          Vw4CBIi7VoaAYvg/lOyYQJ3itfNsLCSgJyXcprX5rUs=
Subject key identifier:   37:EE:43:5A:09:0C:6D:BA:7C:02:44:1E:C1:4C:7B:C9:BB:72:43:B2
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018CC4255435B85E47C7BE79DE85CBF3E7C6
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/N-5DWgkMbbp8AkQewUx7ybtyQ7I.roa
Signing time:             Mon 01 Jan 2024 08:30:29 +0000
ROA not before:           Mon 01 Jan 2024 08:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9312
IP address blocks:        194.50.18.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:54:35:b8:5e:47:c7:be:79:de:85:cb:f3:e7:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  1 08:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37ee435a090c6dba7c02441ec14c7bc9bb7243b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:4a:26:1b:75:b5:a2:59:29:2c:ae:a5:29:d9:
                    7e:2d:14:fc:5f:26:a6:29:f4:64:08:66:36:02:2e:
                    75:fe:b3:bc:fa:4a:ea:d4:60:61:9c:36:72:55:5f:
                    0e:10:75:31:eb:00:f4:27:00:b3:a3:53:73:40:07:
                    70:12:51:b8:44:a6:43:7f:34:31:56:ea:bf:94:f6:
                    0d:f4:6c:99:f1:16:d7:a6:68:c7:b4:59:dc:69:b1:
                    d8:ff:c6:2b:d1:f4:1a:80:23:07:99:4e:b8:79:a6:
                    7b:b9:bc:a2:08:45:97:df:a0:e6:ae:e7:6a:bd:ad:
                    d0:c2:91:7c:46:1a:24:8e:6f:d1:6d:48:94:64:27:
                    b8:19:3b:ac:c6:15:11:8d:24:b2:e3:0a:11:6e:08:
                    d9:4c:8d:be:cf:75:ba:47:97:7c:96:b0:7d:99:6d:
                    c5:40:e7:a4:c4:b7:2a:95:11:00:d4:87:b7:51:4e:
                    90:6a:33:aa:ad:2d:2c:1c:09:7a:fb:e2:a4:5c:20:
                    8e:f7:6f:c6:e8:a7:37:72:87:de:f7:de:3a:49:af:
                    7e:d1:98:84:5f:09:47:2f:21:58:07:50:77:cb:cc:
                    fa:f9:a7:ce:86:25:5c:7b:bf:71:df:15:27:a4:c7:
                    92:84:87:b0:75:0c:a3:b2:02:00:78:35:a1:a1:a3:
                    17:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:EE:43:5A:09:0C:6D:BA:7C:02:44:1E:C1:4C:7B:C9:BB:72:43:B2
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/N-5DWgkMbbp8AkQewUx7ybtyQ7I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:9c:20:fb:33:40:b5:d5:f8:47:7e:a4:61:0c:4c:b6:f8:b5:
         2a:4b:f5:d9:89:bd:37:55:00:82:3b:0b:c5:a2:fd:c2:8c:b7:
         ba:e3:32:a5:b9:f7:fc:96:7b:aa:0f:6c:18:57:e2:92:5a:4a:
         e9:e2:43:58:af:1b:c0:df:40:87:08:58:35:1b:81:5f:b4:ff:
         1b:cc:29:82:09:3d:84:5f:aa:96:1f:0a:13:47:6a:42:12:f8:
         3e:c8:c8:65:71:15:d7:f7:01:23:25:4f:f2:ed:ce:2a:77:b6:
         a0:24:65:5e:ca:39:a0:07:d9:41:ce:4a:25:f2:3f:26:8d:1c:
         57:0f:41:47:ad:54:15:94:da:eb:28:81:cd:41:49:d2:04:06:
         53:de:41:52:64:40:f3:69:14:2e:68:ee:e3:40:7a:9b:81:81:
         de:98:bc:87:8b:93:b8:8c:ab:fc:25:38:26:00:80:78:85:a8:
         b3:53:e2:24:a9:0f:49:bb:e0:f7:6e:ac:9d:10:17:cd:88:3e:
         ea:0c:b1:59:09:8f:fb:12:90:11:1d:ab:ab:06:dd:50:c2:d9:
         c5:12:19:44:cc:2d:0d:c0:73:b6:79:4f:97:ef:6d:0f:d7:10:
         71:91:ed:0f:c2:9d:8f:09:9a:ee:f2:02:01:d9:ef:ce:e5:0b:
         c8:a7:5b:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJVQ1uF5Hx7553oXL8+fGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMTAxMDgzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2VlNDM1YTA5MGM2ZGJhN2MwMjQ0MWVjMTRjN2JjOWJiNzI0M2IyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq0omG3W1olkpLK6lKdl+LRT8Xyam
KfRkCGY2Ai51/rO8+krq1GBhnDZyVV8OEHUx6wD0JwCzo1NzQAdwElG4RKZDfzQx
Vuq/lPYN9GyZ8RbXpmjHtFncabHY/8Yr0fQagCMHmU64eaZ7ubyiCEWX36Dmrudq
va3QwpF8Rhokjm/RbUiUZCe4GTusxhURjSSy4woRbgjZTI2+z3W6R5d8lrB9mW3F
QOekxLcqlREA1Ie3UU6QajOqrS0sHAl6++KkXCCO92/G6Kc3cofe9946Sa9+0ZiE
XwlHLyFYB1B3y8z6+afOhiVce79x3xUnpMeShIewdQyjsgIAeDWhoaMX4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDfuQ1oJDG26fAJEHsFMe8m7ckOyMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvTi01RFdna01iYnA4QWtRZXdVeDd5YnR5UTdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjISMA0G
CSqGSIb3DQEBCwUAA4IBAQC8nCD7M0C11fhHfqRhDEy2+LUqS/XZib03VQCCOwvF
ov3CjLe64zKluff8lnuqD2wYV+KSWkrp4kNYrxvA30CHCFg1G4FftP8bzCmCCT2E
X6qWHwoTR2pCEvg+yMhlcRXX9wEjJU/y7c4qd7agJGVeyjmgB9lBzkol8j8mjRxX
D0FHrVQVlNrrKIHNQUnSBAZT3kFSZEDzaRQuaO7jQHqbgYHemLyHi5O4jKv8JTgm
AIB4haizU+IkqQ9Ju+D3bqydEBfNiD7qDLFZCY/7EpARHaurBt1QwtnFEhlEzC0N
wHO2eU+X720P1xBxke0Pwp2PCZru8gIB2e/O5QvIp1sM
-----END CERTIFICATE-----