Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/RovazNRaMtOKCG2wGv84NZBZZzI.roa
File:                     RovazNRaMtOKCG2wGv84NZBZZzI.roa (raw, json)
Hash identifier:          OHkTn6EWdPCzR44WjCBOzg+iyuxT4BRTjLf/nzsvEpc=
Subject key identifier:   46:8B:DA:CC:D4:5A:32:D3:8A:08:6D:B0:1A:FF:38:35:90:59:67:32
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018CC4255D5373C3C4D7076ED3476B03BD3C
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/RovazNRaMtOKCG2wGv84NZBZZzI.roa
Signing time:             Mon 01 Jan 2024 08:30:32 +0000
ROA not before:           Mon 01 Jan 2024 08:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43357
IP address blocks:        194.50.18.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 14:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:5d:53:73:c3:c4:d7:07:6e:d3:47:6b:03:bd:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  1 08:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=468bdaccd45a32d38a086db01aff383590596732
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:3c:6a:3d:41:99:3c:63:51:54:17:77:7e:d1:
                    ff:ba:17:f5:90:71:51:e6:70:24:06:36:f8:1e:c0:
                    f4:27:15:9f:ca:bb:77:17:5b:03:1f:36:63:eb:50:
                    12:5e:a8:19:df:f9:5c:69:02:8a:81:ea:a0:40:3d:
                    56:5f:76:6e:08:d6:2c:09:ea:6b:c4:1f:be:e8:6f:
                    4a:a1:f0:c9:b1:94:0b:7b:49:b6:76:ea:8b:29:7c:
                    02:88:68:b8:85:c1:52:e5:68:1c:5f:92:39:d7:b8:
                    89:2b:84:80:78:38:d8:93:df:66:a8:1e:a7:7b:35:
                    78:e1:4e:7a:66:bb:8f:6c:79:a8:f1:6e:96:81:43:
                    b2:bb:95:b2:3e:02:50:bf:06:0a:53:a7:c3:40:8f:
                    25:4b:49:82:0b:62:63:10:a7:9a:32:88:ba:f0:36:
                    71:77:4c:cc:15:3c:e0:72:67:79:1b:e2:ce:97:6d:
                    5a:40:78:af:d8:6b:74:dc:bf:9f:bf:6f:28:47:47:
                    d6:cf:fd:3d:36:3c:34:56:fb:29:2b:9e:7e:58:12:
                    a2:a5:57:bb:39:19:cb:65:93:a2:87:52:20:10:93:
                    03:b2:96:d0:43:fa:93:12:7e:6d:1e:cc:6b:45:43:
                    56:4b:22:5b:31:56:19:c0:3f:93:c4:1d:f7:81:25:
                    8e:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:8B:DA:CC:D4:5A:32:D3:8A:08:6D:B0:1A:FF:38:35:90:59:67:32
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/RovazNRaMtOKCG2wGv84NZBZZzI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:41:37:75:7c:94:95:1f:31:54:03:49:91:f1:53:46:ce:62:
         57:00:1e:e6:35:02:32:e1:e2:c8:bc:bb:ed:9d:70:a1:c0:4b:
         80:d6:f8:38:46:bf:f7:5f:da:c3:03:26:d1:27:ca:09:f5:63:
         22:e2:0a:fd:ff:70:f1:df:89:a9:91:52:c6:f7:4f:fe:13:4c:
         2f:60:14:7b:78:86:a1:d6:a4:39:6d:d9:f8:af:98:db:8d:92:
         56:01:f6:6e:3f:48:9d:5a:da:52:b3:cd:a6:3a:7d:ba:c8:21:
         68:37:14:78:d5:71:d4:83:53:95:fb:2d:09:14:e5:1b:29:83:
         86:ba:24:5d:86:88:79:a5:f4:c7:bc:77:a2:a0:8b:90:51:62:
         f6:fc:6b:4a:19:6f:6d:de:5f:15:92:0c:90:9a:a2:46:dd:47:
         68:57:6a:54:48:7b:58:40:21:dd:d2:aa:ee:35:f4:00:f4:d3:
         6b:c1:08:ff:db:21:9d:43:d6:ae:40:60:da:44:d5:92:cf:d2:
         62:99:0e:18:73:5c:21:01:f9:ef:6f:97:48:ee:ec:5c:fd:47:
         8a:1d:a9:a2:c1:69:1e:31:98:df:fe:4f:46:2c:9d:d2:71:96:
         26:e6:7e:fe:9d:ec:2a:de:7f:ca:0e:f6:91:68:ee:7a:75:0e:
         14:56:b0:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJV1Tc8PE1wdu00drA708MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMTAxMDgzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjhiZGFjY2Q0NWEzMmQzOGEwODZkYjAxYWZmMzgzNTkwNTk2NzMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiTxqPUGZPGNRVBd3ftH/uhf1kHFR
5nAkBjb4HsD0JxWfyrt3F1sDHzZj61ASXqgZ3/lcaQKKgeqgQD1WX3ZuCNYsCepr
xB++6G9KofDJsZQLe0m2duqLKXwCiGi4hcFS5WgcX5I517iJK4SAeDjYk99mqB6n
ezV44U56ZruPbHmo8W6WgUOyu5WyPgJQvwYKU6fDQI8lS0mCC2JjEKeaMoi68DZx
d0zMFTzgcmd5G+LOl21aQHiv2Gt03L+fv28oR0fWz/09Njw0VvspK55+WBKipVe7
ORnLZZOih1IgEJMDspbQQ/qTEn5tHsxrRUNWSyJbMVYZwD+TxB33gSWOawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEaL2szUWjLTightsBr/ODWQWWcyMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvUm92YXpOUmFNdE9LQ0cyd0d2ODROWkJaWnpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjISMA0G
CSqGSIb3DQEBCwUAA4IBAQB3QTd1fJSVHzFUA0mR8VNGzmJXAB7mNQIy4eLIvLvt
nXChwEuA1vg4Rr/3X9rDAybRJ8oJ9WMi4gr9/3Dx34mpkVLG90/+E0wvYBR7eIah
1qQ5bdn4r5jbjZJWAfZuP0idWtpSs82mOn26yCFoNxR41XHUg1OV+y0JFOUbKYOG
uiRdhoh5pfTHvHeioIuQUWL2/GtKGW9t3l8VkgyQmqJG3UdoV2pUSHtYQCHd0qru
NfQA9NNrwQj/2yGdQ9auQGDaRNWSz9JimQ4Yc1whAfnvb5dI7uxc/UeKHamiwWke
MZjf/k9GLJ3ScZYm5n7+newq3n/KDvaRaO56dQ4UVrC8
-----END CERTIFICATE-----