Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/jPzD4vsixt5wqXr44m86_dwfOGQ.roa
File:                     jPzD4vsixt5wqXr44m86_dwfOGQ.roa (raw, json)
Hash identifier:          HmYaY+qFl9bNcuoHwCZa9/OiXnlD9XnrgKFb2xbrnR8=
Subject key identifier:   8C:FC:C3:E2:FB:22:C6:DE:70:A9:7A:F8:E2:6F:3A:FD:DC:1F:38:64
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018CC425615608765241E79A52FBA203E270
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/jPzD4vsixt5wqXr44m86_dwfOGQ.roa
Signing time:             Mon 01 Jan 2024 08:30:33 +0000
ROA not before:           Mon 01 Jan 2024 08:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56382
IP address blocks:        194.50.19.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 18:07:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:61:56:08:76:52:41:e7:9a:52:fb:a2:03:e2:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  1 08:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8cfcc3e2fb22c6de70a97af8e26f3afddc1f3864
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:ab:7d:40:ab:c8:e9:64:13:ef:e7:db:96:ad:
                    5e:34:31:89:18:1f:29:18:9c:79:d0:45:6a:f2:d7:
                    f4:8b:41:6b:a9:75:b0:0d:c6:55:42:16:f6:52:cc:
                    47:b7:61:e3:5a:c3:8e:f3:38:74:9f:4a:90:2a:b2:
                    89:77:09:70:1d:a2:a5:e1:b1:30:bf:a4:f0:bd:6e:
                    52:0c:80:08:0b:c9:f0:a7:ea:48:22:5d:e2:e3:6d:
                    e4:cb:6b:16:f8:33:7e:00:4d:be:01:b1:fb:46:3e:
                    c0:1d:23:c8:ab:9f:ab:d8:77:e3:a1:4c:48:b9:09:
                    36:12:e7:26:c5:45:bc:f1:9a:fb:db:30:a0:9c:9b:
                    db:b8:f5:01:a0:ad:f9:c0:62:9c:a5:e4:93:42:77:
                    0b:f3:7d:41:d5:1e:98:38:93:22:a1:c0:56:21:33:
                    13:6f:2e:29:10:01:8d:f2:2e:42:07:09:46:d8:7c:
                    10:3f:b2:31:95:35:bd:03:20:b1:9f:f0:2f:4f:68:
                    0a:ae:eb:a6:38:d2:32:9d:35:ac:bf:a8:b4:88:8d:
                    06:39:8f:c4:ec:53:82:95:11:be:c5:21:a3:64:b5:
                    5d:7d:90:a3:a3:4a:26:e5:19:3e:55:81:e2:01:a8:
                    eb:0f:cb:21:91:9d:a1:ea:f4:ad:11:dc:c9:c9:59:
                    8d:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:FC:C3:E2:FB:22:C6:DE:70:A9:7A:F8:E2:6F:3A:FD:DC:1F:38:64
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/jPzD4vsixt5wqXr44m86_dwfOGQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         dc:9f:40:e9:80:d2:55:e7:2e:c1:9a:8c:30:d5:b4:88:00:9f:
         5c:8e:9b:1a:07:e9:5b:71:e9:c4:b2:5c:53:fb:e1:dc:88:67:
         5a:03:b9:f8:a8:33:aa:b6:f2:b2:79:f9:3b:e4:47:58:18:c4:
         a3:38:39:75:7f:37:16:40:a9:0b:91:54:f8:56:dd:bc:20:19:
         c4:e3:81:4d:5c:84:e4:be:91:56:0c:d5:2e:25:ed:57:9b:df:
         bf:da:6e:a5:0c:97:c0:bf:32:d1:33:48:07:b7:1a:f7:c1:84:
         0e:a3:46:dd:90:97:48:36:20:af:cf:08:69:9b:1d:33:2a:9a:
         eb:fb:51:70:8c:de:c5:cf:98:91:00:36:c6:bb:a6:12:01:ff:
         57:1d:3c:54:2c:3b:84:7a:de:30:a8:1d:11:e7:85:19:f0:fa:
         85:57:8c:e2:eb:a4:0a:41:7b:15:3d:3a:48:65:f2:79:b5:14:
         88:0d:42:44:08:13:1f:b2:3c:a2:95:33:1f:f3:6d:2f:47:02:
         f1:33:88:cc:82:cd:12:b4:a9:fc:04:a1:91:95:9e:6e:fd:87:
         36:5d:5e:e8:40:7e:49:cc:da:51:7f:d9:26:56:b0:f4:1a:28:
         79:28:a5:cd:1f:90:83:e8:02:09:ef:72:34:f8:12:e4:c9:bf:
         d4:ff:66:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJWFWCHZSQeeaUvuiA+JwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMTAxMDgzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2ZjYzNlMmZiMjJjNmRlNzBhOTdhZjhlMjZmM2FmZGRjMWYzODY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw6t9QKvI6WQT7+fblq1eNDGJGB8p
GJx50EVq8tf0i0FrqXWwDcZVQhb2UsxHt2HjWsOO8zh0n0qQKrKJdwlwHaKl4bEw
v6TwvW5SDIAIC8nwp+pIIl3i423ky2sW+DN+AE2+AbH7Rj7AHSPIq5+r2HfjoUxI
uQk2EucmxUW88Zr72zCgnJvbuPUBoK35wGKcpeSTQncL831B1R6YOJMiocBWITMT
by4pEAGN8i5CBwlG2HwQP7IxlTW9AyCxn/AvT2gKruumONIynTWsv6i0iI0GOY/E
7FOClRG+xSGjZLVdfZCjo0om5Rk+VYHiAajrD8shkZ2h6vStEdzJyVmN2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIz8w+L7IsbecKl6+OJvOv3cHzhkMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvalB6RDR2c2l4dDV3cVhyNDRtODZfZHdmT0dRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjITMA0G
CSqGSIb3DQEBCwUAA4IBAQDcn0DpgNJV5y7Bmoww1bSIAJ9cjpsaB+lbcenEslxT
++HciGdaA7n4qDOqtvKyefk75EdYGMSjODl1fzcWQKkLkVT4Vt28IBnE44FNXITk
vpFWDNUuJe1Xm9+/2m6lDJfAvzLRM0gHtxr3wYQOo0bdkJdINiCvzwhpmx0zKprr
+1FwjN7Fz5iRADbGu6YSAf9XHTxULDuEet4wqB0R54UZ8PqFV4zi66QKQXsVPTpI
ZfJ5tRSIDUJECBMfsjyilTMf820vRwLxM4jMgs0StKn8BKGRlZ5u/Yc2XV7oQH5J
zNpRf9kmVrD0Gih5KKXNH5CD6AIJ73I0+BLkyb/U/2Zy
-----END CERTIFICATE-----