Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/59fc26-f8dd-4f5e-bca2-225d8adfe8bb/1/zLVd2KSZFVzGAzCsp4qkjH2ROUg.roa
File:                     zLVd2KSZFVzGAzCsp4qkjH2ROUg.roa (raw, json)
Hash identifier:          c8cdmjACfrWc+i/lpPbA+SgfaQW8+wph1RE8gz+vPtY=
Subject key identifier:   CC:B5:5D:D8:A4:99:15:5C:C6:03:30:AC:A7:8A:A4:8C:7D:91:39:48
Certificate issuer:       /CN=d50051613d3cc6b3eb81d5bb400ae0d4e2412c80
Certificate serial:       018CC348EC1AFF8F557DDDE95B523C03FD96
Authority key identifier: D5:00:51:61:3D:3C:C6:B3:EB:81:D5:BB:40:0A:E0:D4:E2:41:2C:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1QBRYT08xrPrgdW7QArg1OJBLIA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/59fc26-f8dd-4f5e-bca2-225d8adfe8bb/1/zLVd2KSZFVzGAzCsp4qkjH2ROUg.roa
Signing time:             Mon 01 Jan 2024 04:29:45 +0000
ROA not before:           Mon 01 Jan 2024 04:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48026
IP address blocks:        193.42.150.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/59fc26-f8dd-4f5e-bca2-225d8adfe8bb/1/1QBRYT08xrPrgdW7QArg1OJBLIA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/59fc26-f8dd-4f5e-bca2-225d8adfe8bb/1/1QBRYT08xrPrgdW7QArg1OJBLIA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1QBRYT08xrPrgdW7QArg1OJBLIA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 07:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:ec:1a:ff:8f:55:7d:dd:e9:5b:52:3c:03:fd:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d50051613d3cc6b3eb81d5bb400ae0d4e2412c80
        Validity
            Not Before: Jan  1 04:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ccb55dd8a499155cc60330aca78aa48c7d913948
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:a5:ce:0a:51:22:e7:4b:21:24:7b:73:49:a1:
                    d0:51:01:01:94:ca:a5:31:d6:7a:9b:73:af:a7:f3:
                    a5:71:4d:44:0e:e6:25:a5:92:75:ae:e8:8e:cd:10:
                    6e:f7:db:6f:ad:2a:e4:56:e5:c9:a5:96:f7:f8:d3:
                    de:76:d3:cf:5b:d6:2b:54:9b:67:54:1f:78:d7:66:
                    68:66:e3:e3:66:67:25:fd:5c:ed:ca:7e:1e:bf:b9:
                    33:a0:f7:27:f5:e9:9e:57:97:bc:01:c4:53:cd:96:
                    a6:61:be:46:85:ac:4c:df:85:7f:56:9a:03:fb:ac:
                    7d:0e:52:a4:a2:fc:ee:c3:ad:65:0f:48:f3:83:00:
                    a3:b1:37:1e:06:ce:13:07:b3:91:1b:83:22:20:f1:
                    92:1e:1f:8f:ea:d9:6f:71:68:d0:bc:5a:1f:6d:50:
                    43:b7:7c:80:cd:49:aa:e5:c3:d7:6f:72:5f:7c:8b:
                    74:e8:fb:20:00:48:20:3b:8d:dd:4c:40:7d:8b:93:
                    4d:7d:38:94:09:16:9d:63:81:43:bc:1f:74:24:e0:
                    8e:55:03:a2:9b:04:22:b3:a7:56:4a:1e:8a:19:72:
                    90:e3:34:e8:5d:ee:5e:91:29:a7:18:04:55:74:dd:
                    d1:6e:48:88:c1:0b:25:58:da:43:75:f5:97:30:57:
                    41:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:B5:5D:D8:A4:99:15:5C:C6:03:30:AC:A7:8A:A4:8C:7D:91:39:48
            X509v3 Authority Key Identifier:
                keyid:D5:00:51:61:3D:3C:C6:B3:EB:81:D5:BB:40:0A:E0:D4:E2:41:2C:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1QBRYT08xrPrgdW7QArg1OJBLIA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/59fc26-f8dd-4f5e-bca2-225d8adfe8bb/1/zLVd2KSZFVzGAzCsp4qkjH2ROUg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/59fc26-f8dd-4f5e-bca2-225d8adfe8bb/1/1QBRYT08xrPrgdW7QArg1OJBLIA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.42.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:5c:6e:10:91:9b:bb:f9:eb:21:2d:1e:a9:6e:3f:79:49:b2:
         0f:80:09:4a:5c:21:6c:86:6c:41:4f:6c:1e:d0:ee:62:fe:13:
         b5:9d:d7:27:35:37:9e:b3:6e:da:fc:1b:ac:df:29:de:84:ae:
         88:aa:c5:10:b3:ca:0e:e1:ea:0d:d6:15:ce:d2:c6:f2:bd:24:
         cd:8e:2c:e9:a7:b8:f9:22:28:46:d9:62:f0:dc:8d:8b:33:97:
         0f:7b:d0:21:b7:d9:d6:7d:64:e0:7d:2e:5e:45:47:45:28:7d:
         28:03:3c:66:62:66:b7:65:ad:e0:50:9a:52:1d:80:62:8f:ed:
         47:f6:5d:d5:ae:01:31:7c:dd:c0:da:58:61:7c:37:63:01:2e:
         36:8e:1e:2f:05:fb:5f:89:a1:4a:1c:51:63:bf:2d:0f:82:c1:
         f7:03:71:63:c1:f4:0f:2c:67:45:dc:57:16:e4:eb:3f:8c:4d:
         38:da:72:52:23:30:5e:ff:8d:ff:f1:f5:6f:2a:95:a7:10:2e:
         88:64:fa:30:63:f1:85:68:2f:23:b1:79:fe:08:03:ec:d4:a9:
         78:54:5b:5c:93:52:4d:15:58:74:9d:24:63:e9:a3:e0:4e:19:
         d8:ae:8d:57:fd:9f:d3:f7:8c:a2:ec:76:e8:04:a4:36:26:c7:
         b0:61:bf:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSOwa/49Vfd3pW1I8A/2WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1MDA1MTYxM2QzY2M2YjNlYjgxZDViYjQwMGFlMGQ0ZTI0
MTJjODAwHhcNMjQwMTAxMDQyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2I1NWRkOGE0OTkxNTVjYzYwMzMwYWNhNzhhYTQ4YzdkOTEzOTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmKXOClEi50shJHtzSaHQUQEBlMql
MdZ6m3Ovp/OlcU1EDuYlpZJ1ruiOzRBu99tvrSrkVuXJpZb3+NPedtPPW9YrVJtn
VB9412ZoZuPjZmcl/Vztyn4ev7kzoPcn9emeV5e8AcRTzZamYb5GhaxM34V/VpoD
+6x9DlKkovzuw61lD0jzgwCjsTceBs4TB7ORG4MiIPGSHh+P6tlvcWjQvFofbVBD
t3yAzUmq5cPXb3JffIt06PsgAEggO43dTEB9i5NNfTiUCRadY4FDvB90JOCOVQOi
mwQis6dWSh6KGXKQ4zToXe5ekSmnGARVdN3RbkiIwQslWNpDdfWXMFdB8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMy1XdikmRVcxgMwrKeKpIx9kTlIMB8GA1UdIwQY
MBaAFNUAUWE9PMaz64HVu0AK4NTiQSyAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVFCUllUMDh4clByZ2RXN1FBcmcxT0pCTElBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC81OWZjMjYtZjhkZC00ZjVlLWJjYTIt
MjI1ZDhhZGZlOGJiLzEvekxWZDJLU1pGVnpHQXpDc3A0cWtqSDJST1VnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC81OWZjMjYtZjhkZC00ZjVlLWJjYTItMjI1ZDhhZGZlOGJi
LzEvMVFCUllUMDh4clByZ2RXN1FBcmcxT0pCTElBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSqWMA0G
CSqGSIb3DQEBCwUAA4IBAQAMXG4QkZu7+eshLR6pbj95SbIPgAlKXCFshmxBT2we
0O5i/hO1ndcnNTees27a/Bus3ynehK6IqsUQs8oO4eoN1hXO0sbyvSTNjizpp7j5
IihG2WLw3I2LM5cPe9Aht9nWfWTgfS5eRUdFKH0oAzxmYma3Za3gUJpSHYBij+1H
9l3VrgExfN3A2lhhfDdjAS42jh4vBftfiaFKHFFjvy0PgsH3A3FjwfQPLGdF3FcW
5Os/jE042nJSIzBe/43/8fVvKpWnEC6IZPowY/GFaC8jsXn+CAPs1Kl4VFtck1JN
FVh0nSRj6aPgThnYro1X/Z/T94yi7HboBKQ2JsewYb9S
-----END CERTIFICATE-----