Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/b0cd2e-4864-4a34-82a5-e7c444346760/1/tFO-CDAl5zZ4FEoJKP0OYicIIVM.roa
File:                     tFO-CDAl5zZ4FEoJKP0OYicIIVM.roa (raw, json)
Hash identifier:          BrnRMDH62xrZpO1pW1kv5YMw0WNw5Ry0hee6TWCkXAs=
Subject key identifier:   B4:53:BE:08:30:25:E7:36:78:14:4A:09:28:FD:0E:62:27:08:21:53
Certificate issuer:       /CN=50656cb4777d14b5eb264c6b032c8ba3756f2ae5
Certificate serial:       018CC4249CA69DC412D9BBEE13FF140B0245
Authority key identifier: 50:65:6C:B4:77:7D:14:B5:EB:26:4C:6B:03:2C:8B:A3:75:6F:2A:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UGVstHd9FLXrJkxrAyyLo3VvKuU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/b0cd2e-4864-4a34-82a5-e7c444346760/1/tFO-CDAl5zZ4FEoJKP0OYicIIVM.roa
Signing time:             Mon 01 Jan 2024 08:29:42 +0000
ROA not before:           Mon 01 Jan 2024 08:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12335
IP address blocks:        212.53.32.0/19 maxlen: 20
                          2a02:2f8::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/b0cd2e-4864-4a34-82a5-e7c444346760/1/UGVstHd9FLXrJkxrAyyLo3VvKuU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/b0cd2e-4864-4a34-82a5-e7c444346760/1/UGVstHd9FLXrJkxrAyyLo3VvKuU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UGVstHd9FLXrJkxrAyyLo3VvKuU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:9c:a6:9d:c4:12:d9:bb:ee:13:ff:14:0b:02:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50656cb4777d14b5eb264c6b032c8ba3756f2ae5
        Validity
            Not Before: Jan  1 08:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b453be083025e73678144a0928fd0e6227082153
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:da:b3:cb:7f:84:0d:b1:06:ec:5e:f9:30:e0:
                    12:c1:58:2e:6d:59:31:2f:77:d9:40:82:f8:72:fc:
                    e9:0f:fb:04:7c:ff:d7:e7:ce:83:0b:b9:f9:96:23:
                    18:52:a4:e8:03:60:d0:c5:6f:dd:6d:67:14:60:5c:
                    82:c2:63:a6:2d:58:bc:08:18:06:dd:bb:fe:72:3c:
                    56:11:61:41:94:7e:07:91:e2:9e:08:32:96:66:28:
                    d5:2c:14:42:4f:69:56:69:53:95:57:31:ae:12:89:
                    9d:cc:cc:f4:b4:01:66:ab:38:1e:f0:e8:24:c6:18:
                    59:90:23:ca:3f:92:91:53:50:d9:ee:57:03:de:8c:
                    d3:7d:31:52:1b:6b:a0:b9:ce:83:f9:3b:2d:53:cc:
                    e4:21:26:93:53:46:1c:45:0e:0b:1c:62:9c:44:76:
                    ca:f5:b9:84:9b:b6:c8:c1:02:ae:96:71:a2:5b:cb:
                    26:97:20:a0:b3:9e:23:29:57:2d:f1:15:75:a8:1b:
                    9a:34:7c:29:18:8c:d9:1a:05:76:b6:57:35:a9:ee:
                    d9:ff:d1:48:0e:2f:74:1a:96:60:70:fe:18:bd:3d:
                    08:e3:7b:3f:0b:03:3a:65:a3:7a:1e:e8:14:56:ee:
                    b7:80:1a:e5:e8:29:45:1f:95:63:a9:ec:02:e1:98:
                    8b:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:53:BE:08:30:25:E7:36:78:14:4A:09:28:FD:0E:62:27:08:21:53
            X509v3 Authority Key Identifier:
                keyid:50:65:6C:B4:77:7D:14:B5:EB:26:4C:6B:03:2C:8B:A3:75:6F:2A:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UGVstHd9FLXrJkxrAyyLo3VvKuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/b0cd2e-4864-4a34-82a5-e7c444346760/1/tFO-CDAl5zZ4FEoJKP0OYicIIVM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/b0cd2e-4864-4a34-82a5-e7c444346760/1/UGVstHd9FLXrJkxrAyyLo3VvKuU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.53.32.0/19
                IPv6:
                  2a02:2f8::/32

    Signature Algorithm: sha256WithRSAEncryption
         61:a0:44:61:dd:69:35:bf:c6:85:ad:b1:56:24:1e:b4:d6:af:
         3f:19:ab:79:42:65:af:bb:d4:2e:42:96:a1:09:3a:59:d9:03:
         71:f6:f0:8f:7f:80:0b:3e:75:97:64:f9:d5:61:35:cd:d4:3e:
         d3:ed:11:38:87:c9:a7:5a:fc:45:a6:5f:d2:66:fd:9c:bf:82:
         01:a3:8f:31:d7:50:cb:0e:92:70:40:4e:0b:f4:84:be:3a:e8:
         f4:4a:e9:6c:ca:95:0b:5d:c3:38:6f:28:ee:42:83:96:38:85:
         d4:44:c3:4d:1f:69:5e:73:19:ce:e6:ee:24:95:13:82:7d:47:
         37:9a:39:71:7b:8f:a2:94:24:ec:72:26:dc:c4:9a:57:26:d3:
         a9:fd:1c:2f:09:ff:f6:77:95:e7:06:e7:42:2d:99:3e:50:c4:
         cd:38:29:dd:47:20:6e:f6:3c:78:58:1d:79:eb:48:53:8c:0b:
         e6:31:f5:52:ea:7b:db:22:7e:33:52:f3:62:0f:35:55:5c:0e:
         94:26:b1:3b:19:47:87:00:bc:4c:58:32:38:3e:70:ad:53:da:
         fd:c3:4c:5d:ac:02:0b:07:95:d5:54:8e:d2:aa:2d:db:07:19:
         22:26:08:02:22:49:fe:c9:8c:1c:5a:4c:63:ee:7e:b9:71:e4:
         94:d9:93:ef
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJJymncQS2bvuE/8UCwJFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwNjU2Y2I0Nzc3ZDE0YjVlYjI2NGM2YjAzMmM4YmEzNzU2
ZjJhZTUwHhcNMjQwMTAxMDgyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDUzYmUwODMwMjVlNzM2NzgxNDRhMDkyOGZkMGU2MjI3MDgyMTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkNqzy3+EDbEG7F75MOASwVgubVkx
L3fZQIL4cvzpD/sEfP/X586DC7n5liMYUqToA2DQxW/dbWcUYFyCwmOmLVi8CBgG
3bv+cjxWEWFBlH4HkeKeCDKWZijVLBRCT2lWaVOVVzGuEomdzMz0tAFmqzge8Ogk
xhhZkCPKP5KRU1DZ7lcD3ozTfTFSG2uguc6D+TstU8zkISaTU0YcRQ4LHGKcRHbK
9bmEm7bIwQKulnGiW8smlyCgs54jKVct8RV1qBuaNHwpGIzZGgV2tlc1qe7Z/9FI
Di90GpZgcP4YvT0I43s/CwM6ZaN6HugUVu63gBrl6ClFH5VjqewC4ZiLFwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLRTvggwJec2eBRKCSj9DmInCCFTMB8GA1UdIwQY
MBaAFFBlbLR3fRS16yZMawMsi6N1byrlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUdWc3RIZDlGTFhySmt4ckF5eUxvM1Z2S3VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS9iMGNkMmUtNDg2NC00YTM0LTgyYTUt
ZTdjNDQ0MzQ2NzYwLzEvdEZPLUNEQWw1elo0RkVvSktQME9ZaWNJSVZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS9iMGNkMmUtNDg2NC00YTM0LTgyYTUtZTdjNDQ0MzQ2NzYw
LzEvVUdWc3RIZDlGTFhySmt4ckF5eUxvM1Z2S3VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQF1DUgMA0E
AgACMAcDBQAqAgL4MA0GCSqGSIb3DQEBCwUAA4IBAQBhoERh3Wk1v8aFrbFWJB60
1q8/Gat5QmWvu9QuQpahCTpZ2QNx9vCPf4ALPnWXZPnVYTXN1D7T7RE4h8mnWvxF
pl/SZv2cv4IBo48x11DLDpJwQE4L9IS+Ouj0SulsypULXcM4byjuQoOWOIXURMNN
H2lecxnO5u4klROCfUc3mjlxe4+ilCTscibcxJpXJtOp/RwvCf/2d5XnBudCLZk+
UMTNOCndRyBu9jx4WB1560hTjAvmMfVS6nvbIn4zUvNiDzVVXA6UJrE7GUeHALxM
WDI4PnCtU9r9w0xdrAILB5XVVI7Sqi3bBxkiJggCIkn+yYwcWkxj7n65ceSU2ZPv
-----END CERTIFICATE-----