Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/5cb473-35a1-4727-8773-a0d6f0eeb5c2/1/rS0Pl6Ki11JKoqIGDiWxGWgETbg.roa
File:                     rS0Pl6Ki11JKoqIGDiWxGWgETbg.roa (raw, json)
Hash identifier:          8mUFT9iUK+C5lUi/VI9UebFTt9Mk3Ls7k/VuVFCP5lU=
Subject key identifier:   AD:2D:0F:97:A2:A2:D7:52:4A:A2:A2:06:0E:25:B1:19:68:04:4D:B8
Certificate issuer:       /CN=43a438813750133e55001bf89670a0db3ae5be1f
Certificate serial:       018CC349011EA6C53FCE963CCFC1818F2BB9
Authority key identifier: 43:A4:38:81:37:50:13:3E:55:00:1B:F8:96:70:A0:DB:3A:E5:BE:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q6Q4gTdQEz5VABv4lnCg2zrlvh8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/5cb473-35a1-4727-8773-a0d6f0eeb5c2/1/rS0Pl6Ki11JKoqIGDiWxGWgETbg.roa
Signing time:             Mon 01 Jan 2024 04:29:50 +0000
ROA not before:           Mon 01 Jan 2024 04:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41778
IP address blocks:        194.50.177.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/5cb473-35a1-4727-8773-a0d6f0eeb5c2/1/Q6Q4gTdQEz5VABv4lnCg2zrlvh8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/5cb473-35a1-4727-8773-a0d6f0eeb5c2/1/Q6Q4gTdQEz5VABv4lnCg2zrlvh8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q6Q4gTdQEz5VABv4lnCg2zrlvh8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 13:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:01:1e:a6:c5:3f:ce:96:3c:cf:c1:81:8f:2b:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43a438813750133e55001bf89670a0db3ae5be1f
        Validity
            Not Before: Jan  1 04:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ad2d0f97a2a2d7524aa2a2060e25b11968044db8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:0b:b9:cc:84:80:c3:ca:51:18:13:c7:19:76:
                    9e:fa:db:f1:37:6f:a8:e8:30:6d:2f:ce:99:8c:ff:
                    ce:77:b4:be:28:ea:42:58:4a:84:3b:56:fb:83:1b:
                    51:d8:30:59:05:ca:7e:bb:39:d8:a5:a5:0d:a2:e9:
                    38:35:c7:4a:2d:36:40:4a:87:45:e3:5b:fc:0e:e6:
                    ce:d2:21:44:bc:6d:3d:48:24:69:ce:ed:2b:56:a0:
                    d7:57:00:73:5c:39:de:94:79:5c:87:ba:d4:4c:60:
                    52:34:15:30:f3:b1:e4:04:62:e7:9f:8a:ec:4f:43:
                    8f:26:4e:b1:7a:03:e4:e0:e8:97:fd:93:6a:a7:cd:
                    54:86:83:01:c8:3c:27:d1:36:a3:b5:e9:04:4a:c4:
                    61:b6:5c:7a:5f:26:28:70:c0:27:e5:0e:c8:be:b9:
                    64:21:0d:2a:1b:b8:16:7a:40:c7:6f:16:7a:92:81:
                    73:4a:09:79:5f:19:ff:1c:6f:91:64:57:d4:dc:95:
                    46:47:c8:42:c4:99:a6:be:bf:c5:55:cc:26:40:af:
                    45:88:3d:4c:2e:d1:a8:ce:e5:de:82:1f:3a:8b:29:
                    12:50:e3:bf:f9:f5:0b:1d:c4:f0:e6:15:44:6e:64:
                    a9:ba:ea:f7:10:51:7e:2e:72:71:7b:fe:de:a4:dd:
                    77:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:2D:0F:97:A2:A2:D7:52:4A:A2:A2:06:0E:25:B1:19:68:04:4D:B8
            X509v3 Authority Key Identifier:
                keyid:43:A4:38:81:37:50:13:3E:55:00:1B:F8:96:70:A0:DB:3A:E5:BE:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q6Q4gTdQEz5VABv4lnCg2zrlvh8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/5cb473-35a1-4727-8773-a0d6f0eeb5c2/1/rS0Pl6Ki11JKoqIGDiWxGWgETbg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/5cb473-35a1-4727-8773-a0d6f0eeb5c2/1/Q6Q4gTdQEz5VABv4lnCg2zrlvh8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:5e:89:9e:10:a2:3f:fd:03:68:dc:a9:4b:e5:91:fe:2c:ef:
         9a:e7:e7:ba:91:2e:74:6d:0a:a3:de:f6:55:b2:60:25:ed:85:
         e0:85:67:ad:4e:0e:63:77:b7:72:47:13:d0:70:cb:c3:b4:a6:
         0f:02:21:f7:1d:0b:a6:fd:b1:b2:1a:54:b2:bf:41:87:9a:b6:
         81:96:f9:f5:44:3c:d5:4f:46:e1:71:4b:58:34:ec:18:54:63:
         03:d4:71:02:8c:22:22:6b:4a:78:76:e3:df:fb:18:cf:a9:64:
         ad:29:a9:5e:48:7b:fe:53:1e:12:21:02:4e:87:36:7c:c2:6e:
         f4:cf:a8:4e:c4:42:b5:61:72:f7:35:de:35:c3:13:3e:b3:b5:
         99:c6:88:b5:7f:b4:0e:9c:80:05:7c:6f:a4:72:6f:a6:98:fb:
         52:b7:b6:99:cb:a1:15:a6:20:6a:8a:96:19:42:01:f0:be:7f:
         09:fc:16:0f:26:62:b2:89:62:71:a9:54:16:6e:ad:cf:e8:6f:
         d9:6c:83:63:8c:2f:f5:7e:47:a9:df:cb:9c:f7:b7:15:82:74:
         59:dc:42:b3:7d:92:b4:15:c0:4a:c1:8d:d6:74:5f:62:ff:8d:
         70:fa:1f:13:0f:67:0a:72:8f:2e:bb:e6:1d:64:b6:be:72:10:
         87:00:0f:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSQEepsU/zpY8z8GBjyu5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzYTQzODgxMzc1MDEzM2U1NTAwMWJmODk2NzBhMGRiM2Fl
NWJlMWYwHhcNMjQwMTAxMDQyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDJkMGY5N2EyYTJkNzUyNGFhMmEyMDYwZTI1YjExOTY4MDQ0ZGI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArAu5zISAw8pRGBPHGXae+tvxN2+o
6DBtL86ZjP/Od7S+KOpCWEqEO1b7gxtR2DBZBcp+uznYpaUNouk4NcdKLTZASodF
41v8DubO0iFEvG09SCRpzu0rVqDXVwBzXDnelHlch7rUTGBSNBUw87HkBGLnn4rs
T0OPJk6xegPk4OiX/ZNqp81UhoMByDwn0TajtekESsRhtlx6XyYocMAn5Q7Ivrlk
IQ0qG7gWekDHbxZ6koFzSgl5Xxn/HG+RZFfU3JVGR8hCxJmmvr/FVcwmQK9FiD1M
LtGozuXegh86iykSUOO/+fULHcTw5hVEbmSpuur3EFF+LnJxe/7epN13sQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK0tD5eiotdSSqKiBg4lsRloBE24MB8GA1UdIwQY
MBaAFEOkOIE3UBM+VQAb+JZwoNs65b4fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTZRNGdUZFFFejVWQUJ2NGxuQ2cyenJsdmg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC81Y2I0NzMtMzVhMS00NzI3LTg3NzMt
YTBkNmYwZWViNWMyLzEvclMwUGw2S2kxMUpLb3FJR0RpV3hHV2dFVGJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC81Y2I0NzMtMzVhMS00NzI3LTg3NzMtYTBkNmYwZWViNWMy
LzEvUTZRNGdUZFFFejVWQUJ2NGxuQ2cyenJsdmg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjKxMA0G
CSqGSIb3DQEBCwUAA4IBAQCNXomeEKI//QNo3KlL5ZH+LO+a5+e6kS50bQqj3vZV
smAl7YXghWetTg5jd7dyRxPQcMvDtKYPAiH3HQum/bGyGlSyv0GHmraBlvn1RDzV
T0bhcUtYNOwYVGMD1HECjCIia0p4duPf+xjPqWStKaleSHv+Ux4SIQJOhzZ8wm70
z6hOxEK1YXL3Nd41wxM+s7WZxoi1f7QOnIAFfG+kcm+mmPtSt7aZy6EVpiBqipYZ
QgHwvn8J/BYPJmKyiWJxqVQWbq3P6G/ZbINjjC/1fkep38uc97cVgnRZ3EKzfZK0
FcBKwY3WdF9i/41w+h8TD2cKco8uu+YdZLa+chCHAA95
-----END CERTIFICATE-----