Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/50YGB-iroCpOpfGPSSu1Hpntzf4.roa
File:                     50YGB-iroCpOpfGPSSu1Hpntzf4.roa (raw, json)
Hash identifier:          5lvnT6co7VzA/8N8iu7cBVjZRHM9ciTul33FqxkRdLg=
Subject key identifier:   E7:46:06:07:E8:AB:A0:2A:4E:A5:F1:8F:49:2B:B5:1E:99:ED:CD:FE
Certificate issuer:       /CN=3433ae1c60672c7591a8f97d68f79fb2a5ee8da7
Certificate serial:       019426D9E7F3630208FE36DD9F1948B451F5
Authority key identifier: 34:33:AE:1C:60:67:2C:75:91:A8:F9:7D:68:F7:9F:B2:A5:EE:8D:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NDOuHGBnLHWRqPl9aPefsqXujac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/50YGB-iroCpOpfGPSSu1Hpntzf4.roa
Signing time:             Thu 02 Jan 2025 11:50:02 +0000
ROA not before:           Thu 02 Jan 2025 11:50:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216444
IP address blocks:        5.199.164.0/22 maxlen: 32
                          5.199.165.0/24 maxlen: 32
                          2a02:ae00:1000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/NDOuHGBnLHWRqPl9aPefsqXujac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/NDOuHGBnLHWRqPl9aPefsqXujac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NDOuHGBnLHWRqPl9aPefsqXujac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 11:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:e7:f3:63:02:08:fe:36:dd:9f:19:48:b4:51:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3433ae1c60672c7591a8f97d68f79fb2a5ee8da7
        Validity
            Not Before: Jan  2 11:50:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e7460607e8aba02a4ea5f18f492bb51e99edcdfe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:08:f2:af:1b:5f:80:b3:fb:17:17:89:0e:51:
                    f6:35:29:c8:e1:3f:c9:e8:48:18:e5:9b:57:e7:45:
                    f7:6c:cc:f1:24:2b:f8:d2:60:0a:d0:25:b7:e6:05:
                    e6:a2:f1:3b:78:25:69:ab:bb:93:2c:48:4c:5d:80:
                    93:f3:ae:ef:60:18:e6:c9:82:68:4d:7e:cc:ad:f4:
                    fc:88:01:0a:ea:32:6b:84:25:6d:d4:85:d5:1f:4c:
                    40:94:f5:53:84:cc:6b:95:4b:b1:7c:6d:12:10:59:
                    44:02:6d:7a:02:92:c6:89:7a:80:48:9a:df:a8:97:
                    b0:17:18:7b:0a:f3:da:f8:f4:5a:ec:b0:c7:3b:af:
                    27:0b:c6:7e:ca:f0:0e:97:43:96:75:cc:c3:a9:44:
                    a6:4a:0d:51:d9:06:6b:d2:85:e6:5c:60:fb:4b:3e:
                    68:a0:ee:7e:39:a3:37:d4:bc:c3:c0:28:03:31:19:
                    3b:13:04:8c:16:b3:56:2c:a0:70:9c:71:26:1b:55:
                    37:a9:7f:d0:77:80:63:61:49:fd:5c:d3:88:d2:6d:
                    71:2f:42:80:2c:51:dc:fe:e8:23:a4:28:fb:41:a6:
                    8e:5b:ae:52:a3:d0:f1:58:2b:86:f5:2a:d2:84:3a:
                    a5:27:b9:37:5c:13:17:a9:9b:a4:54:0c:5a:6b:e3:
                    f5:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:46:06:07:E8:AB:A0:2A:4E:A5:F1:8F:49:2B:B5:1E:99:ED:CD:FE
            X509v3 Authority Key Identifier:
                keyid:34:33:AE:1C:60:67:2C:75:91:A8:F9:7D:68:F7:9F:B2:A5:EE:8D:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NDOuHGBnLHWRqPl9aPefsqXujac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/50YGB-iroCpOpfGPSSu1Hpntzf4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/NDOuHGBnLHWRqPl9aPefsqXujac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.199.164.0/22
                IPv6:
                  2a02:ae00:1000::/36

    Signature Algorithm: sha256WithRSAEncryption
         1c:0b:56:05:1e:02:38:3e:c2:70:4c:08:ec:88:ca:cb:6a:3a:
         fc:14:30:06:b4:aa:60:f1:c4:4a:bc:60:04:5f:e8:68:8e:73:
         40:bf:82:41:6d:79:15:06:6f:cc:20:3f:5a:af:ee:ff:68:d0:
         3f:1f:74:fe:3e:1a:3e:44:59:fc:4b:3c:2f:8d:2c:8a:d8:e1:
         c2:16:49:cd:98:21:0e:1d:d5:84:42:1c:e7:26:ff:48:fd:82:
         1f:d0:06:f9:66:81:d4:c5:7b:97:8a:2c:44:0e:f4:6a:f5:2e:
         9e:05:a5:cf:de:8e:91:75:f0:9a:86:6b:b5:b5:6d:e0:43:68:
         59:eb:c2:48:ad:f5:91:eb:a4:91:e8:68:55:2d:84:ac:55:5a:
         bf:bc:2a:99:47:b4:ef:7c:5c:a2:d0:ab:ec:c6:f8:3f:1f:c6:
         95:5c:e5:6a:59:39:05:c6:8e:c5:4d:2e:9b:d7:b3:22:e8:3d:
         50:f0:4e:d3:3c:59:4d:15:b8:66:6e:3e:48:a7:e6:6e:1d:c7:
         d5:fd:31:3b:b0:5d:0e:c4:a9:39:9a:fe:fe:82:fa:ca:f3:b2:
         ba:31:b4:c0:af:eb:eb:12:1a:66:f3:e4:f4:48:3a:bd:ca:cc:
         21:59:ef:a0:e0:6b:ee:a4:38:eb:d9:73:2c:28:ef:a6:cb:da:
         ba:e8:74:99
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZQm2efzYwII/jbdnxlItFH1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0MzNhZTFjNjA2NzJjNzU5MWE4Zjk3ZDY4Zjc5ZmIyYTVl
ZThkYTcwHhcNMjUwMTAyMTE1MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzQ2MDYwN2U4YWJhMDJhNGVhNWYxOGY0OTJiYjUxZTk5ZWRjZGZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwjyrxtfgLP7FxeJDlH2NSnI4T/J
6EgY5ZtX50X3bMzxJCv40mAK0CW35gXmovE7eCVpq7uTLEhMXYCT867vYBjmyYJo
TX7MrfT8iAEK6jJrhCVt1IXVH0xAlPVThMxrlUuxfG0SEFlEAm16ApLGiXqASJrf
qJewFxh7CvPa+PRa7LDHO68nC8Z+yvAOl0OWdczDqUSmSg1R2QZr0oXmXGD7Sz5o
oO5+OaM31LzDwCgDMRk7EwSMFrNWLKBwnHEmG1U3qX/Qd4BjYUn9XNOI0m1xL0KA
LFHc/ugjpCj7QaaOW65So9DxWCuG9SrShDqlJ7k3XBMXqZukVAxaa+P1wQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFOdGBgfoq6AqTqXxj0krtR6Z7c3+MB8GA1UdIwQY
MBaAFDQzrhxgZyx1kaj5fWj3n7Kl7o2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkRPdUhHQm5MSFdScVBsOWFQZWZzcVh1amFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My85Y2E0NDYtZmM1Yy00NzQ2LWIyNmYt
MzBjZTgzNzAxYjM5LzEvNTBZR0ItaXJvQ3BPcGZHUFNTdTFIcG50emY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My85Y2E0NDYtZmM1Yy00NzQ2LWIyNmYtMzBjZTgzNzAxYjM5
LzEvTkRPdUhHQm5MSFdScVBsOWFQZWZzcVh1amFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQCBcekMA4E
AgACMAgDBgQqAq4AEDANBgkqhkiG9w0BAQsFAAOCAQEAHAtWBR4COD7CcEwI7IjK
y2o6/BQwBrSqYPHESrxgBF/oaI5zQL+CQW15FQZvzCA/Wq/u/2jQPx90/j4aPkRZ
/Es8L40sitjhwhZJzZghDh3VhEIc5yb/SP2CH9AG+WaB1MV7l4osRA70avUungWl
z96OkXXwmoZrtbVt4ENoWevCSK31keukkehoVS2ErFVav7wqmUe073xcotCr7Mb4
Px/GlVzlalk5BcaOxU0um9ezIug9UPBO0zxZTRW4Zm4+SKfmbh3H1f0xO7BdDsSp
OZr+/oL6yvOyujG0wK/r6xIaZvPk9Eg6vcrMIVnvoOBr7qQ469lzLCjvpsvauuh0
mQ==
-----END CERTIFICATE-----