Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/63440c-3d43-458f-879e-021f50932156/1/Stwf5Ve6ciH8gUebypPw9VFlT50.roa
File:                     Stwf5Ve6ciH8gUebypPw9VFlT50.roa (raw, json)
Hash identifier:          ZGb9hCnIHFLBeTqQMbI8zwoRBzCCHF0OjX4y/GBd09k=
Subject key identifier:   4A:DC:1F:E5:57:BA:72:21:FC:81:47:9B:CA:93:F0:F5:51:65:4F:9D
Certificate issuer:       /CN=15286f0225c141d95857fe74646949e75dd96f28
Certificate serial:       018CC26D2EB8BBA826763D760976F1ADCACA
Authority key identifier: 15:28:6F:02:25:C1:41:D9:58:57:FE:74:64:69:49:E7:5D:D9:6F:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FShvAiXBQdlYV_50ZGlJ513Zbyg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/63440c-3d43-458f-879e-021f50932156/1/Stwf5Ve6ciH8gUebypPw9VFlT50.roa
Signing time:             Mon 01 Jan 2024 00:29:44 +0000
ROA not before:           Mon 01 Jan 2024 00:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        193.8.250.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/63440c-3d43-458f-879e-021f50932156/1/FShvAiXBQdlYV_50ZGlJ513Zbyg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/63440c-3d43-458f-879e-021f50932156/1/FShvAiXBQdlYV_50ZGlJ513Zbyg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FShvAiXBQdlYV_50ZGlJ513Zbyg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:2e:b8:bb:a8:26:76:3d:76:09:76:f1:ad:ca:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15286f0225c141d95857fe74646949e75dd96f28
        Validity
            Not Before: Jan  1 00:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4adc1fe557ba7221fc81479bca93f0f551654f9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:6b:87:b7:02:70:56:18:3b:b1:2e:1c:49:51:
                    ce:bd:61:f7:2f:83:93:ea:a1:fb:c0:62:0f:f2:b5:
                    59:43:01:43:b5:59:dc:44:0a:60:90:e2:a5:5f:24:
                    88:8d:1d:6f:9d:fd:44:c0:ec:f1:b6:7e:ba:89:d0:
                    c0:71:71:45:d7:ff:cf:a0:a9:d2:03:4b:3e:4f:3f:
                    27:29:52:0d:9e:1d:56:85:98:9b:2b:4f:e5:b3:05:
                    43:d2:36:02:69:42:2b:e5:61:7f:5b:c3:18:ab:45:
                    df:98:f2:9b:00:70:1c:90:57:86:25:2f:42:38:d1:
                    a7:59:75:4e:8e:d3:1f:1e:82:fe:a7:44:c8:04:57:
                    8e:7f:46:b9:fa:41:45:61:ea:0f:2d:8b:e6:b5:af:
                    cf:46:6b:d1:40:9a:c5:39:ff:a6:48:aa:92:ca:60:
                    8d:e4:2f:01:2e:6b:97:1e:ae:75:85:7c:95:3c:46:
                    84:3d:7a:70:52:b0:fb:40:f7:4a:4c:5a:45:fc:7f:
                    03:21:a2:5f:60:db:26:05:0d:b3:56:92:a6:a1:6c:
                    4e:dd:6d:85:27:69:f9:72:26:48:a5:e6:26:d7:a9:
                    7f:f8:1e:42:f8:55:71:62:b5:ae:e7:f6:44:4d:c2:
                    2e:ca:a2:78:fd:3e:99:e3:aa:54:73:05:07:fa:26:
                    e7:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:DC:1F:E5:57:BA:72:21:FC:81:47:9B:CA:93:F0:F5:51:65:4F:9D
            X509v3 Authority Key Identifier:
                keyid:15:28:6F:02:25:C1:41:D9:58:57:FE:74:64:69:49:E7:5D:D9:6F:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FShvAiXBQdlYV_50ZGlJ513Zbyg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/63440c-3d43-458f-879e-021f50932156/1/Stwf5Ve6ciH8gUebypPw9VFlT50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/63440c-3d43-458f-879e-021f50932156/1/FShvAiXBQdlYV_50ZGlJ513Zbyg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:fe:87:30:b7:8a:9a:1e:1f:54:92:00:9a:08:ca:8d:5c:ce:
         17:9a:a9:93:92:2e:43:aa:25:41:26:ce:a3:aa:3d:85:ac:95:
         27:a3:34:8c:66:aa:7a:8c:f5:27:71:1c:12:88:10:a2:f8:07:
         73:b6:b8:6e:de:15:bd:95:de:98:16:a8:e5:cb:c4:9a:4a:d2:
         24:a8:2b:27:f0:fb:fa:d8:be:c7:6a:40:db:f1:ab:0f:d9:f4:
         d1:0a:8a:25:a2:74:1a:04:90:d9:48:1e:f1:00:5e:d2:fb:28:
         5d:3c:04:26:81:ca:39:a5:ac:09:d6:e4:0e:5d:5f:3f:bd:b7:
         55:3d:62:31:f0:ab:4e:16:88:13:77:0d:46:8f:86:29:51:45:
         81:fc:e4:d2:25:a9:89:57:87:1f:9b:0f:bb:21:85:5a:45:0d:
         41:33:23:ee:a2:9b:2d:93:6e:c2:a1:ad:76:a7:8d:e5:d1:86:
         7e:78:34:4d:10:1f:dc:21:57:06:f4:41:7c:ac:c9:b2:65:96:
         e1:50:7e:b6:66:98:b7:04:23:80:60:98:f9:b4:04:88:9e:69:
         52:88:b3:00:6d:24:83:bd:a7:13:68:93:68:ae:31:ed:58:5d:
         10:03:3c:03:3c:5c:cc:0d:74:76:12:95:92:83:ea:10:6f:39:
         2b:2f:18:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbS64u6gmdj12CXbxrcrKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1Mjg2ZjAyMjVjMTQxZDk1ODU3ZmU3NDY0Njk0OWU3NWRk
OTZmMjgwHhcNMjQwMTAxMDAyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWRjMWZlNTU3YmE3MjIxZmM4MTQ3OWJjYTkzZjBmNTUxNjU0ZjlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlWuHtwJwVhg7sS4cSVHOvWH3L4OT
6qH7wGIP8rVZQwFDtVncRApgkOKlXySIjR1vnf1EwOzxtn66idDAcXFF1//PoKnS
A0s+Tz8nKVINnh1WhZibK0/lswVD0jYCaUIr5WF/W8MYq0XfmPKbAHAckFeGJS9C
ONGnWXVOjtMfHoL+p0TIBFeOf0a5+kFFYeoPLYvmta/PRmvRQJrFOf+mSKqSymCN
5C8BLmuXHq51hXyVPEaEPXpwUrD7QPdKTFpF/H8DIaJfYNsmBQ2zVpKmoWxO3W2F
J2n5ciZIpeYm16l/+B5C+FVxYrWu5/ZETcIuyqJ4/T6Z46pUcwUH+ibnAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFErcH+VXunIh/IFHm8qT8PVRZU+dMB8GA1UdIwQY
MBaAFBUobwIlwUHZWFf+dGRpSedd2W8oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlNodkFpWEJRZGxZVl81MFpHbEo1MTNaYnlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni82MzQ0MGMtM2Q0My00NThmLTg3OWUt
MDIxZjUwOTMyMTU2LzEvU3R3ZjVWZTZjaUg4Z1VlYnlwUHc5VkZsVDUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni82MzQ0MGMtM2Q0My00NThmLTg3OWUtMDIxZjUwOTMyMTU2
LzEvRlNodkFpWEJRZGxZVl81MFpHbEo1MTNaYnlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQj6MA0G
CSqGSIb3DQEBCwUAA4IBAQBl/ocwt4qaHh9UkgCaCMqNXM4XmqmTki5DqiVBJs6j
qj2FrJUnozSMZqp6jPUncRwSiBCi+Adztrhu3hW9ld6YFqjly8SaStIkqCsn8Pv6
2L7HakDb8asP2fTRCoolonQaBJDZSB7xAF7S+yhdPAQmgco5pawJ1uQOXV8/vbdV
PWIx8KtOFogTdw1Gj4YpUUWB/OTSJamJV4cfmw+7IYVaRQ1BMyPuopstk27Coa12
p43l0YZ+eDRNEB/cIVcG9EF8rMmyZZbhUH62Zpi3BCOAYJj5tASInmlSiLMAbSSD
vacTaJNorjHtWF0QAzwDPFzMDXR2EpWSg+oQbzkrLxiJ
-----END CERTIFICATE-----