Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/bdfd19-201a-444d-8d88-6ef4c7c7470b/1/Dt6uY41BWerlsAT3pjSfp1wZD1I.roa
File:                     Dt6uY41BWerlsAT3pjSfp1wZD1I.roa (raw, json)
Hash identifier:          XcYBs5d7qBwu301WsO8fJfDhKTVUF0o8uPcCXWLD5I0=
Subject key identifier:   0E:DE:AE:63:8D:41:59:EA:E5:B0:04:F7:A6:34:9F:A7:5C:19:0F:52
Certificate issuer:       /CN=14c51262fe87f4e295ef9e7f87a1f9e49f57c300
Certificate serial:       018CC5DD1105E0449074A66A5E6292A1679D
Authority key identifier: 14:C5:12:62:FE:87:F4:E2:95:EF:9E:7F:87:A1:F9:E4:9F:57:C3:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FMUSYv6H9OKV755_h6H55J9XwwA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/bdfd19-201a-444d-8d88-6ef4c7c7470b/1/Dt6uY41BWerlsAT3pjSfp1wZD1I.roa
Signing time:             Mon 01 Jan 2024 16:30:48 +0000
ROA not before:           Mon 01 Jan 2024 16:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203906
IP address blocks:        185.50.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/bdfd19-201a-444d-8d88-6ef4c7c7470b/1/FMUSYv6H9OKV755_h6H55J9XwwA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/bdfd19-201a-444d-8d88-6ef4c7c7470b/1/FMUSYv6H9OKV755_h6H55J9XwwA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FMUSYv6H9OKV755_h6H55J9XwwA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 14:20:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dd:11:05:e0:44:90:74:a6:6a:5e:62:92:a1:67:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=14c51262fe87f4e295ef9e7f87a1f9e49f57c300
        Validity
            Not Before: Jan  1 16:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0edeae638d4159eae5b004f7a6349fa75c190f52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:68:b9:2d:0e:b5:10:16:d6:40:4a:9d:7c:19:
                    29:b6:04:04:f5:e8:ec:9f:82:ed:2f:52:6a:8f:b1:
                    3b:6d:89:65:2b:08:34:60:9f:26:b0:78:5d:36:b4:
                    1c:69:f5:4e:da:52:fc:1e:1a:29:65:80:9a:1b:7d:
                    fa:e9:09:08:a1:77:2a:f6:1b:97:b5:79:46:12:9a:
                    2d:e9:57:7a:89:f0:44:af:8a:bf:30:c6:a8:56:92:
                    8c:b1:80:08:7f:f0:34:c5:65:bd:23:58:7c:51:63:
                    d9:df:bd:50:20:aa:22:11:b3:99:7c:52:a8:c6:46:
                    85:94:1a:56:a6:7d:58:2a:71:0c:16:e5:f8:8f:59:
                    e7:76:59:36:0c:0f:1b:aa:19:46:69:e0:4c:e5:06:
                    40:fc:f3:a0:0f:a0:82:bb:08:e4:6b:af:e5:94:a4:
                    c1:55:6c:cd:73:b3:ad:78:dc:37:a8:1c:77:5b:b0:
                    5f:a4:ba:d1:12:26:78:58:e2:04:e2:6c:63:f4:44:
                    6a:c1:3e:5f:e2:6a:f4:8d:40:23:19:f6:61:24:bc:
                    37:4f:4d:88:fc:40:fe:5c:fe:ba:df:d6:35:73:62:
                    f8:14:df:28:98:14:df:45:78:ca:ac:70:87:1d:a5:
                    82:33:ac:54:d4:1f:3f:5c:3d:42:06:45:23:b1:24:
                    80:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:DE:AE:63:8D:41:59:EA:E5:B0:04:F7:A6:34:9F:A7:5C:19:0F:52
            X509v3 Authority Key Identifier:
                keyid:14:C5:12:62:FE:87:F4:E2:95:EF:9E:7F:87:A1:F9:E4:9F:57:C3:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FMUSYv6H9OKV755_h6H55J9XwwA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/bdfd19-201a-444d-8d88-6ef4c7c7470b/1/Dt6uY41BWerlsAT3pjSfp1wZD1I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/bdfd19-201a-444d-8d88-6ef4c7c7470b/1/FMUSYv6H9OKV755_h6H55J9XwwA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.50.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:9b:a7:14:c9:86:df:d2:8c:dc:ed:e1:7b:b2:8d:1b:0e:77:
         3e:23:80:26:10:ed:d1:ae:b2:20:12:61:19:13:d3:1e:b4:85:
         d0:01:fd:d9:69:80:7d:12:ae:1a:d1:1b:8e:3f:38:ff:20:e7:
         27:1e:a6:14:43:31:95:88:fa:f7:ee:c4:56:1f:58:6e:4a:04:
         10:eb:fb:8e:bb:c2:6a:76:55:f7:08:58:c4:28:d9:29:43:bb:
         8a:66:9b:7b:f9:37:09:a1:c9:e9:7f:b3:dc:3c:eb:eb:45:2e:
         45:d8:88:b5:3f:b1:db:db:4c:03:9d:3a:65:bd:f9:e0:7e:30:
         09:9e:f3:27:06:5a:53:5d:0d:fd:02:28:e0:ae:47:9d:39:c3:
         62:29:c7:14:01:fd:c1:43:f4:37:47:3c:b8:61:df:87:ba:eb:
         42:dc:e2:d9:d0:90:9b:4e:67:e7:45:bb:fc:45:2e:a1:0d:8f:
         fe:eb:8d:ed:a3:56:c7:73:9c:b8:25:e7:11:af:8a:96:ae:1b:
         6a:80:0c:92:45:b1:18:83:cf:9a:d5:22:56:55:8c:50:80:55:
         ae:01:16:50:52:c9:84:be:14:8f:a2:e9:4e:11:90:c9:27:f5:
         59:f7:94:96:b7:ad:73:0c:cd:71:fd:e8:51:ca:e9:0b:98:8f:
         5b:d1:ba:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3REF4ESQdKZqXmKSoWedMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0YzUxMjYyZmU4N2Y0ZTI5NWVmOWU3Zjg3YTFmOWU0OWY1
N2MzMDAwHhcNMjQwMTAxMTYzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWRlYWU2MzhkNDE1OWVhZTViMDA0ZjdhNjM0OWZhNzVjMTkwZjUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqGi5LQ61EBbWQEqdfBkptgQE9ejs
n4LtL1Jqj7E7bYllKwg0YJ8msHhdNrQcafVO2lL8HhopZYCaG3366QkIoXcq9huX
tXlGEpot6Vd6ifBEr4q/MMaoVpKMsYAIf/A0xWW9I1h8UWPZ371QIKoiEbOZfFKo
xkaFlBpWpn1YKnEMFuX4j1nndlk2DA8bqhlGaeBM5QZA/POgD6CCuwjka6/llKTB
VWzNc7OteNw3qBx3W7BfpLrREiZ4WOIE4mxj9ERqwT5f4mr0jUAjGfZhJLw3T02I
/ED+XP6639Y1c2L4FN8omBTfRXjKrHCHHaWCM6xU1B8/XD1CBkUjsSSA7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA7ermONQVnq5bAE96Y0n6dcGQ9SMB8GA1UdIwQY
MBaAFBTFEmL+h/Tile+ef4eh+eSfV8MAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRk1VU1l2Nkg5T0tWNzU1X2g2SDU1SjlYd3dBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9iZGZkMTktMjAxYS00NDRkLThkODgt
NmVmNGM3Yzc0NzBiLzEvRHQ2dVk0MUJXZXJsc0FUM3BqU2ZwMXdaRDFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9iZGZkMTktMjAxYS00NDRkLThkODgtNmVmNGM3Yzc0NzBi
LzEvRk1VU1l2Nkg5T0tWNzU1X2g2SDU1SjlYd3dBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTJjMA0G
CSqGSIb3DQEBCwUAA4IBAQBlm6cUyYbf0ozc7eF7so0bDnc+I4AmEO3RrrIgEmEZ
E9MetIXQAf3ZaYB9Eq4a0RuOPzj/IOcnHqYUQzGViPr37sRWH1huSgQQ6/uOu8Jq
dlX3CFjEKNkpQ7uKZpt7+TcJocnpf7PcPOvrRS5F2Ii1P7Hb20wDnTplvfngfjAJ
nvMnBlpTXQ39AijgrkedOcNiKccUAf3BQ/Q3Rzy4Yd+HuutC3OLZ0JCbTmfnRbv8
RS6hDY/+643to1bHc5y4JecRr4qWrhtqgAySRbEYg8+a1SJWVYxQgFWuARZQUsmE
vhSPoulOEZDJJ/VZ95SWt61zDM1x/ehRyukLmI9b0bq3
-----END CERTIFICATE-----