Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/90WE-hDKBDUgQlBoEvL_fMGJfrE.roa
File:                     90WE-hDKBDUgQlBoEvL_fMGJfrE.roa (raw, json)
Hash identifier:          5WLk+rQLl8qXOHTBrORlnsKasMxKoNPxrBke0qEyKgg=
Subject key identifier:   F7:45:84:FA:10:CA:04:35:20:42:50:68:12:F2:FF:7C:C1:89:7E:B1
Certificate issuer:       /CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
Certificate serial:       018CC3B6C7439F15851BA462752D01E0B679
Authority key identifier: 11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/90WE-hDKBDUgQlBoEvL_fMGJfrE.roa
Signing time:             Mon 01 Jan 2024 06:29:44 +0000
ROA not before:           Mon 01 Jan 2024 06:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     53363
IP address blocks:        194.4.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:c7:43:9f:15:85:1b:a4:62:75:2d:01:e0:b6:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
        Validity
            Not Before: Jan  1 06:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f74584fa10ca04352042506812f2ff7cc1897eb1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:a1:ad:2c:8d:cf:3b:4b:3d:e5:2f:e5:d5:2a:
                    5f:09:f2:2b:13:54:d9:cd:31:ca:e3:df:ef:8c:b1:
                    13:d8:bf:fb:6a:fc:3a:be:09:e4:cb:dd:1b:cd:e5:
                    e4:96:53:9a:44:c4:9b:fa:ff:91:09:42:ee:e2:79:
                    49:8d:a2:ec:bb:55:4f:95:9f:40:f8:39:bf:83:da:
                    34:3d:72:61:59:b1:3a:79:97:71:9e:6e:60:2e:83:
                    51:a2:ae:cd:36:98:9c:57:8c:7e:88:3d:79:ce:9f:
                    de:0e:d9:4b:fd:1c:f1:bc:1a:43:f7:31:ee:14:6b:
                    e3:3e:79:dd:ad:8e:49:7a:ca:cf:d3:7a:1d:a3:cd:
                    1c:e2:e0:05:9a:a1:f6:9e:1a:1e:71:2b:a9:ff:4c:
                    0f:b1:43:c7:96:00:45:6b:f8:ef:dd:13:fe:7f:5a:
                    3c:f7:ec:e1:17:dc:d6:1c:34:6d:3d:68:e0:d2:92:
                    a9:7a:92:a3:fa:0c:aa:99:17:fc:ef:f1:4a:96:7b:
                    d0:f8:fe:8a:cb:4c:af:25:56:83:7e:67:af:76:e4:
                    99:5f:0c:73:a6:0b:72:da:b7:26:45:00:f9:fd:fc:
                    19:86:9c:97:dc:91:94:f2:dc:9b:f1:a6:1a:1e:f3:
                    17:97:81:4e:bc:9e:3a:9d:20:2d:45:1f:29:22:7c:
                    53:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:45:84:FA:10:CA:04:35:20:42:50:68:12:F2:FF:7C:C1:89:7E:B1
            X509v3 Authority Key Identifier:
                keyid:11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/90WE-hDKBDUgQlBoEvL_fMGJfrE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.4.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:da:48:22:fd:1c:56:a1:9f:54:16:1a:e0:c2:1e:45:6c:99:
         62:5f:55:f1:eb:31:37:c3:78:ec:0b:fe:22:ec:36:5e:f7:41:
         20:07:6e:03:a7:08:b4:c7:26:92:f0:90:88:bf:b8:2f:65:63:
         30:be:78:e0:5b:6e:1c:28:3d:03:53:52:1b:18:19:00:2d:16:
         07:0a:46:28:af:b5:2d:bc:bc:c6:e0:11:5c:d0:44:bb:1a:61:
         05:2e:52:38:35:c7:51:61:65:d6:cc:5c:53:39:89:41:da:ce:
         df:ca:53:80:19:95:6d:e9:e4:ab:c7:f5:86:e6:fc:27:bf:52:
         21:ee:77:3d:4d:cb:a2:74:f7:0d:ed:3a:02:ac:5a:21:7a:27:
         a3:b8:39:a2:2b:a2:84:c0:ba:d6:30:80:33:b1:5a:42:09:0f:
         87:c3:e7:89:1e:f2:20:8b:48:a7:d5:e4:4d:dc:ed:d0:50:63:
         c0:bd:87:52:c8:d3:21:9f:36:06:a8:32:ef:09:48:82:8c:11:
         c0:8f:b5:70:73:bb:ae:d6:98:9e:65:7b:6c:49:b2:0a:e3:50:
         5f:cb:b6:c0:81:97:a1:f0:59:1f:4f:78:14:2b:cb:b9:ed:b0:
         db:3b:5d:b2:58:5b:6d:2d:41:65:09:df:f5:ad:c6:a2:ed:19:
         94:88:7c:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtsdDnxWFG6RidS0B4LZ5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYTAxMGY4N2EwNDliNmUyMWFiZWQ5YjQwOTgzYjA0ZjNm
MWM3ZTgwHhcNMjQwMTAxMDYyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzQ1ODRmYTEwY2EwNDM1MjA0MjUwNjgxMmYyZmY3Y2MxODk3ZWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj6GtLI3PO0s95S/l1SpfCfIrE1TZ
zTHK49/vjLET2L/7avw6vgnky90bzeXkllOaRMSb+v+RCULu4nlJjaLsu1VPlZ9A
+Dm/g9o0PXJhWbE6eZdxnm5gLoNRoq7NNpicV4x+iD15zp/eDtlL/RzxvBpD9zHu
FGvjPnndrY5JesrP03odo80c4uAFmqH2nhoecSup/0wPsUPHlgBFa/jv3RP+f1o8
9+zhF9zWHDRtPWjg0pKpepKj+gyqmRf87/FKlnvQ+P6Ky0yvJVaDfmevduSZXwxz
pgty2rcmRQD5/fwZhpyX3JGU8tyb8aYaHvMXl4FOvJ46nSAtRR8pInxTkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPdFhPoQygQ1IEJQaBLy/3zBiX6xMB8GA1UdIwQY
MBaAFBGgEPh6BJtuIavtm0CYOwTz8cfoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUt
ZWU3NDY1NzU0ZmY2LzEvOTBXRS1oREtCRFVnUWxCb0V2TF9mTUdKZnJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUtZWU3NDY1NzU0ZmY2
LzEvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgQyMA0G
CSqGSIb3DQEBCwUAA4IBAQCc2kgi/RxWoZ9UFhrgwh5FbJliX1Xx6zE3w3jsC/4i
7DZe90EgB24Dpwi0xyaS8JCIv7gvZWMwvnjgW24cKD0DU1IbGBkALRYHCkYor7Ut
vLzG4BFc0ES7GmEFLlI4NcdRYWXWzFxTOYlB2s7fylOAGZVt6eSrx/WG5vwnv1Ih
7nc9TcuidPcN7ToCrFoheiejuDmiK6KEwLrWMIAzsVpCCQ+Hw+eJHvIgi0in1eRN
3O3QUGPAvYdSyNMhnzYGqDLvCUiCjBHAj7Vwc7uu1pieZXtsSbIK41Bfy7bAgZeh
8FkfT3gUK8u57bDbO12yWFttLUFlCd/1rcai7RmUiHwx
-----END CERTIFICATE-----