Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/ea4b1f-3d90-40f2-8f98-0baa7778ace7/1/Hc0DXnUHi69Tw736YcZuBaH2wqo.roa
File:                     Hc0DXnUHi69Tw736YcZuBaH2wqo.roa (raw, json)
Hash identifier:          mJrZKEZYstDwKtIFiCkSYVG6D24rP8nvztiB0VndU4w=
Subject key identifier:   1D:CD:03:5E:75:07:8B:AF:53:C3:BD:FA:61:C6:6E:05:A1:F6:C2:AA
Certificate issuer:       /CN=6c9b3e19fd1f430f5145d6db9241a5057ed96cb3
Certificate serial:       018CC3B6E45BB554FD4C27049775C0AC2BE5
Authority key identifier: 6C:9B:3E:19:FD:1F:43:0F:51:45:D6:DB:92:41:A5:05:7E:D9:6C:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bJs-Gf0fQw9RRdbbkkGlBX7ZbLM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/ea4b1f-3d90-40f2-8f98-0baa7778ace7/1/Hc0DXnUHi69Tw736YcZuBaH2wqo.roa
Signing time:             Mon 01 Jan 2024 06:29:52 +0000
ROA not before:           Mon 01 Jan 2024 06:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39581
IP address blocks:        194.50.63.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/ea4b1f-3d90-40f2-8f98-0baa7778ace7/1/bJs-Gf0fQw9RRdbbkkGlBX7ZbLM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/ea4b1f-3d90-40f2-8f98-0baa7778ace7/1/bJs-Gf0fQw9RRdbbkkGlBX7ZbLM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bJs-Gf0fQw9RRdbbkkGlBX7ZbLM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:e4:5b:b5:54:fd:4c:27:04:97:75:c0:ac:2b:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c9b3e19fd1f430f5145d6db9241a5057ed96cb3
        Validity
            Not Before: Jan  1 06:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1dcd035e75078baf53c3bdfa61c66e05a1f6c2aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:69:4d:a3:b4:24:af:ab:c3:12:b9:55:61:56:
                    69:fd:75:6f:6b:6f:99:44:59:c5:72:9d:a5:a2:0a:
                    dd:08:97:8a:4d:f0:18:bd:49:0f:64:04:d8:bb:02:
                    6d:8c:cb:cd:57:1b:1f:d2:a7:56:80:7d:05:0f:01:
                    2a:6a:a6:fc:48:16:aa:0c:2a:fb:df:08:4e:93:56:
                    e7:1b:6c:cf:7e:52:ec:78:ee:06:14:40:de:36:75:
                    c5:9b:48:73:49:5e:48:38:7c:13:86:e4:12:0a:da:
                    0a:18:df:e2:48:97:37:d3:46:13:a9:48:30:63:ef:
                    97:ef:6d:20:79:40:5f:a7:bd:10:4b:40:5c:c9:27:
                    11:3a:bc:9d:08:c8:3b:92:63:f3:04:4c:9d:48:95:
                    e3:80:b4:7f:87:7d:d0:bf:e8:1d:1a:c8:3f:52:b6:
                    ac:72:bf:65:6c:4b:ce:e4:92:25:d2:a4:6c:fe:8b:
                    26:60:28:d1:6f:c5:18:19:73:79:70:37:49:9f:f1:
                    41:6c:44:79:ee:3e:d8:9a:cb:bc:42:df:68:63:fe:
                    76:e5:3a:9a:3c:df:3d:d9:e0:df:c9:e5:4b:ee:01:
                    af:e2:b9:b5:00:a3:0c:fa:71:f9:09:6e:15:86:c5:
                    58:f7:7b:80:30:71:0b:9d:8d:7d:50:01:b1:8e:7c:
                    b6:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:CD:03:5E:75:07:8B:AF:53:C3:BD:FA:61:C6:6E:05:A1:F6:C2:AA
            X509v3 Authority Key Identifier:
                keyid:6C:9B:3E:19:FD:1F:43:0F:51:45:D6:DB:92:41:A5:05:7E:D9:6C:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bJs-Gf0fQw9RRdbbkkGlBX7ZbLM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/ea4b1f-3d90-40f2-8f98-0baa7778ace7/1/Hc0DXnUHi69Tw736YcZuBaH2wqo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/ea4b1f-3d90-40f2-8f98-0baa7778ace7/1/bJs-Gf0fQw9RRdbbkkGlBX7ZbLM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:a9:3a:07:d1:f6:41:49:55:bd:78:f2:69:e7:e4:4c:be:40:
         4a:5d:8d:59:80:3f:1a:ba:28:29:51:4b:61:2e:bc:a1:3a:cd:
         41:84:7d:05:cb:60:d2:63:d7:c8:fc:a9:b9:a0:8c:75:8e:d5:
         7b:3b:69:27:da:5f:95:c0:a7:c8:87:25:a0:3b:26:b1:53:80:
         19:22:53:7b:e4:a8:36:e7:d1:41:85:d9:db:2d:fe:a7:d4:8a:
         f7:e0:12:ca:7c:b6:a8:60:7a:ce:2d:be:f8:c0:7f:4f:bd:d7:
         db:94:55:05:13:5c:73:cd:44:95:d8:ce:fc:04:c3:6e:bc:5e:
         0f:b0:53:15:f0:da:4e:fe:51:7b:77:10:d4:c2:29:c1:85:e4:
         d3:52:17:96:e2:a7:fe:77:15:a1:b4:c2:55:ff:75:3a:5f:91:
         e1:24:e7:97:5e:a9:fa:30:c8:75:22:c6:f9:59:d1:dc:6f:18:
         de:25:b9:22:8d:fa:34:8d:8c:e7:8f:bb:c9:e9:76:e9:95:5c:
         a1:a5:43:50:fb:f2:b4:ac:fd:7f:76:88:ab:6a:bf:f8:8f:80:
         6f:fc:05:a3:a9:d7:80:ef:06:10:7e:c5:c6:a6:ba:f8:b7:9f:
         be:f1:2e:1d:cf:e7:66:4c:a6:da:48:32:65:54:d6:22:1c:ff:
         c0:00:41:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtuRbtVT9TCcEl3XArCvlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOWIzZTE5ZmQxZjQzMGY1MTQ1ZDZkYjkyNDFhNTA1N2Vk
OTZjYjMwHhcNMjQwMTAxMDYyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGNkMDM1ZTc1MDc4YmFmNTNjM2JkZmE2MWM2NmUwNWExZjZjMmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkWlNo7Qkr6vDErlVYVZp/XVva2+Z
RFnFcp2logrdCJeKTfAYvUkPZATYuwJtjMvNVxsf0qdWgH0FDwEqaqb8SBaqDCr7
3whOk1bnG2zPflLseO4GFEDeNnXFm0hzSV5IOHwThuQSCtoKGN/iSJc300YTqUgw
Y++X720geUBfp70QS0BcyScROrydCMg7kmPzBEydSJXjgLR/h33Qv+gdGsg/Uras
cr9lbEvO5JIl0qRs/osmYCjRb8UYGXN5cDdJn/FBbER57j7Ymsu8Qt9oY/525Tqa
PN892eDfyeVL7gGv4rm1AKMM+nH5CW4VhsVY93uAMHELnY19UAGxjny2aQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB3NA151B4uvU8O9+mHGbgWh9sKqMB8GA1UdIwQY
MBaAFGybPhn9H0MPUUXW25JBpQV+2WyzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkpzLUdmMGZRdzlSUmRiYmtrR2xCWDdaYkxNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy9lYTRiMWYtM2Q5MC00MGYyLThmOTgt
MGJhYTc3NzhhY2U3LzEvSGMwRFhuVUhpNjlUdzczNlljWnVCYUgyd3FvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy9lYTRiMWYtM2Q5MC00MGYyLThmOTgtMGJhYTc3NzhhY2U3
LzEvYkpzLUdmMGZRdzlSUmRiYmtrR2xCWDdaYkxNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjI/MA0G
CSqGSIb3DQEBCwUAA4IBAQAIqToH0fZBSVW9ePJp5+RMvkBKXY1ZgD8auigpUUth
LryhOs1BhH0Fy2DSY9fI/Km5oIx1jtV7O2kn2l+VwKfIhyWgOyaxU4AZIlN75Kg2
59FBhdnbLf6n1Ir34BLKfLaoYHrOLb74wH9PvdfblFUFE1xzzUSV2M78BMNuvF4P
sFMV8NpO/lF7dxDUwinBheTTUheW4qf+dxWhtMJV/3U6X5HhJOeXXqn6MMh1Isb5
WdHcbxjeJbkijfo0jYznj7vJ6XbplVyhpUNQ+/K0rP1/doirar/4j4Bv/AWjqdeA
7wYQfsXGprr4t5++8S4dz+dmTKbaSDJlVNYiHP/AAEEx
-----END CERTIFICATE-----