Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/275a74-b3ef-44cf-8220-6a3342b95af1/1/tLFEqfuq8A4ZE0XWGX5n8EINLCA.roa
File:                     tLFEqfuq8A4ZE0XWGX5n8EINLCA.roa (raw, json)
Hash identifier:          Wgm9aUjL+h+9Nx2v40nHMkjdxYOmZibzKgriyIAN8SM=
Subject key identifier:   B4:B1:44:A9:FB:AA:F0:0E:19:13:45:D6:19:7E:67:F0:42:0D:2C:20
Certificate issuer:       /CN=6b60412823a0224a5d00e4963d6b23d22504997d
Certificate serial:       018D0D08DC62CC816AF74FB185D981E8EA9F
Authority key identifier: 6B:60:41:28:23:A0:22:4A:5D:00:E4:96:3D:6B:23:D2:25:04:99:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a2BBKCOgIkpdAOSWPWsj0iUEmX0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/275a74-b3ef-44cf-8220-6a3342b95af1/1/tLFEqfuq8A4ZE0XWGX5n8EINLCA.roa
Signing time:             Mon 15 Jan 2024 12:11:40 +0000
ROA not before:           Mon 15 Jan 2024 12:11:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212656
IP address blocks:        185.178.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/275a74-b3ef-44cf-8220-6a3342b95af1/1/a2BBKCOgIkpdAOSWPWsj0iUEmX0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/275a74-b3ef-44cf-8220-6a3342b95af1/1/a2BBKCOgIkpdAOSWPWsj0iUEmX0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a2BBKCOgIkpdAOSWPWsj0iUEmX0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:0d:08:dc:62:cc:81:6a:f7:4f:b1:85:d9:81:e8:ea:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b60412823a0224a5d00e4963d6b23d22504997d
        Validity
            Not Before: Jan 15 12:11:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b4b144a9fbaaf00e191345d6197e67f0420d2c20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:be:c8:8f:23:1d:64:7e:53:81:7e:bb:51:b3:
                    e2:03:76:ee:0a:55:77:15:bd:e4:ba:34:cb:97:0d:
                    ec:24:c8:9c:d8:7b:05:ea:56:2c:a9:9f:ed:3b:93:
                    d8:53:8a:54:e8:7b:e9:a4:74:1b:31:98:e7:ff:28:
                    fa:bb:ed:7a:4c:fa:75:0e:58:5b:ec:02:f5:75:34:
                    4c:c4:de:ad:e3:f7:c8:39:57:a3:18:88:e5:59:66:
                    0b:59:2c:7f:02:a5:ac:aa:fe:bf:51:9b:dc:e7:c3:
                    6e:ca:a1:38:4d:b8:93:8b:45:07:f2:83:f1:18:80:
                    5a:38:f3:d2:eb:fa:e4:4e:0e:4f:3b:70:42:9d:c1:
                    bb:ac:70:e7:34:76:f6:4c:86:31:b7:55:4b:d9:a4:
                    aa:1f:fd:d7:df:cd:2a:a4:b1:de:19:4a:3d:96:2f:
                    d8:ba:2b:f4:7f:39:bb:4a:0d:d7:ef:2c:cb:ce:ba:
                    e4:9e:e5:7f:c8:43:d6:d0:20:c6:f9:13:1d:16:aa:
                    4a:74:7f:11:f9:3b:2f:99:0f:49:ba:5b:db:2d:ec:
                    e6:6c:d7:91:cf:d1:da:54:26:0d:0c:8c:9b:3a:fd:
                    f5:e6:ff:dd:9c:a1:8f:95:93:bc:23:56:0d:e5:1b:
                    a9:c2:54:8f:60:26:27:95:d1:68:ba:6b:7b:6a:23:
                    3c:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:B1:44:A9:FB:AA:F0:0E:19:13:45:D6:19:7E:67:F0:42:0D:2C:20
            X509v3 Authority Key Identifier:
                keyid:6B:60:41:28:23:A0:22:4A:5D:00:E4:96:3D:6B:23:D2:25:04:99:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2BBKCOgIkpdAOSWPWsj0iUEmX0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/275a74-b3ef-44cf-8220-6a3342b95af1/1/tLFEqfuq8A4ZE0XWGX5n8EINLCA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/275a74-b3ef-44cf-8220-6a3342b95af1/1/a2BBKCOgIkpdAOSWPWsj0iUEmX0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.178.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:20:85:6b:00:61:a8:e4:2a:a9:47:d6:5e:ba:f6:60:d3:6a:
         97:55:5b:8a:ba:60:70:32:01:1a:58:c4:10:86:43:c8:cf:ab:
         e8:77:e1:b8:14:0b:5e:e3:14:03:0d:6e:63:72:b4:05:95:42:
         bd:fb:97:41:e4:dd:6c:6c:bd:be:2d:9e:70:05:4c:9a:1b:16:
         70:ce:f6:8d:ad:ca:e2:a3:01:e4:27:1b:51:b7:ea:64:7c:db:
         35:4c:97:fe:f2:07:4c:e1:a6:56:dd:75:69:3d:86:02:dc:30:
         f2:f9:80:f0:7d:87:55:a0:90:82:4c:8a:e1:5b:88:31:5f:8a:
         36:43:39:29:ed:21:9c:8b:b3:af:93:bf:08:06:27:0d:71:97:
         2c:32:a4:97:c1:a6:8c:2b:1d:35:0b:1c:8a:cc:f5:57:53:36:
         78:02:e0:06:dc:a6:dd:4f:fc:81:66:3b:28:15:6a:c0:9e:d8:
         ad:75:df:f3:6b:a3:65:33:52:81:f6:d0:35:ae:50:86:ff:2a:
         43:e1:21:e4:25:16:f1:d4:fa:00:70:a3:1f:26:f7:55:d5:4f:
         d4:58:2c:a0:88:0f:61:60:27:9d:56:7b:ef:50:91:d8:3a:01:
         39:bc:84:57:e8:33:81:32:8b:01:d8:e0:0b:b3:c0:46:f7:bc:
         c1:1b:af:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0NCNxizIFq90+xhdmB6OqfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNjA0MTI4MjNhMDIyNGE1ZDAwZTQ5NjNkNmIyM2QyMjUw
NDk5N2QwHhcNMjQwMTE1MTIxMTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGIxNDRhOWZiYWFmMDBlMTkxMzQ1ZDYxOTdlNjdmMDQyMGQyYzIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn77IjyMdZH5TgX67UbPiA3buClV3
Fb3kujTLlw3sJMic2HsF6lYsqZ/tO5PYU4pU6HvppHQbMZjn/yj6u+16TPp1Dlhb
7AL1dTRMxN6t4/fIOVejGIjlWWYLWSx/AqWsqv6/UZvc58NuyqE4TbiTi0UH8oPx
GIBaOPPS6/rkTg5PO3BCncG7rHDnNHb2TIYxt1VL2aSqH/3X380qpLHeGUo9li/Y
uiv0fzm7Sg3X7yzLzrrknuV/yEPW0CDG+RMdFqpKdH8R+TsvmQ9JulvbLezmbNeR
z9HaVCYNDIybOv315v/dnKGPlZO8I1YN5RupwlSPYCYnldFoumt7aiM8/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLSxRKn7qvAOGRNF1hl+Z/BCDSwgMB8GA1UdIwQY
MBaAFGtgQSgjoCJKXQDklj1rI9IlBJl9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTJCQktDT2dJa3BkQU9TV1BXc2owaVVFbVgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy8yNzVhNzQtYjNlZi00NGNmLTgyMjAt
NmEzMzQyYjk1YWYxLzEvdExGRXFmdXE4QTRaRTBYV0dYNW44RUlOTENBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy8yNzVhNzQtYjNlZi00NGNmLTgyMjAtNmEzMzQyYjk1YWYx
LzEvYTJCQktDT2dJa3BkQU9TV1BXc2owaVVFbVgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubIyMA0G
CSqGSIb3DQEBCwUAA4IBAQBGIIVrAGGo5CqpR9ZeuvZg02qXVVuKumBwMgEaWMQQ
hkPIz6vod+G4FAte4xQDDW5jcrQFlUK9+5dB5N1sbL2+LZ5wBUyaGxZwzvaNrcri
owHkJxtRt+pkfNs1TJf+8gdM4aZW3XVpPYYC3DDy+YDwfYdVoJCCTIrhW4gxX4o2
Qzkp7SGci7Ovk78IBicNcZcsMqSXwaaMKx01CxyKzPVXUzZ4AuAG3KbdT/yBZjso
FWrAntitdd/za6NlM1KB9tA1rlCG/ypD4SHkJRbx1PoAcKMfJvdV1U/UWCygiA9h
YCedVnvvUJHYOgE5vIRX6DOBMosB2OALs8BG97zBG6/p
-----END CERTIFICATE-----