Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/a9a7d8-a9bf-49e2-b68a-a5b4f26fc976/1/49crGLT7kM8Y2zYex_AYOYumEUw.roa
File:                     49crGLT7kM8Y2zYex_AYOYumEUw.roa (raw, json)
Hash identifier:          17Gljr8tx27qjzquThGHgCXw/EloFrJqPTXoaUUyxx0=
Subject key identifier:   E3:D7:2B:18:B4:FB:90:CF:18:DB:36:1E:C7:F0:18:39:8B:A6:11:4C
Certificate issuer:       /CN=32559e07d6388dd2af753565e9253d682f93ebde
Certificate serial:       018CC5DC215AE666BF5C5D540E3C080353B0
Authority key identifier: 32:55:9E:07:D6:38:8D:D2:AF:75:35:65:E9:25:3D:68:2F:93:EB:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MlWeB9Y4jdKvdTVl6SU9aC-T694.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/a9a7d8-a9bf-49e2-b68a-a5b4f26fc976/1/49crGLT7kM8Y2zYex_AYOYumEUw.roa
Signing time:             Mon 01 Jan 2024 16:29:47 +0000
ROA not before:           Mon 01 Jan 2024 16:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5610
IP address blocks:        194.50.248.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/a9a7d8-a9bf-49e2-b68a-a5b4f26fc976/1/MlWeB9Y4jdKvdTVl6SU9aC-T694.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/a9a7d8-a9bf-49e2-b68a-a5b4f26fc976/1/MlWeB9Y4jdKvdTVl6SU9aC-T694.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MlWeB9Y4jdKvdTVl6SU9aC-T694.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 22:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:21:5a:e6:66:bf:5c:5d:54:0e:3c:08:03:53:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32559e07d6388dd2af753565e9253d682f93ebde
        Validity
            Not Before: Jan  1 16:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e3d72b18b4fb90cf18db361ec7f018398ba6114c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:6e:69:61:d4:e6:de:8d:d3:5e:ca:eb:a7:dd:
                    e2:c6:7a:2c:46:f7:6b:36:87:56:4d:56:43:43:a8:
                    db:ec:f5:a7:4b:7d:03:44:1e:74:e7:d2:da:a1:c8:
                    d9:71:6b:76:b5:c6:26:90:cf:7b:46:80:27:71:18:
                    42:a7:0d:93:42:54:ed:30:31:f7:3d:ad:25:7e:19:
                    3c:b3:28:2f:79:19:d6:65:ce:92:cc:88:68:e9:43:
                    5b:98:ee:1e:6c:1e:43:d1:18:56:0a:7c:80:fe:59:
                    e7:f9:0f:f8:89:a8:d4:46:a7:55:8c:71:22:f9:8a:
                    16:60:32:57:c3:44:f5:78:4f:dd:8b:fe:49:d9:81:
                    82:0b:a5:e3:d7:c4:09:6a:94:e7:0b:45:6b:1b:6d:
                    d0:13:b6:17:79:88:56:4b:65:c6:04:65:7d:2a:3b:
                    8f:71:71:b3:e6:4d:0f:bc:6d:0f:4e:ae:c9:8e:37:
                    c6:1c:04:2e:3e:f8:c5:f3:f1:0f:32:25:58:f1:4f:
                    c7:5b:3f:0f:91:7e:46:94:a4:da:61:8a:fb:da:1c:
                    98:4d:d5:ec:c1:c2:30:f7:37:e7:fc:91:d0:4d:78:
                    cb:f0:73:2c:c5:44:fb:b6:0c:c6:23:b7:d2:49:a4:
                    b9:6a:d8:88:85:a9:69:2b:d5:96:34:05:a5:be:01:
                    a3:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:D7:2B:18:B4:FB:90:CF:18:DB:36:1E:C7:F0:18:39:8B:A6:11:4C
            X509v3 Authority Key Identifier:
                keyid:32:55:9E:07:D6:38:8D:D2:AF:75:35:65:E9:25:3D:68:2F:93:EB:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MlWeB9Y4jdKvdTVl6SU9aC-T694.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/a9a7d8-a9bf-49e2-b68a-a5b4f26fc976/1/49crGLT7kM8Y2zYex_AYOYumEUw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/a9a7d8-a9bf-49e2-b68a-a5b4f26fc976/1/MlWeB9Y4jdKvdTVl6SU9aC-T694.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1f:8f:90:4a:c2:e4:da:7a:67:84:86:4f:2e:b9:a0:98:93:23:
         d3:f0:6c:fb:c9:a4:76:7c:4e:d5:62:07:19:4c:00:99:b0:15:
         1a:2d:07:79:e0:b3:0a:8e:8e:cc:29:38:45:d1:15:d0:1f:f5:
         b4:ce:e3:29:a6:9a:04:d2:c0:dc:75:9a:98:a2:62:92:0e:77:
         d2:64:04:47:93:7a:5e:9a:19:ac:9a:e0:2d:ec:0f:01:5a:c9:
         fe:fb:48:e1:48:0c:57:ac:cc:d5:90:87:59:d4:d9:dd:bd:9d:
         5a:c7:e3:84:52:c1:66:f5:c5:8b:16:9b:06:7f:4b:d6:81:1f:
         48:24:74:97:66:99:8d:7f:57:78:18:90:eb:e7:51:56:a4:a3:
         15:11:52:ee:ba:7f:58:89:90:3d:64:c8:fa:7f:20:56:ed:ee:
         2b:d0:a9:25:2e:2e:f5:1b:9e:18:34:5f:7e:eb:e5:b2:23:b2:
         53:bd:7f:0f:77:fb:90:56:dd:de:6d:61:dd:d5:56:4e:78:d2:
         51:92:9d:68:d0:c8:5d:e9:be:93:a6:95:bb:87:67:ca:ff:6e:
         e0:42:06:9b:4d:dd:49:41:b4:14:a2:64:f2:65:20:ac:f7:87:
         34:c0:98:08:de:02:33:37:d0:ad:86:8d:51:9d:74:b0:50:2d:
         7a:f1:a3:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3CFa5ma/XF1UDjwIA1OwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNTU5ZTA3ZDYzODhkZDJhZjc1MzU2NWU5MjUzZDY4MmY5
M2ViZGUwHhcNMjQwMTAxMTYyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2Q3MmIxOGI0ZmI5MGNmMThkYjM2MWVjN2YwMTgzOThiYTYxMTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArG5pYdTm3o3TXsrrp93ixnosRvdr
NodWTVZDQ6jb7PWnS30DRB5059LaocjZcWt2tcYmkM97RoAncRhCpw2TQlTtMDH3
Pa0lfhk8sygveRnWZc6SzIho6UNbmO4ebB5D0RhWCnyA/lnn+Q/4iajURqdVjHEi
+YoWYDJXw0T1eE/di/5J2YGCC6Xj18QJapTnC0VrG23QE7YXeYhWS2XGBGV9KjuP
cXGz5k0PvG0PTq7JjjfGHAQuPvjF8/EPMiVY8U/HWz8PkX5GlKTaYYr72hyYTdXs
wcIw9zfn/JHQTXjL8HMsxUT7tgzGI7fSSaS5atiIhalpK9WWNAWlvgGjuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOPXKxi0+5DPGNs2HsfwGDmLphFMMB8GA1UdIwQY
MBaAFDJVngfWOI3Sr3U1ZeklPWgvk+veMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWxXZUI5WTRqZEt2ZFRWbDZTVTlhQy1UNjk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS9hOWE3ZDgtYTliZi00OWUyLWI2OGEt
YTViNGYyNmZjOTc2LzEvNDljckdMVDdrTThZMnpZZXhfQVlPWXVtRVV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS9hOWE3ZDgtYTliZi00OWUyLWI2OGEtYTViNGYyNmZjOTc2
LzEvTWxXZUI5WTRqZEt2ZFRWbDZTVTlhQy1UNjk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwjL4MA0G
CSqGSIb3DQEBCwUAA4IBAQAfj5BKwuTaemeEhk8uuaCYkyPT8Gz7yaR2fE7VYgcZ
TACZsBUaLQd54LMKjo7MKThF0RXQH/W0zuMpppoE0sDcdZqYomKSDnfSZARHk3pe
mhmsmuAt7A8BWsn++0jhSAxXrMzVkIdZ1NndvZ1ax+OEUsFm9cWLFpsGf0vWgR9I
JHSXZpmNf1d4GJDr51FWpKMVEVLuun9YiZA9ZMj6fyBW7e4r0KklLi71G54YNF9+
6+WyI7JTvX8Pd/uQVt3ebWHd1VZOeNJRkp1o0Mhd6b6TppW7h2fK/27gQgabTd1J
QbQUomTyZSCs94c0wJgI3gIzN9Ctho1RnXSwUC168aOB
-----END CERTIFICATE-----