Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/0fcbb8-2765-46fb-8b6d-c855dafadd5c/1/Cg_vdGCBP35q52Gp19jMhqA-gC4.roa
File:                     Cg_vdGCBP35q52Gp19jMhqA-gC4.roa (raw, json)
Hash identifier:          qjyPWDhM33GAAzqZ/GdqOnaXICA8gkwGKfwbEtohqdg=
Subject key identifier:   0A:0F:EF:74:60:81:3F:7E:6A:E7:61:A9:D7:D8:CC:86:A0:3E:80:2E
Certificate issuer:       /CN=50c9da1483fe3993d1985260619735c4cfd38033
Certificate serial:       018CC94BCF2312B1E2E70DC9BF3C21A1587E
Authority key identifier: 50:C9:DA:14:83:FE:39:93:D1:98:52:60:61:97:35:C4:CF:D3:80:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UMnaFIP-OZPRmFJgYZc1xM_TgDM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/0fcbb8-2765-46fb-8b6d-c855dafadd5c/1/Cg_vdGCBP35q52Gp19jMhqA-gC4.roa
Signing time:             Tue 02 Jan 2024 08:30:37 +0000
ROA not before:           Tue 02 Jan 2024 08:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29256
IP address blocks:        185.151.148.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/0fcbb8-2765-46fb-8b6d-c855dafadd5c/1/UMnaFIP-OZPRmFJgYZc1xM_TgDM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/0fcbb8-2765-46fb-8b6d-c855dafadd5c/1/UMnaFIP-OZPRmFJgYZc1xM_TgDM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UMnaFIP-OZPRmFJgYZc1xM_TgDM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4b:cf:23:12:b1:e2:e7:0d:c9:bf:3c:21:a1:58:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50c9da1483fe3993d1985260619735c4cfd38033
        Validity
            Not Before: Jan  2 08:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a0fef7460813f7e6ae761a9d7d8cc86a03e802e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:d2:ce:fe:8e:76:33:0f:81:97:ce:92:1d:d3:
                    6e:21:f5:f2:37:6b:37:5b:76:98:3a:0e:f9:60:29:
                    f5:4e:42:48:9d:40:79:29:d2:51:29:07:54:c2:68:
                    c2:e5:74:84:61:94:24:5b:5e:a0:66:ad:f2:ea:82:
                    10:c3:ab:ec:1a:c5:bc:08:23:26:98:3b:6d:33:ff:
                    e7:42:f4:06:d9:a7:95:7e:fd:0d:18:25:98:05:0d:
                    39:24:74:91:44:98:60:25:e3:2f:47:f0:1e:8a:47:
                    08:f9:2c:f6:6e:d3:fc:4c:c3:d8:5f:c9:a4:76:a9:
                    32:e9:84:67:b6:02:f4:60:b3:d5:1f:4e:43:37:7b:
                    a8:c7:bd:29:28:d7:0e:96:65:05:2e:26:4a:27:b6:
                    0d:9a:88:0c:fb:ca:3c:d1:e1:45:42:6d:fe:b1:6c:
                    e6:fe:1a:59:69:de:fd:d5:bc:29:60:ad:63:01:49:
                    be:61:58:50:16:df:53:57:f4:5b:0a:e1:e3:7e:5e:
                    50:0e:0a:c6:ed:49:4c:cd:bd:3f:fb:27:bd:dc:30:
                    fd:7e:b6:92:b2:90:60:54:b1:73:86:28:5e:c3:1e:
                    a1:2a:85:4d:46:b8:5f:70:bb:e6:dd:19:25:02:2b:
                    51:bf:e5:e9:f1:74:3f:55:1c:67:ac:63:63:dd:ec:
                    8c:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:0F:EF:74:60:81:3F:7E:6A:E7:61:A9:D7:D8:CC:86:A0:3E:80:2E
            X509v3 Authority Key Identifier:
                keyid:50:C9:DA:14:83:FE:39:93:D1:98:52:60:61:97:35:C4:CF:D3:80:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UMnaFIP-OZPRmFJgYZc1xM_TgDM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/0fcbb8-2765-46fb-8b6d-c855dafadd5c/1/Cg_vdGCBP35q52Gp19jMhqA-gC4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/0fcbb8-2765-46fb-8b6d-c855dafadd5c/1/UMnaFIP-OZPRmFJgYZc1xM_TgDM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.151.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0a:9c:aa:1a:d3:8e:ff:a7:71:c6:6e:2d:28:fa:e1:70:5c:c9:
         9c:05:0f:e3:e3:12:03:69:ea:2e:87:8c:8f:bb:f6:43:32:11:
         00:19:65:8e:7d:b9:f2:e3:5d:ab:12:89:a1:10:47:21:f2:77:
         a1:1e:af:90:00:ea:31:37:a6:d9:4c:03:f2:01:21:00:36:22:
         33:c2:a0:de:b3:a8:13:50:aa:5e:9b:7e:94:b4:b3:e1:e4:fb:
         39:0e:1d:e2:51:06:4b:08:99:5c:b5:95:86:5a:eb:51:78:92:
         31:56:16:7e:00:56:6f:17:d4:80:64:2f:d8:e7:61:1a:9f:0a:
         c2:31:31:7f:2d:5b:8a:9e:57:30:a7:49:2a:4b:55:31:c5:ea:
         69:5d:b2:96:07:53:ce:39:cb:d4:45:7c:e6:5d:84:6f:ff:d8:
         ad:9c:fb:f1:99:1d:ec:80:08:a4:b3:c2:c7:85:c2:7f:cd:40:
         48:b6:7a:f4:6c:ef:e0:76:1b:1a:53:8e:4c:e8:1e:64:5a:c0:
         eb:37:31:65:cd:f9:c7:84:1f:3c:2e:c2:04:8e:6c:f1:bf:1c:
         ec:8e:b9:cb:43:6c:5f:a6:2b:ce:da:75:f9:02:d9:44:5d:f2:
         fe:f5:62:06:40:82:50:6e:34:3e:7a:fa:b9:15:72:78:4c:2c:
         a8:b4:ac:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJS88jErHi5w3JvzwhoVh+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwYzlkYTE0ODNmZTM5OTNkMTk4NTI2MDYxOTczNWM0Y2Zk
MzgwMzMwHhcNMjQwMTAyMDgzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTBmZWY3NDYwODEzZjdlNmFlNzYxYTlkN2Q4Y2M4NmEwM2U4MDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjNLO/o52Mw+Bl86SHdNuIfXyN2s3
W3aYOg75YCn1TkJInUB5KdJRKQdUwmjC5XSEYZQkW16gZq3y6oIQw6vsGsW8CCMm
mDttM//nQvQG2aeVfv0NGCWYBQ05JHSRRJhgJeMvR/AeikcI+Sz2btP8TMPYX8mk
dqky6YRntgL0YLPVH05DN3uox70pKNcOlmUFLiZKJ7YNmogM+8o80eFFQm3+sWzm
/hpZad791bwpYK1jAUm+YVhQFt9TV/RbCuHjfl5QDgrG7UlMzb0/+ye93DD9fraS
spBgVLFzhihewx6hKoVNRrhfcLvm3RklAitRv+Xp8XQ/VRxnrGNj3eyMMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAoP73RggT9+audhqdfYzIagPoAuMB8GA1UdIwQY
MBaAFFDJ2hSD/jmT0ZhSYGGXNcTP04AzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVU1uYUZJUC1PWlBSbUZKZ1laYzF4TV9UZ0RNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My8wZmNiYjgtMjc2NS00NmZiLThiNmQt
Yzg1NWRhZmFkZDVjLzEvQ2dfdmRHQ0JQMzVxNTJHcDE5ak1ocUEtZ0M0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My8wZmNiYjgtMjc2NS00NmZiLThiNmQtYzg1NWRhZmFkZDVj
LzEvVU1uYUZJUC1PWlBSbUZKZ1laYzF4TV9UZ0RNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZeUMA0G
CSqGSIb3DQEBCwUAA4IBAQAKnKoa047/p3HGbi0o+uFwXMmcBQ/j4xIDaeouh4yP
u/ZDMhEAGWWOfbny412rEomhEEch8nehHq+QAOoxN6bZTAPyASEANiIzwqDes6gT
UKpem36UtLPh5Ps5Dh3iUQZLCJlctZWGWutReJIxVhZ+AFZvF9SAZC/Y52EanwrC
MTF/LVuKnlcwp0kqS1UxxeppXbKWB1POOcvURXzmXYRv/9itnPvxmR3sgAiks8LH
hcJ/zUBItnr0bO/gdhsaU45M6B5kWsDrNzFlzfnHhB88LsIEjmzxvxzsjrnLQ2xf
pivO2nX5AtlEXfL+9WIGQIJQbjQ+evq5FXJ4TCyotKws
-----END CERTIFICATE-----