Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/4b2cf9-d8ed-4a27-93ba-93b691ee1cce/1/l50skYcggsw02I-stJOH_LQ2-AI.roa
File:                     l50skYcggsw02I-stJOH_LQ2-AI.roa (raw, json)
Hash identifier:          DDCjEIPO8/mWGl4rkXCeNBWnq3i3hTg5sfFGFBAPcMc=
Subject key identifier:   97:9D:2C:91:87:20:82:CC:34:D8:8F:AC:B4:93:87:FC:B4:36:F8:02
Certificate issuer:       /CN=e43dd424384759b5e85595825019b69fe9bf9220
Certificate serial:       018CC42455D074CC59EE1429AD58D5A6DDEE
Authority key identifier: E4:3D:D4:24:38:47:59:B5:E8:55:95:82:50:19:B6:9F:E9:BF:92:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5D3UJDhHWbXoVZWCUBm2n-m_kiA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/4b2cf9-d8ed-4a27-93ba-93b691ee1cce/1/l50skYcggsw02I-stJOH_LQ2-AI.roa
Signing time:             Mon 01 Jan 2024 08:29:24 +0000
ROA not before:           Mon 01 Jan 2024 08:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62000
IP address blocks:        45.157.60.0/22 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/4b2cf9-d8ed-4a27-93ba-93b691ee1cce/1/5D3UJDhHWbXoVZWCUBm2n-m_kiA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/4b2cf9-d8ed-4a27-93ba-93b691ee1cce/1/5D3UJDhHWbXoVZWCUBm2n-m_kiA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5D3UJDhHWbXoVZWCUBm2n-m_kiA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:55:d0:74:cc:59:ee:14:29:ad:58:d5:a6:dd:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e43dd424384759b5e85595825019b69fe9bf9220
        Validity
            Not Before: Jan  1 08:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=979d2c91872082cc34d88facb49387fcb436f802
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:02:7e:6b:c2:d4:4e:94:3e:26:4b:9b:5f:c8:
                    d9:ec:a5:fb:98:30:7b:4a:d5:4c:7f:b2:3b:cd:0a:
                    b3:89:67:95:07:e2:2f:26:84:3f:e9:10:d5:57:2f:
                    6b:57:e7:95:7b:b2:19:47:41:eb:0f:ce:4b:67:1f:
                    19:f1:2a:7d:f5:6c:95:a1:e8:83:be:8c:94:36:43:
                    2d:ce:37:4b:c5:08:44:0c:5d:0e:15:f8:11:18:d5:
                    44:a7:45:b8:68:77:db:1f:15:d9:c7:cb:be:0d:0d:
                    8a:f2:fc:87:0b:fe:db:2d:4e:5b:a5:d2:bd:a1:ae:
                    6a:44:7b:1a:ca:7e:37:cc:fc:36:25:29:2b:25:df:
                    38:d4:a0:5a:7d:af:7f:50:87:11:05:c0:d0:b0:a3:
                    2f:be:98:81:a5:2b:57:26:aa:81:a8:35:03:53:26:
                    e1:b4:71:88:5c:e8:74:5e:73:00:77:f4:dc:d3:64:
                    bc:e2:38:76:95:78:38:f2:bf:bc:a2:8e:28:d7:c2:
                    bd:91:ea:55:76:d3:ef:44:aa:3f:7c:45:55:83:42:
                    22:3a:1f:aa:67:fe:1e:1f:08:67:93:63:5a:e3:80:
                    35:a5:56:82:c6:2d:2a:e7:14:a6:55:63:e9:33:8e:
                    ea:a1:d6:89:e5:4c:d2:b5:08:43:cb:f5:a3:16:f7:
                    ab:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:9D:2C:91:87:20:82:CC:34:D8:8F:AC:B4:93:87:FC:B4:36:F8:02
            X509v3 Authority Key Identifier:
                keyid:E4:3D:D4:24:38:47:59:B5:E8:55:95:82:50:19:B6:9F:E9:BF:92:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5D3UJDhHWbXoVZWCUBm2n-m_kiA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/4b2cf9-d8ed-4a27-93ba-93b691ee1cce/1/l50skYcggsw02I-stJOH_LQ2-AI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/4b2cf9-d8ed-4a27-93ba-93b691ee1cce/1/5D3UJDhHWbXoVZWCUBm2n-m_kiA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         90:0d:a7:48:b1:73:a5:6b:49:90:54:3c:e1:75:ff:5a:c8:7d:
         1e:fb:4d:f6:6e:75:9d:22:52:f3:5d:eb:86:11:ef:2c:fc:5d:
         bc:52:46:0a:71:8e:e9:d0:ea:94:49:e9:a6:1a:17:a9:5b:b7:
         b4:d7:e5:2c:4c:ae:93:f4:8b:2e:b5:9b:07:eb:e2:df:5d:f5:
         c5:e9:27:58:36:49:f5:24:16:4a:aa:f5:74:a7:20:dd:a9:7d:
         ad:33:66:28:eb:e5:ee:54:eb:2b:1f:89:eb:62:71:e9:82:45:
         b9:21:d6:57:7b:5c:09:16:cc:31:00:e0:f8:40:3a:0b:29:3c:
         74:06:0a:a1:98:60:3a:78:e1:4a:68:10:00:54:74:97:58:38:
         83:af:b5:69:ec:b1:65:22:aa:16:14:e1:2a:0f:5f:16:6e:f9:
         d2:53:8e:59:73:de:1d:87:3c:89:f4:b2:cc:7f:af:02:2c:8a:
         cf:25:d8:d0:ed:43:ce:5d:8c:69:69:49:dc:ce:5b:d8:ab:6d:
         79:d4:fc:58:c0:7c:0f:41:ae:6a:1b:e7:35:ce:38:16:4b:b9:
         65:1d:66:5c:7a:80:0a:f6:fc:f7:f7:95:96:0f:00:a6:a2:05:
         5d:6f:9d:aa:f7:b7:03:86:67:b3:e4:f8:ab:f5:9a:da:7c:4a:
         90:ca:d0:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJFXQdMxZ7hQprVjVpt3uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0M2RkNDI0Mzg0NzU5YjVlODU1OTU4MjUwMTliNjlmZTli
ZjkyMjAwHhcNMjQwMTAxMDgyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzlkMmM5MTg3MjA4MmNjMzRkODhmYWNiNDkzODdmY2I0MzZmODAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgAJ+a8LUTpQ+JkubX8jZ7KX7mDB7
StVMf7I7zQqziWeVB+IvJoQ/6RDVVy9rV+eVe7IZR0HrD85LZx8Z8Sp99WyVoeiD
voyUNkMtzjdLxQhEDF0OFfgRGNVEp0W4aHfbHxXZx8u+DQ2K8vyHC/7bLU5bpdK9
oa5qRHsayn43zPw2JSkrJd841KBafa9/UIcRBcDQsKMvvpiBpStXJqqBqDUDUybh
tHGIXOh0XnMAd/Tc02S84jh2lXg48r+8oo4o18K9kepVdtPvRKo/fEVVg0IiOh+q
Z/4eHwhnk2Na44A1pVaCxi0q5xSmVWPpM47qodaJ5UzStQhDy/WjFverCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJedLJGHIILMNNiPrLSTh/y0NvgCMB8GA1UdIwQY
MBaAFOQ91CQ4R1m16FWVglAZtp/pv5IgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUQzVUpEaEhXYlhvVlpXQ1VCbTJuLW1fa2lBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy80YjJjZjktZDhlZC00YTI3LTkzYmEt
OTNiNjkxZWUxY2NlLzEvbDUwc2tZY2dnc3cwMkktc3RKT0hfTFEyLUFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy80YjJjZjktZDhlZC00YTI3LTkzYmEtOTNiNjkxZWUxY2Nl
LzEvNUQzVUpEaEhXYlhvVlpXQ1VCbTJuLW1fa2lBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZ08MA0G
CSqGSIb3DQEBCwUAA4IBAQCQDadIsXOla0mQVDzhdf9ayH0e+032bnWdIlLzXeuG
Ee8s/F28UkYKcY7p0OqUSemmGhepW7e01+UsTK6T9IsutZsH6+LfXfXF6SdYNkn1
JBZKqvV0pyDdqX2tM2Yo6+XuVOsrH4nrYnHpgkW5IdZXe1wJFswxAOD4QDoLKTx0
BgqhmGA6eOFKaBAAVHSXWDiDr7Vp7LFlIqoWFOEqD18WbvnSU45Zc94dhzyJ9LLM
f68CLIrPJdjQ7UPOXYxpaUnczlvYq2151PxYwHwPQa5qG+c1zjgWS7llHWZceoAK
9vz395WWDwCmogVdb52q97cDhmez5Pir9ZrafEqQytBz
-----END CERTIFICATE-----