Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/c8ea46-9dc2-4036-9096-4cd77b38f1b1/1/DYtZ-mqw6oNlIGZ4UJkyBpBrIuQ.roa
File:                     DYtZ-mqw6oNlIGZ4UJkyBpBrIuQ.roa (raw, json)
Hash identifier:          hy9DSVfaehQXQmBRqqc5gZr2CYEFnu9h17oPiFVHPic=
Subject key identifier:   0D:8B:59:FA:6A:B0:EA:83:65:20:66:78:50:99:32:06:90:6B:22:E4
Certificate issuer:       /CN=ed73c26609b1b21d87a681302ef2d26fc0a00fa3
Certificate serial:       0194236A3BF6E52572D7CB5317365A3A14EC
Authority key identifier: ED:73:C2:66:09:B1:B2:1D:87:A6:81:30:2E:F2:D2:6F:C0:A0:0F:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7XPCZgmxsh2HpoEwLvLSb8CgD6M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/c8ea46-9dc2-4036-9096-4cd77b38f1b1/1/DYtZ-mqw6oNlIGZ4UJkyBpBrIuQ.roa
Signing time:             Wed 01 Jan 2025 19:49:12 +0000
ROA not before:           Wed 01 Jan 2025 19:49:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8218
IP address blocks:        194.8.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/c8ea46-9dc2-4036-9096-4cd77b38f1b1/1/7XPCZgmxsh2HpoEwLvLSb8CgD6M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/c8ea46-9dc2-4036-9096-4cd77b38f1b1/1/7XPCZgmxsh2HpoEwLvLSb8CgD6M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7XPCZgmxsh2HpoEwLvLSb8CgD6M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:3b:f6:e5:25:72:d7:cb:53:17:36:5a:3a:14:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed73c26609b1b21d87a681302ef2d26fc0a00fa3
        Validity
            Not Before: Jan  1 19:49:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0d8b59fa6ab0ea836520667850993206906b22e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:63:72:41:f4:48:e0:3b:2c:7d:a0:8d:9e:f8:
                    91:f0:3b:88:35:af:c0:01:8a:0e:7d:f8:7b:e0:75:
                    1b:12:bc:1c:86:d5:e1:25:c2:83:86:58:79:55:b7:
                    1a:6b:62:bc:22:f5:96:b4:4f:26:f6:43:60:f7:11:
                    ef:b9:c8:93:0a:75:6a:b8:9b:bf:ef:22:4c:ab:a2:
                    19:e2:87:94:50:71:9e:15:7d:c4:ac:4c:c7:e2:b5:
                    37:f2:02:39:72:d7:b1:ea:7b:ad:2b:25:0b:5a:21:
                    22:b3:08:6c:f0:80:f2:ed:00:9e:8b:56:87:e8:02:
                    59:57:13:08:a8:bb:86:75:62:71:ca:1a:cb:8b:5d:
                    b8:d2:6b:7a:8a:51:4a:a7:f8:cb:13:82:ae:53:ce:
                    6d:39:c6:90:31:f1:cb:4c:bd:5b:24:f8:8d:52:c1:
                    ac:86:b6:3c:02:c1:95:53:f8:49:f1:ac:86:30:37:
                    f9:73:cc:79:f7:00:28:ec:a6:0a:5b:f7:b8:6a:38:
                    cd:a2:d8:57:c4:f8:31:b9:77:7f:53:3c:4a:44:41:
                    55:8b:08:f2:03:dd:f4:b9:86:95:8d:75:01:f2:0b:
                    6a:b6:77:ac:27:1a:35:fb:7f:a2:7e:42:04:6d:9f:
                    dc:47:7e:ad:11:79:d9:7a:50:f0:8f:23:f9:98:2f:
                    1d:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:8B:59:FA:6A:B0:EA:83:65:20:66:78:50:99:32:06:90:6B:22:E4
            X509v3 Authority Key Identifier:
                keyid:ED:73:C2:66:09:B1:B2:1D:87:A6:81:30:2E:F2:D2:6F:C0:A0:0F:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7XPCZgmxsh2HpoEwLvLSb8CgD6M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/c8ea46-9dc2-4036-9096-4cd77b38f1b1/1/DYtZ-mqw6oNlIGZ4UJkyBpBrIuQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/c8ea46-9dc2-4036-9096-4cd77b38f1b1/1/7XPCZgmxsh2HpoEwLvLSb8CgD6M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.8.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:3a:e2:21:8a:69:f6:ec:0c:92:84:3d:ee:a6:89:cb:f9:60:
         fd:a1:0a:f4:b8:95:d9:29:b8:34:e3:f9:2f:52:75:ac:34:6f:
         ad:bb:b1:9a:c9:94:b2:73:a8:2b:c0:d6:d0:a7:47:56:77:9d:
         4b:d7:e9:3b:5c:90:52:b8:e1:44:50:91:b0:2b:da:d8:83:4f:
         c8:89:d5:72:23:b6:58:7d:63:45:dc:8b:42:2b:45:bb:c2:8d:
         63:f4:92:99:88:1b:23:3e:46:f7:a8:f4:93:1a:ef:a0:95:61:
         fb:70:be:f0:3c:15:e2:a1:e2:ba:01:f3:47:d0:c4:d8:70:f5:
         bf:51:d0:9e:87:ac:71:f0:5f:fe:4b:9c:42:57:ad:28:b5:3c:
         b0:bb:9c:1e:86:5a:92:77:13:a0:19:df:f6:2b:39:2b:21:7d:
         b0:7e:d1:e2:9e:8f:4c:2a:dd:96:a6:20:65:a6:5a:a6:6f:83:
         f8:82:e0:c1:3a:f8:84:37:31:b1:af:6e:ce:e3:f5:71:a6:48:
         4a:99:92:41:a4:0e:ee:a1:85:5d:94:11:4d:25:40:12:51:26:
         5c:91:5c:0d:3c:76:e5:86:7d:cf:14:7e:0b:f6:24:36:e9:5d:
         46:e2:f7:14:13:21:2e:c6:1a:77:94:41:14:20:7e:0a:8e:d3:
         b2:5d:e6:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjajv25SVy18tTFzZaOhTsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkNzNjMjY2MDliMWIyMWQ4N2E2ODEzMDJlZjJkMjZmYzBh
MDBmYTMwHhcNMjUwMTAxMTk0OTEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDhiNTlmYTZhYjBlYTgzNjUyMDY2Nzg1MDk5MzIwNjkwNmIyMmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0mNyQfRI4DssfaCNnviR8DuINa/A
AYoOffh74HUbErwchtXhJcKDhlh5Vbcaa2K8IvWWtE8m9kNg9xHvuciTCnVquJu/
7yJMq6IZ4oeUUHGeFX3ErEzH4rU38gI5ctex6nutKyULWiEiswhs8IDy7QCei1aH
6AJZVxMIqLuGdWJxyhrLi1240mt6ilFKp/jLE4KuU85tOcaQMfHLTL1bJPiNUsGs
hrY8AsGVU/hJ8ayGMDf5c8x59wAo7KYKW/e4ajjNothXxPgxuXd/UzxKREFViwjy
A930uYaVjXUB8gtqtnesJxo1+3+ifkIEbZ/cR36tEXnZelDwjyP5mC8dFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA2LWfpqsOqDZSBmeFCZMgaQayLkMB8GA1UdIwQY
MBaAFO1zwmYJsbIdh6aBMC7y0m/AoA+jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1hQQ1pnbXhzaDJIcG9Fd0x2TFNiOENnRDZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9jOGVhNDYtOWRjMi00MDM2LTkwOTYt
NGNkNzdiMzhmMWIxLzEvRFl0Wi1tcXc2b05sSUdaNFVKa3lCcEJySXVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9jOGVhNDYtOWRjMi00MDM2LTkwOTYtNGNkNzdiMzhmMWIx
LzEvN1hQQ1pnbXhzaDJIcG9Fd0x2TFNiOENnRDZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwggyMA0G
CSqGSIb3DQEBCwUAA4IBAQC3OuIhimn27AyShD3uponL+WD9oQr0uJXZKbg04/kv
UnWsNG+tu7GayZSyc6grwNbQp0dWd51L1+k7XJBSuOFEUJGwK9rYg0/IidVyI7ZY
fWNF3ItCK0W7wo1j9JKZiBsjPkb3qPSTGu+glWH7cL7wPBXioeK6AfNH0MTYcPW/
UdCeh6xx8F/+S5xCV60otTywu5wehlqSdxOgGd/2KzkrIX2wftHino9MKt2WpiBl
plqmb4P4guDBOviENzGxr27O4/VxpkhKmZJBpA7uoYVdlBFNJUASUSZckVwNPHbl
hn3PFH4L9iQ26V1G4vcUEyEuxhp3lEEUIH4KjtOyXeYH
-----END CERTIFICATE-----