Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/IA50Bs6By_oOy5MxxotpIFXEirc.roa
File:                     IA50Bs6By_oOy5MxxotpIFXEirc.roa (raw, json)
Hash identifier:          4o8ZMCTq9mWce8dgge7wArM8DrJU7XruNRhasXSMZ0E=
Subject key identifier:   20:0E:74:06:CE:81:CB:FA:0E:CB:93:31:C6:8B:69:20:55:C4:8A:B7
Certificate issuer:       /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial:       018CC64A7A13124E8C68910CE7124D1142D9
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/IA50Bs6By_oOy5MxxotpIFXEirc.roa
Signing time:             Mon 01 Jan 2024 18:30:18 +0000
ROA not before:           Mon 01 Jan 2024 18:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57489
IP address blocks:        141.101.236.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:7a:13:12:4e:8c:68:91:0c:e7:12:4d:11:42:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
        Validity
            Not Before: Jan  1 18:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=200e7406ce81cbfa0ecb9331c68b692055c48ab7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:1a:2f:b0:09:56:92:df:c6:7f:66:59:aa:32:
                    77:e1:1e:9b:cc:61:6f:84:71:f6:6a:c5:41:5d:84:
                    7d:66:07:5c:e0:5d:b5:4a:24:70:75:35:73:a6:70:
                    b8:ec:3e:60:e7:58:7b:49:4d:52:7d:79:74:6e:66:
                    50:e5:cc:2c:4c:aa:2e:09:b1:56:a1:82:78:66:f8:
                    06:f8:73:c7:09:0b:3d:1c:7a:61:19:ae:e0:7f:dc:
                    13:c0:26:5a:95:5a:fe:c5:ae:85:19:ce:fc:90:8f:
                    4a:a9:40:43:d1:aa:72:20:62:10:2e:72:ad:80:19:
                    0c:ee:02:9a:25:71:d1:f9:da:48:91:4b:86:ff:18:
                    1c:fb:4d:05:cc:d9:77:d0:32:d3:16:9d:5b:79:7b:
                    ac:04:50:dd:ef:43:96:02:94:9a:96:95:82:df:3f:
                    df:02:46:b4:ca:ee:34:2d:77:4d:9a:8a:bb:64:63:
                    fb:da:5a:51:34:73:78:7e:fe:9d:bd:04:1f:bd:a4:
                    d0:d8:85:76:e8:7f:93:48:54:5f:00:23:2d:3b:b4:
                    59:d0:77:0a:8d:6a:ad:12:88:b3:92:5a:0c:92:37:
                    b0:55:f1:be:bc:15:f8:dc:49:9a:47:0a:fe:6e:9c:
                    7b:27:27:68:de:d7:b3:11:70:da:fc:2e:d3:63:52:
                    17:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:0E:74:06:CE:81:CB:FA:0E:CB:93:31:C6:8B:69:20:55:C4:8A:B7
            X509v3 Authority Key Identifier:
                keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/IA50Bs6By_oOy5MxxotpIFXEirc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.101.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:56:97:5a:8d:f8:42:21:e7:0e:dd:ca:16:af:e0:ed:69:6a:
         18:50:49:09:e5:9a:9e:ef:64:26:a0:2c:40:25:d8:e1:47:4c:
         f6:67:96:97:3a:2f:0b:1d:59:58:78:7f:0d:9d:69:9e:17:e6:
         d4:8d:54:e2:d9:fb:9e:fd:58:6d:fb:19:0f:17:22:99:95:2f:
         1d:67:ac:f9:3f:c2:d5:a7:13:59:c0:2f:62:b2:73:35:a0:56:
         bb:4d:eb:f6:91:07:aa:90:39:fe:d7:5c:69:00:b9:2c:b7:32:
         c4:86:7b:2b:15:27:a0:7f:0f:07:05:45:2e:69:25:dc:14:36:
         c9:62:94:8e:cc:82:ed:26:08:9c:19:b5:27:a2:11:f5:36:f9:
         24:87:85:a4:50:41:26:c7:5e:e9:cb:3f:5c:b7:b7:f4:3f:c5:
         b8:5c:04:1a:b0:03:4b:35:e0:ab:72:da:f3:e4:15:31:b8:e6:
         9f:a9:8e:1a:a4:e3:75:6d:c8:13:b3:de:3f:40:eb:bb:49:bf:
         64:53:9c:4a:2a:f6:04:fe:d8:d2:ed:32:94:3f:5b:5b:b6:7b:
         95:4e:b3:3d:33:75:84:82:43:1e:27:7c:89:bb:c4:b6:16:87:
         42:cf:80:11:74:c9:11:bf:33:bd:88:3e:cb:e7:c2:ec:7d:28:
         80:f0:36:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSnoTEk6MaJEM5xJNEULZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjQwMTAxMTgzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDBlNzQwNmNlODFjYmZhMGVjYjkzMzFjNjhiNjkyMDU1YzQ4YWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiBovsAlWkt/Gf2ZZqjJ34R6bzGFv
hHH2asVBXYR9Zgdc4F21SiRwdTVzpnC47D5g51h7SU1SfXl0bmZQ5cwsTKouCbFW
oYJ4ZvgG+HPHCQs9HHphGa7gf9wTwCZalVr+xa6FGc78kI9KqUBD0apyIGIQLnKt
gBkM7gKaJXHR+dpIkUuG/xgc+00FzNl30DLTFp1beXusBFDd70OWApSalpWC3z/f
Aka0yu40LXdNmoq7ZGP72lpRNHN4fv6dvQQfvaTQ2IV26H+TSFRfACMtO7RZ0HcK
jWqtEoizkloMkjewVfG+vBX43EmaRwr+bpx7Jydo3tezEXDa/C7TY1IXFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCAOdAbOgcv6DsuTMcaLaSBVxIq3MB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEvSUE1MEJzNkJ5X29PeTVNeHhvdHBJRlhFaXJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODktOGM5NTgxZDk2ZDhm
LzEvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjWXsMA0G
CSqGSIb3DQEBCwUAA4IBAQBuVpdajfhCIecO3coWr+DtaWoYUEkJ5Zqe72QmoCxA
JdjhR0z2Z5aXOi8LHVlYeH8NnWmeF+bUjVTi2fue/Vht+xkPFyKZlS8dZ6z5P8LV
pxNZwC9isnM1oFa7Tev2kQeqkDn+11xpALkstzLEhnsrFSegfw8HBUUuaSXcFDbJ
YpSOzILtJgicGbUnohH1Nvkkh4WkUEEmx17pyz9ct7f0P8W4XAQasANLNeCrctrz
5BUxuOafqY4apON1bcgTs94/QOu7Sb9kU5xKKvYE/tjS7TKUP1tbtnuVTrM9M3WE
gkMeJ3yJu8S2FodCz4ARdMkRvzO9iD7L58LsfSiA8Dbr
-----END CERTIFICATE-----