Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/3d4731-8cf3-4327-ae6a-51387d160ba9/1/I5wQnrgvMCaYn9C8yDvoLQWI0Fs.roa
File:                     I5wQnrgvMCaYn9C8yDvoLQWI0Fs.roa (raw, json)
Hash identifier:          LLp7jSaPRxKkmfQPCgmC3oWPlWcodXukIf+OL2Y6Xy4=
Subject key identifier:   23:9C:10:9E:B8:2F:30:26:98:9F:D0:BC:C8:3B:E8:2D:05:88:D0:5B
Certificate issuer:       /CN=dc41411e93e25d5ec65099569b1b5c5fadc1ae3d
Certificate serial:       0194221FC77F1E7C3C7FCF6805FBFCF25400
Authority key identifier: DC:41:41:1E:93:E2:5D:5E:C6:50:99:56:9B:1B:5C:5F:AD:C1:AE:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3EFBHpPiXV7GUJlWmxtcX63Brj0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/3d4731-8cf3-4327-ae6a-51387d160ba9/1/I5wQnrgvMCaYn9C8yDvoLQWI0Fs.roa
Signing time:             Wed 01 Jan 2025 13:48:15 +0000
ROA not before:           Wed 01 Jan 2025 13:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200435
IP address blocks:        185.248.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/3d4731-8cf3-4327-ae6a-51387d160ba9/1/3EFBHpPiXV7GUJlWmxtcX63Brj0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/3d4731-8cf3-4327-ae6a-51387d160ba9/1/3EFBHpPiXV7GUJlWmxtcX63Brj0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3EFBHpPiXV7GUJlWmxtcX63Brj0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 22:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:c7:7f:1e:7c:3c:7f:cf:68:05:fb:fc:f2:54:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc41411e93e25d5ec65099569b1b5c5fadc1ae3d
        Validity
            Not Before: Jan  1 13:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=239c109eb82f3026989fd0bcc83be82d0588d05b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:a4:a3:63:2e:75:17:57:e7:55:13:21:45:c8:
                    db:35:41:88:6c:d7:5f:ff:a1:14:ab:64:63:e6:02:
                    2b:ca:45:e2:62:2f:ad:3e:91:67:85:25:af:c4:e7:
                    b4:70:6d:13:5e:4b:db:eb:74:f8:3f:50:de:95:3e:
                    7e:ca:6b:8d:1a:1d:76:a8:98:fc:c3:7c:5a:e5:45:
                    e8:d0:90:bf:6c:8a:41:b7:50:0e:52:8d:d3:06:cb:
                    3b:0a:bf:c3:5c:09:5a:3f:44:41:dc:65:ca:3b:f8:
                    d7:9e:57:96:3c:0d:e4:3e:47:07:c8:72:4a:55:c1:
                    f9:2b:4c:b4:b2:f8:1b:1a:17:94:a5:fe:bb:47:74:
                    dc:a3:39:3e:bd:f3:71:56:42:77:69:93:57:71:32:
                    75:6f:2b:fa:32:a8:75:95:bc:f4:e9:e7:67:5d:e0:
                    f2:8a:11:d4:5c:f6:1b:48:1d:61:fb:28:3e:b9:4d:
                    d6:ce:cb:95:8f:67:98:7a:08:fa:89:55:16:55:c3:
                    1f:d1:b4:db:4b:f3:a1:ad:0d:e5:a0:7b:30:e5:c2:
                    c5:5a:7e:96:7a:6e:f8:1a:6c:1f:2c:31:0e:d4:c2:
                    d5:f0:6f:a7:2f:08:9d:8e:8a:29:d6:ef:13:45:19:
                    d4:4d:65:3e:e6:90:be:97:d9:9c:5a:41:3d:36:e2:
                    37:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:9C:10:9E:B8:2F:30:26:98:9F:D0:BC:C8:3B:E8:2D:05:88:D0:5B
            X509v3 Authority Key Identifier:
                keyid:DC:41:41:1E:93:E2:5D:5E:C6:50:99:56:9B:1B:5C:5F:AD:C1:AE:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3EFBHpPiXV7GUJlWmxtcX63Brj0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/3d4731-8cf3-4327-ae6a-51387d160ba9/1/I5wQnrgvMCaYn9C8yDvoLQWI0Fs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/3d4731-8cf3-4327-ae6a-51387d160ba9/1/3EFBHpPiXV7GUJlWmxtcX63Brj0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.248.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:87:26:e6:43:18:9b:03:fa:36:24:49:96:46:79:17:13:cb:
         a0:17:5c:52:df:33:5c:7e:21:2f:d7:11:48:11:ee:fe:18:fd:
         c3:cb:f7:76:11:28:d5:87:16:c6:e9:95:8e:b5:75:01:7e:e5:
         57:0f:d5:50:27:1f:6f:03:d9:3c:75:d3:99:41:6c:3b:68:2f:
         4a:46:93:33:a7:48:ea:78:cc:a9:89:7f:8f:cf:98:bc:1d:ce:
         ad:52:a6:24:28:50:03:30:c0:3a:c4:c3:77:70:03:59:81:f3:
         59:f4:a6:3d:3a:49:cd:8f:24:54:6f:63:53:a8:19:86:5e:37:
         3d:87:9d:4f:cc:18:3f:ea:e9:d1:e9:de:56:7b:45:93:10:33:
         d2:41:0c:93:c0:af:36:a9:51:ff:ce:c1:21:65:5e:ee:ab:ce:
         6a:b9:cf:c3:4b:33:da:3d:a3:bf:27:fd:5d:5e:e9:69:65:ab:
         11:46:86:4b:1e:19:bd:c6:d4:b7:db:99:b8:e0:68:8b:0c:3c:
         0c:f0:cb:f3:b8:62:e7:82:4a:bc:ee:cd:49:b6:86:b4:e6:2f:
         3d:f1:78:2e:b4:6b:11:d7:01:1c:f5:30:22:3f:ff:c3:31:85:
         49:99:f3:ab:87:c9:aa:59:b3:ad:89:6b:f0:1d:cb:c2:2d:e2:
         df:60:b4:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH8d/Hnw8f89oBfv88lQAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjNDE0MTFlOTNlMjVkNWVjNjUwOTk1NjliMWI1YzVmYWRj
MWFlM2QwHhcNMjUwMTAxMTM0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzljMTA5ZWI4MmYzMDI2OTg5ZmQwYmNjODNiZTgyZDA1ODhkMDViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvaSjYy51F1fnVRMhRcjbNUGIbNdf
/6EUq2Rj5gIrykXiYi+tPpFnhSWvxOe0cG0TXkvb63T4P1DelT5+ymuNGh12qJj8
w3xa5UXo0JC/bIpBt1AOUo3TBss7Cr/DXAlaP0RB3GXKO/jXnleWPA3kPkcHyHJK
VcH5K0y0svgbGheUpf67R3Tcozk+vfNxVkJ3aZNXcTJ1byv6Mqh1lbz06ednXeDy
ihHUXPYbSB1h+yg+uU3WzsuVj2eYegj6iVUWVcMf0bTbS/OhrQ3loHsw5cLFWn6W
em74GmwfLDEO1MLV8G+nLwidjoop1u8TRRnUTWU+5pC+l9mcWkE9NuI3LQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCOcEJ64LzAmmJ/QvMg76C0FiNBbMB8GA1UdIwQY
MBaAFNxBQR6T4l1exlCZVpsbXF+twa49MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0VGQkhwUGlYVjdHVUpsV214dGNYNjNCcmowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC8zZDQ3MzEtOGNmMy00MzI3LWFlNmEt
NTEzODdkMTYwYmE5LzEvSTV3UW5yZ3ZNQ2FZbjlDOHlEdm9MUVdJMEZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC8zZDQ3MzEtOGNmMy00MzI3LWFlNmEtNTEzODdkMTYwYmE5
LzEvM0VGQkhwUGlYVjdHVUpsV214dGNYNjNCcmowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufgyMA0G
CSqGSIb3DQEBCwUAA4IBAQCRhybmQxibA/o2JEmWRnkXE8ugF1xS3zNcfiEv1xFI
Ee7+GP3Dy/d2ESjVhxbG6ZWOtXUBfuVXD9VQJx9vA9k8ddOZQWw7aC9KRpMzp0jq
eMypiX+Pz5i8Hc6tUqYkKFADMMA6xMN3cANZgfNZ9KY9OknNjyRUb2NTqBmGXjc9
h51PzBg/6unR6d5We0WTEDPSQQyTwK82qVH/zsEhZV7uq85quc/DSzPaPaO/J/1d
XulpZasRRoZLHhm9xtS325m44GiLDDwM8MvzuGLngkq87s1Jtoa05i898XgutGsR
1wEc9TAiP//DMYVJmfOrh8mqWbOtiWvwHcvCLeLfYLRo
-----END CERTIFICATE-----