Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/3d4731-8cf3-4327-ae6a-51387d160ba9/1/kaG5xdAZOkKGR3RN7B4QYembAdk.roa
File:                     kaG5xdAZOkKGR3RN7B4QYembAdk.roa (raw, json)
Hash identifier:          6M3uGa+uTMgXy1MVbBzOlXXM/YguWaDzZlPmxK2Npxw=
Subject key identifier:   91:A1:B9:C5:D0:19:3A:42:86:47:74:4D:EC:1E:10:61:E9:9B:01:D9
Certificate issuer:       /CN=dc41411e93e25d5ec65099569b1b5c5fadc1ae3d
Certificate serial:       018CC7957C145CF3AB60797CB9538884790E
Authority key identifier: DC:41:41:1E:93:E2:5D:5E:C6:50:99:56:9B:1B:5C:5F:AD:C1:AE:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3EFBHpPiXV7GUJlWmxtcX63Brj0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/3d4731-8cf3-4327-ae6a-51387d160ba9/1/kaG5xdAZOkKGR3RN7B4QYembAdk.roa
Signing time:             Tue 02 Jan 2024 00:31:51 +0000
ROA not before:           Tue 02 Jan 2024 00:31:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200435
IP address blocks:        185.248.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/3d4731-8cf3-4327-ae6a-51387d160ba9/1/3EFBHpPiXV7GUJlWmxtcX63Brj0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/3d4731-8cf3-4327-ae6a-51387d160ba9/1/3EFBHpPiXV7GUJlWmxtcX63Brj0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3EFBHpPiXV7GUJlWmxtcX63Brj0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:7c:14:5c:f3:ab:60:79:7c:b9:53:88:84:79:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc41411e93e25d5ec65099569b1b5c5fadc1ae3d
        Validity
            Not Before: Jan  2 00:31:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=91a1b9c5d0193a428647744dec1e1061e99b01d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:43:25:f3:2e:99:ca:01:b8:ff:fc:9a:db:61:
                    93:f4:ba:96:79:14:a0:25:f2:41:2e:ba:d5:b2:3e:
                    c6:a3:d9:e7:f9:b4:51:e1:7f:dd:7a:d2:f9:0b:5a:
                    c9:8f:5d:df:18:bd:95:82:0c:c7:a2:fb:04:05:06:
                    69:90:05:17:f0:cd:79:2b:01:38:84:38:25:45:62:
                    dc:7b:d3:a3:4d:91:44:d2:e0:c4:3a:e4:25:a9:6d:
                    b0:6a:69:1e:46:11:0b:42:41:4f:b0:7e:5d:c4:5a:
                    72:3c:98:cf:58:2f:40:ef:8a:12:9a:ad:45:64:46:
                    d5:6e:4e:0b:3d:5a:5e:46:d3:11:05:ed:95:21:f8:
                    1d:84:8f:2c:95:3f:cb:da:12:80:19:58:f9:e1:4d:
                    c8:0a:7b:2e:ee:ce:af:6e:91:bd:9c:40:8d:b5:1a:
                    69:ff:24:64:fb:19:05:1c:e8:9a:1c:83:b4:90:fb:
                    0e:8e:27:4d:23:56:8e:53:20:08:47:89:73:26:b5:
                    ac:c5:6b:53:87:cb:29:07:8f:ed:cc:8c:ec:2a:be:
                    18:1f:1c:40:a5:5f:a3:b4:0a:ee:12:b5:fc:ea:21:
                    23:1d:24:81:76:6a:c9:19:cb:40:03:58:24:cb:f6:
                    11:d5:2d:a4:cd:c0:72:97:d2:ec:db:9e:d9:7c:f5:
                    38:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:A1:B9:C5:D0:19:3A:42:86:47:74:4D:EC:1E:10:61:E9:9B:01:D9
            X509v3 Authority Key Identifier:
                keyid:DC:41:41:1E:93:E2:5D:5E:C6:50:99:56:9B:1B:5C:5F:AD:C1:AE:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3EFBHpPiXV7GUJlWmxtcX63Brj0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/3d4731-8cf3-4327-ae6a-51387d160ba9/1/kaG5xdAZOkKGR3RN7B4QYembAdk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/3d4731-8cf3-4327-ae6a-51387d160ba9/1/3EFBHpPiXV7GUJlWmxtcX63Brj0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.248.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:e0:f1:2d:b2:7e:bc:92:15:4d:7d:8b:46:c7:99:8c:00:da:
         40:bd:d5:bc:a2:aa:95:07:74:d7:16:7d:55:dc:48:ca:6f:85:
         35:58:a3:1b:08:8f:93:e5:f6:b1:2c:a7:97:ce:a2:73:64:22:
         31:0f:73:44:27:e4:5c:14:75:ec:cc:29:f9:42:d1:6b:58:49:
         98:67:82:cf:cb:cd:1f:32:ec:43:bd:14:af:a1:45:1e:88:ed:
         b5:86:5a:fe:04:b8:83:cb:a9:35:9f:df:6f:0f:75:45:6e:89:
         e4:da:45:71:86:dc:6c:37:d4:cb:54:94:da:08:de:69:78:ee:
         d5:aa:e9:e2:b5:bb:84:60:6f:81:04:8b:db:3d:32:0a:c3:57:
         c3:23:5a:ef:b2:6e:d9:8a:ff:4f:ee:13:e3:c1:c0:58:49:61:
         26:03:b7:65:eb:e5:26:ee:c9:d4:88:55:6d:0c:9f:40:56:48:
         98:0b:d9:83:ca:f8:b2:e3:7e:d5:21:00:bc:71:c6:a6:42:70:
         0e:bf:72:e8:6e:3c:dc:a9:f0:61:6b:93:72:72:32:63:f5:74:
         4b:1f:1e:db:e9:c1:45:d1:7d:c6:a4:d3:96:33:91:f5:1f:6a:
         e7:15:b5:b9:e8:8f:61:b1:3c:04:d7:ba:5d:8d:c4:00:c6:db:
         bf:cb:53:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlXwUXPOrYHl8uVOIhHkOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjNDE0MTFlOTNlMjVkNWVjNjUwOTk1NjliMWI1YzVmYWRj
MWFlM2QwHhcNMjQwMTAyMDAzMTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWExYjljNWQwMTkzYTQyODY0Nzc0NGRlYzFlMTA2MWU5OWIwMWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgkMl8y6ZygG4//ya22GT9LqWeRSg
JfJBLrrVsj7Go9nn+bRR4X/detL5C1rJj13fGL2VggzHovsEBQZpkAUX8M15KwE4
hDglRWLce9OjTZFE0uDEOuQlqW2wamkeRhELQkFPsH5dxFpyPJjPWC9A74oSmq1F
ZEbVbk4LPVpeRtMRBe2VIfgdhI8slT/L2hKAGVj54U3ICnsu7s6vbpG9nECNtRpp
/yRk+xkFHOiaHIO0kPsOjidNI1aOUyAIR4lzJrWsxWtTh8spB4/tzIzsKr4YHxxA
pV+jtAruErX86iEjHSSBdmrJGctAA1gky/YR1S2kzcByl9Ls257ZfPU4fQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJGhucXQGTpChkd0TeweEGHpmwHZMB8GA1UdIwQY
MBaAFNxBQR6T4l1exlCZVpsbXF+twa49MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0VGQkhwUGlYVjdHVUpsV214dGNYNjNCcmowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC8zZDQ3MzEtOGNmMy00MzI3LWFlNmEt
NTEzODdkMTYwYmE5LzEva2FHNXhkQVpPa0tHUjNSTjdCNFFZZW1iQWRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC8zZDQ3MzEtOGNmMy00MzI3LWFlNmEtNTEzODdkMTYwYmE5
LzEvM0VGQkhwUGlYVjdHVUpsV214dGNYNjNCcmowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufgyMA0G
CSqGSIb3DQEBCwUAA4IBAQAg4PEtsn68khVNfYtGx5mMANpAvdW8oqqVB3TXFn1V
3EjKb4U1WKMbCI+T5faxLKeXzqJzZCIxD3NEJ+RcFHXszCn5QtFrWEmYZ4LPy80f
MuxDvRSvoUUeiO21hlr+BLiDy6k1n99vD3VFbonk2kVxhtxsN9TLVJTaCN5peO7V
qunitbuEYG+BBIvbPTIKw1fDI1rvsm7Ziv9P7hPjwcBYSWEmA7dl6+Um7snUiFVt
DJ9AVkiYC9mDyviy437VIQC8ccamQnAOv3LobjzcqfBha5NycjJj9XRLHx7b6cFF
0X3GpNOWM5H1H2rnFbW56I9hsTwE17pdjcQAxtu/y1MF
-----END CERTIFICATE-----