Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/3d4731-8cf3-4327-ae6a-51387d160ba9/1/tcrvNu39gX3sVfrChcm1I0NFVIs.roa
File:                     tcrvNu39gX3sVfrChcm1I0NFVIs.roa (raw, json)
Hash identifier:          BworvLra1p1jjWtOIrexEE5ZSxXJT2bIDLnHKNZus+E=
Subject key identifier:   B5:CA:EF:36:ED:FD:81:7D:EC:55:FA:C2:85:C9:B5:23:43:45:54:8B
Certificate issuer:       /CN=dc41411e93e25d5ec65099569b1b5c5fadc1ae3d
Certificate serial:       0191980014B8268F76E33D617934FD356532
Authority key identifier: DC:41:41:1E:93:E2:5D:5E:C6:50:99:56:9B:1B:5C:5F:AD:C1:AE:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3EFBHpPiXV7GUJlWmxtcX63Brj0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/3d4731-8cf3-4327-ae6a-51387d160ba9/1/tcrvNu39gX3sVfrChcm1I0NFVIs.roa
Signing time:             Wed 28 Aug 2024 08:00:27 +0000
ROA not before:           Wed 28 Aug 2024 08:00:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     32613
IP address blocks:        185.248.51.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/3d4731-8cf3-4327-ae6a-51387d160ba9/1/3EFBHpPiXV7GUJlWmxtcX63Brj0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/3d4731-8cf3-4327-ae6a-51387d160ba9/1/3EFBHpPiXV7GUJlWmxtcX63Brj0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3EFBHpPiXV7GUJlWmxtcX63Brj0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:98:00:14:b8:26:8f:76:e3:3d:61:79:34:fd:35:65:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc41411e93e25d5ec65099569b1b5c5fadc1ae3d
        Validity
            Not Before: Aug 28 08:00:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b5caef36edfd817dec55fac285c9b5234345548b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:10:8e:a6:0f:13:02:b7:09:b9:8c:14:05:d6:
                    ec:60:b7:d3:da:68:8f:f0:e0:4e:6c:f9:00:f4:e4:
                    57:2b:c8:6c:97:d9:60:54:18:5d:ec:aa:64:89:72:
                    eb:d2:f9:a2:2d:c6:17:f6:96:fa:9f:9f:33:d4:a2:
                    a7:bf:b2:2d:cd:ba:4b:f4:9e:49:33:e5:2f:5d:6e:
                    fc:c1:d0:98:c0:52:9c:3f:61:c4:e4:85:dd:34:81:
                    d2:4f:ec:aa:ff:5e:9f:3b:28:50:bb:ab:e2:a4:df:
                    b5:00:e6:e8:7b:11:b8:ff:7e:fb:02:24:b6:eb:98:
                    e7:27:1f:01:f9:45:ff:ad:a4:57:94:55:37:a8:83:
                    8a:3f:45:a8:48:98:4c:4c:b6:da:43:a5:c1:3a:50:
                    96:a3:a2:51:5a:e0:1d:e1:13:1e:67:dd:a8:a6:92:
                    3b:fc:ce:1c:c5:02:a8:1e:59:e2:55:29:24:85:7d:
                    b4:9a:6e:b3:e5:3c:92:e0:da:84:7e:89:39:ca:24:
                    7c:94:c9:2d:8e:41:aa:53:82:05:bf:65:f3:16:af:
                    f8:8d:35:c2:ed:81:d0:f6:78:2a:6e:71:5d:a7:32:
                    20:8b:68:fe:13:00:d6:b1:16:56:1b:b6:e4:5c:33:
                    e7:e7:90:fa:9a:e0:55:c3:62:2b:7f:60:de:83:e2:
                    5a:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:CA:EF:36:ED:FD:81:7D:EC:55:FA:C2:85:C9:B5:23:43:45:54:8B
            X509v3 Authority Key Identifier:
                keyid:DC:41:41:1E:93:E2:5D:5E:C6:50:99:56:9B:1B:5C:5F:AD:C1:AE:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3EFBHpPiXV7GUJlWmxtcX63Brj0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/3d4731-8cf3-4327-ae6a-51387d160ba9/1/tcrvNu39gX3sVfrChcm1I0NFVIs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/3d4731-8cf3-4327-ae6a-51387d160ba9/1/3EFBHpPiXV7GUJlWmxtcX63Brj0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.248.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:a3:39:32:6f:2c:3f:06:00:ca:45:47:cd:2f:ac:6d:ec:af:
         69:01:61:a5:26:8f:bc:ef:c9:54:7c:e4:91:c8:79:ce:9b:24:
         49:c0:9f:8e:1a:f4:24:33:bc:3f:7e:16:24:d0:59:25:21:72:
         bb:d4:26:2e:17:9f:c4:73:3a:d7:7a:eb:64:63:13:34:85:3a:
         68:20:c7:47:cf:37:e0:ea:c2:6a:2d:8a:69:65:d5:56:e4:f4:
         64:3e:00:25:15:3b:40:d2:5a:ed:d5:6b:01:23:d3:5d:cf:0c:
         bb:ed:78:30:1a:16:a8:57:9a:00:0f:78:4c:f4:a7:e5:1c:b1:
         7a:fe:ce:8d:f4:32:aa:53:cc:26:31:48:04:3f:b6:a7:90:db:
         f0:b3:fe:3c:df:f7:1c:b8:0b:a2:73:fc:67:80:b3:f0:67:ce:
         82:db:4d:c1:b9:5e:0c:38:87:63:67:54:53:2a:c1:30:3b:bc:
         e3:d4:74:5b:d4:d6:dc:54:aa:4e:fe:78:a9:42:c5:86:df:c3:
         14:36:b3:64:a7:59:60:46:fe:94:33:9a:f7:a5:60:98:0f:da:
         db:0a:ca:e8:10:da:2b:1a:1f:07:86:2f:1d:1e:f3:28:98:a4:
         bb:f1:76:c2:2d:3c:bc:e1:5e:d5:e3:a0:c1:57:07:2c:19:ab:
         c5:7e:ad:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGYABS4Jo924z1heTT9NWUyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjNDE0MTFlOTNlMjVkNWVjNjUwOTk1NjliMWI1YzVmYWRj
MWFlM2QwHhcNMjQwODI4MDgwMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWNhZWYzNmVkZmQ4MTdkZWM1NWZhYzI4NWM5YjUyMzQzNDU1NDhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtBCOpg8TArcJuYwUBdbsYLfT2miP
8OBObPkA9ORXK8hsl9lgVBhd7KpkiXLr0vmiLcYX9pb6n58z1KKnv7ItzbpL9J5J
M+UvXW78wdCYwFKcP2HE5IXdNIHST+yq/16fOyhQu6vipN+1AOboexG4/377AiS2
65jnJx8B+UX/raRXlFU3qIOKP0WoSJhMTLbaQ6XBOlCWo6JRWuAd4RMeZ92oppI7
/M4cxQKoHlniVSkkhX20mm6z5TyS4NqEfok5yiR8lMktjkGqU4IFv2XzFq/4jTXC
7YHQ9ngqbnFdpzIgi2j+EwDWsRZWG7bkXDPn55D6muBVw2Irf2Deg+JayQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLXK7zbt/YF97FX6woXJtSNDRVSLMB8GA1UdIwQY
MBaAFNxBQR6T4l1exlCZVpsbXF+twa49MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0VGQkhwUGlYVjdHVUpsV214dGNYNjNCcmowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC8zZDQ3MzEtOGNmMy00MzI3LWFlNmEt
NTEzODdkMTYwYmE5LzEvdGNydk51MzlnWDNzVmZyQ2hjbTFJME5GVklzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC8zZDQ3MzEtOGNmMy00MzI3LWFlNmEtNTEzODdkMTYwYmE5
LzEvM0VGQkhwUGlYVjdHVUpsV214dGNYNjNCcmowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufgzMA0G
CSqGSIb3DQEBCwUAA4IBAQB4ozkybyw/BgDKRUfNL6xt7K9pAWGlJo+878lUfOSR
yHnOmyRJwJ+OGvQkM7w/fhYk0FklIXK71CYuF5/EczrXeutkYxM0hTpoIMdHzzfg
6sJqLYppZdVW5PRkPgAlFTtA0lrt1WsBI9Ndzwy77XgwGhaoV5oAD3hM9KflHLF6
/s6N9DKqU8wmMUgEP7ankNvws/483/ccuAuic/xngLPwZ86C203BuV4MOIdjZ1RT
KsEwO7zj1HRb1NbcVKpO/nipQsWG38MUNrNkp1lgRv6UM5r3pWCYD9rbCsroENor
Gh8Hhi8dHvMomKS78XbCLTy84V7V46DBVwcsGavFfq27
-----END CERTIFICATE-----