Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/52fb09-6a27-4369-bbdb-87bfc37f0ec2/1/rI_cNWR7pCwHKm7zKB1wz5kvKdA.roa
File:                     rI_cNWR7pCwHKm7zKB1wz5kvKdA.roa (raw, json)
Hash identifier:          44xxTPvkIpsFw1z+ejkG9oCOJEZOPm1UzB5g2lrATyE=
Subject key identifier:   AC:8F:DC:35:64:7B:A4:2C:07:2A:6E:F3:28:1D:70:CF:99:2F:29:D0
Certificate issuer:       /CN=7a550c8065bf6033fcc6a3b03813ef9271924196
Certificate serial:       018E50C44A2CEF0DCA3E4D19BC62CB33D7D9
Authority key identifier: 7A:55:0C:80:65:BF:60:33:FC:C6:A3:B0:38:13:EF:92:71:92:41:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/elUMgGW_YDP8xqOwOBPvknGSQZY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/52fb09-6a27-4369-bbdb-87bfc37f0ec2/1/rI_cNWR7pCwHKm7zKB1wz5kvKdA.roa
Signing time:             Mon 18 Mar 2024 08:53:45 +0000
ROA not before:           Mon 18 Mar 2024 08:53:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215540
IP address blocks:        185.161.251.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/52fb09-6a27-4369-bbdb-87bfc37f0ec2/1/elUMgGW_YDP8xqOwOBPvknGSQZY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/52fb09-6a27-4369-bbdb-87bfc37f0ec2/1/elUMgGW_YDP8xqOwOBPvknGSQZY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/elUMgGW_YDP8xqOwOBPvknGSQZY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 23:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:50:c4:4a:2c:ef:0d:ca:3e:4d:19:bc:62:cb:33:d7:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7a550c8065bf6033fcc6a3b03813ef9271924196
        Validity
            Not Before: Mar 18 08:53:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ac8fdc35647ba42c072a6ef3281d70cf992f29d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:48:c7:e9:60:c6:60:00:64:b2:12:ca:c7:6f:
                    de:b8:f4:39:53:3a:7f:96:6f:b1:4f:f5:2c:39:ab:
                    2a:80:bb:16:09:1d:7f:6c:34:17:bb:0b:7b:6c:3f:
                    c1:d7:b4:ba:80:19:f3:fe:a9:2a:2a:83:c4:18:a8:
                    d5:ba:d2:3b:9e:04:68:8b:5b:19:7f:db:83:ae:61:
                    68:54:a3:89:28:90:4b:e0:a7:89:97:b8:47:f0:d2:
                    ee:52:7c:7c:43:43:a6:ac:72:76:f4:96:49:25:e0:
                    ea:4a:c0:0a:59:b3:01:c5:2e:65:5a:76:f0:71:cd:
                    44:2a:9c:6a:9b:2d:c5:df:4b:e7:30:b8:30:69:d8:
                    05:d5:dd:82:4a:d8:2f:72:f8:cc:16:98:52:b1:83:
                    30:d7:f2:bf:00:ea:23:eb:a1:df:d1:e0:46:6e:e7:
                    4e:c6:28:e1:6a:81:40:a3:ea:5c:89:82:a9:0d:ff:
                    d8:a9:24:14:70:71:a4:60:37:35:e9:43:2e:7e:6b:
                    87:26:0b:50:74:31:ce:9f:0f:f9:46:99:ed:fb:80:
                    ad:ea:46:b4:39:5c:27:7f:62:e0:13:c4:77:a6:ba:
                    c6:de:8c:fd:8c:bd:1b:8d:03:f6:f6:51:07:db:e3:
                    ef:30:b8:17:31:35:66:3f:71:1b:57:78:82:9a:12:
                    b5:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:8F:DC:35:64:7B:A4:2C:07:2A:6E:F3:28:1D:70:CF:99:2F:29:D0
            X509v3 Authority Key Identifier:
                keyid:7A:55:0C:80:65:BF:60:33:FC:C6:A3:B0:38:13:EF:92:71:92:41:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/elUMgGW_YDP8xqOwOBPvknGSQZY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/52fb09-6a27-4369-bbdb-87bfc37f0ec2/1/rI_cNWR7pCwHKm7zKB1wz5kvKdA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/52fb09-6a27-4369-bbdb-87bfc37f0ec2/1/elUMgGW_YDP8xqOwOBPvknGSQZY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.161.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:64:61:72:a9:88:1c:88:a3:37:2c:6d:72:30:1f:db:ce:80:
         e4:de:42:12:02:79:66:73:b4:36:d3:a6:cd:0f:33:88:7d:98:
         9d:7d:6a:58:22:69:fc:a1:40:a9:e7:10:29:a2:ad:28:4d:8d:
         51:80:f7:24:31:9a:26:dc:0d:89:20:ca:83:9c:af:19:83:51:
         7f:e3:29:45:98:60:33:e4:ee:4b:87:b5:dc:a4:22:7a:ce:e6:
         a0:36:54:d0:f1:c9:89:66:cc:a9:02:cb:ca:4a:f5:a2:0d:19:
         00:b6:13:fc:71:59:b5:af:6f:3c:5c:f2:ad:d7:78:3f:eb:7d:
         02:99:7a:30:13:11:a5:9f:a0:de:d7:7b:22:60:0d:28:df:64:
         18:50:33:74:a1:40:57:de:52:77:1a:93:c7:83:85:3c:31:4f:
         11:15:a7:07:e9:6a:bf:c1:70:04:4d:56:fc:8a:7c:25:bf:be:
         59:de:5b:c8:7f:08:90:7e:2d:e1:ae:1b:42:1c:6b:06:9d:2e:
         94:4b:0c:b6:e7:d1:4d:17:4c:10:34:c1:0a:07:e7:d8:f8:ff:
         02:d3:4b:6b:60:9e:a5:10:13:b0:35:cb:c0:5c:64:8b:e8:3c:
         c9:bb:47:ea:5b:e4:4b:d9:aa:80:62:c2:45:b3:88:5d:63:31:
         05:11:ce:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5QxEos7w3KPk0ZvGLLM9fZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhNTUwYzgwNjViZjYwMzNmY2M2YTNiMDM4MTNlZjkyNzE5
MjQxOTYwHhcNMjQwMzE4MDg1MzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzhmZGMzNTY0N2JhNDJjMDcyYTZlZjMyODFkNzBjZjk5MmYyOWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiUjH6WDGYABkshLKx2/euPQ5Uzp/
lm+xT/UsOasqgLsWCR1/bDQXuwt7bD/B17S6gBnz/qkqKoPEGKjVutI7ngRoi1sZ
f9uDrmFoVKOJKJBL4KeJl7hH8NLuUnx8Q0OmrHJ29JZJJeDqSsAKWbMBxS5lWnbw
cc1EKpxqmy3F30vnMLgwadgF1d2CStgvcvjMFphSsYMw1/K/AOoj66Hf0eBGbudO
xijhaoFAo+pciYKpDf/YqSQUcHGkYDc16UMufmuHJgtQdDHOnw/5Rpnt+4Ct6ka0
OVwnf2LgE8R3prrG3oz9jL0bjQP29lEH2+PvMLgXMTVmP3EbV3iCmhK1xQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKyP3DVke6QsBypu8ygdcM+ZLynQMB8GA1UdIwQY
MBaAFHpVDIBlv2Az/MajsDgT75JxkkGWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWxVTWdHV19ZRFA4eHFPd09CUHZrbkdTUVpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS81MmZiMDktNmEyNy00MzY5LWJiZGIt
ODdiZmMzN2YwZWMyLzEvcklfY05XUjdwQ3dIS203ektCMXd6NWt2S2RBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS81MmZiMDktNmEyNy00MzY5LWJiZGItODdiZmMzN2YwZWMy
LzEvZWxVTWdHV19ZRFA4eHFPd09CUHZrbkdTUVpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaH7MA0G
CSqGSIb3DQEBCwUAA4IBAQBAZGFyqYgciKM3LG1yMB/bzoDk3kISAnlmc7Q206bN
DzOIfZidfWpYImn8oUCp5xApoq0oTY1RgPckMZom3A2JIMqDnK8Zg1F/4ylFmGAz
5O5Lh7XcpCJ6zuagNlTQ8cmJZsypAsvKSvWiDRkAthP8cVm1r288XPKt13g/630C
mXowExGln6De13siYA0o32QYUDN0oUBX3lJ3GpPHg4U8MU8RFacH6Wq/wXAETVb8
inwlv75Z3lvIfwiQfi3hrhtCHGsGnS6USwy259FNF0wQNMEKB+fY+P8C00trYJ6l
EBOwNcvAXGSL6DzJu0fqW+RL2aqAYsJFs4hdYzEFEc4J
-----END CERTIFICATE-----