Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/b50b1c-2bc5-4382-a27b-03b64c191d4a/1/zC4wLWpWUs5VbPsrsrUR6eFtR5M.roa
File:                     zC4wLWpWUs5VbPsrsrUR6eFtR5M.roa (raw, json)
Hash identifier:          OKeJYTpYoc/17j+UF+Fw52eXR8PQpI6OQTKwOSa30uA=
Subject key identifier:   CC:2E:30:2D:6A:56:52:CE:55:6C:FB:2B:B2:B5:11:E9:E1:6D:47:93
Certificate issuer:       /CN=35a4ce50d0cde415473313b11b85719408faba24
Certificate serial:       018D786A1BFE7D9E7F77090844DCC54C01B7
Authority key identifier: 35:A4:CE:50:D0:CD:E4:15:47:33:13:B1:1B:85:71:94:08:FA:BA:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NaTOUNDN5BVHMxOxG4VxlAj6uiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/b50b1c-2bc5-4382-a27b-03b64c191d4a/1/zC4wLWpWUs5VbPsrsrUR6eFtR5M.roa
Signing time:             Mon 05 Feb 2024 08:37:16 +0000
ROA not before:           Mon 05 Feb 2024 08:37:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9145
IP address blocks:        194.15.185.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/b50b1c-2bc5-4382-a27b-03b64c191d4a/1/NaTOUNDN5BVHMxOxG4VxlAj6uiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/b50b1c-2bc5-4382-a27b-03b64c191d4a/1/NaTOUNDN5BVHMxOxG4VxlAj6uiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NaTOUNDN5BVHMxOxG4VxlAj6uiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:78:6a:1b:fe:7d:9e:7f:77:09:08:44:dc:c5:4c:01:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35a4ce50d0cde415473313b11b85719408faba24
        Validity
            Not Before: Feb  5 08:37:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cc2e302d6a5652ce556cfb2bb2b511e9e16d4793
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:cc:44:2e:73:b0:da:e0:c1:a8:29:85:74:05:
                    2f:7b:7f:1a:2e:d4:71:33:7e:36:76:48:dc:5a:c1:
                    da:45:84:22:a0:d5:a1:1c:5f:4e:14:61:6a:c2:9e:
                    51:3c:38:fb:69:2a:9d:4a:f8:56:1c:8c:5c:b3:37:
                    4e:73:45:3d:db:a4:23:09:cf:b7:49:1b:51:90:d9:
                    66:69:d8:33:d2:df:ea:55:90:af:e9:b8:12:33:28:
                    b5:bc:8d:cf:1c:d2:03:8c:e3:ff:eb:09:06:63:24:
                    37:af:87:00:b5:db:02:93:04:ef:a8:c0:99:aa:47:
                    bb:7d:61:3f:1c:c7:86:26:cb:65:1c:6c:b2:1f:66:
                    85:ba:57:05:2d:c9:37:76:d0:f8:41:03:db:e6:df:
                    cd:41:65:f5:53:2d:a9:73:77:69:bc:7f:fa:54:3d:
                    5f:da:39:6a:09:71:c0:b9:f9:5f:bc:1e:b5:e9:0b:
                    57:b6:0f:de:18:f0:aa:41:ec:d4:ce:6f:6b:f6:dd:
                    a3:11:53:66:5f:61:d6:38:1b:db:f9:27:52:ee:89:
                    25:44:8a:38:7d:cb:51:44:18:4c:09:5e:da:f8:0c:
                    a5:c3:79:43:5c:a0:09:62:cd:ff:d3:e7:2a:f2:90:
                    fe:ea:7e:fc:d3:4d:f9:e9:22:33:57:a7:53:7b:0e:
                    60:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:2E:30:2D:6A:56:52:CE:55:6C:FB:2B:B2:B5:11:E9:E1:6D:47:93
            X509v3 Authority Key Identifier:
                keyid:35:A4:CE:50:D0:CD:E4:15:47:33:13:B1:1B:85:71:94:08:FA:BA:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NaTOUNDN5BVHMxOxG4VxlAj6uiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/b50b1c-2bc5-4382-a27b-03b64c191d4a/1/zC4wLWpWUs5VbPsrsrUR6eFtR5M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/b50b1c-2bc5-4382-a27b-03b64c191d4a/1/NaTOUNDN5BVHMxOxG4VxlAj6uiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.15.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:36:eb:d8:e7:f0:4a:f3:2e:7d:4b:1f:71:4d:82:2f:1f:fe:
         b5:c5:a7:c7:d8:aa:2d:c8:19:bd:76:49:5d:7b:c7:fd:12:20:
         11:b1:01:2d:a1:1a:f7:7a:8d:8a:14:1b:54:90:4d:31:e9:23:
         ff:28:a2:f5:17:08:3b:2b:88:f0:ca:cc:15:bb:da:43:69:48:
         88:b2:c8:2d:1f:01:53:00:68:0e:b1:e6:07:e1:19:17:1e:28:
         85:9c:59:96:ac:75:76:a7:0f:ab:61:f5:6c:39:b1:31:52:5e:
         ed:e0:bb:2d:a5:f0:e2:f4:b6:d6:1a:ff:2d:93:20:30:66:40:
         7a:05:0d:38:0a:4f:cd:e1:67:c4:f7:7a:21:49:07:15:d6:95:
         4d:9c:d2:ad:21:c3:fb:75:37:5c:e4:e2:b0:61:66:e0:59:ca:
         df:67:63:f8:55:62:31:73:71:4b:2a:a7:81:9c:83:1f:95:f5:
         53:43:73:02:ac:25:f9:33:4f:f2:3a:21:16:7a:31:7c:92:29:
         1a:17:b4:1e:b0:4f:10:f3:d1:3d:18:91:fa:07:12:f2:7c:6b:
         3d:ca:71:cd:aa:cc:4c:f5:75:d1:af:94:df:7a:c9:12:00:98:
         4d:a2:e9:ef:ac:51:94:d7:78:38:44:9d:0a:4d:0e:f6:90:b4:
         33:68:a6:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY14ahv+fZ5/dwkIRNzFTAG3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1YTRjZTUwZDBjZGU0MTU0NzMzMTNiMTFiODU3MTk0MDhm
YWJhMjQwHhcNMjQwMjA1MDgzNzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzJlMzAyZDZhNTY1MmNlNTU2Y2ZiMmJiMmI1MTFlOWUxNmQ0NzkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgsxELnOw2uDBqCmFdAUve38aLtRx
M342dkjcWsHaRYQioNWhHF9OFGFqwp5RPDj7aSqdSvhWHIxcszdOc0U926QjCc+3
SRtRkNlmadgz0t/qVZCv6bgSMyi1vI3PHNIDjOP/6wkGYyQ3r4cAtdsCkwTvqMCZ
qke7fWE/HMeGJstlHGyyH2aFulcFLck3dtD4QQPb5t/NQWX1Uy2pc3dpvH/6VD1f
2jlqCXHAuflfvB616QtXtg/eGPCqQezUzm9r9t2jEVNmX2HWOBvb+SdS7oklRIo4
fctRRBhMCV7a+Aylw3lDXKAJYs3/0+cq8pD+6n7800356SIzV6dTew5g0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMwuMC1qVlLOVWz7K7K1EenhbUeTMB8GA1UdIwQY
MBaAFDWkzlDQzeQVRzMTsRuFcZQI+rokMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmFUT1VORE41QlZITXhPeEc0VnhsQWo2dWlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9iNTBiMWMtMmJjNS00MzgyLWEyN2It
MDNiNjRjMTkxZDRhLzEvekM0d0xXcFdVczVWYlBzcnNyVVI2ZUZ0UjVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9iNTBiMWMtMmJjNS00MzgyLWEyN2ItMDNiNjRjMTkxZDRh
LzEvTmFUT1VORE41QlZITXhPeEc0VnhsQWo2dWlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwg+5MA0G
CSqGSIb3DQEBCwUAA4IBAQAvNuvY5/BK8y59Sx9xTYIvH/61xafH2KotyBm9dkld
e8f9EiARsQEtoRr3eo2KFBtUkE0x6SP/KKL1Fwg7K4jwyswVu9pDaUiIssgtHwFT
AGgOseYH4RkXHiiFnFmWrHV2pw+rYfVsObExUl7t4LstpfDi9LbWGv8tkyAwZkB6
BQ04Ck/N4WfE93ohSQcV1pVNnNKtIcP7dTdc5OKwYWbgWcrfZ2P4VWIxc3FLKqeB
nIMflfVTQ3MCrCX5M0/yOiEWejF8kikaF7QesE8Q89E9GJH6BxLyfGs9ynHNqsxM
9XXRr5TfeskSAJhNounvrFGU13g4RJ0KTQ72kLQzaKas
-----END CERTIFICATE-----