Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/4f3f08-986b-48e4-85dd-34ffdb442113/1/osYoyBCvFqUOrvKbS9Wp3N9vmBU.roa
File:                     osYoyBCvFqUOrvKbS9Wp3N9vmBU.roa (raw, json)
Hash identifier:          x7jawXDL8yOY+Pgsnj8gjyx9KtGlF5sSNsXbRMgx7kU=
Subject key identifier:   A2:C6:28:C8:10:AF:16:A5:0E:AE:F2:9B:4B:D5:A9:DC:DF:6F:98:15
Certificate issuer:       /CN=50399d4435bb85fae910abe38e68533204dfd60b
Certificate serial:       018CC4251BA96DAF2B7D0E9EC01B76ACF81E
Authority key identifier: 50:39:9D:44:35:BB:85:FA:E9:10:AB:E3:8E:68:53:32:04:DF:D6:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UDmdRDW7hfrpEKvjjmhTMgTf1gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/4f3f08-986b-48e4-85dd-34ffdb442113/1/osYoyBCvFqUOrvKbS9Wp3N9vmBU.roa
Signing time:             Mon 01 Jan 2024 08:30:15 +0000
ROA not before:           Mon 01 Jan 2024 08:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9714
IP address blocks:        185.167.191.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/4f3f08-986b-48e4-85dd-34ffdb442113/1/UDmdRDW7hfrpEKvjjmhTMgTf1gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/4f3f08-986b-48e4-85dd-34ffdb442113/1/UDmdRDW7hfrpEKvjjmhTMgTf1gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UDmdRDW7hfrpEKvjjmhTMgTf1gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:1b:a9:6d:af:2b:7d:0e:9e:c0:1b:76:ac:f8:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50399d4435bb85fae910abe38e68533204dfd60b
        Validity
            Not Before: Jan  1 08:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a2c628c810af16a50eaef29b4bd5a9dcdf6f9815
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:70:52:dd:23:98:26:56:76:84:01:4c:fa:1f:
                    c8:44:a7:8f:91:5b:f9:74:4d:ac:a2:3f:5b:28:2d:
                    97:b8:59:52:c5:ba:f6:04:75:1e:7c:54:ba:4e:d0:
                    c4:5d:da:84:d5:a4:bb:cb:8e:a3:5e:33:35:5b:70:
                    5c:77:c3:6c:72:86:b7:45:c5:2f:b9:5f:e3:ab:e4:
                    19:f2:29:4b:28:f5:2a:41:99:a2:a0:11:56:94:e3:
                    6e:a4:2d:fc:eb:2e:ce:48:3d:d6:c3:d7:f9:2a:12:
                    6b:70:fa:c6:17:62:37:40:26:7a:93:ca:f1:f4:38:
                    c6:c0:2d:2b:18:6d:ad:3c:76:de:3e:c7:62:51:f4:
                    f6:54:85:48:5a:70:fb:9a:bd:25:c6:5b:57:38:84:
                    1b:bb:b2:49:68:7a:59:85:33:62:fa:3b:b0:71:c2:
                    d3:14:a7:86:6e:0a:a4:38:51:0c:15:87:89:ba:b0:
                    e5:b2:5c:04:8d:22:8e:8d:fc:68:04:66:b7:77:2c:
                    ac:e9:f0:a4:27:ab:16:e2:7e:f7:64:99:e0:84:6d:
                    b6:41:5f:d4:f2:b6:dc:18:6d:5d:cf:8c:88:76:46:
                    d6:a5:34:bd:76:8e:eb:6c:af:6a:1b:09:4c:88:64:
                    da:61:17:d2:66:00:ca:77:2c:7e:24:8f:57:44:70:
                    a1:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:C6:28:C8:10:AF:16:A5:0E:AE:F2:9B:4B:D5:A9:DC:DF:6F:98:15
            X509v3 Authority Key Identifier:
                keyid:50:39:9D:44:35:BB:85:FA:E9:10:AB:E3:8E:68:53:32:04:DF:D6:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UDmdRDW7hfrpEKvjjmhTMgTf1gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/4f3f08-986b-48e4-85dd-34ffdb442113/1/osYoyBCvFqUOrvKbS9Wp3N9vmBU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/4f3f08-986b-48e4-85dd-34ffdb442113/1/UDmdRDW7hfrpEKvjjmhTMgTf1gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.167.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:97:2f:3a:f8:c0:02:1c:f2:12:fa:aa:a4:54:bb:e3:93:e3:
         eb:24:05:29:de:44:91:42:d7:4b:19:1f:1e:de:a2:50:27:92:
         8f:3f:36:0f:28:3f:ad:96:4e:7d:53:29:77:b4:68:7a:be:4c:
         e1:20:63:e0:4f:11:dc:75:75:94:cf:0b:5c:2a:b6:cd:76:ed:
         4d:84:9e:e9:38:39:78:31:15:52:e6:54:bf:5e:06:cb:3d:51:
         c5:93:ed:2f:c3:17:2f:e4:3b:02:0b:3c:81:24:42:c5:90:4a:
         05:52:2b:9a:58:41:9c:db:09:10:a7:29:ba:78:0b:9d:3c:56:
         91:8a:d8:f6:24:8c:f3:5d:01:b4:8d:ce:75:1c:ef:d7:f3:af:
         a1:6b:84:3f:44:05:55:41:9b:08:65:29:38:9b:8d:62:6c:a3:
         d8:17:48:01:c4:38:41:f5:dd:a0:ac:18:68:fd:99:16:b3:6c:
         04:42:e7:a8:58:d0:a5:29:d9:41:67:df:e7:bc:0f:07:b2:72:
         ef:51:c7:61:d8:a3:a0:e9:bb:da:0a:a4:70:33:f0:1f:68:68:
         0a:48:c0:c7:a2:8d:a8:d2:ed:de:55:99:6b:78:ec:79:94:6e:
         61:a7:ca:f5:3c:1d:02:07:e8:86:9d:a2:65:2f:ae:cd:51:0e:
         4f:35:6a:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJRupba8rfQ6ewBt2rPgeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwMzk5ZDQ0MzViYjg1ZmFlOTEwYWJlMzhlNjg1MzMyMDRk
ZmQ2MGIwHhcNMjQwMTAxMDgzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmM2MjhjODEwYWYxNmE1MGVhZWYyOWI0YmQ1YTlkY2RmNmY5ODE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgnBS3SOYJlZ2hAFM+h/IRKePkVv5
dE2soj9bKC2XuFlSxbr2BHUefFS6TtDEXdqE1aS7y46jXjM1W3Bcd8Nscoa3RcUv
uV/jq+QZ8ilLKPUqQZmioBFWlONupC386y7OSD3Ww9f5KhJrcPrGF2I3QCZ6k8rx
9DjGwC0rGG2tPHbePsdiUfT2VIVIWnD7mr0lxltXOIQbu7JJaHpZhTNi+juwccLT
FKeGbgqkOFEMFYeJurDlslwEjSKOjfxoBGa3dyys6fCkJ6sW4n73ZJnghG22QV/U
8rbcGG1dz4yIdkbWpTS9do7rbK9qGwlMiGTaYRfSZgDKdyx+JI9XRHChfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKLGKMgQrxalDq7ym0vVqdzfb5gVMB8GA1UdIwQY
MBaAFFA5nUQ1u4X66RCr445oUzIE39YLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVURtZFJEVzdoZnJwRUt2amptaFRNZ1RmMWdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi80ZjNmMDgtOTg2Yi00OGU0LTg1ZGQt
MzRmZmRiNDQyMTEzLzEvb3NZb3lCQ3ZGcVVPcnZLYlM5V3AzTjl2bUJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi80ZjNmMDgtOTg2Yi00OGU0LTg1ZGQtMzRmZmRiNDQyMTEz
LzEvVURtZFJEVzdoZnJwRUt2amptaFRNZ1RmMWdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuae/MA0G
CSqGSIb3DQEBCwUAA4IBAQCyly86+MACHPIS+qqkVLvjk+PrJAUp3kSRQtdLGR8e
3qJQJ5KPPzYPKD+tlk59Uyl3tGh6vkzhIGPgTxHcdXWUzwtcKrbNdu1NhJ7pODl4
MRVS5lS/XgbLPVHFk+0vwxcv5DsCCzyBJELFkEoFUiuaWEGc2wkQpym6eAudPFaR
itj2JIzzXQG0jc51HO/X86+ha4Q/RAVVQZsIZSk4m41ibKPYF0gBxDhB9d2grBho
/ZkWs2wEQueoWNClKdlBZ9/nvA8HsnLvUcdh2KOg6bvaCqRwM/AfaGgKSMDHoo2o
0u3eVZlreOx5lG5hp8r1PB0CB+iGnaJlL67NUQ5PNWr7
-----END CERTIFICATE-----