Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/516946-d5b6-4f0e-965c-5378de430377/1/BMUaOd9B0fDH5y_4hFsCE2vfjq8.roa
File:                     BMUaOd9B0fDH5y_4hFsCE2vfjq8.roa (raw, json)
Hash identifier:          dsqqMecITajuvsNc74H0R1kCWegFHZbKCcuROOuqQCs=
Subject key identifier:   04:C5:1A:39:DF:41:D1:F0:C7:E7:2F:F8:84:5B:02:13:6B:DF:8E:AF
Certificate issuer:       /CN=e6aaf798a06c15795c6fec70798398beb0f4d66e
Certificate serial:       0190C0AA72CF1F578A30F54C93F103598274
Authority key identifier: E6:AA:F7:98:A0:6C:15:79:5C:6F:EC:70:79:83:98:BE:B0:F4:D6:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5qr3mKBsFXlcb-xweYOYvrD01m4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/516946-d5b6-4f0e-965c-5378de430377/1/BMUaOd9B0fDH5y_4hFsCE2vfjq8.roa
Signing time:             Wed 17 Jul 2024 12:28:34 +0000
ROA not before:           Wed 17 Jul 2024 12:28:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39531
IP address blocks:        194.50.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/516946-d5b6-4f0e-965c-5378de430377/1/5qr3mKBsFXlcb-xweYOYvrD01m4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/516946-d5b6-4f0e-965c-5378de430377/1/5qr3mKBsFXlcb-xweYOYvrD01m4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5qr3mKBsFXlcb-xweYOYvrD01m4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Nov 2024 09:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:c0:aa:72:cf:1f:57:8a:30:f5:4c:93:f1:03:59:82:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e6aaf798a06c15795c6fec70798398beb0f4d66e
        Validity
            Not Before: Jul 17 12:28:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=04c51a39df41d1f0c7e72ff8845b02136bdf8eaf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:61:a8:8a:62:85:b0:b1:77:b3:cc:80:59:ab:
                    64:c6:fc:ef:5c:38:d0:03:26:c5:02:c0:8f:2b:dd:
                    d9:66:ae:89:7d:fc:8c:dc:58:3f:a0:9d:7d:cd:c4:
                    68:df:fd:f9:da:cb:8d:55:6f:85:94:b4:b7:59:ba:
                    c5:e2:33:f1:41:40:27:59:ef:4d:6a:ce:95:c8:f7:
                    71:5d:83:5a:d2:00:09:80:a0:fc:12:46:2a:f5:fa:
                    56:16:78:60:09:08:93:0c:32:c7:8b:96:89:a1:41:
                    da:c5:29:38:56:33:48:b3:00:e9:00:a2:8d:fa:39:
                    13:5e:36:1f:38:01:eb:dc:04:46:15:d7:87:38:40:
                    3b:67:d5:e5:51:f7:a3:2b:66:98:21:e4:bb:e4:47:
                    80:a8:ec:ac:60:49:fe:85:03:0d:7b:9c:34:d4:40:
                    50:98:47:f9:77:4d:7b:59:2f:bc:88:f0:f9:0e:20:
                    e3:7c:c0:9b:db:85:e1:d5:cf:1f:2b:07:b0:a7:6c:
                    50:fe:d4:41:53:61:b3:91:d4:cc:9f:89:56:27:11:
                    8a:48:7d:0a:29:9f:ec:38:9a:d8:3d:1a:c2:f4:67:
                    cc:2e:be:a0:b5:42:a2:85:f5:9b:1a:1a:59:85:c6:
                    8b:0b:c6:ae:b9:ab:48:9c:6b:23:57:f4:40:c8:0e:
                    f6:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:C5:1A:39:DF:41:D1:F0:C7:E7:2F:F8:84:5B:02:13:6B:DF:8E:AF
            X509v3 Authority Key Identifier:
                keyid:E6:AA:F7:98:A0:6C:15:79:5C:6F:EC:70:79:83:98:BE:B0:F4:D6:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5qr3mKBsFXlcb-xweYOYvrD01m4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/516946-d5b6-4f0e-965c-5378de430377/1/BMUaOd9B0fDH5y_4hFsCE2vfjq8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/516946-d5b6-4f0e-965c-5378de430377/1/5qr3mKBsFXlcb-xweYOYvrD01m4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:89:ba:ef:2c:99:ab:a1:9c:06:b6:53:e7:56:04:45:0e:2d:
         03:e2:5c:01:0f:b2:e5:53:8d:31:59:1a:cc:be:17:1f:d4:a3:
         86:b0:19:79:1f:58:ea:a8:21:4f:21:a5:c9:72:b8:88:bc:20:
         5b:7a:ae:bd:23:f7:9d:0a:9b:8d:44:93:c9:cf:86:bb:4f:ef:
         e5:7f:46:2e:ff:be:08:2a:85:d6:1e:47:ed:c2:1e:01:fa:89:
         cf:6b:21:6a:7f:70:cf:e0:4a:15:92:58:55:af:e3:35:f6:5e:
         21:65:17:c5:ae:e3:b2:04:dd:31:c9:8c:d6:2f:06:ca:ac:9d:
         8f:65:b2:73:ef:01:d8:0b:2c:a4:d7:04:de:4b:57:ee:af:61:
         15:77:47:b4:3d:bf:71:7f:9e:37:47:8b:70:72:f9:6a:e7:54:
         06:fc:d6:1f:b2:fb:b2:57:b9:b9:3a:62:39:e7:f2:09:fb:fe:
         1f:a9:ec:bc:a3:33:36:17:d1:21:ed:46:a6:6a:6f:15:d3:d9:
         d1:a3:42:1a:27:e2:fa:d4:81:4d:93:25:1d:65:e7:10:ee:a3:
         61:65:48:d2:ff:91:c1:b8:7c:af:36:f0:3e:c3:89:c0:3a:ae:
         77:fc:d7:b5:75:58:91:74:cc:02:37:67:f5:0a:06:6a:cd:fa:
         25:b4:8e:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDAqnLPH1eKMPVMk/EDWYJ0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2YWFmNzk4YTA2YzE1Nzk1YzZmZWM3MDc5ODM5OGJlYjBm
NGQ2NmUwHhcNMjQwNzE3MTIyODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGM1MWEzOWRmNDFkMWYwYzdlNzJmZjg4NDViMDIxMzZiZGY4ZWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoWGoimKFsLF3s8yAWatkxvzvXDjQ
AybFAsCPK93ZZq6JffyM3Fg/oJ19zcRo3/352suNVW+FlLS3WbrF4jPxQUAnWe9N
as6VyPdxXYNa0gAJgKD8EkYq9fpWFnhgCQiTDDLHi5aJoUHaxSk4VjNIswDpAKKN
+jkTXjYfOAHr3ARGFdeHOEA7Z9XlUfejK2aYIeS75EeAqOysYEn+hQMNe5w01EBQ
mEf5d017WS+8iPD5DiDjfMCb24Xh1c8fKwewp2xQ/tRBU2GzkdTMn4lWJxGKSH0K
KZ/sOJrYPRrC9GfMLr6gtUKihfWbGhpZhcaLC8auuatInGsjV/RAyA72cQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFATFGjnfQdHwx+cv+IRbAhNr346vMB8GA1UdIwQY
MBaAFOaq95igbBV5XG/scHmDmL6w9NZuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXFyM21LQnNGWGxjYi14d2VZT1l2ckQwMW00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny81MTY5NDYtZDViNi00ZjBlLTk2NWMt
NTM3OGRlNDMwMzc3LzEvQk1VYU9kOUIwZkRINXlfNGhGc0NFMnZmanE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny81MTY5NDYtZDViNi00ZjBlLTk2NWMtNTM3OGRlNDMwMzc3
LzEvNXFyM21LQnNGWGxjYi14d2VZT1l2ckQwMW00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjIyMA0G
CSqGSIb3DQEBCwUAA4IBAQARibrvLJmroZwGtlPnVgRFDi0D4lwBD7LlU40xWRrM
vhcf1KOGsBl5H1jqqCFPIaXJcriIvCBbeq69I/edCpuNRJPJz4a7T+/lf0Yu/74I
KoXWHkftwh4B+onPayFqf3DP4EoVklhVr+M19l4hZRfFruOyBN0xyYzWLwbKrJ2P
ZbJz7wHYCyyk1wTeS1fur2EVd0e0Pb9xf543R4twcvlq51QG/NYfsvuyV7m5OmI5
5/IJ+/4fqey8ozM2F9Eh7Uamam8V09nRo0IaJ+L61IFNkyUdZecQ7qNhZUjS/5HB
uHyvNvA+w4nAOq53/Ne1dViRdMwCN2f1CgZqzfoltI4h
-----END CERTIFICATE-----