Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/7a96cb-c3e0-49c6-ae34-da81f08f6001/1/pU3TAr8ROVvCB_iRU49bILZzoas.roa
File:                     pU3TAr8ROVvCB_iRU49bILZzoas.roa (raw, json)
Hash identifier:          aIrOTyq5ElibqaetiObSxXLL+LibKJwmQIkzLTVmdGo=
Subject key identifier:   A5:4D:D3:02:BF:11:39:5B:C2:07:F8:91:53:8F:5B:20:B6:73:A1:AB
Certificate issuer:       /CN=5f14a4e6558bab89d36e3ba21c95e2afdd68fbea
Certificate serial:       018CC64B742F1638CF4156E8E5B65CBE8261
Authority key identifier: 5F:14:A4:E6:55:8B:AB:89:D3:6E:3B:A2:1C:95:E2:AF:DD:68:FB:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XxSk5lWLq4nTbjuiHJXir91o--o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/7a96cb-c3e0-49c6-ae34-da81f08f6001/1/pU3TAr8ROVvCB_iRU49bILZzoas.roa
Signing time:             Mon 01 Jan 2024 18:31:22 +0000
ROA not before:           Mon 01 Jan 2024 18:31:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213049
IP address blocks:        195.182.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/7a96cb-c3e0-49c6-ae34-da81f08f6001/1/XxSk5lWLq4nTbjuiHJXir91o--o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/7a96cb-c3e0-49c6-ae34-da81f08f6001/1/XxSk5lWLq4nTbjuiHJXir91o--o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XxSk5lWLq4nTbjuiHJXir91o--o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 16:01:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:74:2f:16:38:cf:41:56:e8:e5:b6:5c:be:82:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f14a4e6558bab89d36e3ba21c95e2afdd68fbea
        Validity
            Not Before: Jan  1 18:31:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a54dd302bf11395bc207f891538f5b20b673a1ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:b9:c4:12:6a:22:ea:62:49:87:09:23:79:1b:
                    b8:bc:ef:e9:73:22:10:f2:0f:9f:d4:41:72:9b:c2:
                    7a:12:04:c4:6a:70:0f:7f:11:a1:7b:21:fb:b3:aa:
                    e5:62:8c:43:07:4c:bf:0a:5d:73:c9:0e:d6:85:27:
                    fa:71:59:2b:96:70:bf:9e:d7:79:36:ba:76:be:97:
                    11:f9:22:e6:eb:94:20:62:ec:dc:dc:9f:96:eb:a4:
                    ce:87:18:71:c2:16:f4:6a:bd:67:14:46:64:aa:58:
                    e0:e8:d5:8d:7b:d9:05:5e:10:a0:83:16:39:a5:64:
                    f0:49:a5:22:51:8b:87:0b:99:e3:d2:8c:c3:0e:28:
                    8d:59:ce:70:ab:c6:20:3b:d3:a4:3e:01:14:81:9b:
                    d4:a5:2c:a1:25:8b:5c:88:b2:d8:92:63:75:f9:0b:
                    e8:3b:d2:3c:f6:69:bd:24:5d:cd:ff:2c:57:5a:c4:
                    bc:ca:32:4b:3a:f3:14:09:c4:f7:88:5d:81:97:b8:
                    08:a9:e1:3e:89:db:a7:64:3a:f1:06:84:dd:5c:5c:
                    47:24:92:57:b4:08:5d:57:5b:aa:85:16:98:2b:59:
                    58:ac:3a:eb:85:24:dd:81:bf:55:d6:3c:30:28:9e:
                    86:e2:22:96:99:21:40:34:ce:f3:9a:ab:21:d5:0b:
                    3c:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:4D:D3:02:BF:11:39:5B:C2:07:F8:91:53:8F:5B:20:B6:73:A1:AB
            X509v3 Authority Key Identifier:
                keyid:5F:14:A4:E6:55:8B:AB:89:D3:6E:3B:A2:1C:95:E2:AF:DD:68:FB:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XxSk5lWLq4nTbjuiHJXir91o--o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/7a96cb-c3e0-49c6-ae34-da81f08f6001/1/pU3TAr8ROVvCB_iRU49bILZzoas.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/7a96cb-c3e0-49c6-ae34-da81f08f6001/1/XxSk5lWLq4nTbjuiHJXir91o--o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.182.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cc:a0:14:6e:7e:53:91:33:96:2d:5b:2c:e1:18:6b:91:cf:18:
         c6:d4:66:6b:84:1d:5d:7e:40:57:bf:06:71:93:d4:3e:e8:dc:
         6b:00:4d:9f:7f:c9:57:3b:96:aa:20:82:13:d2:3a:7e:74:cc:
         6e:f8:94:9a:27:81:24:a0:5a:f4:45:4e:de:e6:94:fc:4e:1f:
         16:32:55:f8:5e:89:57:9b:df:8c:8a:ad:22:3d:5f:f3:0a:15:
         f1:b8:16:3f:31:68:20:76:e5:5d:f9:27:15:ff:ab:b5:2b:e2:
         55:83:c2:4f:44:35:f2:fa:01:1d:1f:f4:91:79:cf:79:a9:c3:
         a6:05:62:30:8f:54:18:24:da:3d:fc:cb:b1:7d:ff:2c:82:9c:
         26:0f:a5:77:38:4f:95:bc:ca:ea:08:09:32:79:eb:f8:28:87:
         4c:53:bb:db:14:92:cf:06:03:d6:77:89:7e:be:24:42:16:37:
         a9:16:4c:0d:4d:08:38:9c:5b:8e:ed:d1:b5:26:50:42:20:e4:
         63:f6:54:5a:8d:d5:f7:42:ab:d3:58:67:2c:3e:db:5d:54:80:
         ac:1c:6e:f2:e4:32:a7:74:12:18:07:f9:40:2c:6a:21:a9:fe:
         f7:79:23:cf:ff:2c:c0:36:af:7b:b8:ad:04:ef:c7:0c:dc:db:
         8e:c6:92:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS3QvFjjPQVbo5bZcvoJhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmMTRhNGU2NTU4YmFiODlkMzZlM2JhMjFjOTVlMmFmZGQ2
OGZiZWEwHhcNMjQwMTAxMTgzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTRkZDMwMmJmMTEzOTViYzIwN2Y4OTE1MzhmNWIyMGI2NzNhMWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0LnEEmoi6mJJhwkjeRu4vO/pcyIQ
8g+f1EFym8J6EgTEanAPfxGheyH7s6rlYoxDB0y/Cl1zyQ7WhSf6cVkrlnC/ntd5
Nrp2vpcR+SLm65QgYuzc3J+W66TOhxhxwhb0ar1nFEZkqljg6NWNe9kFXhCggxY5
pWTwSaUiUYuHC5nj0ozDDiiNWc5wq8YgO9OkPgEUgZvUpSyhJYtciLLYkmN1+Qvo
O9I89mm9JF3N/yxXWsS8yjJLOvMUCcT3iF2Bl7gIqeE+idunZDrxBoTdXFxHJJJX
tAhdV1uqhRaYK1lYrDrrhSTdgb9V1jwwKJ6G4iKWmSFANM7zmqsh1Qs8BwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKVN0wK/ETlbwgf4kVOPWyC2c6GrMB8GA1UdIwQY
MBaAFF8UpOZVi6uJ0247ohyV4q/daPvqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHhTazVsV0xxNG5UYmp1aUhKWGlyOTFvLS1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC83YTk2Y2ItYzNlMC00OWM2LWFlMzQt
ZGE4MWYwOGY2MDAxLzEvcFUzVEFyOFJPVnZDQl9pUlU0OWJJTFp6b2FzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC83YTk2Y2ItYzNlMC00OWM2LWFlMzQtZGE4MWYwOGY2MDAx
LzEvWHhTazVsV0xxNG5UYmp1aUhKWGlyOTFvLS1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw7YyMA0G
CSqGSIb3DQEBCwUAA4IBAQDMoBRuflORM5YtWyzhGGuRzxjG1GZrhB1dfkBXvwZx
k9Q+6NxrAE2ff8lXO5aqIIIT0jp+dMxu+JSaJ4EkoFr0RU7e5pT8Th8WMlX4XolX
m9+Miq0iPV/zChXxuBY/MWggduVd+ScV/6u1K+JVg8JPRDXy+gEdH/SRec95qcOm
BWIwj1QYJNo9/Muxff8sgpwmD6V3OE+VvMrqCAkyeev4KIdMU7vbFJLPBgPWd4l+
viRCFjepFkwNTQg4nFuO7dG1JlBCIORj9lRajdX3QqvTWGcsPttdVICsHG7y5DKn
dBIYB/lALGohqf73eSPP/yzANq97uK0E78cM3NuOxpLb
-----END CERTIFICATE-----