Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/1e5c88-c3fc-4e76-bc65-391fec267dae/1/yLgXio_xA2NE7X01zyQC8rZRbnE.roa
File:                     yLgXio_xA2NE7X01zyQC8rZRbnE.roa (raw, json)
Hash identifier:          IWYlPd9D3TwMrpxmRmfuROz7Aul8jTGdFCDKRNPeWH0=
Subject key identifier:   C8:B8:17:8A:8F:F1:03:63:44:ED:7D:35:CF:24:02:F2:B6:51:6E:71
Certificate issuer:       /CN=b4395f6cea9a018a4cc84818e6aa3520d322218b
Certificate serial:       018CC49377D5C481FFFC875DC3BCB1156470
Authority key identifier: B4:39:5F:6C:EA:9A:01:8A:4C:C8:48:18:E6:AA:35:20:D3:22:21:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDlfbOqaAYpMyEgY5qo1INMiIYs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/1e5c88-c3fc-4e76-bc65-391fec267dae/1/yLgXio_xA2NE7X01zyQC8rZRbnE.roa
Signing time:             Mon 01 Jan 2024 10:30:47 +0000
ROA not before:           Mon 01 Jan 2024 10:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39516
IP address blocks:        194.50.44.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/1e5c88-c3fc-4e76-bc65-391fec267dae/1/tDlfbOqaAYpMyEgY5qo1INMiIYs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/1e5c88-c3fc-4e76-bc65-391fec267dae/1/tDlfbOqaAYpMyEgY5qo1INMiIYs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDlfbOqaAYpMyEgY5qo1INMiIYs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:77:d5:c4:81:ff:fc:87:5d:c3:bc:b1:15:64:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4395f6cea9a018a4cc84818e6aa3520d322218b
        Validity
            Not Before: Jan  1 10:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c8b8178a8ff1036344ed7d35cf2402f2b6516e71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:1f:eb:ee:cf:ea:b0:49:1a:d3:f7:65:02:07:
                    f0:e5:0d:f1:3c:30:3b:2d:cc:f5:98:f0:64:3d:a8:
                    c5:74:a2:8b:9d:39:9b:a4:06:84:1a:67:20:72:2f:
                    c6:67:2d:bc:92:6d:06:0b:2c:18:53:80:5e:a1:13:
                    2b:36:7e:ce:be:c4:43:6f:67:fb:96:64:d2:9c:b8:
                    da:c5:f1:2d:d1:fb:c1:55:d5:e7:54:ef:54:03:8b:
                    fd:9d:bd:75:b7:19:e4:6d:1c:0b:8e:62:e9:3b:f9:
                    f5:13:21:79:a7:48:e4:62:ae:9f:42:6b:7e:3f:19:
                    aa:ef:43:52:c6:1e:07:b3:48:71:92:99:35:a7:2a:
                    81:5a:a5:d0:d3:39:af:07:09:82:bc:97:e6:2b:2f:
                    e0:3e:20:71:27:49:6b:72:9d:4f:6c:e3:bb:1f:4c:
                    43:fb:8d:b1:4c:42:43:4f:66:2b:59:25:07:fc:98:
                    bf:e5:15:b3:89:cb:7c:30:03:3a:18:8f:38:31:b5:
                    cd:c7:d8:8c:3d:56:83:5e:70:6a:44:88:e8:eb:4c:
                    54:32:00:2f:c4:c2:a5:9e:4e:51:cc:81:cb:34:f8:
                    bb:a2:dd:40:af:eb:f2:00:0d:b1:ec:80:35:78:82:
                    76:43:88:c4:92:04:89:4d:8f:ea:a4:01:1b:ac:82:
                    50:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:B8:17:8A:8F:F1:03:63:44:ED:7D:35:CF:24:02:F2:B6:51:6E:71
            X509v3 Authority Key Identifier:
                keyid:B4:39:5F:6C:EA:9A:01:8A:4C:C8:48:18:E6:AA:35:20:D3:22:21:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDlfbOqaAYpMyEgY5qo1INMiIYs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/1e5c88-c3fc-4e76-bc65-391fec267dae/1/yLgXio_xA2NE7X01zyQC8rZRbnE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/1e5c88-c3fc-4e76-bc65-391fec267dae/1/tDlfbOqaAYpMyEgY5qo1INMiIYs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:f6:31:2c:db:2d:43:5d:c6:4b:1d:83:1f:4e:04:f5:55:a2:
         7f:22:f1:2f:b1:49:52:b9:c5:45:f1:c1:01:8c:bf:d3:e2:3e:
         9b:8f:87:12:74:b4:56:d5:e3:97:36:65:30:22:07:52:f3:c9:
         54:2b:eb:00:82:d0:00:8c:9b:f5:7e:c3:40:30:2b:b6:2c:cc:
         c5:9e:68:94:11:9f:a9:7a:db:9f:ed:b3:2a:d3:4c:32:d1:01:
         08:99:41:47:ee:36:20:11:fd:b9:7e:f6:cb:f1:df:4e:10:2e:
         52:3d:6d:8b:c0:39:f2:a1:0f:fd:f0:85:b4:1a:20:d9:f0:f6:
         35:e4:fd:6e:9f:a6:85:e5:68:a4:fc:b3:9b:5b:fb:c3:78:bf:
         08:bb:99:0f:ca:12:6b:e1:10:a0:02:ad:1e:da:1b:0c:32:25:
         ec:93:ae:8e:b3:d5:6e:a3:4f:e2:1a:29:f6:05:ca:7b:36:56:
         cb:7c:1e:c4:09:a4:82:11:4f:d2:55:76:98:a0:13:ee:8f:ee:
         5f:6b:6b:a3:3d:6c:08:a6:34:a8:6f:36:81:a1:ab:ca:ac:3f:
         6c:bd:dd:e1:f0:26:f0:64:84:15:c0:a1:5d:f3:06:ee:4d:bb:
         93:d3:ad:ec:39:51:3b:3a:05:56:60:c9:69:77:99:e5:e0:9b:
         0b:60:12:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk3fVxIH//Iddw7yxFWRwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Mzk1ZjZjZWE5YTAxOGE0Y2M4NDgxOGU2YWEzNTIwZDMy
MjIxOGIwHhcNMjQwMTAxMTAzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGI4MTc4YThmZjEwMzYzNDRlZDdkMzVjZjI0MDJmMmI2NTE2ZTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoR/r7s/qsEka0/dlAgfw5Q3xPDA7
Lcz1mPBkPajFdKKLnTmbpAaEGmcgci/GZy28km0GCywYU4BeoRMrNn7OvsRDb2f7
lmTSnLjaxfEt0fvBVdXnVO9UA4v9nb11txnkbRwLjmLpO/n1EyF5p0jkYq6fQmt+
Pxmq70NSxh4Hs0hxkpk1pyqBWqXQ0zmvBwmCvJfmKy/gPiBxJ0lrcp1PbOO7H0xD
+42xTEJDT2YrWSUH/Ji/5RWzict8MAM6GI84MbXNx9iMPVaDXnBqRIjo60xUMgAv
xMKlnk5RzIHLNPi7ot1Ar+vyAA2x7IA1eIJ2Q4jEkgSJTY/qpAEbrIJQnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMi4F4qP8QNjRO19Nc8kAvK2UW5xMB8GA1UdIwQY
MBaAFLQ5X2zqmgGKTMhIGOaqNSDTIiGLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERsZmJPcWFBWXBNeUVnWTVxbzFJTk1pSVlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy8xZTVjODgtYzNmYy00ZTc2LWJjNjUt
MzkxZmVjMjY3ZGFlLzEveUxnWGlvX3hBMk5FN1gwMXp5UUM4clpSYm5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy8xZTVjODgtYzNmYy00ZTc2LWJjNjUtMzkxZmVjMjY3ZGFl
LzEvdERsZmJPcWFBWXBNeUVnWTVxbzFJTk1pSVlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjIsMA0G
CSqGSIb3DQEBCwUAA4IBAQB+9jEs2y1DXcZLHYMfTgT1VaJ/IvEvsUlSucVF8cEB
jL/T4j6bj4cSdLRW1eOXNmUwIgdS88lUK+sAgtAAjJv1fsNAMCu2LMzFnmiUEZ+p
etuf7bMq00wy0QEImUFH7jYgEf25fvbL8d9OEC5SPW2LwDnyoQ/98IW0GiDZ8PY1
5P1un6aF5Wik/LObW/vDeL8Iu5kPyhJr4RCgAq0e2hsMMiXsk66Os9Vuo0/iGin2
Bcp7NlbLfB7ECaSCEU/SVXaYoBPuj+5fa2ujPWwIpjSobzaBoavKrD9svd3h8Cbw
ZIQVwKFd8wbuTbuT063sOVE7OgVWYMlpd5nl4JsLYBKa
-----END CERTIFICATE-----