Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/45d284-a373-4552-bc8a-743112b0e771/1/rBLj2E8Knt5Dottc5eqkvfP4Dhc.roa
File:                     rBLj2E8Knt5Dottc5eqkvfP4Dhc.roa (raw, json)
Hash identifier:          ijKL73U4d2EAq7rWQZXs7sgUm6LujNUuVS+a4u/MPvY=
Subject key identifier:   AC:12:E3:D8:4F:0A:9E:DE:43:A2:DB:5C:E5:EA:A4:BD:F3:F8:0E:17
Certificate issuer:       /CN=50bb158d29e37500d5c3a25dada149b2a503f6a5
Certificate serial:       018EC706C30D94343DC46184DA57D07F8CED
Authority key identifier: 50:BB:15:8D:29:E3:75:00:D5:C3:A2:5D:AD:A1:49:B2:A5:03:F6:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ULsVjSnjdQDVw6JdraFJsqUD9qU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/45d284-a373-4552-bc8a-743112b0e771/1/rBLj2E8Knt5Dottc5eqkvfP4Dhc.roa
Signing time:             Wed 10 Apr 2024 08:01:32 +0000
ROA not before:           Wed 10 Apr 2024 08:01:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5587
IP address blocks:        185.121.91.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/45d284-a373-4552-bc8a-743112b0e771/1/ULsVjSnjdQDVw6JdraFJsqUD9qU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/45d284-a373-4552-bc8a-743112b0e771/1/ULsVjSnjdQDVw6JdraFJsqUD9qU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ULsVjSnjdQDVw6JdraFJsqUD9qU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c7:06:c3:0d:94:34:3d:c4:61:84:da:57:d0:7f:8c:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50bb158d29e37500d5c3a25dada149b2a503f6a5
        Validity
            Not Before: Apr 10 08:01:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ac12e3d84f0a9ede43a2db5ce5eaa4bdf3f80e17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:b9:30:3d:f0:9d:87:7b:03:37:88:3c:64:c6:
                    ca:ae:e1:3a:77:b3:df:26:4d:4c:73:d7:0b:a5:40:
                    52:02:50:3f:74:65:45:13:7d:f1:82:b4:68:80:87:
                    cb:5e:1f:d4:6b:a1:20:0c:db:ff:b5:7f:46:09:a0:
                    e7:5a:e4:01:60:64:77:54:83:ed:f2:e1:8c:99:93:
                    fc:6f:62:06:4e:48:fb:ab:a7:8f:db:f1:c3:15:17:
                    c7:1c:26:01:67:de:19:b8:f2:61:4d:30:40:e8:44:
                    90:9b:12:34:61:9e:25:48:9b:15:f1:c6:c5:06:49:
                    d5:35:ed:6f:c5:f0:63:1b:f6:b0:a5:81:8b:3a:5c:
                    d2:b9:60:26:02:02:66:2c:c4:be:86:c9:ba:cb:7f:
                    00:43:b4:f4:43:2a:d9:dc:da:4e:d1:c2:7c:21:bb:
                    5f:d1:8b:9c:fc:4a:bb:17:7f:6f:09:5d:25:4f:6d:
                    94:f5:82:ff:2e:fa:f9:9c:ee:09:45:ad:7c:18:bd:
                    e3:0f:46:b5:c4:a2:ac:a9:fc:cf:d5:d9:84:b3:de:
                    89:88:82:15:2e:35:8e:57:31:7a:d9:9a:1e:5c:b1:
                    63:13:0f:a7:81:69:d9:94:d0:fe:21:14:89:28:98:
                    52:ea:74:cd:a2:65:5c:d1:88:89:53:16:72:c3:a9:
                    c4:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:12:E3:D8:4F:0A:9E:DE:43:A2:DB:5C:E5:EA:A4:BD:F3:F8:0E:17
            X509v3 Authority Key Identifier:
                keyid:50:BB:15:8D:29:E3:75:00:D5:C3:A2:5D:AD:A1:49:B2:A5:03:F6:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ULsVjSnjdQDVw6JdraFJsqUD9qU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/45d284-a373-4552-bc8a-743112b0e771/1/rBLj2E8Knt5Dottc5eqkvfP4Dhc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/45d284-a373-4552-bc8a-743112b0e771/1/ULsVjSnjdQDVw6JdraFJsqUD9qU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.121.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:4b:76:4a:57:84:39:c3:3c:8e:bd:14:0a:32:94:de:8d:77:
         82:74:7b:d6:20:59:32:22:e2:5b:4d:5b:7d:88:90:98:af:15:
         8c:32:f8:af:2a:34:18:a7:83:67:fb:22:0a:6d:2c:30:13:42:
         b0:f3:a8:a9:cd:89:22:dc:90:ad:e6:04:f0:c6:ad:25:ed:db:
         07:9b:89:17:d3:39:bb:06:6f:9d:db:03:46:71:50:bd:53:e8:
         01:8a:40:c2:da:b4:7b:56:84:30:f1:2c:0b:f0:c5:80:03:49:
         ad:1f:09:a9:07:fb:b4:30:8b:46:dd:c0:6c:1b:fb:86:d1:97:
         8d:a5:e3:1c:1a:06:4d:df:1f:01:a9:dd:89:ed:fb:19:71:98:
         2f:d9:0c:63:1b:aa:75:82:87:b8:d7:61:e0:b8:fe:2a:1c:4b:
         4e:8a:b4:c0:37:bc:a0:aa:16:18:07:27:4c:f8:a6:90:f9:be:
         36:72:b8:8f:77:33:fb:2a:ae:96:a0:cf:a6:19:e3:01:0e:0b:
         65:4c:a3:35:3f:8a:08:8d:bf:c5:5a:bf:a9:e3:47:83:7a:cd:
         31:c4:14:44:b4:c1:02:a4:23:0d:84:c1:f8:69:be:5f:ff:c3:
         85:77:43:eb:25:7e:75:72:d0:33:a7:28:fc:2e:90:66:6e:35:
         77:aa:93:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7HBsMNlDQ9xGGE2lfQf4ztMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwYmIxNThkMjllMzc1MDBkNWMzYTI1ZGFkYTE0OWIyYTUw
M2Y2YTUwHhcNMjQwNDEwMDgwMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzEyZTNkODRmMGE5ZWRlNDNhMmRiNWNlNWVhYTRiZGYzZjgwZTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjbkwPfCdh3sDN4g8ZMbKruE6d7Pf
Jk1Mc9cLpUBSAlA/dGVFE33xgrRogIfLXh/Ua6EgDNv/tX9GCaDnWuQBYGR3VIPt
8uGMmZP8b2IGTkj7q6eP2/HDFRfHHCYBZ94ZuPJhTTBA6ESQmxI0YZ4lSJsV8cbF
BknVNe1vxfBjG/awpYGLOlzSuWAmAgJmLMS+hsm6y38AQ7T0QyrZ3NpO0cJ8Ibtf
0Yuc/Eq7F39vCV0lT22U9YL/Lvr5nO4JRa18GL3jD0a1xKKsqfzP1dmEs96JiIIV
LjWOVzF62ZoeXLFjEw+ngWnZlND+IRSJKJhS6nTNomVc0YiJUxZyw6nE0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKwS49hPCp7eQ6LbXOXqpL3z+A4XMB8GA1UdIwQY
MBaAFFC7FY0p43UA1cOiXa2hSbKlA/alMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUxzVmpTbmpkUURWdzZKZHJhRkpzcVVEOXFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi80NWQyODQtYTM3My00NTUyLWJjOGEt
NzQzMTEyYjBlNzcxLzEvckJMajJFOEtudDVEb3R0YzVlcWt2ZlA0RGhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi80NWQyODQtYTM3My00NTUyLWJjOGEtNzQzMTEyYjBlNzcx
LzEvVUxzVmpTbmpkUURWdzZKZHJhRkpzcVVEOXFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXlbMA0G
CSqGSIb3DQEBCwUAA4IBAQB6S3ZKV4Q5wzyOvRQKMpTejXeCdHvWIFkyIuJbTVt9
iJCYrxWMMvivKjQYp4Nn+yIKbSwwE0Kw86ipzYki3JCt5gTwxq0l7dsHm4kX0zm7
Bm+d2wNGcVC9U+gBikDC2rR7VoQw8SwL8MWAA0mtHwmpB/u0MItG3cBsG/uG0ZeN
peMcGgZN3x8Bqd2J7fsZcZgv2QxjG6p1goe412HguP4qHEtOirTAN7ygqhYYBydM
+KaQ+b42criPdzP7Kq6WoM+mGeMBDgtlTKM1P4oIjb/FWr+p40eDes0xxBREtMEC
pCMNhMH4ab5f/8OFd0PrJX51ctAzpyj8LpBmbjV3qpP0
-----END CERTIFICATE-----