Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/731b4c-8ca8-497b-8a2b-43c1c61d02eb/1/btYcgPk3SQ0mB_a3Q5mwrxO10jw.roa
File:                     btYcgPk3SQ0mB_a3Q5mwrxO10jw.roa (raw, json)
Hash identifier:          dffYbNPWIN4CUodIUxGPZ/306sQu1rvhZ5Iwfwzl1IY=
Subject key identifier:   6E:D6:1C:80:F9:37:49:0D:26:07:F6:B7:43:99:B0:AF:13:B5:D2:3C
Certificate issuer:       /CN=50da588f5e9a1c2af56be08f7e6a2c9981ab6026
Certificate serial:       018CC2DAF8DAE2AFD4F9900A4D26116A142F
Authority key identifier: 50:DA:58:8F:5E:9A:1C:2A:F5:6B:E0:8F:7E:6A:2C:99:81:AB:60:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UNpYj16aHCr1a-CPfmosmYGrYCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/731b4c-8ca8-497b-8a2b-43c1c61d02eb/1/btYcgPk3SQ0mB_a3Q5mwrxO10jw.roa
Signing time:             Mon 01 Jan 2024 02:29:39 +0000
ROA not before:           Mon 01 Jan 2024 02:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12962
IP address blocks:        193.178.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/731b4c-8ca8-497b-8a2b-43c1c61d02eb/1/UNpYj16aHCr1a-CPfmosmYGrYCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/731b4c-8ca8-497b-8a2b-43c1c61d02eb/1/UNpYj16aHCr1a-CPfmosmYGrYCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UNpYj16aHCr1a-CPfmosmYGrYCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:02:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:f8:da:e2:af:d4:f9:90:0a:4d:26:11:6a:14:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50da588f5e9a1c2af56be08f7e6a2c9981ab6026
        Validity
            Not Before: Jan  1 02:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ed61c80f937490d2607f6b74399b0af13b5d23c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:a0:5d:2a:f9:0a:13:33:db:0e:7c:a7:1f:b4:
                    f1:90:dc:e8:c4:58:36:7d:4d:a6:7a:fc:7c:06:13:
                    b7:9a:32:fa:0c:e6:e1:b0:0e:b0:d7:b8:56:4b:65:
                    42:ea:7b:1c:b1:f0:23:4a:f2:f2:ec:3b:80:51:5f:
                    b9:a2:ac:9f:70:fb:30:15:4b:83:b6:e2:0a:75:fd:
                    df:3e:5f:28:ef:20:98:67:e1:2b:94:a0:fa:f7:88:
                    99:3a:47:6c:7b:95:61:da:64:af:bc:6d:a0:87:e7:
                    a9:cb:01:d5:47:8f:3c:18:f6:8c:e0:2b:6a:e3:88:
                    dd:79:47:95:22:0e:d0:6b:b1:10:04:6a:b5:e1:9a:
                    da:52:bf:c0:c1:35:20:54:f0:da:ad:dc:17:7b:6f:
                    57:33:ec:2c:79:ad:eb:ce:d1:6a:bd:ef:fd:68:8f:
                    39:b8:f3:6d:40:83:5d:5d:8b:f9:16:f1:fe:19:a0:
                    04:e0:15:46:79:69:02:d1:ff:f7:39:f2:94:24:52:
                    52:64:c3:b0:08:a5:26:8f:a0:6c:3b:7f:33:af:94:
                    88:18:8e:f0:eb:ab:2f:89:79:10:79:f0:d2:52:25:
                    bc:28:e6:81:98:cb:ef:f6:94:18:a8:a7:34:33:25:
                    05:68:35:9a:17:9a:0e:c8:83:e1:32:ef:6e:1b:c2:
                    d1:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:D6:1C:80:F9:37:49:0D:26:07:F6:B7:43:99:B0:AF:13:B5:D2:3C
            X509v3 Authority Key Identifier:
                keyid:50:DA:58:8F:5E:9A:1C:2A:F5:6B:E0:8F:7E:6A:2C:99:81:AB:60:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UNpYj16aHCr1a-CPfmosmYGrYCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/731b4c-8ca8-497b-8a2b-43c1c61d02eb/1/btYcgPk3SQ0mB_a3Q5mwrxO10jw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/731b4c-8ca8-497b-8a2b-43c1c61d02eb/1/UNpYj16aHCr1a-CPfmosmYGrYCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.178.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:3a:9f:13:00:a4:02:e7:22:02:34:32:9c:a1:ff:74:07:79:
         09:b3:08:d5:77:fc:42:7e:e9:5a:64:b6:0f:19:21:f1:73:2b:
         7f:a4:ea:00:f8:be:38:a7:cd:d0:1b:8b:3a:15:b5:b2:cf:f8:
         3e:89:6b:ae:2f:b4:3b:28:1b:d8:13:ab:62:d5:08:0e:23:07:
         51:51:18:44:54:4d:33:3f:00:b5:79:d4:f5:ab:b7:64:82:44:
         a8:af:08:85:ed:a6:fe:07:a5:75:31:f3:bc:b1:77:98:ed:5e:
         ee:44:c6:01:21:d4:a8:79:2d:72:46:86:cb:44:55:1d:a4:5c:
         6b:ee:54:62:5b:07:a9:b3:9d:0b:b4:bc:69:3a:22:99:5d:c4:
         88:16:4f:55:23:65:70:44:13:92:be:c1:3e:5f:ad:39:56:6e:
         5d:79:95:0d:0e:23:25:58:15:41:45:b8:89:f3:e9:5e:37:19:
         10:f1:47:cc:a1:ec:23:43:fc:45:e5:a5:d8:88:76:82:c8:b3:
         a0:e0:6a:a4:d4:e0:2f:5c:db:df:ca:65:19:5f:2b:18:8f:38:
         07:ff:ab:19:ac:cf:ea:5a:a7:0f:33:85:1a:1e:b2:71:35:db:
         f4:70:ed:1d:93:20:45:36:e9:14:a7:da:bf:be:7f:29:43:ca:
         cf:53:d2:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2vja4q/U+ZAKTSYRahQvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwZGE1ODhmNWU5YTFjMmFmNTZiZTA4ZjdlNmEyYzk5ODFh
YjYwMjYwHhcNMjQwMTAxMDIyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWQ2MWM4MGY5Mzc0OTBkMjYwN2Y2Yjc0Mzk5YjBhZjEzYjVkMjNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkKBdKvkKEzPbDnynH7TxkNzoxFg2
fU2mevx8BhO3mjL6DObhsA6w17hWS2VC6nscsfAjSvLy7DuAUV+5oqyfcPswFUuD
tuIKdf3fPl8o7yCYZ+ErlKD694iZOkdse5Vh2mSvvG2gh+epywHVR488GPaM4Ctq
44jdeUeVIg7Qa7EQBGq14ZraUr/AwTUgVPDardwXe29XM+wsea3rztFqve/9aI85
uPNtQINdXYv5FvH+GaAE4BVGeWkC0f/3OfKUJFJSZMOwCKUmj6BsO38zr5SIGI7w
66sviXkQefDSUiW8KOaBmMvv9pQYqKc0MyUFaDWaF5oOyIPhMu9uG8LRNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG7WHID5N0kNJgf2t0OZsK8TtdI8MB8GA1UdIwQY
MBaAFFDaWI9emhwq9Wvgj35qLJmBq2AmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVU5wWWoxNmFIQ3IxYS1DUGZtb3NtWUdyWUNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy83MzFiNGMtOGNhOC00OTdiLThhMmIt
NDNjMWM2MWQwMmViLzEvYnRZY2dQazNTUTBtQl9hM1E1bXdyeE8xMGp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy83MzFiNGMtOGNhOC00OTdiLThhMmItNDNjMWM2MWQwMmVi
LzEvVU5wWWoxNmFIQ3IxYS1DUGZtb3NtWUdyWUNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwbKmMA0G
CSqGSIb3DQEBCwUAA4IBAQAKOp8TAKQC5yICNDKcof90B3kJswjVd/xCfulaZLYP
GSHxcyt/pOoA+L44p83QG4s6FbWyz/g+iWuuL7Q7KBvYE6ti1QgOIwdRURhEVE0z
PwC1edT1q7dkgkSorwiF7ab+B6V1MfO8sXeY7V7uRMYBIdSoeS1yRobLRFUdpFxr
7lRiWweps50LtLxpOiKZXcSIFk9VI2VwRBOSvsE+X605Vm5deZUNDiMlWBVBRbiJ
8+leNxkQ8UfMoewjQ/xF5aXYiHaCyLOg4Gqk1OAvXNvfymUZXysYjzgH/6sZrM/q
WqcPM4UaHrJxNdv0cO0dkyBFNukUp9q/vn8pQ8rPU9J8
-----END CERTIFICATE-----