Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/874b3b-67de-49ef-8fc1-62dd6ecfe725/1/IdKiBrDYJ2m2JwDS4trNjV0cKb4.roa
File:                     IdKiBrDYJ2m2JwDS4trNjV0cKb4.roa (raw, json)
Hash identifier:          kBX2dLl6oGUqlakWeoAlgK2Dr+VlBghAl5l25c4ccSc=
Subject key identifier:   21:D2:A2:06:B0:D8:27:69:B6:27:00:D2:E2:DA:CD:8D:5D:1C:29:BE
Certificate issuer:       /CN=c86406264e49cf6f89ca5d2c6af750b36e156564
Certificate serial:       01902ED552CC78B1E014149D65D6F23FDC90
Authority key identifier: C8:64:06:26:4E:49:CF:6F:89:CA:5D:2C:6A:F7:50:B3:6E:15:65:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yGQGJk5Jz2-Jyl0savdQs24VZWQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/874b3b-67de-49ef-8fc1-62dd6ecfe725/1/IdKiBrDYJ2m2JwDS4trNjV0cKb4.roa
Signing time:             Wed 19 Jun 2024 04:50:50 +0000
ROA not before:           Wed 19 Jun 2024 04:50:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20929
IP address blocks:        194.50.174.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/874b3b-67de-49ef-8fc1-62dd6ecfe725/1/yGQGJk5Jz2-Jyl0savdQs24VZWQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/874b3b-67de-49ef-8fc1-62dd6ecfe725/1/yGQGJk5Jz2-Jyl0savdQs24VZWQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yGQGJk5Jz2-Jyl0savdQs24VZWQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 16:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:2e:d5:52:cc:78:b1:e0:14:14:9d:65:d6:f2:3f:dc:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c86406264e49cf6f89ca5d2c6af750b36e156564
        Validity
            Not Before: Jun 19 04:50:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=21d2a206b0d82769b62700d2e2dacd8d5d1c29be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:a4:5c:a3:2c:7d:47:68:43:29:61:12:25:75:
                    15:79:dc:57:36:65:01:d2:e4:23:66:9b:3d:b4:7a:
                    63:8e:b3:1e:f1:f7:48:fa:a2:45:64:82:1c:c9:ff:
                    9e:59:73:b4:b6:97:d4:71:95:45:ea:41:f0:7e:98:
                    a1:b8:31:0e:cb:e3:92:a8:8b:14:a0:64:99:27:d8:
                    bf:30:e3:1f:7f:d1:0d:f9:93:03:e3:dc:03:08:23:
                    7f:a5:b1:a6:ec:16:d1:ef:f8:3f:9c:3d:ff:c3:37:
                    7b:e7:d9:dc:42:ab:5f:1b:7c:9f:eb:31:38:d7:84:
                    51:31:7f:03:56:b7:95:5c:06:b5:63:60:25:2a:9e:
                    ab:08:28:e8:ee:ad:7b:aa:a6:95:ee:a9:1d:1e:40:
                    be:58:44:6c:ea:a0:3c:9a:c6:88:29:b0:1f:aa:44:
                    fb:ba:c0:52:18:01:32:bd:e8:68:3a:ff:d3:85:d5:
                    68:c1:19:03:f4:89:17:94:98:a0:a5:5c:8e:f2:7c:
                    60:a7:b4:db:83:6e:94:2b:05:28:28:b5:7a:d3:bd:
                    fc:01:94:25:a3:19:c5:0e:63:3f:f8:90:a6:12:26:
                    91:47:89:f4:fb:c6:98:36:fd:8a:05:7f:2d:ec:79:
                    0b:75:84:5b:27:6d:4f:a5:0a:28:87:49:0c:7b:f7:
                    3f:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:D2:A2:06:B0:D8:27:69:B6:27:00:D2:E2:DA:CD:8D:5D:1C:29:BE
            X509v3 Authority Key Identifier:
                keyid:C8:64:06:26:4E:49:CF:6F:89:CA:5D:2C:6A:F7:50:B3:6E:15:65:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yGQGJk5Jz2-Jyl0savdQs24VZWQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/874b3b-67de-49ef-8fc1-62dd6ecfe725/1/IdKiBrDYJ2m2JwDS4trNjV0cKb4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/874b3b-67de-49ef-8fc1-62dd6ecfe725/1/yGQGJk5Jz2-Jyl0savdQs24VZWQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:07:27:47:60:d1:93:d5:b9:25:75:14:e2:b5:72:67:cc:c2:
         ae:7a:a8:99:2e:52:f1:48:2f:51:d5:75:5f:76:89:25:79:9f:
         1b:bf:4f:a7:82:8e:35:bb:9e:75:84:24:16:a5:02:dd:55:42:
         6b:b4:29:eb:76:1b:c1:6e:2b:0c:66:10:15:ff:54:7d:f0:5b:
         5a:43:a8:a3:14:81:07:f2:80:eb:c6:83:7c:b0:54:7d:d7:85:
         f4:2e:db:98:dc:3c:db:8f:b7:e1:3f:48:c5:ec:65:e9:e7:6c:
         a1:4f:b0:50:a8:08:21:02:9d:21:9a:06:1e:38:6c:a4:30:cb:
         26:38:f2:1d:b2:d6:bf:94:96:4a:48:77:17:75:cb:b6:11:87:
         70:d8:ad:c8:e7:14:b6:3f:12:cb:12:bb:fe:80:31:d8:37:34:
         4d:ad:e0:77:d0:68:f5:af:a4:61:cc:9f:61:87:87:e9:ad:0e:
         e6:88:e3:1d:9e:20:ac:65:ff:21:bb:bc:55:0b:15:c2:e8:1a:
         cb:14:44:74:e6:3a:26:46:90:49:85:00:30:cc:21:79:c6:f0:
         e6:fb:08:74:3f:a0:09:00:80:c1:04:c3:0a:a5:8f:d8:a1:8f:
         a3:a4:76:97:e2:d2:e2:0a:ee:c7:14:b7:5d:9b:2f:5a:10:91:
         a1:03:0b:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAu1VLMeLHgFBSdZdbyP9yQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4NjQwNjI2NGU0OWNmNmY4OWNhNWQyYzZhZjc1MGIzNmUx
NTY1NjQwHhcNMjQwNjE5MDQ1MDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWQyYTIwNmIwZDgyNzY5YjYyNzAwZDJlMmRhY2Q4ZDVkMWMyOWJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqRcoyx9R2hDKWESJXUVedxXNmUB
0uQjZps9tHpjjrMe8fdI+qJFZIIcyf+eWXO0tpfUcZVF6kHwfpihuDEOy+OSqIsU
oGSZJ9i/MOMff9EN+ZMD49wDCCN/pbGm7BbR7/g/nD3/wzd759ncQqtfG3yf6zE4
14RRMX8DVreVXAa1Y2AlKp6rCCjo7q17qqaV7qkdHkC+WERs6qA8msaIKbAfqkT7
usBSGAEyvehoOv/ThdVowRkD9IkXlJigpVyO8nxgp7Tbg26UKwUoKLV60738AZQl
oxnFDmM/+JCmEiaRR4n0+8aYNv2KBX8t7HkLdYRbJ21PpQooh0kMe/c/KQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCHSogaw2CdpticA0uLazY1dHCm+MB8GA1UdIwQY
MBaAFMhkBiZOSc9vicpdLGr3ULNuFWVkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUdRR0prNUp6Mi1KeWwwc2F2ZFFzMjRWWldRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC84NzRiM2ItNjdkZS00OWVmLThmYzEt
NjJkZDZlY2ZlNzI1LzEvSWRLaUJyRFlKMm0ySndEUzR0ck5qVjBjS2I0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC84NzRiM2ItNjdkZS00OWVmLThmYzEtNjJkZDZlY2ZlNzI1
LzEveUdRR0prNUp6Mi1KeWwwc2F2ZFFzMjRWWldRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjKuMA0G
CSqGSIb3DQEBCwUAA4IBAQBJBydHYNGT1bkldRTitXJnzMKueqiZLlLxSC9R1XVf
dokleZ8bv0+ngo41u551hCQWpQLdVUJrtCnrdhvBbisMZhAV/1R98FtaQ6ijFIEH
8oDrxoN8sFR914X0LtuY3Dzbj7fhP0jF7GXp52yhT7BQqAghAp0hmgYeOGykMMsm
OPIdsta/lJZKSHcXdcu2EYdw2K3I5xS2PxLLErv+gDHYNzRNreB30Gj1r6RhzJ9h
h4fprQ7miOMdniCsZf8hu7xVCxXC6BrLFER05jomRpBJhQAwzCF5xvDm+wh0P6AJ
AIDBBMMKpY/YoY+jpHaX4tLiCu7HFLddmy9aEJGhAwsT
-----END CERTIFICATE-----