Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/3fd910-78bc-442a-88ac-8c52de6fa888/1/tR_hkit7YVk8AHmhLVMDF-bJG8M.roa
File:                     tR_hkit7YVk8AHmhLVMDF-bJG8M.roa (raw, json)
Hash identifier:          xoQPO80bw+b7NvaOC7s1IkIUSBJ1Ci4zqdesf9+H+vg=
Subject key identifier:   B5:1F:E1:92:2B:7B:61:59:3C:00:79:A1:2D:53:03:17:E6:C9:1B:C3
Certificate issuer:       /CN=519e97470c63fda14c3265eb741a70e3a8b69aff
Certificate serial:       018CC26D1D7DBEEA0F20C73DFBA5BC8824F2
Authority key identifier: 51:9E:97:47:0C:63:FD:A1:4C:32:65:EB:74:1A:70:E3:A8:B6:9A:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UZ6XRwxj_aFMMmXrdBpw46i2mv8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/3fd910-78bc-442a-88ac-8c52de6fa888/1/tR_hkit7YVk8AHmhLVMDF-bJG8M.roa
Signing time:             Mon 01 Jan 2024 00:29:39 +0000
ROA not before:           Mon 01 Jan 2024 00:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33886
IP address blocks:        194.50.181.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/3fd910-78bc-442a-88ac-8c52de6fa888/1/UZ6XRwxj_aFMMmXrdBpw46i2mv8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/3fd910-78bc-442a-88ac-8c52de6fa888/1/UZ6XRwxj_aFMMmXrdBpw46i2mv8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UZ6XRwxj_aFMMmXrdBpw46i2mv8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:1d:7d:be:ea:0f:20:c7:3d:fb:a5:bc:88:24:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=519e97470c63fda14c3265eb741a70e3a8b69aff
        Validity
            Not Before: Jan  1 00:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b51fe1922b7b61593c0079a12d530317e6c91bc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:64:3b:f3:f6:19:5b:b3:ec:8e:31:5b:cb:ec:
                    c6:21:03:2e:8f:c0:d2:d7:5b:d3:19:68:e4:f1:41:
                    c4:f2:0f:9c:72:7b:58:0d:7a:0c:98:7a:03:0d:aa:
                    1f:74:f9:e4:79:b4:a5:b5:9b:40:61:ee:50:74:ff:
                    09:25:ec:17:0d:ca:00:e9:2f:bc:b4:c2:3b:c1:8e:
                    96:48:fd:47:66:a8:e2:ce:bc:f7:d0:66:39:f3:ec:
                    c0:1a:d5:8d:20:d5:a7:a7:4c:9b:b8:2f:68:17:a5:
                    f5:22:08:3a:05:b8:e0:84:3e:54:16:92:7c:1e:b4:
                    db:7a:c5:72:85:92:d7:83:1c:1c:54:31:37:11:b1:
                    62:aa:6d:28:89:1e:38:d2:8e:e7:ca:75:5e:50:5a:
                    a6:29:60:6e:04:68:82:08:9d:c5:f4:97:11:59:b5:
                    0c:42:cf:10:bd:48:27:de:e2:da:ce:9f:56:8d:77:
                    68:1b:28:aa:6c:11:45:6c:f2:84:1c:96:17:80:6b:
                    2c:8d:9c:23:a9:76:76:e4:56:11:96:a1:cf:2b:2a:
                    0d:52:3d:0b:5a:e1:e6:76:f4:76:ad:09:cc:7d:c8:
                    f8:3a:56:57:f7:73:ee:1e:f3:4e:69:de:31:62:fc:
                    ab:6d:20:8c:5c:b6:93:7e:8a:09:1e:c3:22:5e:7e:
                    f0:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:1F:E1:92:2B:7B:61:59:3C:00:79:A1:2D:53:03:17:E6:C9:1B:C3
            X509v3 Authority Key Identifier:
                keyid:51:9E:97:47:0C:63:FD:A1:4C:32:65:EB:74:1A:70:E3:A8:B6:9A:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UZ6XRwxj_aFMMmXrdBpw46i2mv8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/3fd910-78bc-442a-88ac-8c52de6fa888/1/tR_hkit7YVk8AHmhLVMDF-bJG8M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/3fd910-78bc-442a-88ac-8c52de6fa888/1/UZ6XRwxj_aFMMmXrdBpw46i2mv8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:22:55:6e:08:ed:50:20:76:6d:14:96:7a:f0:53:88:51:7a:
         86:1c:94:cd:6b:77:a4:16:ab:a1:9c:15:be:14:f8:9f:e2:c0:
         ec:bb:02:64:89:aa:09:9e:67:f2:dc:22:9c:91:79:5a:c8:82:
         63:bf:72:fd:1c:88:bd:47:3d:e1:27:1b:17:27:85:16:cf:c3:
         29:4f:a5:4d:3e:97:51:bc:56:e9:6f:7b:bf:ea:e0:14:62:0d:
         89:24:b8:cd:8c:ee:44:3a:d7:fd:a6:0c:9c:81:c0:67:1c:3c:
         6e:d9:15:e6:40:22:a4:6e:97:86:a6:f4:72:56:ca:08:bc:ad:
         58:7a:ad:f7:58:58:9f:2e:0e:c6:13:06:4b:a0:73:10:46:7b:
         7a:40:00:56:a2:a9:0e:05:96:62:f5:a4:dd:3b:1d:0e:a2:81:
         22:ea:c6:61:74:a5:b5:20:00:00:35:fe:c0:9c:58:bf:a4:17:
         e3:ab:c9:1f:b7:3a:68:13:1e:df:07:55:14:91:b8:0a:a3:b7:
         ef:c7:06:84:2d:90:68:0a:80:22:5e:1b:ed:b2:3f:88:1f:70:
         f3:10:6b:68:e1:52:47:94:4f:32:25:58:f9:44:5c:79:a5:62:
         35:2e:2d:99:fd:00:d7:71:b6:29:8b:13:82:d7:27:3f:ae:d7:
         05:a6:32:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbR19vuoPIMc9+6W8iCTyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxOWU5NzQ3MGM2M2ZkYTE0YzMyNjVlYjc0MWE3MGUzYThi
NjlhZmYwHhcNMjQwMTAxMDAyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTFmZTE5MjJiN2I2MTU5M2MwMDc5YTEyZDUzMDMxN2U2YzkxYmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkGQ78/YZW7PsjjFby+zGIQMuj8DS
11vTGWjk8UHE8g+ccntYDXoMmHoDDaofdPnkebSltZtAYe5QdP8JJewXDcoA6S+8
tMI7wY6WSP1HZqjizrz30GY58+zAGtWNINWnp0ybuC9oF6X1Igg6BbjghD5UFpJ8
HrTbesVyhZLXgxwcVDE3EbFiqm0oiR440o7nynVeUFqmKWBuBGiCCJ3F9JcRWbUM
Qs8QvUgn3uLazp9WjXdoGyiqbBFFbPKEHJYXgGssjZwjqXZ25FYRlqHPKyoNUj0L
WuHmdvR2rQnMfcj4OlZX93PuHvNOad4xYvyrbSCMXLaTfooJHsMiXn7wlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLUf4ZIre2FZPAB5oS1TAxfmyRvDMB8GA1UdIwQY
MBaAFFGel0cMY/2hTDJl63QacOOotpr/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVo2WFJ3eGpfYUZNTW1YcmRCcHc0NmkybXY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS8zZmQ5MTAtNzhiYy00NDJhLTg4YWMt
OGM1MmRlNmZhODg4LzEvdFJfaGtpdDdZVms4QUhtaExWTURGLWJKRzhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS8zZmQ5MTAtNzhiYy00NDJhLTg4YWMtOGM1MmRlNmZhODg4
LzEvVVo2WFJ3eGpfYUZNTW1YcmRCcHc0NmkybXY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjK1MA0G
CSqGSIb3DQEBCwUAA4IBAQCcIlVuCO1QIHZtFJZ68FOIUXqGHJTNa3ekFquhnBW+
FPif4sDsuwJkiaoJnmfy3CKckXlayIJjv3L9HIi9Rz3hJxsXJ4UWz8MpT6VNPpdR
vFbpb3u/6uAUYg2JJLjNjO5EOtf9pgycgcBnHDxu2RXmQCKkbpeGpvRyVsoIvK1Y
eq33WFifLg7GEwZLoHMQRnt6QABWoqkOBZZi9aTdOx0OooEi6sZhdKW1IAAANf7A
nFi/pBfjq8kftzpoEx7fB1UUkbgKo7fvxwaELZBoCoAiXhvtsj+IH3DzEGto4VJH
lE8yJVj5RFx5pWI1Li2Z/QDXcbYpixOC1yc/rtcFpjJ0
-----END CERTIFICATE-----