Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/IVF4HwRXijfCCpgsCOxVSB3KuME.roa
File:                     IVF4HwRXijfCCpgsCOxVSB3KuME.roa (raw, json)
Hash identifier:          BJtzsKFATVArovDDs0ItvuYo/9xsyYSJOy/dUDH8fRo=
Subject key identifier:   21:51:78:1F:04:57:8A:37:C2:0A:98:2C:08:EC:55:48:1D:CA:B8:C1
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       0191316458656D77CEE06AE3CD313563AA15
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/IVF4HwRXijfCCpgsCOxVSB3KuME.roa
Signing time:             Thu 08 Aug 2024 09:49:05 +0000
ROA not before:           Thu 08 Aug 2024 09:49:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215730
IP address blocks:        185.125.50.0/24 maxlen: 24
                          2a0e:d604:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:31:64:58:65:6d:77:ce:e0:6a:e3:cd:31:35:63:aa:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Aug  8 09:49:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2151781f04578a37c20a982c08ec55481dcab8c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:37:fe:61:c1:44:28:92:b9:7a:e6:30:4c:22:
                    8f:6b:bb:6c:fb:bb:27:53:ad:d0:7e:10:2f:53:0e:
                    53:91:ac:24:f6:7b:ca:65:b2:66:d1:37:bb:f8:80:
                    54:27:e6:c4:17:20:34:24:33:4f:2a:ff:81:29:33:
                    0d:73:cc:2e:b1:e7:6d:a1:07:f3:a5:7f:56:64:50:
                    5c:87:8e:33:4a:42:31:8e:11:b2:3e:f0:9e:92:30:
                    c1:a4:3e:93:d7:23:eb:bb:08:ba:de:cd:02:e6:7f:
                    4a:5f:8b:dc:cc:f6:59:92:d5:1c:c2:58:51:a1:44:
                    a2:e8:5d:47:b7:dc:9f:06:4d:5a:11:a8:d9:cc:c7:
                    7b:3c:1e:ad:7e:13:74:38:6c:3d:0c:0c:f7:d4:22:
                    86:70:0c:de:63:89:a7:3a:9e:86:cb:9b:a6:c7:3b:
                    7e:e6:14:66:a9:ad:b7:78:2b:a9:7c:98:26:54:30:
                    e1:d4:20:95:a8:07:cc:44:25:85:c8:e7:e5:0a:6b:
                    5b:ad:aa:ec:b3:32:8e:0f:da:57:14:2f:67:ce:16:
                    a9:a3:b1:cb:13:f6:26:f6:0b:27:dd:d3:a7:4c:a1:
                    46:c7:e1:3b:2b:12:c2:cd:32:b7:23:10:a1:4f:7d:
                    30:fa:df:0a:5a:39:e9:dd:a7:b0:36:72:e7:a0:fd:
                    f5:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:51:78:1F:04:57:8A:37:C2:0A:98:2C:08:EC:55:48:1D:CA:B8:C1
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/IVF4HwRXijfCCpgsCOxVSB3KuME.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.125.50.0/24
                IPv6:
                  2a0e:d604:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         04:61:b9:55:31:f6:d0:29:74:b1:81:e2:29:f8:41:04:1c:ae:
         e0:af:9e:e8:18:6c:ae:52:e4:7f:06:fd:05:fc:7b:74:14:75:
         a4:76:98:23:2e:a7:d6:ef:7d:dd:da:e9:a9:4f:86:3d:70:9c:
         ba:bd:2d:e7:e2:61:1d:7b:a3:a8:dc:c7:08:fc:ab:7c:b2:70:
         e9:ae:60:e6:b6:c6:f5:fb:d6:82:0d:47:bc:2f:6f:98:7c:d8:
         27:a0:35:d7:4b:b8:8b:07:2d:7a:0b:c1:91:b2:bc:8a:be:bc:
         b7:2a:9c:6c:c4:78:bb:52:9e:05:d5:ba:d0:a8:f7:86:48:50:
         36:0e:74:11:d5:3b:02:97:85:bb:4e:cc:23:2d:cb:71:f9:88:
         ff:6b:ab:5a:30:fd:11:98:a2:6a:29:5a:56:fd:b7:36:d4:a4:
         82:b5:97:bf:6f:ad:9e:07:6f:cd:3f:c2:f6:91:e9:c3:d7:31:
         1e:e1:63:d5:4c:24:d9:52:d6:14:80:78:5c:7c:4d:23:ce:d2:
         da:ef:e2:65:a0:ef:c9:51:ad:ea:1f:1e:8b:02:5a:51:43:ad:
         62:a8:2b:87:ea:52:d5:96:de:10:a2:25:30:d3:c6:b3:96:e6:
         68:4a:e3:bd:1c:69:ac:68:73:f0:22:00:d9:4e:6c:e5:20:53:
         b0:08:46:21
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZExZFhlbXfO4GrjzTE1Y6oVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwODA4MDk0OTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTUxNzgxZjA0NTc4YTM3YzIwYTk4MmMwOGVjNTU0ODFkY2FiOGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApDf+YcFEKJK5euYwTCKPa7ts+7sn
U63QfhAvUw5Tkawk9nvKZbJm0Te7+IBUJ+bEFyA0JDNPKv+BKTMNc8wusedtoQfz
pX9WZFBch44zSkIxjhGyPvCekjDBpD6T1yPruwi63s0C5n9KX4vczPZZktUcwlhR
oUSi6F1Ht9yfBk1aEajZzMd7PB6tfhN0OGw9DAz31CKGcAzeY4mnOp6Gy5umxzt+
5hRmqa23eCupfJgmVDDh1CCVqAfMRCWFyOflCmtbrarsszKOD9pXFC9nzhapo7HL
E/Ym9gsn3dOnTKFGx+E7KxLCzTK3IxChT30w+t8KWjnp3aewNnLnoP31DwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCFReB8EV4o3wgqYLAjsVUgdyrjBMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvSVZGNEh3UlhpamZDQ3Bnc0NPeFZTQjNLdU1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuX0yMA8E
AgACMAkDBwAqDtYEAAEwDQYJKoZIhvcNAQELBQADggEBAARhuVUx9tApdLGB4in4
QQQcruCvnugYbK5S5H8G/QX8e3QUdaR2mCMup9bvfd3a6alPhj1wnLq9LefiYR17
o6jcxwj8q3yycOmuYOa2xvX71oINR7wvb5h82CegNddLuIsHLXoLwZGyvIq+vLcq
nGzEeLtSngXVutCo94ZIUDYOdBHVOwKXhbtOzCMty3H5iP9rq1ow/RGYomopWlb9
tzbUpIK1l79vrZ4Hb80/wvaR6cPXMR7hY9VMJNlS1hSAeFx8TSPO0trv4mWg78lR
reofHosCWlFDrWKoK4fqUtWW3hCiJTDTxrOW5mhK470caaxoc/AiANlObOUgU7AI
RiE=
-----END CERTIFICATE-----