Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/83acd7-5e1a-49f9-b409-32936c3a4a9d/1/50Ho_XL5wbGDipKCGMLS9e_aFW4.roa
File:                     50Ho_XL5wbGDipKCGMLS9e_aFW4.roa (raw, json)
Hash identifier:          dNGBvGlYvd4/Toza0Y8Yy81U0vbhQA/nlowkDJn/ld0=
Subject key identifier:   E7:41:E8:FD:72:F9:C1:B1:83:8A:92:82:18:C2:D2:F5:EF:DA:15:6E
Certificate issuer:       /CN=ad1d2a562c7db21151b4a0926b8d6feeacef8857
Certificate serial:       018CC79465BBEAE7C313B441FBDD1C8F518F
Authority key identifier: AD:1D:2A:56:2C:7D:B2:11:51:B4:A0:92:6B:8D:6F:EE:AC:EF:88:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rR0qVix9shFRtKCSa41v7qzviFc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/83acd7-5e1a-49f9-b409-32936c3a4a9d/1/50Ho_XL5wbGDipKCGMLS9e_aFW4.roa
Signing time:             Tue 02 Jan 2024 00:30:40 +0000
ROA not before:           Tue 02 Jan 2024 00:30:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20495
IP address blocks:        2a04:d9c0::/32 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/83acd7-5e1a-49f9-b409-32936c3a4a9d/1/rR0qVix9shFRtKCSa41v7qzviFc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/83acd7-5e1a-49f9-b409-32936c3a4a9d/1/rR0qVix9shFRtKCSa41v7qzviFc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rR0qVix9shFRtKCSa41v7qzviFc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:65:bb:ea:e7:c3:13:b4:41:fb:dd:1c:8f:51:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad1d2a562c7db21151b4a0926b8d6feeacef8857
        Validity
            Not Before: Jan  2 00:30:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e741e8fd72f9c1b1838a928218c2d2f5efda156e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:05:dd:6e:4a:e4:38:1c:2e:85:04:8c:1c:c6:
                    ce:d9:53:98:4a:fb:2b:ff:40:4c:e7:14:5f:bd:fc:
                    6c:b2:31:f1:9b:cd:21:0b:a5:c1:62:10:30:a9:22:
                    91:61:5b:08:96:71:ab:75:77:94:a6:96:a2:31:c2:
                    71:a0:18:61:95:e5:99:45:7c:73:b0:9e:75:8a:49:
                    24:42:48:af:df:be:95:6a:ba:66:4f:b7:ed:e8:5b:
                    83:67:ae:00:fd:d0:98:c6:67:fb:5a:34:a3:8b:1b:
                    ab:74:9e:2a:86:9f:c4:5d:be:0b:2d:fb:b1:c1:7e:
                    fd:1c:67:50:11:2a:e2:19:d9:06:36:1c:96:14:8f:
                    db:36:18:ea:f8:79:d9:cd:23:ae:06:41:35:58:37:
                    ae:db:4d:5a:12:74:84:97:ee:a7:06:62:6b:00:4c:
                    2e:8b:30:63:ed:a8:a8:49:9d:ca:4c:b8:f5:c4:47:
                    29:41:6b:ba:ef:ce:c6:fa:6f:f1:78:d2:c5:d0:15:
                    79:f9:11:c4:8b:6e:0c:6c:7d:ce:e1:41:33:44:d2:
                    11:ae:53:b2:58:79:94:5e:0f:f3:06:b9:a3:07:20:
                    5a:c7:82:bc:de:63:70:3f:c6:4c:3b:dc:46:65:bb:
                    53:97:8a:c0:32:64:5d:01:0c:7e:76:c6:3f:74:84:
                    b5:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:41:E8:FD:72:F9:C1:B1:83:8A:92:82:18:C2:D2:F5:EF:DA:15:6E
            X509v3 Authority Key Identifier:
                keyid:AD:1D:2A:56:2C:7D:B2:11:51:B4:A0:92:6B:8D:6F:EE:AC:EF:88:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rR0qVix9shFRtKCSa41v7qzviFc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/83acd7-5e1a-49f9-b409-32936c3a4a9d/1/50Ho_XL5wbGDipKCGMLS9e_aFW4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/83acd7-5e1a-49f9-b409-32936c3a4a9d/1/rR0qVix9shFRtKCSa41v7qzviFc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:d9c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         86:48:e2:72:98:76:a8:12:a7:11:62:0c:ef:5d:f5:e6:fd:e2:
         70:12:d6:8d:52:d0:f7:5e:a7:24:92:6e:ab:95:5b:d8:94:6c:
         32:d4:f9:ef:44:24:e9:65:3e:6d:d5:d5:8d:98:e3:ba:f1:60:
         8e:e3:cf:5c:a8:e5:b7:10:33:9f:3b:ed:d5:f1:dc:63:d0:f8:
         d6:0a:81:d2:0a:04:dc:36:3e:4e:36:7d:14:fc:cf:3a:df:a4:
         aa:ca:3f:46:4d:d8:8a:ba:b2:a0:06:b3:20:5a:fa:8e:9c:45:
         5b:30:86:97:ec:ad:52:43:ee:1c:48:11:fe:7a:c7:81:25:fe:
         bb:d6:44:31:9f:8e:aa:31:eb:64:48:6e:e1:db:66:70:51:59:
         94:87:0c:2c:d3:59:47:ea:d1:e9:ed:37:14:d0:62:8a:ce:a6:
         42:cd:ab:64:d7:86:c6:4d:05:23:c3:7d:9d:40:55:a7:db:d7:
         4a:07:31:94:f7:9d:fe:c1:f1:a5:d0:d5:c2:dd:39:b2:b1:71:
         eb:74:c4:38:44:7b:50:2a:e5:34:16:ae:27:5f:17:bd:19:49:
         79:69:16:70:f5:c8:9e:ac:9d:68:77:77:af:d2:c7:a7:03:1c:
         31:0d:94:11:c0:57:b2:10:ab:69:af:35:63:3b:b4:b3:98:e3:
         fa:88:1e:41
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzHlGW76ufDE7RB+90cj1GPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkMWQyYTU2MmM3ZGIyMTE1MWI0YTA5MjZiOGQ2ZmVlYWNl
Zjg4NTcwHhcNMjQwMTAyMDAzMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzQxZThmZDcyZjljMWIxODM4YTkyODIxOGMyZDJmNWVmZGExNTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsAXdbkrkOBwuhQSMHMbO2VOYSvsr
/0BM5xRfvfxssjHxm80hC6XBYhAwqSKRYVsIlnGrdXeUppaiMcJxoBhhleWZRXxz
sJ51ikkkQkiv376VarpmT7ft6FuDZ64A/dCYxmf7WjSjixurdJ4qhp/EXb4LLfux
wX79HGdQESriGdkGNhyWFI/bNhjq+HnZzSOuBkE1WDeu201aEnSEl+6nBmJrAEwu
izBj7aioSZ3KTLj1xEcpQWu6787G+m/xeNLF0BV5+RHEi24MbH3O4UEzRNIRrlOy
WHmUXg/zBrmjByBax4K83mNwP8ZMO9xGZbtTl4rAMmRdAQx+dsY/dIS1lQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFOdB6P1y+cGxg4qSghjC0vXv2hVuMB8GA1UdIwQY
MBaAFK0dKlYsfbIRUbSgkmuNb+6s74hXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclIwcVZpeDlzaEZSdEtDU2E0MXY3cXp2aUZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS84M2FjZDctNWUxYS00OWY5LWI0MDkt
MzI5MzZjM2E0YTlkLzEvNTBIb19YTDV3YkdEaXBLQ0dNTFM5ZV9hRlc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS84M2FjZDctNWUxYS00OWY5LWI0MDktMzI5MzZjM2E0YTlk
LzEvclIwcVZpeDlzaEZSdEtDU2E0MXY3cXp2aUZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgTZwDAN
BgkqhkiG9w0BAQsFAAOCAQEAhkjicph2qBKnEWIM71315v3icBLWjVLQ916nJJJu
q5Vb2JRsMtT570Qk6WU+bdXVjZjjuvFgjuPPXKjltxAznzvt1fHcY9D41gqB0goE
3DY+TjZ9FPzPOt+kqso/Rk3YirqyoAazIFr6jpxFWzCGl+ytUkPuHEgR/nrHgSX+
u9ZEMZ+OqjHrZEhu4dtmcFFZlIcMLNNZR+rR6e03FNBiis6mQs2rZNeGxk0FI8N9
nUBVp9vXSgcxlPed/sHxpdDVwt05srFx63TEOER7UCrlNBauJ18XvRlJeWkWcPXI
nqydaHd3r9LHpwMcMQ2UEcBXshCraa81Yzu0s5jj+ogeQQ==
-----END CERTIFICATE-----