Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/72c587-c5cb-40e4-8ce1-e1b53556c1c3/1/50HXEtGJNL4Tut9pNJwL9NsRINs.roa
File:                     50HXEtGJNL4Tut9pNJwL9NsRINs.roa (raw, json)
Hash identifier:          3qrJPLje4BgCzDvCc0XrFYNXv5+vf8XyKt4rXqqT12w=
Subject key identifier:   E7:41:D7:12:D1:89:34:BE:13:BA:DF:69:34:9C:0B:F4:DB:11:20:DB
Certificate issuer:       /CN=5e280950653a7ec58c53385d00b381efbb465824
Certificate serial:       018DF48539DCF38C9C0E2547E94A88C03B29
Authority key identifier: 5E:28:09:50:65:3A:7E:C5:8C:53:38:5D:00:B3:81:EF:BB:46:58:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XigJUGU6fsWMUzhdALOB77tGWCQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/72c587-c5cb-40e4-8ce1-e1b53556c1c3/1/50HXEtGJNL4Tut9pNJwL9NsRINs.roa
Signing time:             Thu 29 Feb 2024 10:59:48 +0000
ROA not before:           Thu 29 Feb 2024 10:59:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215713
IP address blocks:        185.62.230.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/72c587-c5cb-40e4-8ce1-e1b53556c1c3/1/XigJUGU6fsWMUzhdALOB77tGWCQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/72c587-c5cb-40e4-8ce1-e1b53556c1c3/1/XigJUGU6fsWMUzhdALOB77tGWCQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XigJUGU6fsWMUzhdALOB77tGWCQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f4:85:39:dc:f3:8c:9c:0e:25:47:e9:4a:88:c0:3b:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e280950653a7ec58c53385d00b381efbb465824
        Validity
            Not Before: Feb 29 10:59:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e741d712d18934be13badf69349c0bf4db1120db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:87:e2:e2:9c:dc:01:54:c5:f3:49:1f:93:a7:
                    75:3d:b8:e1:e2:cc:93:cb:25:08:2e:ef:04:fa:7e:
                    4b:47:2a:db:38:87:54:da:81:eb:e8:39:8a:f4:f2:
                    de:a6:1c:ca:f0:b2:1b:b6:b1:4a:0d:4f:d9:7c:cc:
                    52:c2:5c:ab:5f:3c:9e:a5:62:5b:b2:82:9a:21:34:
                    96:cf:e8:1d:c3:1e:c3:3f:bc:2a:2b:0a:01:0f:e8:
                    af:a9:19:05:9e:9d:8d:2d:ec:58:2e:0a:3c:44:cb:
                    bc:b4:c6:6c:0a:17:13:54:4f:69:03:e8:83:c6:62:
                    80:95:f0:db:d5:92:ab:f9:33:2d:e7:87:05:b1:4a:
                    3c:5e:be:ef:84:66:bd:72:9e:c6:10:62:f6:c0:c9:
                    c6:e5:c9:e3:a1:6e:1e:ce:96:be:01:38:36:e2:75:
                    c3:f6:2e:6f:41:df:8c:55:60:81:02:f6:b7:b1:77:
                    b7:ee:b1:7b:17:18:9c:4a:70:84:b8:e9:be:c3:ec:
                    0d:e6:e8:4a:9f:b6:ba:69:48:66:92:c9:c2:90:8f:
                    a0:f9:42:8b:a0:99:08:e4:14:6e:b9:f6:84:9d:c3:
                    c2:7d:74:d7:35:c0:77:4d:66:f5:9e:09:31:f2:33:
                    59:d7:54:5a:d0:21:61:98:5f:f0:22:80:48:f9:2c:
                    77:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:41:D7:12:D1:89:34:BE:13:BA:DF:69:34:9C:0B:F4:DB:11:20:DB
            X509v3 Authority Key Identifier:
                keyid:5E:28:09:50:65:3A:7E:C5:8C:53:38:5D:00:B3:81:EF:BB:46:58:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XigJUGU6fsWMUzhdALOB77tGWCQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/72c587-c5cb-40e4-8ce1-e1b53556c1c3/1/50HXEtGJNL4Tut9pNJwL9NsRINs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/72c587-c5cb-40e4-8ce1-e1b53556c1c3/1/XigJUGU6fsWMUzhdALOB77tGWCQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.62.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:ef:83:21:1e:ed:55:a0:22:30:05:20:cb:31:47:2d:bb:c8:
         5b:9d:55:b2:94:19:6d:a4:15:bb:47:62:0b:e0:dd:22:5a:a6:
         23:78:00:c5:fd:1d:39:c4:31:ef:f0:3c:43:36:42:b6:26:da:
         1d:d9:3f:dc:2d:87:32:f2:8f:0a:86:4e:c0:aa:8f:8f:d7:4a:
         a4:a7:0d:3e:57:79:c2:05:20:f2:5d:2d:82:76:f1:33:c2:7c:
         5b:a3:e4:91:3c:e3:f9:cf:f6:52:20:a0:5d:5d:46:77:20:33:
         f8:8e:e2:0b:6b:cd:cb:a5:43:39:bf:9e:77:f7:6e:ee:33:80:
         45:52:29:9c:16:e2:9a:19:0b:48:37:ae:56:c0:db:10:13:ad:
         09:a6:ae:27:2a:9f:7f:22:f0:f1:da:d7:ad:3b:8e:58:84:f5:
         ba:02:21:1d:56:39:e4:66:42:c5:4c:5a:c1:05:fe:cf:78:57:
         ec:0b:70:2b:7a:ff:4f:97:c0:51:41:58:e1:e7:99:cd:46:da:
         da:a1:da:0e:1d:fd:23:66:a8:e9:9d:8a:d9:9d:3d:5a:25:ae:
         27:eb:f7:4c:38:ea:9e:54:d9:31:2e:e4:83:98:1b:6c:b0:13:
         4e:ed:93:b6:ea:43:94:5f:0d:57:95:2c:d5:c7:fe:0e:1d:ab:
         96:ca:0b:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY30hTnc84ycDiVH6UqIwDspMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMjgwOTUwNjUzYTdlYzU4YzUzMzg1ZDAwYjM4MWVmYmI0
NjU4MjQwHhcNMjQwMjI5MTA1OTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzQxZDcxMmQxODkzNGJlMTNiYWRmNjkzNDljMGJmNGRiMTEyMGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqIfi4pzcAVTF80kfk6d1Pbjh4syT
yyUILu8E+n5LRyrbOIdU2oHr6DmK9PLephzK8LIbtrFKDU/ZfMxSwlyrXzyepWJb
soKaITSWz+gdwx7DP7wqKwoBD+ivqRkFnp2NLexYLgo8RMu8tMZsChcTVE9pA+iD
xmKAlfDb1ZKr+TMt54cFsUo8Xr7vhGa9cp7GEGL2wMnG5cnjoW4ezpa+ATg24nXD
9i5vQd+MVWCBAva3sXe37rF7FxicSnCEuOm+w+wN5uhKn7a6aUhmksnCkI+g+UKL
oJkI5BRuufaEncPCfXTXNcB3TWb1ngkx8jNZ11Ra0CFhmF/wIoBI+Sx3LQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOdB1xLRiTS+E7rfaTScC/TbESDbMB8GA1UdIwQY
MBaAFF4oCVBlOn7FjFM4XQCzge+7RlgkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGlnSlVHVTZmc1dNVXpoZEFMT0I3N3RHV0NRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC83MmM1ODctYzVjYi00MGU0LThjZTEt
ZTFiNTM1NTZjMWMzLzEvNTBIWEV0R0pOTDRUdXQ5cE5Kd0w5TnNSSU5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC83MmM1ODctYzVjYi00MGU0LThjZTEtZTFiNTM1NTZjMWMz
LzEvWGlnSlVHVTZmc1dNVXpoZEFMT0I3N3RHV0NRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuT7mMA0G
CSqGSIb3DQEBCwUAA4IBAQCB74MhHu1VoCIwBSDLMUctu8hbnVWylBltpBW7R2IL
4N0iWqYjeADF/R05xDHv8DxDNkK2Jtod2T/cLYcy8o8Khk7Aqo+P10qkpw0+V3nC
BSDyXS2CdvEzwnxbo+SRPOP5z/ZSIKBdXUZ3IDP4juILa83LpUM5v553927uM4BF
UimcFuKaGQtIN65WwNsQE60Jpq4nKp9/IvDx2tetO45YhPW6AiEdVjnkZkLFTFrB
Bf7PeFfsC3Arev9Pl8BRQVjh55nNRtraodoOHf0jZqjpnYrZnT1aJa4n6/dMOOqe
VNkxLuSDmBtssBNO7ZO26kOUXw1XlSzVx/4OHauWygtA
-----END CERTIFICATE-----