Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/2a8100-172b-48e3-a32a-7bbd28ce4a75/1/24nGQWINc-YoKMkIKR5GlCERohM.roa
File:                     24nGQWINc-YoKMkIKR5GlCERohM.roa (raw, json)
Hash identifier:          YFkUPjlMR4ZhcitVwNs4Fecwhh7KwvAsKgcz1akvQvQ=
Subject key identifier:   DB:89:C6:41:62:0D:73:E6:28:28:C9:08:29:1E:46:94:21:11:A2:13
Certificate issuer:       /CN=50592e68895c7068b4655508917ad5bbddbd0a5f
Certificate serial:       018CC2DB1739EBA4B88DD4703EF0A413D9D0
Authority key identifier: 50:59:2E:68:89:5C:70:68:B4:65:55:08:91:7A:D5:BB:DD:BD:0A:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UFkuaIlccGi0ZVUIkXrVu929Cl8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/2a8100-172b-48e3-a32a-7bbd28ce4a75/1/24nGQWINc-YoKMkIKR5GlCERohM.roa
Signing time:             Mon 01 Jan 2024 02:29:47 +0000
ROA not before:           Mon 01 Jan 2024 02:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213157
IP address blocks:        185.86.83.0/24 maxlen: 24
                          185.254.92.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/2a8100-172b-48e3-a32a-7bbd28ce4a75/1/UFkuaIlccGi0ZVUIkXrVu929Cl8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/2a8100-172b-48e3-a32a-7bbd28ce4a75/1/UFkuaIlccGi0ZVUIkXrVu929Cl8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UFkuaIlccGi0ZVUIkXrVu929Cl8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 10:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:17:39:eb:a4:b8:8d:d4:70:3e:f0:a4:13:d9:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50592e68895c7068b4655508917ad5bbddbd0a5f
        Validity
            Not Before: Jan  1 02:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=db89c641620d73e62828c908291e46942111a213
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:24:db:b6:a6:f3:54:52:d0:45:f9:08:b4:bf:
                    af:25:75:d3:81:33:c2:4f:99:59:43:c0:09:98:64:
                    17:4f:1d:b4:17:f4:48:a7:10:93:92:53:a1:b0:17:
                    75:23:a9:57:cb:85:90:5f:47:a7:2f:c8:89:4d:81:
                    9a:9a:43:dd:a5:17:52:4d:a7:6c:96:84:56:c1:db:
                    b3:08:b9:5d:9f:dc:41:bd:07:0f:81:71:40:83:71:
                    6e:2e:14:09:39:0b:24:cd:fd:ab:c0:7d:bd:15:38:
                    d9:1f:0c:37:a1:10:8a:76:26:fd:78:67:a2:ec:2a:
                    22:2c:26:18:95:40:b8:ca:c5:e3:bb:00:0b:88:81:
                    27:73:58:11:87:b6:c0:7a:ca:6b:2d:e4:c8:91:a2:
                    91:bf:59:8d:46:1a:84:ff:17:f6:89:a8:01:fb:fb:
                    c6:e6:e0:69:46:05:12:2a:ce:c5:d7:0c:0b:19:c4:
                    2b:93:99:37:81:1b:3c:21:60:e0:bf:4f:94:d2:b6:
                    77:44:c8:cb:fc:ce:a3:f0:70:05:25:2e:08:47:ab:
                    9c:37:11:0e:d5:c1:af:c0:89:12:45:a2:7e:3f:48:
                    c4:80:63:b1:95:92:9f:9c:85:57:9c:fe:c6:04:0c:
                    83:0f:e7:45:f2:02:31:d0:82:04:36:5c:95:99:c4:
                    68:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:89:C6:41:62:0D:73:E6:28:28:C9:08:29:1E:46:94:21:11:A2:13
            X509v3 Authority Key Identifier:
                keyid:50:59:2E:68:89:5C:70:68:B4:65:55:08:91:7A:D5:BB:DD:BD:0A:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UFkuaIlccGi0ZVUIkXrVu929Cl8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/2a8100-172b-48e3-a32a-7bbd28ce4a75/1/24nGQWINc-YoKMkIKR5GlCERohM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/2a8100-172b-48e3-a32a-7bbd28ce4a75/1/UFkuaIlccGi0ZVUIkXrVu929Cl8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.86.83.0/24
                  185.254.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:4f:6c:f5:4f:17:8d:67:16:ec:b5:7a:0a:40:8b:14:67:51:
         9f:2e:19:a7:a8:6a:37:3d:bc:3e:9b:b8:a8:4c:ad:58:8f:04:
         3f:28:df:4d:c8:28:8f:8f:a1:c5:f4:89:11:6b:65:cc:d3:8d:
         75:61:16:33:8e:2f:45:c7:df:5d:cd:86:ea:94:ee:fb:17:19:
         34:87:87:a2:e5:82:79:fd:7c:87:31:ba:af:19:06:ec:69:1d:
         b5:66:7b:af:d7:4d:92:a0:f9:a0:35:5a:b1:a6:8f:03:ef:95:
         60:ad:4e:b5:46:bd:8f:a6:41:d4:db:9b:8c:85:82:8f:fa:0d:
         31:8c:42:52:c5:fc:1a:29:c5:39:1d:67:dc:a9:25:50:14:12:
         86:bf:5d:17:49:7c:b2:f3:33:1b:bc:35:23:9a:09:32:cf:46:
         66:2e:04:f8:86:f1:ec:56:1f:b0:06:5b:d9:84:6f:6f:ab:17:
         5a:94:1f:c0:0a:0c:87:62:15:50:bf:80:2e:f0:6e:a5:db:06:
         4e:70:9c:7e:19:bf:0a:e4:92:a9:42:30:9e:c5:b1:07:66:f3:
         c8:c9:88:82:be:aa:7f:78:94:d0:73:d9:6f:6c:ad:10:66:41:
         55:c1:bc:5e:fc:68:4d:84:79:2b:7f:99:1a:9a:52:ca:a9:da:
         f0:b5:07:fd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2xc566S4jdRwPvCkE9nQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwNTkyZTY4ODk1YzcwNjhiNDY1NTUwODkxN2FkNWJiZGRi
ZDBhNWYwHhcNMjQwMTAxMDIyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjg5YzY0MTYyMGQ3M2U2MjgyOGM5MDgyOTFlNDY5NDIxMTFhMjEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvyTbtqbzVFLQRfkItL+vJXXTgTPC
T5lZQ8AJmGQXTx20F/RIpxCTklOhsBd1I6lXy4WQX0enL8iJTYGamkPdpRdSTads
loRWwduzCLldn9xBvQcPgXFAg3FuLhQJOQskzf2rwH29FTjZHww3oRCKdib9eGei
7CoiLCYYlUC4ysXjuwALiIEnc1gRh7bAesprLeTIkaKRv1mNRhqE/xf2iagB+/vG
5uBpRgUSKs7F1wwLGcQrk5k3gRs8IWDgv0+U0rZ3RMjL/M6j8HAFJS4IR6ucNxEO
1cGvwIkSRaJ+P0jEgGOxlZKfnIVXnP7GBAyDD+dF8gIx0IIENlyVmcRoXwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNuJxkFiDXPmKCjJCCkeRpQhEaITMB8GA1UdIwQY
MBaAFFBZLmiJXHBotGVVCJF61bvdvQpfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUZrdWFJbGNjR2kwWlZVSWtYclZ1OTI5Q2w4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi8yYTgxMDAtMTcyYi00OGUzLWEzMmEt
N2JiZDI4Y2U0YTc1LzEvMjRuR1FXSU5jLVlvS01rSUtSNUdsQ0VSb2hNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi8yYTgxMDAtMTcyYi00OGUzLWEzMmEtN2JiZDI4Y2U0YTc1
LzEvVUZrdWFJbGNjR2kwWlZVSWtYclZ1OTI5Q2w4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuVZTAwQA
uf5cMA0GCSqGSIb3DQEBCwUAA4IBAQCHT2z1TxeNZxbstXoKQIsUZ1GfLhmnqGo3
Pbw+m7ioTK1YjwQ/KN9NyCiPj6HF9IkRa2XM0411YRYzji9Fx99dzYbqlO77Fxk0
h4ei5YJ5/XyHMbqvGQbsaR21Znuv102SoPmgNVqxpo8D75VgrU61Rr2PpkHU25uM
hYKP+g0xjEJSxfwaKcU5HWfcqSVQFBKGv10XSXyy8zMbvDUjmgkyz0ZmLgT4hvHs
Vh+wBlvZhG9vqxdalB/ACgyHYhVQv4Au8G6l2wZOcJx+Gb8K5JKpQjCexbEHZvPI
yYiCvqp/eJTQc9lvbK0QZkFVwbxe/GhNhHkrf5kamlLKqdrwtQf9
-----END CERTIFICATE-----