Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/2a8100-172b-48e3-a32a-7bbd28ce4a75/1/bNbU1neXaw88FQvcqeuWjYm_qRE.roa
File:                     bNbU1neXaw88FQvcqeuWjYm_qRE.roa (raw, json)
Hash identifier:          Hxnj3x7h5viYBqJiSzF8bmrNPzQwE2UIyo3GpLoR2gQ=
Subject key identifier:   6C:D6:D4:D6:77:97:6B:0F:3C:15:0B:DC:A9:EB:96:8D:89:BF:A9:11
Certificate issuer:       /CN=50592e68895c7068b4655508917ad5bbddbd0a5f
Certificate serial:       01917B62DDDFF707D030A816171FE9FA0E95
Authority key identifier: 50:59:2E:68:89:5C:70:68:B4:65:55:08:91:7A:D5:BB:DD:BD:0A:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UFkuaIlccGi0ZVUIkXrVu929Cl8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/2a8100-172b-48e3-a32a-7bbd28ce4a75/1/bNbU1neXaw88FQvcqeuWjYm_qRE.roa
Signing time:             Thu 22 Aug 2024 18:39:22 +0000
ROA not before:           Thu 22 Aug 2024 18:39:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15924
IP address blocks:        185.205.17.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/2a8100-172b-48e3-a32a-7bbd28ce4a75/1/UFkuaIlccGi0ZVUIkXrVu929Cl8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/2a8100-172b-48e3-a32a-7bbd28ce4a75/1/UFkuaIlccGi0ZVUIkXrVu929Cl8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UFkuaIlccGi0ZVUIkXrVu929Cl8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:7b:62:dd:df:f7:07:d0:30:a8:16:17:1f:e9:fa:0e:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50592e68895c7068b4655508917ad5bbddbd0a5f
        Validity
            Not Before: Aug 22 18:39:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6cd6d4d677976b0f3c150bdca9eb968d89bfa911
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:16:50:4b:07:f2:bf:60:ae:70:d1:5a:2f:85:
                    8b:00:7b:41:39:f5:31:a4:bf:0a:2c:11:9a:07:40:
                    da:bd:ba:4b:a5:71:24:a5:1d:91:0e:ef:af:03:e4:
                    81:ab:bb:3e:fe:9e:5d:7b:97:ec:af:f1:2b:f9:83:
                    54:bb:8a:c8:71:15:8d:df:12:68:ae:a4:13:64:21:
                    14:50:6a:50:e9:ba:89:6d:b7:9a:75:09:a2:ba:b8:
                    2b:94:7c:30:db:f1:b0:76:cf:3a:07:26:d3:d4:cd:
                    33:77:4e:ae:d8:d8:a5:ea:76:8f:ed:17:01:ff:b9:
                    98:25:e4:d1:04:3c:b4:12:3c:95:5d:84:d1:d3:8f:
                    0a:8b:c1:d1:b7:f2:15:df:26:de:65:e1:c3:d7:1f:
                    41:41:41:bf:eb:39:4e:76:87:fa:7b:82:17:63:2e:
                    75:90:e4:6d:3d:e6:77:63:ee:77:66:d2:f7:bb:87:
                    8b:56:56:47:a0:88:24:13:c5:58:18:af:69:09:34:
                    e4:aa:ba:06:ad:fa:84:fe:be:dd:10:e1:d7:c5:2c:
                    31:82:73:81:ab:ed:35:15:86:45:aa:34:ad:ad:31:
                    6f:26:65:5c:28:7e:95:b1:93:5b:94:3b:6c:45:40:
                    7a:0b:bb:f9:49:d5:b8:bb:dc:53:f9:0d:93:e5:49:
                    b7:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:D6:D4:D6:77:97:6B:0F:3C:15:0B:DC:A9:EB:96:8D:89:BF:A9:11
            X509v3 Authority Key Identifier:
                keyid:50:59:2E:68:89:5C:70:68:B4:65:55:08:91:7A:D5:BB:DD:BD:0A:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UFkuaIlccGi0ZVUIkXrVu929Cl8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/2a8100-172b-48e3-a32a-7bbd28ce4a75/1/bNbU1neXaw88FQvcqeuWjYm_qRE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/2a8100-172b-48e3-a32a-7bbd28ce4a75/1/UFkuaIlccGi0ZVUIkXrVu929Cl8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.205.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:de:35:6a:a8:48:7a:6b:c4:0e:6e:b6:be:31:f6:5c:bf:9f:
         8a:f0:8f:e8:1b:63:68:e5:7b:d2:4d:04:94:5c:96:45:26:7e:
         71:23:0f:de:6b:f3:77:fb:41:2e:fa:a5:35:0d:2e:f6:09:e8:
         3d:29:48:8b:f7:0b:ba:91:20:d2:fb:6b:c9:7a:94:1e:bf:95:
         8f:11:bf:50:78:0c:8a:c9:f4:20:78:70:02:72:54:e4:cf:cd:
         db:1e:37:8f:cc:dc:ce:83:7a:fc:e3:30:83:de:ee:70:24:a3:
         eb:41:64:8a:dc:74:ec:ce:c3:ae:21:3e:03:6c:d5:45:ae:0e:
         a7:36:e2:cf:50:6f:83:ac:09:75:04:ec:8d:e9:5f:63:45:eb:
         87:96:68:72:35:d9:42:75:13:b9:43:ef:96:a6:5c:3b:04:bd:
         c1:f4:63:f4:2b:53:c2:f8:85:94:48:e5:6d:8b:7a:22:f6:a4:
         3e:89:0d:1c:bb:e9:41:05:6b:26:56:d4:1a:13:c5:5f:5d:50:
         8d:88:93:8e:8f:4b:61:15:21:59:a1:42:b0:f6:1c:32:ae:b0:
         08:60:09:48:a0:07:d1:de:28:21:48:79:d6:2c:3a:40:ae:34:
         b4:a8:9c:25:8a:bc:15:b6:6e:67:6e:0d:f6:ee:9c:4e:82:39:
         16:20:fc:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZF7Yt3f9wfQMKgWFx/p+g6VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwNTkyZTY4ODk1YzcwNjhiNDY1NTUwODkxN2FkNWJiZGRi
ZDBhNWYwHhcNMjQwODIyMTgzOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2Q2ZDRkNjc3OTc2YjBmM2MxNTBiZGNhOWViOTY4ZDg5YmZhOTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmhZQSwfyv2CucNFaL4WLAHtBOfUx
pL8KLBGaB0DavbpLpXEkpR2RDu+vA+SBq7s+/p5de5fsr/Er+YNUu4rIcRWN3xJo
rqQTZCEUUGpQ6bqJbbeadQmiurgrlHww2/Gwds86BybT1M0zd06u2Nil6naP7RcB
/7mYJeTRBDy0EjyVXYTR048Ki8HRt/IV3ybeZeHD1x9BQUG/6zlOdof6e4IXYy51
kORtPeZ3Y+53ZtL3u4eLVlZHoIgkE8VYGK9pCTTkqroGrfqE/r7dEOHXxSwxgnOB
q+01FYZFqjStrTFvJmVcKH6VsZNblDtsRUB6C7v5SdW4u9xT+Q2T5Um3owIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGzW1NZ3l2sPPBUL3Knrlo2Jv6kRMB8GA1UdIwQY
MBaAFFBZLmiJXHBotGVVCJF61bvdvQpfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUZrdWFJbGNjR2kwWlZVSWtYclZ1OTI5Q2w4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi8yYTgxMDAtMTcyYi00OGUzLWEzMmEt
N2JiZDI4Y2U0YTc1LzEvYk5iVTFuZVhhdzg4RlF2Y3FldVdqWW1fcVJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi8yYTgxMDAtMTcyYi00OGUzLWEzMmEtN2JiZDI4Y2U0YTc1
LzEvVUZrdWFJbGNjR2kwWlZVSWtYclZ1OTI5Q2w4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuc0RMA0G
CSqGSIb3DQEBCwUAA4IBAQBH3jVqqEh6a8QObra+MfZcv5+K8I/oG2No5XvSTQSU
XJZFJn5xIw/ea/N3+0Eu+qU1DS72Ceg9KUiL9wu6kSDS+2vJepQev5WPEb9QeAyK
yfQgeHACclTkz83bHjePzNzOg3r84zCD3u5wJKPrQWSK3HTszsOuIT4DbNVFrg6n
NuLPUG+DrAl1BOyN6V9jReuHlmhyNdlCdRO5Q++Wplw7BL3B9GP0K1PC+IWUSOVt
i3oi9qQ+iQ0cu+lBBWsmVtQaE8VfXVCNiJOOj0thFSFZoUKw9hwyrrAIYAlIoAfR
3ighSHnWLDpArjS0qJwlirwVtm5nbg327pxOgjkWIPyB
-----END CERTIFICATE-----