Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/2a8100-172b-48e3-a32a-7bbd28ce4a75/1/wU4rXFQVMd9jmD9r5oEE8zRxBAM.roa
File:                     wU4rXFQVMd9jmD9r5oEE8zRxBAM.roa (raw, json)
Hash identifier:          Dcy/1UJCAXc82OR69vdfugPTopSDXpMfvXNUjOWVGC4=
Subject key identifier:   C1:4E:2B:5C:54:15:31:DF:63:98:3F:6B:E6:81:04:F3:34:71:04:03
Certificate issuer:       /CN=50592e68895c7068b4655508917ad5bbddbd0a5f
Certificate serial:       018CC2DB169C3474BDF382218A5BC85FF70F
Authority key identifier: 50:59:2E:68:89:5C:70:68:B4:65:55:08:91:7A:D5:BB:DD:BD:0A:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UFkuaIlccGi0ZVUIkXrVu929Cl8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/2a8100-172b-48e3-a32a-7bbd28ce4a75/1/wU4rXFQVMd9jmD9r5oEE8zRxBAM.roa
Signing time:             Mon 01 Jan 2024 02:29:47 +0000
ROA not before:           Mon 01 Jan 2024 02:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211887
IP address blocks:        185.237.82.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/2a8100-172b-48e3-a32a-7bbd28ce4a75/1/UFkuaIlccGi0ZVUIkXrVu929Cl8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/2a8100-172b-48e3-a32a-7bbd28ce4a75/1/UFkuaIlccGi0ZVUIkXrVu929Cl8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UFkuaIlccGi0ZVUIkXrVu929Cl8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:16:9c:34:74:bd:f3:82:21:8a:5b:c8:5f:f7:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50592e68895c7068b4655508917ad5bbddbd0a5f
        Validity
            Not Before: Jan  1 02:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c14e2b5c541531df63983f6be68104f334710403
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:16:ba:ab:28:1e:2a:3f:f8:ea:17:7b:e2:bf:
                    4d:a7:12:88:1c:36:5a:54:25:b7:37:04:1d:1c:95:
                    17:dd:7f:f4:ac:18:98:6c:b4:ca:fc:36:77:df:77:
                    f5:99:72:09:fe:87:2b:9f:e9:52:ef:3a:48:df:80:
                    3b:8b:f2:7a:b9:79:73:92:0c:9c:51:8e:94:63:30:
                    22:ba:9a:c8:d0:18:0d:ee:7d:57:eb:a8:76:37:20:
                    4f:3c:3b:b9:48:fe:08:31:33:7f:d6:28:ce:f7:3e:
                    78:6d:02:86:11:6e:d6:90:42:0b:0e:a3:19:a3:14:
                    26:23:cf:22:55:d3:89:df:8c:9e:e2:61:02:14:2c:
                    33:e7:a6:b1:1e:f0:2b:ce:1b:d8:92:e1:a3:e0:e8:
                    bf:9b:38:e5:46:0f:9b:3a:b3:ac:ee:30:06:cc:75:
                    dc:13:60:11:70:f5:1e:16:ce:25:61:70:36:5a:a5:
                    bb:53:01:ef:af:dd:29:34:e9:03:ff:2d:85:d7:6f:
                    bd:94:20:3c:af:bc:5d:11:60:f8:16:ee:20:52:af:
                    b5:b0:33:c8:77:66:60:8a:6e:85:9d:d2:99:54:59:
                    bb:45:ed:40:21:a0:86:6a:32:f3:eb:ad:4c:af:c2:
                    4b:21:2a:75:af:c8:f2:d2:96:74:81:1f:71:1b:52:
                    e4:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:4E:2B:5C:54:15:31:DF:63:98:3F:6B:E6:81:04:F3:34:71:04:03
            X509v3 Authority Key Identifier:
                keyid:50:59:2E:68:89:5C:70:68:B4:65:55:08:91:7A:D5:BB:DD:BD:0A:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UFkuaIlccGi0ZVUIkXrVu929Cl8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/2a8100-172b-48e3-a32a-7bbd28ce4a75/1/wU4rXFQVMd9jmD9r5oEE8zRxBAM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/2a8100-172b-48e3-a32a-7bbd28ce4a75/1/UFkuaIlccGi0ZVUIkXrVu929Cl8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.237.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:75:b6:54:48:4d:83:ea:1d:66:6a:82:30:89:92:0f:81:46:
         42:3f:6a:9b:80:1c:34:24:0c:c5:82:cb:d4:26:62:72:97:4f:
         55:50:9d:a5:a8:41:7e:6a:a6:07:4d:d7:6e:39:a0:54:7b:1f:
         13:1f:cb:8e:02:1b:6c:fb:f5:9b:d4:90:61:3f:67:e6:cb:e5:
         8a:58:5e:e1:42:91:35:40:d0:90:be:ad:f8:cb:a2:52:f3:b6:
         05:6f:4f:74:10:91:ac:70:d2:40:00:a2:4d:f6:0e:2c:54:75:
         44:bd:80:70:65:dd:c0:ed:c9:72:05:b1:59:3c:58:bf:c9:1f:
         42:c4:52:8a:3b:02:2a:4e:af:72:74:8e:3c:f5:b6:5d:3e:3d:
         5b:7e:de:7a:6e:ca:4e:87:7e:b7:e3:27:22:31:a5:a7:e6:1c:
         fd:c0:1a:b5:a7:94:67:0b:bd:f1:2d:43:35:09:8f:4a:0b:7e:
         8c:8e:29:31:f3:59:c6:25:36:9f:c4:d1:07:41:52:e9:f8:f5:
         92:1c:39:02:cd:e7:b2:fe:c6:6f:78:80:42:be:f9:84:20:66:
         55:93:e5:bf:8a:e7:c2:71:64:43:f9:3f:e8:34:9b:0d:db:59:
         93:6f:3e:cf:3a:d3:dd:39:6f:f0:c2:76:78:d2:7d:5f:ab:a9:
         28:0b:8f:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2xacNHS984IhilvIX/cPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwNTkyZTY4ODk1YzcwNjhiNDY1NTUwODkxN2FkNWJiZGRi
ZDBhNWYwHhcNMjQwMTAxMDIyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTRlMmI1YzU0MTUzMWRmNjM5ODNmNmJlNjgxMDRmMzM0NzEwNDAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlxa6qygeKj/46hd74r9NpxKIHDZa
VCW3NwQdHJUX3X/0rBiYbLTK/DZ333f1mXIJ/ocrn+lS7zpI34A7i/J6uXlzkgyc
UY6UYzAiuprI0BgN7n1X66h2NyBPPDu5SP4IMTN/1ijO9z54bQKGEW7WkEILDqMZ
oxQmI88iVdOJ34ye4mECFCwz56axHvArzhvYkuGj4Oi/mzjlRg+bOrOs7jAGzHXc
E2ARcPUeFs4lYXA2WqW7UwHvr90pNOkD/y2F12+9lCA8r7xdEWD4Fu4gUq+1sDPI
d2Zgim6FndKZVFm7Re1AIaCGajLz661Mr8JLISp1r8jy0pZ0gR9xG1LkjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMFOK1xUFTHfY5g/a+aBBPM0cQQDMB8GA1UdIwQY
MBaAFFBZLmiJXHBotGVVCJF61bvdvQpfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUZrdWFJbGNjR2kwWlZVSWtYclZ1OTI5Q2w4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi8yYTgxMDAtMTcyYi00OGUzLWEzMmEt
N2JiZDI4Y2U0YTc1LzEvd1U0clhGUVZNZDlqbUQ5cjVvRUU4elJ4QkFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi8yYTgxMDAtMTcyYi00OGUzLWEzMmEtN2JiZDI4Y2U0YTc1
LzEvVUZrdWFJbGNjR2kwWlZVSWtYclZ1OTI5Q2w4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAue1SMA0G
CSqGSIb3DQEBCwUAA4IBAQAwdbZUSE2D6h1maoIwiZIPgUZCP2qbgBw0JAzFgsvU
JmJyl09VUJ2lqEF+aqYHTdduOaBUex8TH8uOAhts+/Wb1JBhP2fmy+WKWF7hQpE1
QNCQvq34y6JS87YFb090EJGscNJAAKJN9g4sVHVEvYBwZd3A7clyBbFZPFi/yR9C
xFKKOwIqTq9ydI489bZdPj1bft56bspOh3634yciMaWn5hz9wBq1p5RnC73xLUM1
CY9KC36Mjikx81nGJTafxNEHQVLp+PWSHDkCzeey/sZveIBCvvmEIGZVk+W/iufC
cWRD+T/oNJsN21mTbz7POtPdOW/wwnZ40n1fq6koC49+
-----END CERTIFICATE-----