Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/4a12c2-9bed-45dd-863c-0b9fb97e529d/1/FQmKLrRh1xWGq99sk5mfIseij2s.roa
File:                     FQmKLrRh1xWGq99sk5mfIseij2s.roa (raw, json)
Hash identifier:          Oi/8jHC45BwVXwxeBJpwZwg1yWMJRbdhIOWzzn6vjqg=
Subject key identifier:   15:09:8A:2E:B4:61:D7:15:86:AB:DF:6C:93:99:9F:22:C7:A2:8F:6B
Certificate issuer:       /CN=500151e464b29791376c0c57beb40c584ef5a1cf
Certificate serial:       018CC348E3A37E500D94587FDACD79868325
Authority key identifier: 50:01:51:E4:64:B2:97:91:37:6C:0C:57:BE:B4:0C:58:4E:F5:A1:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UAFR5GSyl5E3bAxXvrQMWE71oc8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/4a12c2-9bed-45dd-863c-0b9fb97e529d/1/FQmKLrRh1xWGq99sk5mfIseij2s.roa
Signing time:             Mon 01 Jan 2024 04:29:43 +0000
ROA not before:           Mon 01 Jan 2024 04:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43824
IP address blocks:        185.222.49.0/24 maxlen: 24
                          185.222.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/4a12c2-9bed-45dd-863c-0b9fb97e529d/1/UAFR5GSyl5E3bAxXvrQMWE71oc8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/4a12c2-9bed-45dd-863c-0b9fb97e529d/1/UAFR5GSyl5E3bAxXvrQMWE71oc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UAFR5GSyl5E3bAxXvrQMWE71oc8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:e3:a3:7e:50:0d:94:58:7f:da:cd:79:86:83:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=500151e464b29791376c0c57beb40c584ef5a1cf
        Validity
            Not Before: Jan  1 04:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=15098a2eb461d71586abdf6c93999f22c7a28f6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:29:ad:a1:70:74:8a:15:3a:18:28:c9:af:1f:
                    62:44:03:fe:5a:9b:c5:9e:56:d4:81:01:b7:d9:b4:
                    53:9b:79:4f:47:63:11:db:54:2b:b2:a9:b3:3a:98:
                    80:7c:09:a7:84:b7:45:df:d1:3e:83:6f:54:cc:b5:
                    79:48:41:25:73:a7:1f:52:34:91:83:60:5a:cb:29:
                    cb:42:bc:e7:8d:e5:d6:70:38:9a:90:54:02:ba:4a:
                    41:15:e2:42:70:83:71:c7:4c:fc:7b:ea:6f:21:2d:
                    72:2d:19:08:a4:7d:9e:37:68:31:e5:3a:c1:2b:d2:
                    07:53:b5:4d:66:d6:76:56:a4:f1:ed:6e:0f:c8:f5:
                    af:77:65:27:e0:56:34:95:1d:81:3b:c4:33:5b:f7:
                    18:65:f6:0c:c2:60:86:11:cf:04:52:a4:ab:ef:dd:
                    65:d8:13:14:19:f4:27:c2:75:96:97:a6:85:7f:8b:
                    09:55:df:49:42:cb:cb:8d:da:0d:a3:dd:30:98:89:
                    31:59:c5:3c:84:49:29:82:63:d6:ba:b3:62:9a:eb:
                    d9:a4:70:84:7e:91:33:2a:89:cb:ce:1e:c5:d4:d9:
                    07:de:ad:8a:76:1e:d1:5c:6c:67:f5:80:bd:a1:1e:
                    1f:22:80:70:ac:25:00:43:53:f7:4c:56:b7:fb:21:
                    56:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:09:8A:2E:B4:61:D7:15:86:AB:DF:6C:93:99:9F:22:C7:A2:8F:6B
            X509v3 Authority Key Identifier:
                keyid:50:01:51:E4:64:B2:97:91:37:6C:0C:57:BE:B4:0C:58:4E:F5:A1:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UAFR5GSyl5E3bAxXvrQMWE71oc8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/4a12c2-9bed-45dd-863c-0b9fb97e529d/1/FQmKLrRh1xWGq99sk5mfIseij2s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/4a12c2-9bed-45dd-863c-0b9fb97e529d/1/UAFR5GSyl5E3bAxXvrQMWE71oc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.222.49.0-185.222.50.255

    Signature Algorithm: sha256WithRSAEncryption
         68:ef:ad:06:0e:63:24:8c:13:04:61:f9:4d:7e:e7:3c:d3:f5:
         4b:1d:07:48:bc:28:5e:52:af:a9:96:08:23:6b:c2:08:e5:ac:
         cb:a9:69:b0:16:2c:26:72:8d:21:d3:73:df:12:e6:0f:4d:47:
         7d:0d:a8:a3:b2:82:ea:94:5a:c7:fe:9c:73:3d:1d:ee:1f:5f:
         88:8d:32:00:8c:02:49:8a:47:00:8f:45:30:b9:23:77:8b:58:
         b6:26:5c:76:c9:3c:1b:4e:b0:8b:c1:82:77:fa:93:82:c9:3e:
         98:e0:c7:5c:03:0e:03:79:85:ad:3d:19:74:ac:8f:a1:6a:d5:
         37:cb:6a:d5:8d:23:64:cf:3e:5b:c1:cd:d8:b5:d5:10:eb:1a:
         31:df:28:d2:8e:b4:80:7c:ba:8e:5d:32:23:f9:7d:42:f2:eb:
         8a:89:4d:86:cc:41:41:d1:47:cc:ab:c8:3c:4d:e3:cb:48:48:
         e8:a6:a3:f3:d4:b8:91:cb:0a:06:88:c9:e8:8b:63:9b:8d:f7:
         cb:3a:e3:72:9f:11:b3:74:61:b3:9a:51:0f:ec:db:ca:1e:3e:
         b6:1c:e4:d2:a7:8e:d2:dc:6f:b6:bb:b8:57:c7:a4:e6:a4:7c:
         6d:0f:4f:42:c1:88:41:b4:c2:aa:bd:46:1f:fe:77:99:c4:1c:
         c4:fb:84:a9
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzDSOOjflANlFh/2s15hoMlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwMDE1MWU0NjRiMjk3OTEzNzZjMGM1N2JlYjQwYzU4NGVm
NWExY2YwHhcNMjQwMTAxMDQyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTA5OGEyZWI0NjFkNzE1ODZhYmRmNmM5Mzk5OWYyMmM3YTI4ZjZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCmtoXB0ihU6GCjJrx9iRAP+WpvF
nlbUgQG32bRTm3lPR2MR21QrsqmzOpiAfAmnhLdF39E+g29UzLV5SEElc6cfUjSR
g2BayynLQrznjeXWcDiakFQCukpBFeJCcINxx0z8e+pvIS1yLRkIpH2eN2gx5TrB
K9IHU7VNZtZ2VqTx7W4PyPWvd2Un4FY0lR2BO8QzW/cYZfYMwmCGEc8EUqSr791l
2BMUGfQnwnWWl6aFf4sJVd9JQsvLjdoNo90wmIkxWcU8hEkpgmPWurNimuvZpHCE
fpEzKonLzh7F1NkH3q2Kdh7RXGxn9YC9oR4fIoBwrCUAQ1P3TFa3+yFWRQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFBUJii60YdcVhqvfbJOZnyLHoo9rMB8GA1UdIwQY
MBaAFFABUeRkspeRN2wMV760DFhO9aHPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUFGUjVHU3lsNUUzYkF4WHZyUU1XRTcxb2M4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi80YTEyYzItOWJlZC00NWRkLTg2M2Mt
MGI5ZmI5N2U1MjlkLzEvRlFtS0xyUmgxeFdHcTk5c2s1bWZJc2VpajJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi80YTEyYzItOWJlZC00NWRkLTg2M2MtMGI5ZmI5N2U1Mjlk
LzEvVUFGUjVHU3lsNUUzYkF4WHZyUU1XRTcxb2M4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC53jED
BAC53jIwDQYJKoZIhvcNAQELBQADggEBAGjvrQYOYySMEwRh+U1+5zzT9UsdB0i8
KF5Sr6mWCCNrwgjlrMupabAWLCZyjSHTc98S5g9NR30NqKOyguqUWsf+nHM9He4f
X4iNMgCMAkmKRwCPRTC5I3eLWLYmXHbJPBtOsIvBgnf6k4LJPpjgx1wDDgN5ha09
GXSsj6Fq1TfLatWNI2TPPlvBzdi11RDrGjHfKNKOtIB8uo5dMiP5fULy64qJTYbM
QUHRR8yryDxN48tISOimo/PUuJHLCgaIyeiLY5uN98s643KfEbN0YbOaUQ/s28oe
PrYc5NKnjtLcb7a7uFfHpOakfG0PT0LBiEG0wqq9Rh/+d5nEHMT7hKk=
-----END CERTIFICATE-----