Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/01a73a-8da0-48b9-aaed-a23c131c0d38/1/N50ILjI6vNp7A6N9HygvstrwChc.roa
File:                     N50ILjI6vNp7A6N9HygvstrwChc.roa (raw, json)
Hash identifier:          Dirg6q8LPU3d4GS5cdQfmRbClfRmgGiHcbmkwEYmVik=
Subject key identifier:   37:9D:08:2E:32:3A:BC:DA:7B:03:A3:7D:1F:28:2F:B2:DA:F0:0A:17
Certificate issuer:       /CN=533802e62965d4584e598d59b76a928be5afd971
Certificate serial:       019527E77CF9FA6D55810E58A1760ED0E9B9
Authority key identifier: 53:38:02:E6:29:65:D4:58:4E:59:8D:59:B7:6A:92:8B:E5:AF:D9:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UzgC5ill1FhOWY1Zt2qSi-Wv2XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/01a73a-8da0-48b9-aaed-a23c131c0d38/1/N50ILjI6vNp7A6N9HygvstrwChc.roa
Signing time:             Fri 21 Feb 2025 09:47:17 +0000
ROA not before:           Fri 21 Feb 2025 09:47:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209495
IP address blocks:        141.98.228.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/01a73a-8da0-48b9-aaed-a23c131c0d38/1/UzgC5ill1FhOWY1Zt2qSi-Wv2XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/01a73a-8da0-48b9-aaed-a23c131c0d38/1/UzgC5ill1FhOWY1Zt2qSi-Wv2XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UzgC5ill1FhOWY1Zt2qSi-Wv2XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:27:e7:7c:f9:fa:6d:55:81:0e:58:a1:76:0e:d0:e9:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=533802e62965d4584e598d59b76a928be5afd971
        Validity
            Not Before: Feb 21 09:47:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=379d082e323abcda7b03a37d1f282fb2daf00a17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:62:4e:7b:d5:f9:40:cb:30:0c:93:92:ef:ac:
                    51:c8:01:a6:3c:e4:42:b2:aa:74:3f:f0:dc:2c:70:
                    5e:8b:e1:49:a5:8c:d0:7f:7c:2e:b5:d4:a5:19:24:
                    1e:dc:64:50:90:42:94:87:8d:9d:34:0a:cb:db:f1:
                    46:09:ae:2e:5c:42:46:aa:92:8e:2e:f9:ac:19:8c:
                    dc:38:f3:07:c2:ed:e9:ca:73:cc:3a:a1:4c:02:d6:
                    51:59:c9:42:8c:9b:44:cf:9e:a8:85:ff:2e:d7:05:
                    fa:7d:68:80:30:c2:b5:d1:94:64:a5:7d:ba:20:22:
                    12:76:af:cc:7c:a9:34:53:76:fb:67:7c:04:85:78:
                    c0:90:7b:f1:d8:88:b4:73:ca:6f:45:9a:a8:a1:dd:
                    4a:00:68:c3:11:d7:4f:68:6d:a7:40:c9:d1:49:97:
                    e8:0a:d5:da:a6:79:30:65:e9:ee:64:7f:e2:c0:84:
                    3e:18:8f:6c:e8:3b:d3:f8:cd:29:d7:f3:80:19:3d:
                    bc:8e:95:2c:90:9d:38:67:6a:17:13:fd:81:02:6c:
                    e1:b7:7b:b4:3b:9a:73:83:30:19:a8:66:a3:0a:a3:
                    31:db:4f:a0:89:b1:ba:0b:a8:90:6f:8e:95:ff:39:
                    94:39:ca:a9:69:b5:9f:2a:9d:92:fd:52:d3:2a:e4:
                    e3:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:9D:08:2E:32:3A:BC:DA:7B:03:A3:7D:1F:28:2F:B2:DA:F0:0A:17
            X509v3 Authority Key Identifier:
                keyid:53:38:02:E6:29:65:D4:58:4E:59:8D:59:B7:6A:92:8B:E5:AF:D9:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UzgC5ill1FhOWY1Zt2qSi-Wv2XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/01a73a-8da0-48b9-aaed-a23c131c0d38/1/N50ILjI6vNp7A6N9HygvstrwChc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/01a73a-8da0-48b9-aaed-a23c131c0d38/1/UzgC5ill1FhOWY1Zt2qSi-Wv2XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.98.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         05:5f:0d:7f:97:e2:c1:07:83:ed:72:8b:4c:86:35:c9:ea:22:
         8e:0a:70:c9:21:d5:fd:7d:75:55:0b:f6:66:3e:e3:c6:17:7d:
         23:0c:e1:09:f0:b2:95:9d:75:75:26:96:35:72:28:ae:77:61:
         c5:7f:1e:f4:0e:2d:56:7f:65:d9:76:e9:3b:81:2a:47:6d:c3:
         5c:af:92:47:f9:83:0b:80:b4:0f:07:ff:b0:24:8f:50:78:28:
         0d:ba:ae:d1:39:ac:bc:3c:a7:37:a4:f1:cf:5d:0e:18:a8:65:
         92:91:79:06:7c:39:71:54:7d:8e:2b:0c:12:a1:25:10:f3:47:
         7c:87:34:21:0f:ba:97:58:a2:85:b4:23:cb:63:48:a8:7f:f4:
         06:99:f6:e6:fe:b1:1f:ab:fc:ce:5a:d1:bf:28:19:85:a6:24:
         d5:dc:bf:de:bc:61:8b:4a:ad:cc:50:ab:6c:c6:af:b8:bc:a6:
         8a:ef:00:6b:d6:1d:b8:c9:ca:40:29:04:b9:c7:7a:2a:0a:66:
         b6:ab:72:72:fb:07:67:94:c3:8b:5a:20:3e:4c:1f:45:f4:3e:
         3b:c3:2d:c3:49:65:06:6e:61:02:d9:65:c4:22:76:01:18:74:
         b8:ba:60:12:bf:08:cd:90:09:b7:e7:bd:8c:7f:fe:71:8b:28:
         21:41:4c:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUn53z5+m1VgQ5YoXYO0Om5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzMzgwMmU2Mjk2NWQ0NTg0ZTU5OGQ1OWI3NmE5MjhiZTVh
ZmQ5NzEwHhcNMjUwMjIxMDk0NzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzlkMDgyZTMyM2FiY2RhN2IwM2EzN2QxZjI4MmZiMmRhZjAwYTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArGJOe9X5QMswDJOS76xRyAGmPORC
sqp0P/DcLHBei+FJpYzQf3wutdSlGSQe3GRQkEKUh42dNArL2/FGCa4uXEJGqpKO
LvmsGYzcOPMHwu3pynPMOqFMAtZRWclCjJtEz56ohf8u1wX6fWiAMMK10ZRkpX26
ICISdq/MfKk0U3b7Z3wEhXjAkHvx2Ii0c8pvRZqood1KAGjDEddPaG2nQMnRSZfo
CtXapnkwZenuZH/iwIQ+GI9s6DvT+M0p1/OAGT28jpUskJ04Z2oXE/2BAmzht3u0
O5pzgzAZqGajCqMx20+gibG6C6iQb46V/zmUOcqpabWfKp2S/VLTKuTjkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDedCC4yOrzaewOjfR8oL7La8AoXMB8GA1UdIwQY
MBaAFFM4AuYpZdRYTlmNWbdqkovlr9lxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXpnQzVpbGwxRmhPV1kxWnQycVNpLVd2MlhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi8wMWE3M2EtOGRhMC00OGI5LWFhZWQt
YTIzYzEzMWMwZDM4LzEvTjUwSUxqSTZ2TnA3QTZOOUh5Z3ZzdHJ3Q2hjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi8wMWE3M2EtOGRhMC00OGI5LWFhZWQtYTIzYzEzMWMwZDM4
LzEvVXpnQzVpbGwxRmhPV1kxWnQycVNpLVd2MlhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCjWLkMA0G
CSqGSIb3DQEBCwUAA4IBAQAFXw1/l+LBB4PtcotMhjXJ6iKOCnDJIdX9fXVVC/Zm
PuPGF30jDOEJ8LKVnXV1JpY1ciiud2HFfx70Di1Wf2XZduk7gSpHbcNcr5JH+YML
gLQPB/+wJI9QeCgNuq7ROay8PKc3pPHPXQ4YqGWSkXkGfDlxVH2OKwwSoSUQ80d8
hzQhD7qXWKKFtCPLY0iof/QGmfbm/rEfq/zOWtG/KBmFpiTV3L/evGGLSq3MUKts
xq+4vKaK7wBr1h24ycpAKQS5x3oqCma2q3Jy+wdnlMOLWiA+TB9F9D47wy3DSWUG
bmEC2WXEInYBGHS4umASvwjNkAm3572Mf/5xiyghQUyZ
-----END CERTIFICATE-----