Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/5e51ba-508f-4f23-a79f-43283b3718dc/1/VJ38n93YBydWGZ0qOQ3Sz7r1S88.roa
File:                     VJ38n93YBydWGZ0qOQ3Sz7r1S88.roa (raw, json)
Hash identifier:          hr20eXfg/VfemAnnmj+6ced8goDGunKyIu9QfS9tcLw=
Subject key identifier:   54:9D:FC:9F:DD:D8:07:27:56:19:9D:2A:39:0D:D2:CF:BA:F5:4B:CF
Certificate issuer:       /CN=d8c2096cc0c5557cbab6c10d61d077d078fe717f
Certificate serial:       018CC86F932FDDE9950F9827E15FCA6E6F46
Authority key identifier: D8:C2:09:6C:C0:C5:55:7C:BA:B6:C1:0D:61:D0:77:D0:78:FE:71:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2MIJbMDFVXy6tsENYdB30Hj-cX8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/5e51ba-508f-4f23-a79f-43283b3718dc/1/VJ38n93YBydWGZ0qOQ3Sz7r1S88.roa
Signing time:             Tue 02 Jan 2024 04:30:04 +0000
ROA not before:           Tue 02 Jan 2024 04:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200043
IP address blocks:        194.50.54.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/5e51ba-508f-4f23-a79f-43283b3718dc/1/2MIJbMDFVXy6tsENYdB30Hj-cX8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/5e51ba-508f-4f23-a79f-43283b3718dc/1/2MIJbMDFVXy6tsENYdB30Hj-cX8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2MIJbMDFVXy6tsENYdB30Hj-cX8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 17:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:93:2f:dd:e9:95:0f:98:27:e1:5f:ca:6e:6f:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8c2096cc0c5557cbab6c10d61d077d078fe717f
        Validity
            Not Before: Jan  2 04:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=549dfc9fddd8072756199d2a390dd2cfbaf54bcf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:db:0f:ef:00:e5:fd:17:85:74:78:c4:70:9d:
                    67:66:da:85:d0:0d:5d:90:37:21:80:4e:03:93:5f:
                    a4:2f:5a:dc:ab:c5:06:98:30:2d:ad:0a:98:b5:98:
                    e3:7a:9f:7e:43:e4:56:36:37:9d:f2:76:66:5d:82:
                    a7:08:c9:dc:2a:74:9c:ad:62:bb:d1:35:48:d8:f0:
                    87:bc:89:52:99:f8:47:62:a9:68:41:b3:ea:61:7d:
                    aa:9c:40:c3:98:72:b1:ab:b9:f6:64:a4:48:8a:73:
                    c2:38:bd:3a:69:d3:fc:fd:0b:b0:f2:c4:59:23:88:
                    d5:0b:71:9f:d0:75:1f:bc:17:81:a1:d7:af:d4:27:
                    42:ed:31:90:77:8a:23:fe:56:dc:14:3c:03:56:6d:
                    38:ea:45:d9:b5:2f:0c:5a:57:5c:23:b4:7b:34:2c:
                    27:31:c3:81:36:30:c9:5d:d2:ab:a5:c1:37:df:ad:
                    f9:d7:58:0e:6b:cb:f5:85:7c:96:1d:52:09:69:eb:
                    62:d3:76:7f:be:c8:0b:47:74:e1:a8:5d:24:9e:4d:
                    54:c6:60:4f:82:7d:c7:0e:1c:dd:5d:e4:0e:09:83:
                    59:f3:8d:1d:61:7d:63:ef:e3:2e:15:b0:0d:33:1a:
                    0c:af:85:24:aa:78:84:67:ec:f3:c4:6a:fb:e6:de:
                    ce:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:9D:FC:9F:DD:D8:07:27:56:19:9D:2A:39:0D:D2:CF:BA:F5:4B:CF
            X509v3 Authority Key Identifier:
                keyid:D8:C2:09:6C:C0:C5:55:7C:BA:B6:C1:0D:61:D0:77:D0:78:FE:71:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2MIJbMDFVXy6tsENYdB30Hj-cX8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/5e51ba-508f-4f23-a79f-43283b3718dc/1/VJ38n93YBydWGZ0qOQ3Sz7r1S88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/5e51ba-508f-4f23-a79f-43283b3718dc/1/2MIJbMDFVXy6tsENYdB30Hj-cX8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:fc:47:ce:70:8a:2c:1d:f3:06:a8:1c:a4:a0:7d:02:c7:d5:
         00:a3:c4:0d:94:83:fb:5c:43:fd:7f:fc:4c:8e:fb:a1:99:b4:
         1d:44:ed:6e:2b:02:dd:e6:77:de:fb:c0:90:ad:d0:65:2a:6e:
         e4:d9:86:3f:9e:2d:15:de:ae:b0:f9:e1:13:43:64:1a:c1:04:
         83:d6:6d:a1:62:96:65:1f:e4:03:c1:18:c5:33:e4:c1:a0:c5:
         49:04:d3:14:6d:56:0c:fa:ce:2b:24:3f:3e:c8:ed:d7:eb:fc:
         a7:ba:6e:53:68:35:bf:a9:3a:73:dd:11:85:ce:61:06:ac:50:
         97:eb:77:f0:fc:26:7e:4c:57:f5:95:41:cf:7a:65:b8:fc:cb:
         b5:bb:27:3a:c5:98:13:1c:20:a5:e0:9f:f2:4c:09:f4:79:b7:
         50:f0:6f:e7:99:0d:2e:cd:7c:2e:6c:35:f0:1d:25:09:89:3f:
         63:5c:2e:61:49:73:19:00:44:5c:72:78:7a:d8:af:4d:1b:64:
         60:4f:da:0f:5f:45:6b:b0:bd:a8:7a:f9:58:45:6c:c5:9e:f5:
         28:98:52:77:56:1b:67:f1:cb:0a:1b:f7:f0:25:3e:7a:2c:18:
         de:60:7f:32:8b:92:4a:e4:70:f5:83:71:f3:ee:b3:e6:3f:e0:
         16:04:ef:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb5Mv3emVD5gn4V/Kbm9GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4YzIwOTZjYzBjNTU1N2NiYWI2YzEwZDYxZDA3N2QwNzhm
ZTcxN2YwHhcNMjQwMTAyMDQzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDlkZmM5ZmRkZDgwNzI3NTYxOTlkMmEzOTBkZDJjZmJhZjU0YmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhdsP7wDl/ReFdHjEcJ1nZtqF0A1d
kDchgE4Dk1+kL1rcq8UGmDAtrQqYtZjjep9+Q+RWNjed8nZmXYKnCMncKnScrWK7
0TVI2PCHvIlSmfhHYqloQbPqYX2qnEDDmHKxq7n2ZKRIinPCOL06adP8/Quw8sRZ
I4jVC3Gf0HUfvBeBodev1CdC7TGQd4oj/lbcFDwDVm046kXZtS8MWldcI7R7NCwn
McOBNjDJXdKrpcE3363511gOa8v1hXyWHVIJaeti03Z/vsgLR3ThqF0knk1UxmBP
gn3HDhzdXeQOCYNZ840dYX1j7+MuFbANMxoMr4UkqniEZ+zzxGr75t7OHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFSd/J/d2AcnVhmdKjkN0s+69UvPMB8GA1UdIwQY
MBaAFNjCCWzAxVV8urbBDWHQd9B4/nF/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk1JSmJNREZWWHk2dHNFTllkQjMwSGotY1g4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy81ZTUxYmEtNTA4Zi00ZjIzLWE3OWYt
NDMyODNiMzcxOGRjLzEvVkozOG45M1lCeWRXR1owcU9RM1N6N3IxUzg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy81ZTUxYmEtNTA4Zi00ZjIzLWE3OWYtNDMyODNiMzcxOGRj
LzEvMk1JSmJNREZWWHk2dHNFTllkQjMwSGotY1g4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjI2MA0G
CSqGSIb3DQEBCwUAA4IBAQCx/EfOcIosHfMGqBykoH0Cx9UAo8QNlIP7XEP9f/xM
jvuhmbQdRO1uKwLd5nfe+8CQrdBlKm7k2YY/ni0V3q6w+eETQ2QawQSD1m2hYpZl
H+QDwRjFM+TBoMVJBNMUbVYM+s4rJD8+yO3X6/ynum5TaDW/qTpz3RGFzmEGrFCX
63fw/CZ+TFf1lUHPemW4/Mu1uyc6xZgTHCCl4J/yTAn0ebdQ8G/nmQ0uzXwubDXw
HSUJiT9jXC5hSXMZAERccnh62K9NG2RgT9oPX0VrsL2oevlYRWzFnvUomFJ3Vhtn
8csKG/fwJT56LBjeYH8yi5JK5HD1g3Hz7rPmP+AWBO+Z
-----END CERTIFICATE-----