Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/683ffb-65eb-4972-997a-5f29c9f549e8/1/w10xzkEPQsU6_uOc2iQ02ZhuxnI.roa
File:                     w10xzkEPQsU6_uOc2iQ02ZhuxnI.roa (raw, json)
Hash identifier:          QPhIhI9ICKv1SzZDtlXfM195k+zcajHp43/srumlwxw=
Subject key identifier:   C3:5D:31:CE:41:0F:42:C5:3A:FE:E3:9C:DA:24:34:D9:98:6E:C6:72
Certificate issuer:       /CN=e2c3fc198c772f59b8ede529856b52ea179a4e38
Certificate serial:       018CC5DCC5B8FF9FE8D4B466328777C32195
Authority key identifier: E2:C3:FC:19:8C:77:2F:59:B8:ED:E5:29:85:6B:52:EA:17:9A:4E:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4sP8GYx3L1m47eUphWtS6heaTjg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/683ffb-65eb-4972-997a-5f29c9f549e8/1/w10xzkEPQsU6_uOc2iQ02ZhuxnI.roa
Signing time:             Mon 01 Jan 2024 16:30:29 +0000
ROA not before:           Mon 01 Jan 2024 16:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39628
IP address blocks:        194.50.97.0/24 maxlen: 24
                          2001:67c:314::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/683ffb-65eb-4972-997a-5f29c9f549e8/1/4sP8GYx3L1m47eUphWtS6heaTjg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/683ffb-65eb-4972-997a-5f29c9f549e8/1/4sP8GYx3L1m47eUphWtS6heaTjg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4sP8GYx3L1m47eUphWtS6heaTjg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:c5:b8:ff:9f:e8:d4:b4:66:32:87:77:c3:21:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2c3fc198c772f59b8ede529856b52ea179a4e38
        Validity
            Not Before: Jan  1 16:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c35d31ce410f42c53afee39cda2434d9986ec672
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:fd:b7:5e:6a:c1:92:79:33:38:0f:91:60:15:
                    3a:9d:c8:db:c7:d6:b2:3e:39:05:97:c2:78:cc:51:
                    f5:90:59:56:42:c4:dd:92:74:d2:c1:af:d5:ef:58:
                    83:81:65:1f:ce:c3:75:9e:61:be:0e:71:fd:80:0d:
                    86:de:50:10:86:6c:44:e9:04:6f:53:91:75:f0:26:
                    ab:0b:26:7d:37:5e:78:85:cf:cc:57:0f:33:80:87:
                    74:9f:4c:d2:46:91:95:d9:26:32:23:40:86:cc:5f:
                    95:1a:ee:84:e3:c3:0e:2a:7b:60:d7:c8:8e:44:67:
                    1d:69:d9:ec:a0:66:c8:27:2c:12:e4:63:a0:9d:16:
                    60:af:da:05:43:37:9e:9d:db:3c:08:b6:14:99:b1:
                    6c:12:af:8f:ff:40:f4:66:c3:d6:14:77:8d:f9:bb:
                    ca:11:24:6d:a6:85:03:88:ab:96:92:3f:24:39:4a:
                    86:69:b3:10:0a:db:67:9a:b8:f6:66:a3:ca:be:68:
                    a8:17:dd:d7:43:75:2a:f0:71:fa:bc:4b:07:dd:57:
                    60:05:f0:75:25:07:85:af:86:11:c6:2b:dc:55:65:
                    95:13:47:c0:01:fb:17:d7:08:42:27:b2:1a:e9:3b:
                    ca:0e:4e:de:81:a6:5a:87:62:f8:57:ff:77:b5:83:
                    d3:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:5D:31:CE:41:0F:42:C5:3A:FE:E3:9C:DA:24:34:D9:98:6E:C6:72
            X509v3 Authority Key Identifier:
                keyid:E2:C3:FC:19:8C:77:2F:59:B8:ED:E5:29:85:6B:52:EA:17:9A:4E:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4sP8GYx3L1m47eUphWtS6heaTjg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/683ffb-65eb-4972-997a-5f29c9f549e8/1/w10xzkEPQsU6_uOc2iQ02ZhuxnI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/683ffb-65eb-4972-997a-5f29c9f549e8/1/4sP8GYx3L1m47eUphWtS6heaTjg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.97.0/24
                IPv6:
                  2001:67c:314::/48

    Signature Algorithm: sha256WithRSAEncryption
         78:93:44:ad:fa:61:ad:c9:fd:6c:23:76:6d:3a:3d:e4:58:66:
         b4:3b:e9:5e:37:59:b2:cf:27:75:b0:76:6d:36:f5:9f:73:9e:
         3d:fc:f4:fd:ac:a6:d5:d2:bd:2d:fd:19:af:bd:cd:fb:24:3e:
         23:cf:da:36:bb:47:55:c7:d8:86:5c:9e:fc:69:8c:8d:81:7c:
         36:31:18:32:3c:0d:37:09:f7:ba:fd:f2:91:4d:50:e9:93:92:
         c2:87:61:b3:48:12:c5:e0:4a:b5:44:c8:76:a5:1c:55:cd:b1:
         25:ed:04:08:9e:d2:30:75:d1:a9:d7:75:43:44:7e:19:ea:3d:
         cf:5d:0a:df:f9:8e:bb:58:b6:32:16:98:c1:2a:b6:f1:6a:d5:
         4c:68:c0:00:62:bf:76:92:5f:5a:33:08:6d:c5:c6:46:ce:e0:
         68:70:d5:51:0b:1b:0d:68:28:d9:1a:5c:be:44:ae:0c:75:d8:
         be:48:ea:7a:14:e7:51:df:38:c1:ea:b7:f8:ee:00:80:e8:cc:
         d1:83:24:df:22:36:0e:d6:3e:98:8f:6b:90:be:c8:5f:1a:b6:
         2a:9d:e5:84:80:9b:e0:d5:db:30:b1:bc:2b:87:f7:d1:6b:90:
         b0:94:95:93:f4:18:c3:0a:f8:6c:c0:e3:f4:2a:f4:b8:fe:6b:
         29:11:16:a6
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzF3MW4/5/o1LRmMod3wyGVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYzNmYzE5OGM3NzJmNTliOGVkZTUyOTg1NmI1MmVhMTc5
YTRlMzgwHhcNMjQwMTAxMTYzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzVkMzFjZTQxMGY0MmM1M2FmZWUzOWNkYTI0MzRkOTk4NmVjNjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4f23XmrBknkzOA+RYBU6ncjbx9ay
PjkFl8J4zFH1kFlWQsTdknTSwa/V71iDgWUfzsN1nmG+DnH9gA2G3lAQhmxE6QRv
U5F18CarCyZ9N154hc/MVw8zgId0n0zSRpGV2SYyI0CGzF+VGu6E48MOKntg18iO
RGcdadnsoGbIJywS5GOgnRZgr9oFQzeends8CLYUmbFsEq+P/0D0ZsPWFHeN+bvK
ESRtpoUDiKuWkj8kOUqGabMQCttnmrj2ZqPKvmioF93XQ3Uq8HH6vEsH3VdgBfB1
JQeFr4YRxivcVWWVE0fAAfsX1whCJ7Ia6TvKDk7egaZah2L4V/93tYPT9wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMNdMc5BD0LFOv7jnNokNNmYbsZyMB8GA1UdIwQY
MBaAFOLD/BmMdy9ZuO3lKYVrUuoXmk44MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHNQOEdZeDNMMW00N2VVcGhXdFM2aGVhVGpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy82ODNmZmItNjVlYi00OTcyLTk5N2Et
NWYyOWM5ZjU0OWU4LzEvdzEweHprRVBRc1U2X3VPYzJpUTAyWmh1eG5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy82ODNmZmItNjVlYi00OTcyLTk5N2EtNWYyOWM5ZjU0OWU4
LzEvNHNQOEdZeDNMMW00N2VVcGhXdFM2aGVhVGpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwjJhMA8E
AgACMAkDBwAgAQZ8AxQwDQYJKoZIhvcNAQELBQADggEBAHiTRK36Ya3J/Wwjdm06
PeRYZrQ76V43WbLPJ3Wwdm029Z9znj389P2sptXSvS39Ga+9zfskPiPP2ja7R1XH
2IZcnvxpjI2BfDYxGDI8DTcJ97r98pFNUOmTksKHYbNIEsXgSrVEyHalHFXNsSXt
BAie0jB10anXdUNEfhnqPc9dCt/5jrtYtjIWmMEqtvFq1UxowABiv3aSX1ozCG3F
xkbO4Ghw1VELGw1oKNkaXL5Ergx12L5I6noU51HfOMHqt/juAIDozNGDJN8iNg7W
PpiPa5C+yF8atiqd5YSAm+DV2zCxvCuH99FrkLCUlZP0GMMK+GzA4/Qq9Lj+aykR
FqY=
-----END CERTIFICATE-----