Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/d92919-962b-448d-98db-5990ea58e030/1/52v68hN6UT4PPJjjqq1uuE_KUSs.roa
File:                     52v68hN6UT4PPJjjqq1uuE_KUSs.roa (raw, json)
Hash identifier:          /ZapQrg7UEXSt0NcWwZ+kj+0zgSiaiRBd7g+qhPDHBg=
Subject key identifier:   E7:6B:FA:F2:13:7A:51:3E:0F:3C:98:E3:AA:AD:6E:B8:4F:CA:51:2B
Certificate issuer:       /CN=43c16595966afb0bacf1d7937f245d6a052221a3
Certificate serial:       0194228E13BC9F260403DDD83E99A3FD0F9B
Authority key identifier: 43:C1:65:95:96:6A:FB:0B:AC:F1:D7:93:7F:24:5D:6A:05:22:21:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q8FllZZq-wus8deTfyRdagUiIaM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/d92919-962b-448d-98db-5990ea58e030/1/52v68hN6UT4PPJjjqq1uuE_KUSs.roa
Signing time:             Wed 01 Jan 2025 15:48:44 +0000
ROA not before:           Wed 01 Jan 2025 15:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        194.50.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/d92919-962b-448d-98db-5990ea58e030/1/Q8FllZZq-wus8deTfyRdagUiIaM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/d92919-962b-448d-98db-5990ea58e030/1/Q8FllZZq-wus8deTfyRdagUiIaM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q8FllZZq-wus8deTfyRdagUiIaM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:13:bc:9f:26:04:03:dd:d8:3e:99:a3:fd:0f:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43c16595966afb0bacf1d7937f245d6a052221a3
        Validity
            Not Before: Jan  1 15:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e76bfaf2137a513e0f3c98e3aaad6eb84fca512b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:be:60:59:a5:ec:0a:d7:9a:af:ca:a9:d4:16:
                    b4:bc:35:b0:a6:9e:be:57:02:f3:77:76:81:08:10:
                    12:75:30:94:29:ba:63:b3:1a:24:9d:57:50:56:89:
                    22:c7:22:ef:4d:c0:9a:98:6b:2f:c3:b6:12:7a:6b:
                    2a:2d:44:80:69:7f:54:57:6e:d0:6e:73:2f:c4:eb:
                    13:ce:52:c6:69:5d:57:40:44:07:90:b4:b3:13:5f:
                    58:ba:d5:63:45:ff:c7:85:ff:a2:b5:77:4f:4b:a9:
                    33:e9:f1:c7:b2:b4:51:76:12:25:9f:9d:b8:7b:5e:
                    ff:bb:0f:d8:93:5d:60:5a:93:f9:b1:af:6d:cf:a3:
                    cc:1e:e7:09:fe:0c:f9:46:30:5b:39:4a:1f:fd:f2:
                    00:bf:14:10:0f:fa:56:46:4a:e8:38:c9:a7:92:e3:
                    b7:f4:e1:25:24:c3:c0:e0:6a:d8:be:47:a2:7c:76:
                    87:d0:3d:55:34:da:0a:8a:f6:61:aa:57:25:38:3f:
                    d4:2e:cc:ec:db:62:11:aa:7f:bb:a9:85:e3:80:8e:
                    86:ee:19:82:b3:f9:50:d0:1d:ee:1b:10:91:4b:ba:
                    2f:18:d8:80:1e:e7:71:63:36:08:db:1f:6d:01:f5:
                    6d:20:6d:22:63:8b:50:46:b3:70:1b:44:90:e1:30:
                    c7:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:6B:FA:F2:13:7A:51:3E:0F:3C:98:E3:AA:AD:6E:B8:4F:CA:51:2B
            X509v3 Authority Key Identifier:
                keyid:43:C1:65:95:96:6A:FB:0B:AC:F1:D7:93:7F:24:5D:6A:05:22:21:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q8FllZZq-wus8deTfyRdagUiIaM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/d92919-962b-448d-98db-5990ea58e030/1/52v68hN6UT4PPJjjqq1uuE_KUSs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/d92919-962b-448d-98db-5990ea58e030/1/Q8FllZZq-wus8deTfyRdagUiIaM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:ab:5e:46:7b:eb:16:8e:39:a3:06:bd:08:f9:8d:b9:3d:9d:
         1c:2b:6d:61:a1:99:a8:49:8b:d7:9e:27:60:bf:98:be:c6:a0:
         2b:07:a6:bc:bf:9e:d1:3c:bc:8b:98:83:ef:d8:86:a9:35:d6:
         fb:e4:82:4f:1f:77:bd:fa:93:99:11:a1:f2:07:e3:30:5d:62:
         81:46:64:e3:69:1a:58:c8:95:e8:14:9e:88:e4:3e:7f:a1:c2:
         0c:31:3d:86:16:9c:26:25:1e:ab:14:73:5b:b3:45:88:48:15:
         c5:e9:5c:c3:3d:c3:33:6b:f4:99:e2:02:ed:a8:d5:8e:55:e2:
         e6:b7:a9:97:21:a6:06:fc:0f:97:e9:d2:43:73:b7:98:40:e6:
         87:77:ba:be:88:91:e8:d1:6e:0f:d5:ec:4b:cf:a9:9d:0f:c1:
         a1:e7:f4:e6:14:37:9c:d0:1d:96:c0:87:bd:6a:71:e8:2e:50:
         14:74:2c:fc:a0:5c:d5:f8:fd:8d:f6:1a:6d:bc:dc:57:e3:2e:
         3b:25:df:8e:c2:7d:59:6e:06:af:68:10:22:73:c6:87:1d:36:
         35:90:ae:b7:88:5a:82:20:15:a4:d9:71:54:20:32:35:ec:84:
         a1:98:33:69:26:23:3f:ce:41:a2:e7:50:47:e1:f6:f4:21:9c:
         da:c7:18:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijhO8nyYEA93YPpmj/Q+bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzYzE2NTk1OTY2YWZiMGJhY2YxZDc5MzdmMjQ1ZDZhMDUy
MjIxYTMwHhcNMjUwMTAxMTU0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzZiZmFmMjEzN2E1MTNlMGYzYzk4ZTNhYWFkNmViODRmY2E1MTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp75gWaXsCtear8qp1Ba0vDWwpp6+
VwLzd3aBCBASdTCUKbpjsxoknVdQVokixyLvTcCamGsvw7YSemsqLUSAaX9UV27Q
bnMvxOsTzlLGaV1XQEQHkLSzE19YutVjRf/Hhf+itXdPS6kz6fHHsrRRdhIln524
e17/uw/Yk11gWpP5sa9tz6PMHucJ/gz5RjBbOUof/fIAvxQQD/pWRkroOMmnkuO3
9OElJMPA4GrYvkeifHaH0D1VNNoKivZhqlclOD/ULszs22IRqn+7qYXjgI6G7hmC
s/lQ0B3uGxCRS7ovGNiAHudxYzYI2x9tAfVtIG0iY4tQRrNwG0SQ4TDHMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOdr+vITelE+DzyY46qtbrhPylErMB8GA1UdIwQY
MBaAFEPBZZWWavsLrPHXk38kXWoFIiGjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUThGbGxaWnEtd3VzOGRlVGZ5UmRhZ1VpSWFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS9kOTI5MTktOTYyYi00NDhkLTk4ZGIt
NTk5MGVhNThlMDMwLzEvNTJ2NjhoTjZVVDRQUEpqanFxMXV1RV9LVVNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS9kOTI5MTktOTYyYi00NDhkLTk4ZGItNTk5MGVhNThlMDMw
LzEvUThGbGxaWnEtd3VzOGRlVGZ5UmRhZ1VpSWFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjLGMA0G
CSqGSIb3DQEBCwUAA4IBAQAPq15Ge+sWjjmjBr0I+Y25PZ0cK21hoZmoSYvXnidg
v5i+xqArB6a8v57RPLyLmIPv2IapNdb75IJPH3e9+pOZEaHyB+MwXWKBRmTjaRpY
yJXoFJ6I5D5/ocIMMT2GFpwmJR6rFHNbs0WISBXF6VzDPcMza/SZ4gLtqNWOVeLm
t6mXIaYG/A+X6dJDc7eYQOaHd7q+iJHo0W4P1exLz6mdD8Gh5/TmFDec0B2WwIe9
anHoLlAUdCz8oFzV+P2N9hptvNxX4y47Jd+Own1ZbgavaBAic8aHHTY1kK63iFqC
IBWk2XFUIDI17IShmDNpJiM/zkGi51BH4fb0IZzaxxgs
-----END CERTIFICATE-----