Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/50ef2e-7a1c-405a-9117-de14e3532fd8/1/8a-C-adIftA5K1bHD_XDYu8enWw.roa
File:                     8a-C-adIftA5K1bHD_XDYu8enWw.roa (raw, json)
Hash identifier:          marm1KJizqWGkFuPU1/ToIVMj0ZjRanF5ZH5ZZcvR/g=
Subject key identifier:   F1:AF:82:F9:A7:48:7E:D0:39:2B:56:C7:0F:F5:C3:62:EF:1E:9D:6C
Certificate issuer:       /CN=49850f1bfd98d840a2aa8a83fa4f0894439d998d
Certificate serial:       019078ACA42C467067F22D317793673B7F46
Authority key identifier: 49:85:0F:1B:FD:98:D8:40:A2:AA:8A:83:FA:4F:08:94:43:9D:99:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SYUPG_2Y2ECiqoqD-k8IlEOdmY0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/50ef2e-7a1c-405a-9117-de14e3532fd8/1/8a-C-adIftA5K1bHD_XDYu8enWw.roa
Signing time:             Wed 03 Jul 2024 12:58:18 +0000
ROA not before:           Wed 03 Jul 2024 12:58:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47242
IP address blocks:        83.220.28.0/24 maxlen: 24
                          83.220.29.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/50ef2e-7a1c-405a-9117-de14e3532fd8/1/SYUPG_2Y2ECiqoqD-k8IlEOdmY0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/50ef2e-7a1c-405a-9117-de14e3532fd8/1/SYUPG_2Y2ECiqoqD-k8IlEOdmY0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SYUPG_2Y2ECiqoqD-k8IlEOdmY0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 18:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:78:ac:a4:2c:46:70:67:f2:2d:31:77:93:67:3b:7f:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49850f1bfd98d840a2aa8a83fa4f0894439d998d
        Validity
            Not Before: Jul  3 12:58:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f1af82f9a7487ed0392b56c70ff5c362ef1e9d6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:71:69:28:1d:6a:7e:71:e8:db:ae:8c:68:77:
                    3a:b1:04:da:e8:d2:92:f9:dc:7b:63:a6:3a:ea:fe:
                    b8:31:6d:1b:bc:0b:2f:3a:3e:b0:bc:36:ff:20:77:
                    0c:5a:3c:15:3c:f2:9a:7c:54:63:42:a0:2a:a9:bf:
                    ac:33:db:bd:7f:77:a4:c7:8d:0a:26:77:15:d1:c9:
                    48:1d:7b:5a:80:ea:62:7e:4a:96:7a:e4:bf:9d:32:
                    0c:a8:18:29:fc:03:ac:19:b8:10:03:b3:d4:83:4d:
                    f0:ae:40:23:72:e6:3e:bc:00:b7:3a:69:e0:bc:03:
                    e2:31:66:83:be:18:b3:ad:4f:17:77:72:ee:d6:12:
                    df:c8:4d:12:1e:e9:8d:38:64:1b:c9:34:e7:df:51:
                    bc:3c:e8:a3:eb:8d:24:c6:22:a3:8f:2e:fc:31:7e:
                    79:eb:5a:0d:38:b7:a7:4e:89:12:27:e6:78:00:1f:
                    03:be:16:de:81:d2:8d:aa:aa:a6:58:b8:63:57:ac:
                    b1:ef:05:f9:bf:31:2d:f2:01:39:3e:f4:bf:6b:d3:
                    f0:84:75:8d:f8:67:f1:02:de:21:ac:82:6b:10:29:
                    53:5a:5b:95:44:ee:c8:f9:5a:85:f7:e5:93:08:9b:
                    b5:60:48:97:e2:ce:b7:e1:a5:68:08:2d:3f:28:78:
                    c5:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:AF:82:F9:A7:48:7E:D0:39:2B:56:C7:0F:F5:C3:62:EF:1E:9D:6C
            X509v3 Authority Key Identifier:
                keyid:49:85:0F:1B:FD:98:D8:40:A2:AA:8A:83:FA:4F:08:94:43:9D:99:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SYUPG_2Y2ECiqoqD-k8IlEOdmY0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/50ef2e-7a1c-405a-9117-de14e3532fd8/1/8a-C-adIftA5K1bHD_XDYu8enWw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/50ef2e-7a1c-405a-9117-de14e3532fd8/1/SYUPG_2Y2ECiqoqD-k8IlEOdmY0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.220.28.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1d:b3:62:c4:1d:dd:e1:64:f2:d5:33:f1:9a:a4:e6:9d:c4:67:
         09:33:3c:4f:f8:c2:aa:8d:73:29:5f:b6:89:c8:da:6e:9e:49:
         ae:f4:ce:82:d5:ca:de:b0:03:5e:72:db:f7:0c:83:49:cd:b6:
         e5:26:c7:87:f2:55:0a:e0:c2:8f:83:a1:61:69:f1:29:22:ff:
         21:af:d2:4f:7f:3b:ae:44:4e:3f:b2:5b:40:8e:23:29:23:94:
         01:74:f0:37:17:9b:ce:35:71:3f:88:af:31:9c:da:85:49:73:
         87:b9:ca:81:2e:28:a6:7f:52:ef:71:52:2c:70:a6:f1:28:e0:
         a5:a3:db:5d:04:70:45:49:01:cb:93:49:02:7e:8f:4a:30:20:
         39:b8:f3:a4:91:e8:20:1e:df:4e:ab:6b:5b:46:12:19:e9:6a:
         f8:af:bc:9e:34:e0:6d:af:f4:a1:fd:bf:95:0f:f1:a4:66:fd:
         6f:d2:49:41:bd:f4:c3:28:13:02:91:62:e6:71:c0:d6:0b:16:
         99:2a:76:42:52:fe:b9:7c:1a:67:b6:c2:82:9d:2f:73:63:0e:
         ab:c8:e4:9b:c2:5b:97:d5:e1:4c:e5:86:c9:a9:1f:11:57:3c:
         be:6f:26:09:b0:8a:a3:ec:09:6d:93:7f:27:5f:26:c3:e5:a8:
         d5:a4:30:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZB4rKQsRnBn8i0xd5NnO39GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ODUwZjFiZmQ5OGQ4NDBhMmFhOGE4M2ZhNGYwODk0NDM5
ZDk5OGQwHhcNMjQwNzAzMTI1ODE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWFmODJmOWE3NDg3ZWQwMzkyYjU2YzcwZmY1YzM2MmVmMWU5ZDZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu3FpKB1qfnHo266MaHc6sQTa6NKS
+dx7Y6Y66v64MW0bvAsvOj6wvDb/IHcMWjwVPPKafFRjQqAqqb+sM9u9f3ekx40K
JncV0clIHXtagOpifkqWeuS/nTIMqBgp/AOsGbgQA7PUg03wrkAjcuY+vAC3Omng
vAPiMWaDvhizrU8Xd3Lu1hLfyE0SHumNOGQbyTTn31G8POij640kxiKjjy78MX55
61oNOLenTokSJ+Z4AB8DvhbegdKNqqqmWLhjV6yx7wX5vzEt8gE5PvS/a9PwhHWN
+GfxAt4hrIJrEClTWluVRO7I+VqF9+WTCJu1YEiX4s634aVoCC0/KHjF9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPGvgvmnSH7QOStWxw/1w2LvHp1sMB8GA1UdIwQY
MBaAFEmFDxv9mNhAoqqKg/pPCJRDnZmNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1lVUEdfMlkyRUNpcW9xRC1rOElsRU9kbVkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi81MGVmMmUtN2ExYy00MDVhLTkxMTct
ZGUxNGUzNTMyZmQ4LzEvOGEtQy1hZElmdEE1SzFiSERfWERZdThlbld3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi81MGVmMmUtN2ExYy00MDVhLTkxMTctZGUxNGUzNTMyZmQ4
LzEvU1lVUEdfMlkyRUNpcW9xRC1rOElsRU9kbVkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBU9wcMA0G
CSqGSIb3DQEBCwUAA4IBAQAds2LEHd3hZPLVM/GapOadxGcJMzxP+MKqjXMpX7aJ
yNpunkmu9M6C1cresANectv3DINJzbblJseH8lUK4MKPg6FhafEpIv8hr9JPfzuu
RE4/sltAjiMpI5QBdPA3F5vONXE/iK8xnNqFSXOHucqBLiimf1LvcVIscKbxKOCl
o9tdBHBFSQHLk0kCfo9KMCA5uPOkkeggHt9Oq2tbRhIZ6Wr4r7yeNOBtr/Sh/b+V
D/GkZv1v0klBvfTDKBMCkWLmccDWCxaZKnZCUv65fBpntsKCnS9zYw6ryOSbwluX
1eFM5YbJqR8RVzy+byYJsIqj7Altk38nXybD5ajVpDA1
-----END CERTIFICATE-----