Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/73e00f-e3e3-4d23-ad6b-76682e794cc3/1/e5yzV14srFuMQBfDsGMAopQJ9D8.roa
File:                     e5yzV14srFuMQBfDsGMAopQJ9D8.roa (raw, json)
Hash identifier:          tOv+VMq7EQXi9YBTq0jYFyZ82xca/Pk86C81PHEgKv4=
Subject key identifier:   7B:9C:B3:57:5E:2C:AC:5B:8C:40:17:C3:B0:63:00:A2:94:09:F4:3F
Certificate issuer:       /CN=cb95e1cbc67e782dbf9f8e744e437268bdcc39ce
Certificate serial:       018CC4246D3D438E8CD4D89D27C916431D95
Authority key identifier: CB:95:E1:CB:C6:7E:78:2D:BF:9F:8E:74:4E:43:72:68:BD:CC:39:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y5Xhy8Z-eC2_n450TkNyaL3MOc4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/73e00f-e3e3-4d23-ad6b-76682e794cc3/1/e5yzV14srFuMQBfDsGMAopQJ9D8.roa
Signing time:             Mon 01 Jan 2024 08:29:30 +0000
ROA not before:           Mon 01 Jan 2024 08:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        194.50.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/73e00f-e3e3-4d23-ad6b-76682e794cc3/1/y5Xhy8Z-eC2_n450TkNyaL3MOc4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/73e00f-e3e3-4d23-ad6b-76682e794cc3/1/y5Xhy8Z-eC2_n450TkNyaL3MOc4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y5Xhy8Z-eC2_n450TkNyaL3MOc4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:6d:3d:43:8e:8c:d4:d8:9d:27:c9:16:43:1d:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb95e1cbc67e782dbf9f8e744e437268bdcc39ce
        Validity
            Not Before: Jan  1 08:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b9cb3575e2cac5b8c4017c3b06300a29409f43f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:1f:5b:a7:65:60:1a:e2:47:4b:01:b7:38:72:
                    9d:ec:ec:c4:e0:3c:bc:45:b1:1e:f5:3a:c7:40:81:
                    a4:24:ad:9f:7b:9d:df:db:42:15:1f:9e:8d:5a:da:
                    79:42:8e:34:e8:e1:4f:eb:cb:78:69:0f:59:54:7c:
                    55:d1:5b:7f:32:b4:18:6e:9f:a1:d1:25:5f:b3:88:
                    84:17:80:f8:76:0a:6a:3e:a6:fe:a0:5f:11:68:ed:
                    a6:d5:fd:dd:6d:5b:d1:94:ad:49:bd:3c:45:82:5c:
                    a9:fb:dd:55:f6:ad:ba:07:cb:32:a5:ef:6f:93:69:
                    89:63:bb:ca:b4:38:b2:e8:de:7e:ba:8d:20:53:6e:
                    b2:5d:09:d8:4f:81:00:6b:5d:01:0f:81:0a:2d:fe:
                    47:8e:d8:fb:3d:7b:7a:96:e8:f6:30:17:6a:da:a4:
                    3c:0f:1e:51:67:3e:8e:f1:ba:19:8a:cf:87:f1:2e:
                    d6:19:69:99:76:41:da:50:64:0b:38:5c:72:63:cb:
                    08:80:20:5e:b6:af:83:5f:14:9e:1c:14:ae:b1:77:
                    81:34:2f:00:c0:30:84:fa:db:a0:0c:97:2a:7a:b7:
                    e2:78:7c:45:68:1f:38:c0:6b:59:ec:a1:40:5f:a1:
                    08:73:28:1b:ee:ac:ab:17:ca:71:da:c9:3f:cf:01:
                    32:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:9C:B3:57:5E:2C:AC:5B:8C:40:17:C3:B0:63:00:A2:94:09:F4:3F
            X509v3 Authority Key Identifier:
                keyid:CB:95:E1:CB:C6:7E:78:2D:BF:9F:8E:74:4E:43:72:68:BD:CC:39:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y5Xhy8Z-eC2_n450TkNyaL3MOc4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/73e00f-e3e3-4d23-ad6b-76682e794cc3/1/e5yzV14srFuMQBfDsGMAopQJ9D8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/73e00f-e3e3-4d23-ad6b-76682e794cc3/1/y5Xhy8Z-eC2_n450TkNyaL3MOc4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:36:fc:48:db:c1:11:13:48:38:04:bc:8c:34:b1:a6:1b:c5:
         2b:67:15:f4:79:a2:e5:77:97:ad:e5:c3:cc:50:bd:7d:a5:96:
         ba:e3:69:67:ee:f2:75:69:41:55:b9:bc:41:e1:67:4c:81:4d:
         33:ea:00:6e:44:a0:99:be:b2:2d:58:49:56:43:8a:9c:03:35:
         ae:68:2e:f1:0a:d7:f3:64:3e:53:85:b7:6e:51:07:54:25:ff:
         91:ae:81:4b:b1:22:4a:73:14:6f:2b:3a:fc:9b:8d:f0:84:7a:
         af:9e:60:9f:a0:b7:ef:12:64:cb:99:16:ca:b2:b7:6b:e3:c7:
         6d:76:6a:b0:2f:95:f6:68:e0:c9:3a:9a:ab:8e:dd:54:b3:d5:
         e0:26:54:7a:db:c9:81:c9:5f:e6:ba:6a:c6:c2:a7:15:5a:51:
         b6:ff:16:86:c9:24:c5:97:12:77:93:03:75:60:f6:e1:c8:ab:
         c9:b3:d5:c4:12:8d:ef:86:12:34:a3:ee:76:c9:9f:f3:24:b6:
         ae:36:94:c9:d0:6a:88:ba:f6:c5:d3:a1:56:12:05:ee:84:ff:
         ba:db:6b:dc:53:ff:12:de:e3:5d:c9:65:85:c1:db:26:59:61:
         f5:43:2b:f3:47:1b:63:64:29:08:2f:c1:e2:dc:9b:3c:c8:2c:
         fc:1f:68:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJG09Q46M1NidJ8kWQx2VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiOTVlMWNiYzY3ZTc4MmRiZjlmOGU3NDRlNDM3MjY4YmRj
YzM5Y2UwHhcNMjQwMTAxMDgyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjljYjM1NzVlMmNhYzViOGM0MDE3YzNiMDYzMDBhMjk0MDlmNDNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3x9bp2VgGuJHSwG3OHKd7OzE4Dy8
RbEe9TrHQIGkJK2fe53f20IVH56NWtp5Qo406OFP68t4aQ9ZVHxV0Vt/MrQYbp+h
0SVfs4iEF4D4dgpqPqb+oF8RaO2m1f3dbVvRlK1JvTxFglyp+91V9q26B8sype9v
k2mJY7vKtDiy6N5+uo0gU26yXQnYT4EAa10BD4EKLf5Hjtj7PXt6luj2MBdq2qQ8
Dx5RZz6O8boZis+H8S7WGWmZdkHaUGQLOFxyY8sIgCBetq+DXxSeHBSusXeBNC8A
wDCE+tugDJcqerfieHxFaB84wGtZ7KFAX6EIcygb7qyrF8px2sk/zwEyGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHucs1deLKxbjEAXw7BjAKKUCfQ/MB8GA1UdIwQY
MBaAFMuV4cvGfngtv5+OdE5Dcmi9zDnOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTVYaHk4Wi1lQzJfbjQ1MFRrTnlhTDNNT2M0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83M2UwMGYtZTNlMy00ZDIzLWFkNmIt
NzY2ODJlNzk0Y2MzLzEvZTV5elYxNHNyRnVNUUJmRHNHTUFvcFFKOUQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83M2UwMGYtZTNlMy00ZDIzLWFkNmItNzY2ODJlNzk0Y2Mz
LzEveTVYaHk4Wi1lQzJfbjQ1MFRrTnlhTDNNT2M0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjIVMA0G
CSqGSIb3DQEBCwUAA4IBAQAZNvxI28ERE0g4BLyMNLGmG8UrZxX0eaLld5et5cPM
UL19pZa642ln7vJ1aUFVubxB4WdMgU0z6gBuRKCZvrItWElWQ4qcAzWuaC7xCtfz
ZD5ThbduUQdUJf+RroFLsSJKcxRvKzr8m43whHqvnmCfoLfvEmTLmRbKsrdr48dt
dmqwL5X2aODJOpqrjt1Us9XgJlR628mByV/mumrGwqcVWlG2/xaGySTFlxJ3kwN1
YPbhyKvJs9XEEo3vhhI0o+52yZ/zJLauNpTJ0GqIuvbF06FWEgXuhP+622vcU/8S
3uNdyWWFwdsmWWH1QyvzRxtjZCkIL8Hi3Js8yCz8H2jN
-----END CERTIFICATE-----