Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/474f65-fe29-4822-ba14-ce8214cef6b5/1/bEmN9eZvXjk-T0sGEkzcjNnRtY0.roa
File:                     bEmN9eZvXjk-T0sGEkzcjNnRtY0.roa (raw, json)
Hash identifier:          iD8CGSfOAFZ4rGwzSbns8PYDMTVh2PQjBwYVaNUbPHc=
Subject key identifier:   6C:49:8D:F5:E6:6F:5E:39:3E:4F:4B:06:12:4C:DC:8C:D9:D1:B5:8D
Certificate issuer:       /CN=c50e0801823f19d51b962ab6d4ebbbc27dd4ed96
Certificate serial:       018CC94AD5EEB9980B0B4EFA7A6781171CD4
Authority key identifier: C5:0E:08:01:82:3F:19:D5:1B:96:2A:B6:D4:EB:BB:C2:7D:D4:ED:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xQ4IAYI_GdUbliq21Ou7wn3U7ZY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/474f65-fe29-4822-ba14-ce8214cef6b5/1/bEmN9eZvXjk-T0sGEkzcjNnRtY0.roa
Signing time:             Tue 02 Jan 2024 08:29:33 +0000
ROA not before:           Tue 02 Jan 2024 08:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210917
IP address blocks:        193.30.116.0/24 maxlen: 24
                          167.94.24.0/24 maxlen: 24
                          2a13:4b00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/474f65-fe29-4822-ba14-ce8214cef6b5/1/xQ4IAYI_GdUbliq21Ou7wn3U7ZY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/474f65-fe29-4822-ba14-ce8214cef6b5/1/xQ4IAYI_GdUbliq21Ou7wn3U7ZY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xQ4IAYI_GdUbliq21Ou7wn3U7ZY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:d5:ee:b9:98:0b:0b:4e:fa:7a:67:81:17:1c:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c50e0801823f19d51b962ab6d4ebbbc27dd4ed96
        Validity
            Not Before: Jan  2 08:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6c498df5e66f5e393e4f4b06124cdc8cd9d1b58d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:18:b1:a6:c5:cd:d8:49:ee:51:29:cc:89:3f:
                    a8:40:61:76:ef:91:8b:9c:44:18:f7:33:58:3e:85:
                    c9:eb:ba:54:e1:9d:73:bf:57:6f:8f:41:90:87:b3:
                    d1:42:3c:31:14:f1:c5:2b:6a:ba:b1:10:76:5a:5a:
                    a8:97:12:fd:f4:72:61:c1:f1:11:9c:dd:d6:89:d7:
                    5c:06:8a:33:09:88:c2:44:42:fa:2f:70:3d:ae:d3:
                    27:b8:9f:76:ac:b8:1b:89:e7:f6:0b:ee:c8:8c:88:
                    2c:57:dd:4f:bf:6e:cc:eb:3e:9e:62:26:d0:ef:c7:
                    2b:b6:3e:7a:9c:a2:08:e5:f9:21:56:71:c0:7f:0c:
                    77:22:c1:c8:91:80:15:ec:de:34:10:97:b3:75:87:
                    5c:a9:98:89:6c:ec:b9:6a:3d:6d:65:da:96:ae:ed:
                    56:2c:26:28:d2:51:40:c4:83:b8:92:1c:48:8b:e6:
                    6c:36:3c:e6:d9:11:83:98:d1:59:80:c5:fd:aa:6e:
                    31:2f:75:ba:e6:65:63:51:ce:d5:74:37:3f:db:9e:
                    b7:57:0f:c5:12:c1:06:29:b3:ef:77:7f:8a:27:9a:
                    6a:03:61:ae:54:ba:19:4e:e4:9f:7f:56:26:ef:17:
                    41:c2:91:78:13:4a:46:d6:be:e0:81:17:42:87:11:
                    f6:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:49:8D:F5:E6:6F:5E:39:3E:4F:4B:06:12:4C:DC:8C:D9:D1:B5:8D
            X509v3 Authority Key Identifier:
                keyid:C5:0E:08:01:82:3F:19:D5:1B:96:2A:B6:D4:EB:BB:C2:7D:D4:ED:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xQ4IAYI_GdUbliq21Ou7wn3U7ZY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/474f65-fe29-4822-ba14-ce8214cef6b5/1/bEmN9eZvXjk-T0sGEkzcjNnRtY0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/474f65-fe29-4822-ba14-ce8214cef6b5/1/xQ4IAYI_GdUbliq21Ou7wn3U7ZY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.94.24.0/24
                  193.30.116.0/24
                IPv6:
                  2a13:4b00::/29

    Signature Algorithm: sha256WithRSAEncryption
         75:0e:b8:0c:11:3b:02:40:f9:23:9f:15:ad:15:40:0d:7d:05:
         48:cd:87:d7:f1:04:ef:54:b9:7a:38:79:cf:f4:9b:fe:a1:b4:
         fd:e4:99:ab:93:8d:22:aa:23:d5:be:44:a3:d0:a7:54:c6:94:
         97:71:1f:f4:4f:85:3f:2f:c2:65:28:a8:2f:f3:d7:b3:81:6c:
         38:35:7c:a4:88:1f:b8:1b:c6:7b:b1:e3:7f:de:4e:63:10:b8:
         41:0f:fd:5e:b5:97:33:bc:ca:fb:17:bf:30:87:a1:f1:6b:db:
         72:da:48:07:9a:95:a6:26:a5:4c:cc:89:2e:2a:f1:91:12:a1:
         b8:a2:f5:9f:3d:99:7a:76:d6:22:fa:0c:66:f0:c1:75:fc:dc:
         7b:ed:8c:a9:e4:e6:3f:f2:6d:30:10:72:91:f8:84:ca:f8:bb:
         f5:6f:93:97:8f:89:18:d9:f0:e4:30:5b:f1:56:1a:e8:35:34:
         99:05:0d:05:10:67:4a:56:1f:60:19:c4:b3:d2:8f:0b:6c:e1:
         ff:45:c1:b5:73:61:96:0f:17:48:5e:fb:da:b1:5b:46:6c:1e:
         69:94:8e:49:01:a5:b2:e9:e0:1f:61:13:85:42:82:61:db:46:
         93:b4:e8:a4:bf:e5:07:6b:f0:90:31:3e:4a:a6:22:18:4e:22:
         26:c1:bc:a4
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzJStXuuZgLC076emeBFxzUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1MGUwODAxODIzZjE5ZDUxYjk2MmFiNmQ0ZWJiYmMyN2Rk
NGVkOTYwHhcNMjQwMTAyMDgyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzQ5OGRmNWU2NmY1ZTM5M2U0ZjRiMDYxMjRjZGM4Y2Q5ZDFiNThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlRixpsXN2EnuUSnMiT+oQGF275GL
nEQY9zNYPoXJ67pU4Z1zv1dvj0GQh7PRQjwxFPHFK2q6sRB2WlqolxL99HJhwfER
nN3WiddcBoozCYjCREL6L3A9rtMnuJ92rLgbief2C+7IjIgsV91Pv27M6z6eYibQ
78crtj56nKII5fkhVnHAfwx3IsHIkYAV7N40EJezdYdcqZiJbOy5aj1tZdqWru1W
LCYo0lFAxIO4khxIi+ZsNjzm2RGDmNFZgMX9qm4xL3W65mVjUc7VdDc/2563Vw/F
EsEGKbPvd3+KJ5pqA2GuVLoZTuSff1Ym7xdBwpF4E0pG1r7ggRdChxH2HwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFGxJjfXmb145Pk9LBhJM3IzZ0bWNMB8GA1UdIwQY
MBaAFMUOCAGCPxnVG5YqttTru8J91O2WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFE0SUFZSV9HZFVibGlxMjFPdTd3bjNVN1pZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi80NzRmNjUtZmUyOS00ODIyLWJhMTQt
Y2U4MjE0Y2VmNmI1LzEvYkVtTjllWnZYamstVDBzR0VremNqTm5SdFkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi80NzRmNjUtZmUyOS00ODIyLWJhMTQtY2U4MjE0Y2VmNmI1
LzEveFE0SUFZSV9HZFVibGlxMjFPdTd3bjNVN1pZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAp14YAwQA
wR50MA0EAgACMAcDBQMqE0sAMA0GCSqGSIb3DQEBCwUAA4IBAQB1DrgMETsCQPkj
nxWtFUANfQVIzYfX8QTvVLl6OHnP9Jv+obT95Jmrk40iqiPVvkSj0KdUxpSXcR/0
T4U/L8JlKKgv89ezgWw4NXykiB+4G8Z7seN/3k5jELhBD/1etZczvMr7F78wh6Hx
a9ty2kgHmpWmJqVMzIkuKvGREqG4ovWfPZl6dtYi+gxm8MF1/Nx77Yyp5OY/8m0w
EHKR+ITK+Lv1b5OXj4kY2fDkMFvxVhroNTSZBQ0FEGdKVh9gGcSz0o8LbOH/RcG1
c2GWDxdIXvvasVtGbB5plI5JAaWy6eAfYROFQoJh20aTtOikv+UHa/CQMT5KpiIY
TiImwbyk
-----END CERTIFICATE-----