Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/50w_hNKHq2JGuLPYD97UyVP7wj8.roa
File:                     50w_hNKHq2JGuLPYD97UyVP7wj8.roa (raw, json)
Hash identifier:          to8wVv0qc+/+Pq+Qr6x8ePIOa4hy8iNOHtpW+g1kJHI=
Subject key identifier:   E7:4C:3F:84:D2:87:AB:62:46:B8:B3:D8:0F:DE:D4:C9:53:FB:C2:3F
Certificate issuer:       /CN=2fa16ab06020067740a4c1fb47a912622f1d0722
Certificate serial:       01932E9532F6A420BBAAEF109229D33C31C1
Authority key identifier: 2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/50w_hNKHq2JGuLPYD97UyVP7wj8.roa
Signing time:             Fri 15 Nov 2024 06:49:10 +0000
ROA not before:           Fri 15 Nov 2024 06:49:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202656
IP address blocks:        85.115.208.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:2e:95:32:f6:a4:20:bb:aa:ef:10:92:29:d3:3c:31:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fa16ab06020067740a4c1fb47a912622f1d0722
        Validity
            Not Before: Nov 15 06:49:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e74c3f84d287ab6246b8b3d80fded4c953fbc23f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:a9:4c:6e:6a:d3:e9:ec:a7:29:21:bf:bd:15:
                    cc:33:f7:80:b2:7a:20:f7:70:eb:fd:36:16:9c:09:
                    5f:1f:ed:10:41:11:aa:67:06:69:c8:e6:90:a3:c1:
                    ae:2d:66:90:96:8b:ff:0d:8c:7a:eb:6a:6f:2e:6c:
                    6c:a3:ea:cf:ef:8b:b0:a6:8d:bf:38:7d:56:e6:eb:
                    34:dc:29:36:bf:58:fd:62:b5:3a:d8:af:aa:0c:94:
                    bf:5e:ed:2f:29:48:4c:f6:cb:72:b9:b1:72:b0:69:
                    95:91:a4:c5:5b:98:13:54:6d:2e:c9:e8:a4:65:47:
                    bf:2b:68:68:b8:80:4e:06:ee:27:2e:f8:7a:72:44:
                    d5:5b:a2:08:84:91:f8:a6:eb:c2:8d:85:c3:35:37:
                    e2:a6:4e:53:31:d1:62:d0:e9:1a:5d:82:1f:e3:d1:
                    0c:bc:47:1f:83:f1:ef:fe:ad:d5:f9:f1:f1:4a:47:
                    69:2f:d7:f6:67:52:7e:48:24:68:df:86:f3:7d:4d:
                    98:bd:fc:52:8e:7f:f2:f7:b4:a1:a7:cb:ab:12:6c:
                    49:7c:e9:a2:f6:96:fc:69:81:1a:0a:3e:cd:91:73:
                    ea:58:3b:e5:0b:9e:85:88:08:f8:61:4a:b7:03:d5:
                    eb:68:79:c7:44:3e:80:81:42:af:ae:88:9e:53:b9:
                    f8:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:4C:3F:84:D2:87:AB:62:46:B8:B3:D8:0F:DE:D4:C9:53:FB:C2:3F
            X509v3 Authority Key Identifier:
                keyid:2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/50w_hNKHq2JGuLPYD97UyVP7wj8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.115.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:cd:80:1d:81:0d:88:d9:8a:86:85:02:cf:34:8d:6f:9b:6b:
         2b:3e:ad:79:f1:b4:69:29:65:a5:d0:d9:d1:1e:95:8b:9b:bf:
         f2:59:c4:e4:4a:ea:d7:01:d2:63:f7:8d:bb:c7:a2:52:9b:6b:
         81:9c:eb:09:e2:eb:2a:02:81:3b:0d:1a:3b:fb:c9:e2:f1:67:
         dc:24:a3:b2:7d:78:fa:fc:8a:74:44:6e:14:8c:af:ed:3b:72:
         23:c9:a0:b3:28:22:56:88:88:2a:94:b4:bd:1c:8f:af:5e:a6:
         59:52:4c:c2:94:f0:2e:52:43:58:ef:73:b8:cb:68:1d:ef:d4:
         9a:c1:6a:3a:f1:d1:bc:9a:37:bb:d8:4c:75:65:86:f9:8a:a2:
         54:b1:16:43:d4:d9:cc:55:39:de:2f:91:f4:d0:50:03:6f:9e:
         cf:f2:d4:60:63:c4:7b:ed:d7:94:d0:ca:45:f6:bb:09:98:48:
         ec:3b:e3:26:fb:15:05:a1:b3:8e:bb:cb:d9:df:c7:f1:4b:40:
         ee:20:54:7b:79:84:c2:5a:5f:9a:4d:0c:cb:8e:38:6f:6b:8e:
         47:3e:57:ff:cc:2d:0a:4b:d6:34:1a:a0:c2:c3:46:c1:80:5a:
         57:c8:c0:e5:e6:2c:37:88:b3:41:31:aa:1d:ad:46:f9:f4:30:
         b9:41:61:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMulTL2pCC7qu8QkinTPDHBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmYTE2YWIwNjAyMDA2Nzc0MGE0YzFmYjQ3YTkxMjYyMmYx
ZDA3MjIwHhcNMjQxMTE1MDY0OTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzRjM2Y4NGQyODdhYjYyNDZiOGIzZDgwZmRlZDRjOTUzZmJjMjNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyalMbmrT6eynKSG/vRXMM/eAsnog
93Dr/TYWnAlfH+0QQRGqZwZpyOaQo8GuLWaQlov/DYx662pvLmxso+rP74uwpo2/
OH1W5us03Ck2v1j9YrU62K+qDJS/Xu0vKUhM9styubFysGmVkaTFW5gTVG0uyeik
ZUe/K2houIBOBu4nLvh6ckTVW6IIhJH4puvCjYXDNTfipk5TMdFi0OkaXYIf49EM
vEcfg/Hv/q3V+fHxSkdpL9f2Z1J+SCRo34bzfU2YvfxSjn/y97Shp8urEmxJfOmi
9pb8aYEaCj7NkXPqWDvlC56FiAj4YUq3A9XraHnHRD6AgUKvroieU7n4xwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOdMP4TSh6tiRriz2A/e1MlT+8I/MB8GA1UdIwQY
MBaAFC+harBgIAZ3QKTB+0epEmIvHQciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUt
ZDI0MmI2ZjNhOGExLzEvNTB3X2hOS0hxMkpHdUxQWUQ5N1V5VlA3d2o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUtZDI0MmI2ZjNhOGEx
LzEvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVXPQMA0G
CSqGSIb3DQEBCwUAA4IBAQAQzYAdgQ2I2YqGhQLPNI1vm2srPq158bRpKWWl0NnR
HpWLm7/yWcTkSurXAdJj9427x6JSm2uBnOsJ4usqAoE7DRo7+8ni8WfcJKOyfXj6
/Ip0RG4UjK/tO3IjyaCzKCJWiIgqlLS9HI+vXqZZUkzClPAuUkNY73O4y2gd79Sa
wWo68dG8mje72Ex1ZYb5iqJUsRZD1NnMVTneL5H00FADb57P8tRgY8R77deU0MpF
9rsJmEjsO+Mm+xUFobOOu8vZ38fxS0DuIFR7eYTCWl+aTQzLjjhva45HPlf/zC0K
S9Y0GqDCw0bBgFpXyMDl5iw3iLNBMaodrUb59DC5QWGh
-----END CERTIFICATE-----