Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS50673.roa
File:                     AS50673.roa (raw, json)
Hash identifier:          +cdwFPGtWrLCDdHJadgISS0WqunE6aGyr4o+Btt8Ggo=
Subject key identifier:   D8:B6:EF:97:09:15:A2:99:AD:6D:0E:84:6A:C9:7F:01:0F:8C:A8:01
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       6A85D94E9262259E5023A957F13498175D3D593A
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS50673.roa
Signing time:             Wed 31 Jan 2024 08:05:10 +0000
ROA not before:           Wed 31 Jan 2024 08:00:10 +0000
ROA not after:            Wed 29 Jan 2025 08:05:10 +0000
asID:                     50673
IP address blocks:        185.172.56.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:85:d9:4e:92:62:25:9e:50:23:a9:57:f1:34:98:17:5d:3d:59:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 31 08:00:10 2024 GMT
            Not After : Jan 29 08:05:10 2025 GMT
        Subject: CN=D8B6EF970915A299AD6D0E846AC97F010F8CA801
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:a4:9d:dc:aa:ba:b9:3a:76:98:1d:ba:06:a4:
                    5c:70:a2:bb:35:4a:f3:66:1b:aa:9c:50:85:1c:7a:
                    89:a9:fb:8b:a3:07:cc:d6:d2:f0:e5:20:e9:fb:35:
                    ea:ef:85:fe:82:99:16:bc:c6:d1:f4:9f:f2:4a:71:
                    93:7a:0b:29:16:b8:30:83:6f:ea:05:80:b5:a0:56:
                    a9:ad:f6:7f:96:02:7b:ea:a2:4e:d9:10:50:33:24:
                    8f:d3:98:c8:18:7e:88:c8:81:0e:fb:28:62:74:3b:
                    fc:d2:77:fc:7b:29:3f:5b:a2:c3:41:34:6c:44:74:
                    b0:7e:76:b5:cc:76:28:80:8a:b8:b8:3c:54:30:81:
                    00:43:3a:e1:d9:83:e2:0b:be:75:6d:6c:ae:83:0c:
                    af:29:18:c9:08:a1:85:76:94:59:22:62:eb:ad:49:
                    38:2d:58:2b:c4:21:b1:96:f6:51:8c:64:ab:3c:88:
                    36:aa:3c:ff:a8:90:fc:8d:ea:d5:fa:7e:09:27:b6:
                    dc:11:8d:40:ca:45:24:a3:75:4c:da:88:80:02:89:
                    e5:50:8a:76:f3:68:04:09:07:75:a4:cc:ea:43:86:
                    fb:9c:e7:9f:1c:a1:44:e9:86:75:a4:a7:22:49:2c:
                    8b:fc:72:f6:d7:48:8e:9f:18:61:01:71:8a:8d:23:
                    c8:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:B6:EF:97:09:15:A2:99:AD:6D:0E:84:6A:C9:7F:01:0F:8C:A8:01
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS50673.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.172.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:a8:be:8c:e2:7b:c5:be:d6:c9:b5:fc:8e:06:38:88:bd:3e:
         d8:ee:fc:f1:97:00:57:30:9d:a4:cb:c7:bd:47:15:d8:4f:0a:
         22:01:69:2a:f4:ec:e1:07:44:e6:1e:ff:e2:43:02:4a:5e:20:
         e5:56:e5:00:7f:4e:f5:75:b6:fd:55:e4:a6:25:af:19:41:2e:
         ae:fc:bd:0b:27:87:55:d7:d1:38:f9:16:cc:67:d5:5b:6c:f5:
         48:7e:33:68:16:3f:da:b9:c8:e1:67:5a:b4:b9:17:9f:39:4e:
         9f:5e:ac:9a:fe:17:26:f5:7e:8e:b0:35:a0:8a:6e:93:27:cd:
         43:f3:b7:58:00:64:29:39:5e:ac:3e:2b:5b:18:4c:aa:89:27:
         48:8f:d5:84:4b:38:78:39:dd:9b:5b:85:2c:d4:43:72:43:81:
         0a:da:61:2a:5e:51:74:0d:f5:2b:52:4e:c8:f0:bd:78:42:1c:
         fb:4d:e2:df:8b:fa:51:19:bc:14:ab:05:2c:a3:8b:54:a5:3b:
         f6:3d:01:15:8e:ac:7e:d0:fb:b9:67:b1:42:75:6b:a4:16:bc:
         86:92:e6:a7:22:0d:fd:20:73:d3:ff:6a:2d:10:e9:8e:77:97:
         b1:0d:86:b8:84:5d:58:10:47:de:c7:19:7b:bb:b1:35:53:f7:
         c0:fd:a2:f0
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUaoXZTpJiJZ5QI6lX8TSYF109WTowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAxMzEwODAwMTBaFw0yNTAxMjkwODA1MTBaMDMxMTAvBgNV
BAMTKEQ4QjZFRjk3MDkxNUEyOTlBRDZEMEU4NDZBQzk3RjAxMEY4Q0E4MDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdpJ3cqrq5OnaYHboGpFxwors1
SvNmG6qcUIUceomp+4ujB8zW0vDlIOn7Nervhf6CmRa8xtH0n/JKcZN6CykWuDCD
b+oFgLWgVqmt9n+WAnvqok7ZEFAzJI/TmMgYfojIgQ77KGJ0O/zSd/x7KT9bosNB
NGxEdLB+drXMdiiAiri4PFQwgQBDOuHZg+ILvnVtbK6DDK8pGMkIoYV2lFkiYuut
STgtWCvEIbGW9lGMZKs8iDaqPP+okPyN6tX6fgknttwRjUDKRSSjdUzaiIACieVQ
inbzaAQJB3WkzOpDhvuc558coUTphnWkpyJJLIv8cvbXSI6fGGEBcYqNI8iVAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU2LbvlwkVopmtbQ6Easl/AQ+MqAEwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNTA2NzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5rDgw
DQYJKoZIhvcNAQELBQADggEBAJSovozie8W+1sm1/I4GOIi9Ptju/PGXAFcwnaTL
x71HFdhPCiIBaSr07OEHROYe/+JDAkpeIOVW5QB/TvV1tv1V5KYlrxlBLq78vQsn
h1XX0Tj5Fsxn1Vts9Uh+M2gWP9q5yOFnWrS5F585Tp9erJr+Fyb1fo6wNaCKbpMn
zUPzt1gAZCk5Xqw+K1sYTKqJJ0iP1YRLOHg53ZtbhSzUQ3JDgQraYSpeUXQN9StS
TsjwvXhCHPtN4t+L+lEZvBSrBSyji1SlO/Y9ARWOrH7Q+7lnsUJ1a6QWvIaS5qci
Df0gc9P/ai0Q6Y53l7ENhriEXVgQR97HGXu7sTVT98D9ovA=
-----END CERTIFICATE-----