Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/TSUP2PASxQr91gp5eHnCSEl4Qh8.roa
File:                     TSUP2PASxQr91gp5eHnCSEl4Qh8.roa (raw, json)
Hash identifier:          2qzdFkLWCM1a0fM7r3JNVr8sXcfeHYFnmOwRzSA34oo=
Subject key identifier:   4D:25:0F:D8:F0:12:C5:0A:FD:D6:0A:79:78:79:C2:48:49:78:42:1F
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018CC4256CAB23BC7269DFAE8300F60FC189
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/TSUP2PASxQr91gp5eHnCSEl4Qh8.roa
Signing time:             Mon 01 Jan 2024 08:30:36 +0000
ROA not before:           Mon 01 Jan 2024 08:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209181
IP address blocks:        5.182.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 17:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:6c:ab:23:bc:72:69:df:ae:83:00:f6:0f:c1:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  1 08:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d250fd8f012c50afdd60a797879c2484978421f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:c5:f4:db:e6:09:0e:59:a4:4e:0c:b7:92:6c:
                    1c:19:4a:71:eb:c0:68:04:28:fb:2c:89:98:0d:63:
                    35:89:6f:d9:56:1e:dd:9c:ae:a3:14:c2:03:00:12:
                    0e:54:1c:73:37:97:f3:78:dc:62:55:8e:b9:61:58:
                    02:e3:de:2f:0d:74:a7:32:33:9e:dd:e0:b6:18:d9:
                    0d:ba:b3:a6:66:83:29:a4:54:5d:c7:bf:a0:24:17:
                    54:52:97:ab:8e:61:b0:35:fb:04:f5:8c:35:f1:88:
                    58:27:49:eb:d2:47:ce:ac:7a:10:6f:98:0c:4d:61:
                    5a:e2:e7:ee:45:a0:db:c5:c5:03:2e:96:75:55:2d:
                    9f:2d:bb:09:de:f9:7b:0d:14:24:20:5d:a7:4e:56:
                    f1:23:c3:ef:43:ba:42:e2:38:67:a0:a8:fe:e2:92:
                    02:27:76:74:45:c4:30:09:37:a0:a4:f8:51:bd:1d:
                    25:18:59:fe:f5:9b:aa:40:87:05:44:7f:ea:ad:2c:
                    b5:bc:0d:da:70:6c:0d:22:4f:2f:64:e4:89:80:d4:
                    63:b7:68:86:c3:a0:e1:75:7c:c5:20:22:e9:fa:41:
                    95:fa:7a:90:45:8a:23:82:4d:b1:dd:b2:2f:31:81:
                    26:5b:e6:94:e7:2a:cb:89:fb:7d:a0:89:fc:cf:18:
                    91:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:25:0F:D8:F0:12:C5:0A:FD:D6:0A:79:78:79:C2:48:49:78:42:1F
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/TSUP2PASxQr91gp5eHnCSEl4Qh8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:c9:70:14:65:b2:30:c7:0a:be:bb:88:4a:47:3c:ca:97:88:
         82:55:23:01:eb:7e:1e:46:ca:c2:06:5b:69:7c:4e:d0:d2:de:
         cb:04:d6:17:83:84:3d:67:b2:fe:32:ba:0f:e9:43:73:14:da:
         9b:e9:c4:1c:3a:d3:9e:6c:04:59:64:75:14:0d:4e:23:30:b0:
         40:a2:34:41:a0:1c:d8:b8:b0:c2:b8:5b:ce:ed:84:2c:6f:1a:
         f7:b0:e0:f1:28:96:84:b6:d2:b9:74:4b:5f:83:ca:0b:a7:f9:
         f0:99:58:de:b3:52:3f:4e:da:90:c8:67:f9:27:6f:c6:e9:c1:
         08:6e:a8:e6:22:18:bc:45:ca:bb:cd:85:33:da:ee:07:06:cc:
         93:44:e7:bd:a2:21:cb:85:b1:8a:e9:ce:2f:ce:6b:f3:d1:a4:
         4e:c4:ef:b9:23:37:52:5c:2d:08:86:46:36:5c:86:4b:96:45:
         06:9b:e1:7e:47:c7:0c:f1:d0:98:a0:34:73:6c:3f:ae:18:f3:
         61:93:d2:49:f1:73:1a:54:38:87:1c:37:92:44:c5:ea:16:7e:
         e6:09:13:4b:d1:da:52:68:18:a1:fe:0a:c5:71:0a:bc:83:94:
         8d:85:03:e5:7b:0b:45:4c:55:25:ef:9b:81:33:95:a6:5f:6c:
         52:02:ea:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJWyrI7xyad+ugwD2D8GJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMTAxMDgzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDI1MGZkOGYwMTJjNTBhZmRkNjBhNzk3ODc5YzI0ODQ5Nzg0MjFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqcX02+YJDlmkTgy3kmwcGUpx68Bo
BCj7LImYDWM1iW/ZVh7dnK6jFMIDABIOVBxzN5fzeNxiVY65YVgC494vDXSnMjOe
3eC2GNkNurOmZoMppFRdx7+gJBdUUperjmGwNfsE9Yw18YhYJ0nr0kfOrHoQb5gM
TWFa4ufuRaDbxcUDLpZ1VS2fLbsJ3vl7DRQkIF2nTlbxI8PvQ7pC4jhnoKj+4pIC
J3Z0RcQwCTegpPhRvR0lGFn+9ZuqQIcFRH/qrSy1vA3acGwNIk8vZOSJgNRjt2iG
w6DhdXzFICLp+kGV+nqQRYojgk2x3bIvMYEmW+aU5yrLift9oIn8zxiRgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE0lD9jwEsUK/dYKeXh5wkhJeEIfMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvVFNVUDJQQVN4UXI5MWdwNWVIbkNTRWw0UWg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbYxMA0G
CSqGSIb3DQEBCwUAA4IBAQCDyXAUZbIwxwq+u4hKRzzKl4iCVSMB634eRsrCBltp
fE7Q0t7LBNYXg4Q9Z7L+MroP6UNzFNqb6cQcOtOebARZZHUUDU4jMLBAojRBoBzY
uLDCuFvO7YQsbxr3sODxKJaEttK5dEtfg8oLp/nwmVjes1I/TtqQyGf5J2/G6cEI
bqjmIhi8Rcq7zYUz2u4HBsyTROe9oiHLhbGK6c4vzmvz0aROxO+5IzdSXC0IhkY2
XIZLlkUGm+F+R8cM8dCYoDRzbD+uGPNhk9JJ8XMaVDiHHDeSRMXqFn7mCRNL0dpS
aBih/grFcQq8g5SNhQPlewtFTFUl75uBM5WmX2xSAuqu
-----END CERTIFICATE-----