Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/5872c2-d53e-48aa-b581-bb44a828cea7/1/hQ-r_UxZdQynEeqMFTmJvBOBrpk.roa
File:                     hQ-r_UxZdQynEeqMFTmJvBOBrpk.roa (raw, json)
Hash identifier:          jgWQp6HyPodhqXlv/9F1CJTsyTmqyMgNdfAdbOMTN9Q=
Subject key identifier:   85:0F:AB:FD:4C:59:75:0C:A7:11:EA:8C:15:39:89:BC:13:81:AE:99
Certificate issuer:       /CN=b5e97fbe67d95df6e4a8065e2675e040d6e80efc
Certificate serial:       018CC3B67048ECD72968E1311E378812878D
Authority key identifier: B5:E9:7F:BE:67:D9:5D:F6:E4:A8:06:5E:26:75:E0:40:D6:E8:0E:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tel_vmfZXfbkqAZeJnXgQNboDvw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/5872c2-d53e-48aa-b581-bb44a828cea7/1/hQ-r_UxZdQynEeqMFTmJvBOBrpk.roa
Signing time:             Mon 01 Jan 2024 06:29:22 +0000
ROA not before:           Mon 01 Jan 2024 06:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201593
IP address blocks:        194.49.127.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/5872c2-d53e-48aa-b581-bb44a828cea7/1/tel_vmfZXfbkqAZeJnXgQNboDvw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/5872c2-d53e-48aa-b581-bb44a828cea7/1/tel_vmfZXfbkqAZeJnXgQNboDvw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tel_vmfZXfbkqAZeJnXgQNboDvw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 21:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:70:48:ec:d7:29:68:e1:31:1e:37:88:12:87:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5e97fbe67d95df6e4a8065e2675e040d6e80efc
        Validity
            Not Before: Jan  1 06:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=850fabfd4c59750ca711ea8c153989bc1381ae99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:82:d6:85:4f:c6:98:51:e9:e2:f2:e3:00:09:
                    2c:0f:43:16:f0:fa:7f:86:f5:f7:78:0c:64:e1:00:
                    a6:cc:b3:19:2c:a9:93:51:32:80:c7:c4:32:63:c2:
                    95:81:f2:1a:99:05:1f:df:0a:75:7f:67:d4:c8:f5:
                    69:e9:6f:e8:8c:4b:1a:10:7f:16:e2:67:b7:ad:c3:
                    f4:3e:49:a2:af:a2:60:24:80:54:29:54:23:5d:8a:
                    03:62:66:53:44:59:37:0b:34:32:f1:3b:9c:25:05:
                    44:46:6c:fb:f4:af:50:f1:20:06:34:7b:ab:28:7c:
                    65:18:8c:d0:f6:3c:ab:e6:51:06:a8:05:40:23:0d:
                    37:64:51:c7:f3:44:5f:11:9b:82:c1:8e:1b:57:77:
                    7a:61:33:d8:68:04:8c:6c:0c:d0:51:90:89:c8:10:
                    39:de:8a:f5:65:53:47:de:29:9f:7e:b7:7a:6f:0d:
                    ce:1c:b4:3f:f8:74:22:3c:78:e4:bd:6b:f9:08:2d:
                    12:77:0f:ec:af:98:f2:aa:d8:b0:4e:01:7a:dc:ca:
                    de:36:6e:80:3e:6b:75:c3:40:71:b3:72:37:f0:93:
                    f7:2a:ef:05:2f:b0:b2:66:a6:a1:fb:67:d6:c2:99:
                    bd:5d:35:42:5c:bb:87:97:ca:ca:18:2a:44:2f:16:
                    d6:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:0F:AB:FD:4C:59:75:0C:A7:11:EA:8C:15:39:89:BC:13:81:AE:99
            X509v3 Authority Key Identifier:
                keyid:B5:E9:7F:BE:67:D9:5D:F6:E4:A8:06:5E:26:75:E0:40:D6:E8:0E:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tel_vmfZXfbkqAZeJnXgQNboDvw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/5872c2-d53e-48aa-b581-bb44a828cea7/1/hQ-r_UxZdQynEeqMFTmJvBOBrpk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/5872c2-d53e-48aa-b581-bb44a828cea7/1/tel_vmfZXfbkqAZeJnXgQNboDvw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.49.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:a2:1b:ff:22:c9:c2:91:54:2c:22:35:c9:20:c3:41:29:7d:
         71:73:fc:d3:97:97:7f:50:04:aa:ea:da:fd:21:5b:cb:5e:ef:
         ec:0b:24:18:b3:64:1b:ab:ab:6a:82:29:4c:80:b2:fb:ea:c4:
         8a:94:ec:92:02:af:36:e0:e8:3c:e5:06:4f:9d:5f:2e:41:06:
         eb:4f:c8:25:72:29:6b:c5:81:0b:3e:7a:f1:6e:86:0d:3a:7f:
         b5:5c:78:ed:40:ee:c9:34:31:84:2f:3b:ce:ea:37:21:34:ec:
         47:04:e1:14:de:58:87:e1:12:d2:1a:8f:c3:b8:95:59:23:37:
         0e:13:b6:f6:b0:1c:0a:03:61:2b:a5:6a:24:dc:4f:aa:76:56:
         71:a3:21:3e:50:db:f5:eb:7b:3c:32:e9:8e:81:39:57:e4:3b:
         cf:f6:90:58:2e:db:61:5c:bc:cd:9d:54:eb:31:07:1f:9c:ab:
         7f:f5:8d:f7:61:a6:0f:14:aa:e8:11:27:6c:00:7c:77:73:6a:
         cc:91:59:ac:81:89:57:1c:c7:b6:d0:16:a9:3d:a6:0c:d7:5b:
         08:7e:bf:06:e4:98:d0:61:0f:8c:22:b5:d6:1b:13:48:32:5b:
         12:fd:5f:58:ee:a0:19:52:42:d4:3b:47:6b:23:b1:24:72:23:
         87:71:42:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtnBI7NcpaOExHjeIEoeNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1ZTk3ZmJlNjdkOTVkZjZlNGE4MDY1ZTI2NzVlMDQwZDZl
ODBlZmMwHhcNMjQwMTAxMDYyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTBmYWJmZDRjNTk3NTBjYTcxMWVhOGMxNTM5ODliYzEzODFhZTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2oLWhU/GmFHp4vLjAAksD0MW8Pp/
hvX3eAxk4QCmzLMZLKmTUTKAx8QyY8KVgfIamQUf3wp1f2fUyPVp6W/ojEsaEH8W
4me3rcP0Pkmir6JgJIBUKVQjXYoDYmZTRFk3CzQy8TucJQVERmz79K9Q8SAGNHur
KHxlGIzQ9jyr5lEGqAVAIw03ZFHH80RfEZuCwY4bV3d6YTPYaASMbAzQUZCJyBA5
3or1ZVNH3imffrd6bw3OHLQ/+HQiPHjkvWv5CC0Sdw/sr5jyqtiwTgF63MreNm6A
Pmt1w0Bxs3I38JP3Ku8FL7CyZqah+2fWwpm9XTVCXLuHl8rKGCpELxbWnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIUPq/1MWXUMpxHqjBU5ibwTga6ZMB8GA1UdIwQY
MBaAFLXpf75n2V325KgGXiZ14EDW6A78MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGVsX3ZtZlpYZmJrcUFaZUpuWGdRTmJvRHZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81ODcyYzItZDUzZS00OGFhLWI1ODEt
YmI0NGE4MjhjZWE3LzEvaFEtcl9VeFpkUXluRWVxTUZUbUp2Qk9CcnBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81ODcyYzItZDUzZS00OGFhLWI1ODEtYmI0NGE4MjhjZWE3
LzEvdGVsX3ZtZlpYZmJrcUFaZUpuWGdRTmJvRHZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjF/MA0G
CSqGSIb3DQEBCwUAA4IBAQBhohv/IsnCkVQsIjXJIMNBKX1xc/zTl5d/UASq6tr9
IVvLXu/sCyQYs2Qbq6tqgilMgLL76sSKlOySAq824Og85QZPnV8uQQbrT8glcilr
xYELPnrxboYNOn+1XHjtQO7JNDGELzvO6jchNOxHBOEU3liH4RLSGo/DuJVZIzcO
E7b2sBwKA2ErpWok3E+qdlZxoyE+UNv163s8MumOgTlX5DvP9pBYLtthXLzNnVTr
MQcfnKt/9Y33YaYPFKroESdsAHx3c2rMkVmsgYlXHMe20BapPaYM11sIfr8G5JjQ
YQ+MIrXWGxNIMlsS/V9Y7qAZUkLUO0drI7EkciOHcUJD
-----END CERTIFICATE-----