Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/5f6aff-13bb-4db8-957f-8d23ac5cb502/1/2lo36amWMgj0fEGnDQsYmQqm67o.roa
File:                     2lo36amWMgj0fEGnDQsYmQqm67o.roa (raw, json)
Hash identifier:          NwJ2UTmo1pjhar/MnXQcFto1PSocSEpc30WuKRP1Bho=
Subject key identifier:   DA:5A:37:E9:A9:96:32:08:F4:7C:41:A7:0D:0B:18:99:0A:A6:EB:BA
Certificate issuer:       /CN=d50697943676399ac5cac6a3e476545af0df49dd
Certificate serial:       018CC56E29C91FDB3ADCB350C03E5BF17DB9
Authority key identifier: D5:06:97:94:36:76:39:9A:C5:CA:C6:A3:E4:76:54:5A:F0:DF:49:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1QaXlDZ2OZrFysaj5HZUWvDfSd0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/5f6aff-13bb-4db8-957f-8d23ac5cb502/1/2lo36amWMgj0fEGnDQsYmQqm67o.roa
Signing time:             Mon 01 Jan 2024 14:29:40 +0000
ROA not before:           Mon 01 Jan 2024 14:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49422
IP address blocks:        192.49.90.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/5f6aff-13bb-4db8-957f-8d23ac5cb502/1/1QaXlDZ2OZrFysaj5HZUWvDfSd0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/5f6aff-13bb-4db8-957f-8d23ac5cb502/1/1QaXlDZ2OZrFysaj5HZUWvDfSd0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1QaXlDZ2OZrFysaj5HZUWvDfSd0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:29:c9:1f:db:3a:dc:b3:50:c0:3e:5b:f1:7d:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d50697943676399ac5cac6a3e476545af0df49dd
        Validity
            Not Before: Jan  1 14:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=da5a37e9a9963208f47c41a70d0b18990aa6ebba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:70:1c:e0:d2:28:ba:e4:cf:67:fd:e8:d3:48:
                    a6:c8:f6:90:d6:da:9e:3a:40:69:c9:69:d2:30:e9:
                    84:d7:e7:81:7a:03:f5:ef:5f:f8:f5:5b:5b:4f:a6:
                    d9:30:73:c9:ec:ef:cd:74:4c:58:a2:84:c4:e4:0b:
                    55:29:84:6c:40:e6:23:1b:87:15:6f:38:69:74:d5:
                    29:19:1d:a6:65:d8:81:08:8e:48:e0:f5:a0:9c:22:
                    43:6e:3c:98:ae:56:55:4f:9a:fe:29:17:94:79:ba:
                    08:78:25:b5:73:59:3b:a5:5f:d4:60:dc:0f:29:b5:
                    40:8f:0d:cf:c3:8f:0e:db:cb:14:75:60:55:2b:08:
                    10:cd:1d:59:f2:c0:e0:6e:12:7b:b0:5b:89:20:81:
                    50:51:48:88:cd:a4:ab:18:52:70:8e:05:14:a1:4b:
                    6f:29:51:b4:83:6e:cd:96:7a:d0:32:53:c7:57:4e:
                    3c:ca:cd:fa:e6:2c:af:78:b7:d8:36:26:62:22:8a:
                    be:7e:f1:e8:1b:03:0a:6f:08:3f:07:7b:ab:e9:b3:
                    44:44:22:8c:34:52:c2:94:17:72:d0:c1:85:8b:be:
                    0a:06:dd:42:02:de:76:45:9d:1b:b7:6a:f0:f1:a0:
                    28:16:a5:a2:1f:25:34:eb:50:25:d0:cc:02:26:04:
                    68:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:5A:37:E9:A9:96:32:08:F4:7C:41:A7:0D:0B:18:99:0A:A6:EB:BA
            X509v3 Authority Key Identifier:
                keyid:D5:06:97:94:36:76:39:9A:C5:CA:C6:A3:E4:76:54:5A:F0:DF:49:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1QaXlDZ2OZrFysaj5HZUWvDfSd0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/5f6aff-13bb-4db8-957f-8d23ac5cb502/1/2lo36amWMgj0fEGnDQsYmQqm67o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/5f6aff-13bb-4db8-957f-8d23ac5cb502/1/1QaXlDZ2OZrFysaj5HZUWvDfSd0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.49.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:e3:85:8a:05:ce:6c:6e:5a:69:a6:54:a6:46:a6:33:8d:9c:
         a1:9d:4e:38:f3:69:97:dd:fa:ad:d6:4f:cd:46:26:27:df:67:
         42:b9:6b:ff:9a:82:8a:1e:15:bc:03:e0:d8:e4:ef:cc:30:6f:
         7e:6f:cc:34:c9:3a:eb:fa:94:5a:23:84:0c:ce:2a:e1:bf:5d:
         5b:3a:33:84:90:15:d5:d2:d5:0b:d4:69:e0:06:08:cb:21:6a:
         90:70:f9:7f:a9:0b:dd:55:d7:86:db:32:d9:c1:db:ac:08:01:
         ee:51:6b:22:7d:f7:a6:2b:da:89:b8:f0:f7:82:cd:d2:84:1e:
         94:40:ac:17:b1:be:27:ca:0f:6b:94:14:9d:75:e3:48:cd:96:
         c7:56:b7:c2:e7:0c:aa:4a:d7:7d:80:d3:3f:5f:ff:75:5c:8a:
         d8:4e:31:a5:d0:ef:ba:2b:b5:7f:df:b8:90:73:7c:83:98:30:
         8a:87:47:db:c6:57:28:d0:6b:ee:e8:98:00:14:4f:67:1c:db:
         84:b7:f3:e3:19:0a:3c:ff:03:ef:cf:be:5f:28:54:0a:f9:84:
         c9:da:96:1b:e6:ab:fa:63:88:5b:4c:8c:83:31:d1:4d:99:9e:
         10:5e:6f:03:6d:6d:4c:49:93:ac:0e:64:dc:28:fa:07:71:5c:
         d4:c1:0b:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbinJH9s63LNQwD5b8X25MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1MDY5Nzk0MzY3NjM5OWFjNWNhYzZhM2U0NzY1NDVhZjBk
ZjQ5ZGQwHhcNMjQwMTAxMTQyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTVhMzdlOWE5OTYzMjA4ZjQ3YzQxYTcwZDBiMTg5OTBhYTZlYmJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp3Ac4NIouuTPZ/3o00imyPaQ1tqe
OkBpyWnSMOmE1+eBegP171/49VtbT6bZMHPJ7O/NdExYooTE5AtVKYRsQOYjG4cV
bzhpdNUpGR2mZdiBCI5I4PWgnCJDbjyYrlZVT5r+KReUeboIeCW1c1k7pV/UYNwP
KbVAjw3Pw48O28sUdWBVKwgQzR1Z8sDgbhJ7sFuJIIFQUUiIzaSrGFJwjgUUoUtv
KVG0g27NlnrQMlPHV048ys365iyveLfYNiZiIoq+fvHoGwMKbwg/B3ur6bNERCKM
NFLClBdy0MGFi74KBt1CAt52RZ0bt2rw8aAoFqWiHyU061Al0MwCJgRovwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNpaN+mpljII9HxBpw0LGJkKpuu6MB8GA1UdIwQY
MBaAFNUGl5Q2djmaxcrGo+R2VFrw30ndMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVFhWGxEWjJPWnJGeXNhajVIWlVXdkRmU2QwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS81ZjZhZmYtMTNiYi00ZGI4LTk1N2Yt
OGQyM2FjNWNiNTAyLzEvMmxvMzZhbVdNZ2owZkVHbkRRc1ltUXFtNjdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS81ZjZhZmYtMTNiYi00ZGI4LTk1N2YtOGQyM2FjNWNiNTAy
LzEvMVFhWGxEWjJPWnJGeXNhajVIWlVXdkRmU2QwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwDFaMA0G
CSqGSIb3DQEBCwUAA4IBAQA244WKBc5sblppplSmRqYzjZyhnU4482mX3fqt1k/N
RiYn32dCuWv/moKKHhW8A+DY5O/MMG9+b8w0yTrr+pRaI4QMzirhv11bOjOEkBXV
0tUL1GngBgjLIWqQcPl/qQvdVdeG2zLZwdusCAHuUWsiffemK9qJuPD3gs3ShB6U
QKwXsb4nyg9rlBSddeNIzZbHVrfC5wyqStd9gNM/X/91XIrYTjGl0O+6K7V/37iQ
c3yDmDCKh0fbxlco0Gvu6JgAFE9nHNuEt/PjGQo8/wPvz75fKFQK+YTJ2pYb5qv6
Y4hbTIyDMdFNmZ4QXm8DbW1MSZOsDmTcKPoHcVzUwQs/
-----END CERTIFICATE-----