Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/2PU_Cn0aukvUVRAk3LTjUQlKCd8.roa
File:                     2PU_Cn0aukvUVRAk3LTjUQlKCd8.roa (raw, json)
Hash identifier:          sYTjAezZPJchb2aRCPY9m26eJULK+B3FkVgtrve83eA=
Subject key identifier:   D8:F5:3F:0A:7D:1A:BA:4B:D4:55:10:24:DC:B4:E3:51:09:4A:09:DF
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       019427483171D00AB2D3A65B2ECC18E6EB6E
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/2PU_Cn0aukvUVRAk3LTjUQlKCd8.roa
Signing time:             Thu 02 Jan 2025 13:50:30 +0000
ROA not before:           Thu 02 Jan 2025 13:50:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        201.49.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 08:26:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:31:71:d0:0a:b2:d3:a6:5b:2e:cc:18:e6:eb:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  2 13:50:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d8f53f0a7d1aba4bd4551024dcb4e351094a09df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:1a:2f:8f:6b:39:3f:76:25:43:f2:a1:0f:04:
                    8a:5e:6d:01:72:0f:c1:80:ea:5d:0f:57:07:ab:2a:
                    37:f8:d2:67:c3:7f:1f:f6:5d:35:78:ec:18:0a:6a:
                    cb:9e:69:de:62:a7:7f:7c:46:1b:c6:79:cd:d7:95:
                    8e:b4:d7:fd:39:96:78:57:39:db:df:d4:e4:81:51:
                    ad:04:29:90:f2:9a:67:58:65:45:f3:04:60:76:49:
                    2a:cf:75:60:6a:a4:4a:d8:6c:be:8c:eb:11:d0:dd:
                    01:3a:95:06:aa:bd:8a:a8:ee:4e:cb:b4:5a:77:50:
                    a6:1c:62:5d:43:bd:60:46:5d:10:d8:17:66:b3:a4:
                    da:71:04:52:a7:57:41:8e:4f:8b:6e:ea:0d:69:40:
                    69:0a:c3:b1:30:58:9a:b2:60:12:bf:57:db:5f:e7:
                    a4:15:d9:c2:97:1d:98:71:df:83:d2:c3:dd:ea:ae:
                    7c:f4:55:8c:db:b2:22:ca:4b:4f:dc:a0:07:b6:0d:
                    52:f2:22:35:63:51:de:a9:3a:8f:7e:9e:ea:38:f9:
                    a7:5f:e0:48:07:75:68:a4:a8:e8:35:c7:1b:60:4a:
                    2d:9d:13:90:37:e3:4c:c2:4e:c3:2c:05:f5:b9:0f:
                    29:03:be:e9:5a:e5:82:f6:30:ac:b9:ba:55:15:f5:
                    b2:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:F5:3F:0A:7D:1A:BA:4B:D4:55:10:24:DC:B4:E3:51:09:4A:09:DF
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/2PU_Cn0aukvUVRAk3LTjUQlKCd8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  201.49.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:0c:ab:0a:ba:f9:86:87:e6:40:e6:ab:37:a8:89:fd:b5:cf:
         7a:6f:43:e7:43:f3:75:5f:6d:b5:1d:84:06:b4:80:17:67:e0:
         d6:d9:51:6d:d0:88:5e:a0:a6:1e:eb:1d:7a:a7:7c:bb:2d:81:
         bf:8e:57:7f:9a:a8:23:0b:d5:ae:c4:22:cb:7e:18:71:86:64:
         a2:1e:89:7d:1e:37:7b:35:11:f5:44:af:00:71:89:57:73:8f:
         ff:31:e9:72:de:ca:a7:ec:af:e3:74:f0:cd:22:59:15:a1:50:
         c3:35:47:34:53:71:2f:71:3a:f6:62:a8:3c:85:7b:b3:99:69:
         63:3f:fc:ed:37:71:2b:a6:3a:ad:e6:9e:18:00:b7:e9:dc:f3:
         f7:47:67:40:7e:e8:d1:b3:cd:a3:5e:41:fa:29:3d:0f:a4:d5:
         36:17:d8:ef:74:78:a9:bf:2e:d0:73:c0:77:8f:ef:b5:50:a7:
         ef:f4:15:91:83:19:e4:94:c8:a2:7b:b0:53:ad:2c:30:d9:87:
         12:eb:6a:a0:c2:73:18:cf:de:9d:cd:5c:b8:89:9c:66:c2:96:
         fb:ab:7b:b6:94:65:e6:9e:04:97:7c:6d:16:80:6e:45:a5:54:
         98:b8:09:77:b1:83:5a:5a:9a:fb:f6:60:3d:14:49:97:95:25:
         e3:d2:34:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSDFx0Aqy06ZbLswY5utuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjUwMTAyMTM1MDMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGY1M2YwYTdkMWFiYTRiZDQ1NTEwMjRkY2I0ZTM1MTA5NGEwOWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlBovj2s5P3YlQ/KhDwSKXm0Bcg/B
gOpdD1cHqyo3+NJnw38f9l01eOwYCmrLnmneYqd/fEYbxnnN15WOtNf9OZZ4Vznb
39TkgVGtBCmQ8ppnWGVF8wRgdkkqz3VgaqRK2Gy+jOsR0N0BOpUGqr2KqO5Oy7Ra
d1CmHGJdQ71gRl0Q2Bdms6TacQRSp1dBjk+LbuoNaUBpCsOxMFiasmASv1fbX+ek
FdnClx2Ycd+D0sPd6q589FWM27IiyktP3KAHtg1S8iI1Y1HeqTqPfp7qOPmnX+BI
B3VopKjoNccbYEotnROQN+NMwk7DLAX1uQ8pA77pWuWC9jCsubpVFfWykwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNj1Pwp9GrpL1FUQJNy041EJSgnfMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvMlBVX0NuMGF1a3ZVVlJBazNMVGpVUWxLQ2Q4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAyTG9MA0G
CSqGSIb3DQEBCwUAA4IBAQBGDKsKuvmGh+ZA5qs3qIn9tc96b0PnQ/N1X221HYQG
tIAXZ+DW2VFt0IheoKYe6x16p3y7LYG/jld/mqgjC9WuxCLLfhhxhmSiHol9Hjd7
NRH1RK8AcYlXc4//Mely3sqn7K/jdPDNIlkVoVDDNUc0U3EvcTr2Yqg8hXuzmWlj
P/ztN3Erpjqt5p4YALfp3PP3R2dAfujRs82jXkH6KT0PpNU2F9jvdHipvy7Qc8B3
j++1UKfv9BWRgxnklMiie7BTrSww2YcS62qgwnMYz96dzVy4iZxmwpb7q3u2lGXm
ngSXfG0WgG5FpVSYuAl3sYNaWpr79mA9FEmXlSXj0jTB
-----END CERTIFICATE-----