Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/KfACRCnvRC0R740ubbLM4X57csU.roa
File:                     KfACRCnvRC0R740ubbLM4X57csU.roa (raw, json)
Hash identifier:          69Afb781pK1gKN/24aG6MOMXakoJfJOZvSSS1W8mNIg=
Subject key identifier:   29:F0:02:44:29:EF:44:2D:11:EF:8D:2E:6D:B2:CC:E1:7E:7B:72:C5
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       0194274847596D0EA8717AAED40C4CFED42F
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/KfACRCnvRC0R740ubbLM4X57csU.roa
Signing time:             Thu 02 Jan 2025 13:50:35 +0000
ROA not before:           Thu 02 Jan 2025 13:50:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204774
IP address blocks:        201.49.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:47:59:6d:0e:a8:71:7a:ae:d4:0c:4c:fe:d4:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  2 13:50:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=29f0024429ef442d11ef8d2e6db2cce17e7b72c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:8c:00:9b:66:1b:b3:a6:14:71:56:bc:d5:db:
                    5f:53:35:a2:52:72:99:4f:72:17:3f:75:b9:1d:93:
                    32:2a:76:0a:14:79:ed:b0:d0:a2:ff:0b:32:65:cc:
                    95:aa:a4:e2:e3:44:ba:a8:15:c0:7d:74:d3:e8:bc:
                    76:26:33:0f:d7:2d:78:62:20:74:b2:b6:7b:68:56:
                    89:d3:07:bb:b7:17:6c:93:72:cc:9a:91:0e:54:59:
                    7b:08:b2:32:16:dc:a5:32:04:1a:35:eb:d0:6c:57:
                    a0:64:b4:2c:91:54:60:6c:74:ce:54:e4:c5:ee:a6:
                    15:b7:f2:32:c7:0c:4a:d9:ba:1c:65:71:1e:84:bd:
                    9c:22:d7:68:aa:7a:2f:21:fa:a5:34:63:ef:3e:f2:
                    f0:4f:a3:88:8e:b7:68:78:01:0e:77:57:1b:26:ba:
                    c0:7d:cc:30:df:4a:5c:07:83:1b:6e:60:82:fb:95:
                    c6:eb:61:2f:d7:e9:98:02:43:bb:a4:8b:77:01:ce:
                    3e:89:02:53:0c:33:79:f2:92:f1:d1:15:a1:52:a6:
                    4f:24:a1:ff:d1:f1:b3:f2:85:c8:2d:fa:63:d6:0a:
                    f6:6f:0b:d4:01:64:1e:5d:08:ca:85:af:39:ee:d4:
                    8a:56:8b:8e:b9:65:5b:41:77:e5:c7:d5:5c:47:c5:
                    a4:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:F0:02:44:29:EF:44:2D:11:EF:8D:2E:6D:B2:CC:E1:7E:7B:72:C5
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/KfACRCnvRC0R740ubbLM4X57csU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  201.49.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:7b:60:49:06:c2:e2:9a:e2:4b:da:dc:f8:b2:2b:5b:9d:b4:
         f7:5a:bc:0a:7b:fc:09:e0:59:45:62:6c:03:91:24:cd:95:79:
         80:93:92:66:a2:15:fa:f9:07:0d:ea:34:a5:31:c1:30:22:0a:
         f1:e4:f5:4e:64:91:f0:1c:c9:53:88:5d:4f:3c:41:32:d4:5a:
         33:da:e2:b2:01:3a:09:91:e1:ae:99:11:3c:df:d3:45:eb:6a:
         c7:1c:b9:42:1c:34:fe:92:17:ae:36:65:cc:a4:7d:fd:8c:d8:
         12:5e:62:c5:c5:ad:f1:9d:6c:04:71:e0:95:a6:78:3b:57:69:
         5e:ef:bc:a1:fa:20:64:09:5a:6c:1b:99:0a:88:f6:fc:0d:7d:
         18:30:eb:b7:d2:4c:aa:2e:20:e0:5f:e5:78:4d:ba:de:61:b8:
         ac:89:02:8b:19:58:62:df:5b:3d:a3:a9:f6:32:c1:0d:c2:a2:
         5f:7a:20:48:0d:1f:22:1c:4e:2f:1d:79:08:8d:62:a3:ae:c5:
         eb:c3:ff:48:e9:85:53:4a:ba:ab:dd:d5:b6:55:1d:e6:6d:28:
         cc:26:73:ab:59:8f:91:27:2e:c0:34:92:f7:cc:d1:9c:36:5e:
         a3:7e:90:13:dd:a9:a9:ab:5f:14:1c:4c:f0:b8:5d:62:13:a3:
         9c:cc:da:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSEdZbQ6ocXqu1AxM/tQvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjUwMTAyMTM1MDM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWYwMDI0NDI5ZWY0NDJkMTFlZjhkMmU2ZGIyY2NlMTdlN2I3MmM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnIwAm2Ybs6YUcVa81dtfUzWiUnKZ
T3IXP3W5HZMyKnYKFHntsNCi/wsyZcyVqqTi40S6qBXAfXTT6Lx2JjMP1y14YiB0
srZ7aFaJ0we7txdsk3LMmpEOVFl7CLIyFtylMgQaNevQbFegZLQskVRgbHTOVOTF
7qYVt/IyxwxK2bocZXEehL2cItdoqnovIfqlNGPvPvLwT6OIjrdoeAEOd1cbJrrA
fcww30pcB4MbbmCC+5XG62Ev1+mYAkO7pIt3Ac4+iQJTDDN58pLx0RWhUqZPJKH/
0fGz8oXILfpj1gr2bwvUAWQeXQjKha857tSKVouOuWVbQXflx9VcR8WkUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCnwAkQp70QtEe+NLm2yzOF+e3LFMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvS2ZBQ1JDbnZSQzBSNzQwdWJiTE00WDU3Y3NVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAyTG+MA0G
CSqGSIb3DQEBCwUAA4IBAQCre2BJBsLimuJL2tz4sitbnbT3WrwKe/wJ4FlFYmwD
kSTNlXmAk5JmohX6+QcN6jSlMcEwIgrx5PVOZJHwHMlTiF1PPEEy1Foz2uKyAToJ
keGumRE839NF62rHHLlCHDT+kheuNmXMpH39jNgSXmLFxa3xnWwEceCVpng7V2le
77yh+iBkCVpsG5kKiPb8DX0YMOu30kyqLiDgX+V4TbreYbisiQKLGVhi31s9o6n2
MsENwqJfeiBIDR8iHE4vHXkIjWKjrsXrw/9I6YVTSrqr3dW2VR3mbSjMJnOrWY+R
Jy7ANJL3zNGcNl6jfpAT3ampq18UHEzwuF1iE6OczNr6
-----END CERTIFICATE-----