Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/L-7v-kPMaM7BLUyFoHRgg23cu0c.roa
File:                     L-7v-kPMaM7BLUyFoHRgg23cu0c.roa (raw, json)
Hash identifier:          1ohaajq5f+6IiXo2/zP3tKE3EbnbINGM2U5SgP1rxYw=
Subject key identifier:   2F:EE:EF:FA:43:CC:68:CE:C1:2D:4C:85:A0:74:60:83:6D:DC:BB:47
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       018CC56E174C91FA30A37374E1AD26956615
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/L-7v-kPMaM7BLUyFoHRgg23cu0c.roa
Signing time:             Mon 01 Jan 2024 14:29:35 +0000
ROA not before:           Mon 01 Jan 2024 14:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204774
IP address blocks:        201.49.190.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:17:4c:91:fa:30:a3:73:74:e1:ad:26:95:66:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  1 14:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2feeeffa43cc68cec12d4c85a07460836ddcbb47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:62:b0:12:49:a6:0e:2b:54:ad:ee:6c:1d:ca:
                    d3:df:44:6c:3c:3a:7f:34:bf:d1:ed:e0:fb:ad:05:
                    98:6e:b2:56:06:df:de:04:eb:83:c1:06:4f:41:6e:
                    d5:a4:93:9f:87:1f:f4:6a:7f:96:ad:43:76:3d:e1:
                    04:d4:1f:f5:b5:f0:22:ac:c3:1e:26:47:4d:9c:16:
                    1e:96:02:29:fc:7c:52:70:aa:42:b1:ad:9c:74:7a:
                    09:56:51:8b:7a:c1:8a:81:76:a1:57:e2:91:e8:01:
                    5c:c4:65:01:1d:25:9d:87:6e:17:3b:76:c2:6c:72:
                    fb:8e:06:18:1a:d9:4e:96:7a:a6:33:09:06:c7:9e:
                    4b:ca:0a:62:24:f4:de:71:14:9f:03:ba:ff:27:d6:
                    de:e7:7a:73:54:67:e6:f6:2e:15:e3:bf:f1:68:b9:
                    61:c7:3e:63:eb:cf:1d:38:6b:02:04:f5:0a:1d:3b:
                    e3:fd:55:79:44:97:b8:b3:a9:1e:b3:80:82:83:45:
                    dc:bc:2c:65:a8:20:a0:a5:03:46:2c:be:fa:c9:df:
                    55:3d:fe:62:b3:4b:6a:75:70:73:97:fc:cb:f0:99:
                    4d:2b:fa:77:a1:90:66:5a:ab:5f:c4:a1:10:ec:99:
                    77:94:aa:47:d9:d9:6a:88:9e:16:08:a1:9d:0d:4a:
                    da:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:EE:EF:FA:43:CC:68:CE:C1:2D:4C:85:A0:74:60:83:6D:DC:BB:47
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/L-7v-kPMaM7BLUyFoHRgg23cu0c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  201.49.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:cf:4e:82:00:18:26:c0:a3:47:25:38:70:b4:a8:ec:c4:43:
         12:63:6b:ed:62:56:59:f1:3b:f2:18:20:54:12:1a:b3:42:16:
         2c:28:95:dc:48:7c:ea:75:d6:1d:04:c2:db:6a:ec:7f:7e:6d:
         58:f5:14:2c:93:90:0b:fc:02:89:43:ae:5d:ef:ba:50:c3:b7:
         d3:00:08:4e:47:c6:0d:8b:78:38:3f:c8:14:93:c3:86:fa:56:
         3a:85:1c:29:25:7e:0f:d1:80:de:62:71:ab:53:b3:92:0c:e4:
         b4:61:18:fe:66:6e:f4:f4:aa:23:f3:c8:27:d3:b9:c2:d7:e2:
         7d:c2:03:93:9b:53:f6:a0:dd:70:18:d5:32:73:a1:94:43:cb:
         b5:b6:0b:f5:83:20:40:15:ea:c0:c9:e4:e0:12:32:c2:5d:48:
         1d:56:33:be:86:59:11:5b:7a:a0:fa:d3:23:3b:7a:4d:43:cd:
         c5:6e:e4:12:67:87:75:0d:1d:e2:dc:28:d4:8d:7e:35:96:df:
         8c:9c:c8:ce:a8:03:12:60:17:c0:ce:e1:66:0e:33:0b:47:24:
         81:98:84:6d:4a:10:c1:36:8c:ed:6f:f5:96:9f:0b:3d:36:e1:
         e8:2e:18:84:9d:bb:49:4e:d8:af:3e:fa:b8:42:df:dc:e5:08:
         f3:3d:09:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbhdMkfowo3N04a0mlWYVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwMTAxMTQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmVlZWZmYTQzY2M2OGNlYzEyZDRjODVhMDc0NjA4MzZkZGNiYjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxGKwEkmmDitUre5sHcrT30RsPDp/
NL/R7eD7rQWYbrJWBt/eBOuDwQZPQW7VpJOfhx/0an+WrUN2PeEE1B/1tfAirMMe
JkdNnBYelgIp/HxScKpCsa2cdHoJVlGLesGKgXahV+KR6AFcxGUBHSWdh24XO3bC
bHL7jgYYGtlOlnqmMwkGx55LygpiJPTecRSfA7r/J9be53pzVGfm9i4V47/xaLlh
xz5j688dOGsCBPUKHTvj/VV5RJe4s6kes4CCg0XcvCxlqCCgpQNGLL76yd9VPf5i
s0tqdXBzl/zL8JlNK/p3oZBmWqtfxKEQ7Jl3lKpH2dlqiJ4WCKGdDUraXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC/u7/pDzGjOwS1MhaB0YINt3LtHMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvTC03di1rUE1hTTdCTFV5Rm9IUmdnMjNjdTBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAyTG+MA0G
CSqGSIb3DQEBCwUAA4IBAQBez06CABgmwKNHJThwtKjsxEMSY2vtYlZZ8TvyGCBU
EhqzQhYsKJXcSHzqddYdBMLbaux/fm1Y9RQsk5AL/AKJQ65d77pQw7fTAAhOR8YN
i3g4P8gUk8OG+lY6hRwpJX4P0YDeYnGrU7OSDOS0YRj+Zm709Koj88gn07nC1+J9
wgOTm1P2oN1wGNUyc6GUQ8u1tgv1gyBAFerAyeTgEjLCXUgdVjO+hlkRW3qg+tMj
O3pNQ83FbuQSZ4d1DR3i3CjUjX41lt+MnMjOqAMSYBfAzuFmDjMLRySBmIRtShDB
Noztb/WWnws9NuHoLhiEnbtJTtivPvq4Qt/c5QjzPQlz
-----END CERTIFICATE-----