Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/P98Ksy8ZBpa7dft716VW3bSyPSA.roa
File:                     P98Ksy8ZBpa7dft716VW3bSyPSA.roa (raw, json)
Hash identifier:          gu4a2Xz4Nt+Hpi+1zFJqgPSPftL+kVHklIqRqj6dUWw=
Subject key identifier:   3F:DF:0A:B3:2F:19:06:96:BB:75:FB:7B:D7:A5:56:DD:B4:B2:3D:20
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       018CC56E142B1A343386EB6DDC174027FEC5
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/P98Ksy8ZBpa7dft716VW3bSyPSA.roa
Signing time:             Mon 01 Jan 2024 14:29:34 +0000
ROA not before:           Mon 01 Jan 2024 14:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201152
IP address blocks:        201.49.188.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 00:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:14:2b:1a:34:33:86:eb:6d:dc:17:40:27:fe:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  1 14:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3fdf0ab32f190696bb75fb7bd7a556ddb4b23d20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:3a:2b:3b:f9:43:41:20:c0:32:3a:bc:88:fc:
                    9f:80:c2:6d:cf:9c:2e:ce:d1:a0:9d:1a:9e:fb:10:
                    33:29:2a:ab:f1:fc:db:04:6f:24:c2:db:ab:d5:1e:
                    9e:35:89:14:f9:eb:b2:aa:5d:7e:e3:29:64:5d:28:
                    bd:8b:a9:04:00:30:98:26:1f:c7:8c:6f:39:de:56:
                    78:4a:89:4c:bb:a0:9a:82:52:e8:b5:3e:d4:91:b8:
                    52:d0:5b:03:7f:eb:42:f5:65:7e:84:f7:0e:97:4f:
                    8b:1f:1c:44:6c:fb:e6:f3:23:5f:71:d2:e0:e2:b7:
                    ef:fa:ad:f4:4a:c8:dc:e6:e9:36:62:fa:12:7d:45:
                    1c:59:aa:ff:ff:36:55:78:3b:b1:76:6d:23:16:3a:
                    1b:12:34:d9:3e:09:21:6b:4e:ee:8d:82:82:d7:3b:
                    df:db:43:80:50:e6:a1:73:98:37:bc:ee:86:14:83:
                    c6:c3:82:52:74:de:0c:d5:8a:aa:b8:54:cf:b0:4b:
                    27:42:26:7e:42:f1:81:10:e4:7b:2f:fc:e3:7c:f6:
                    73:19:ab:5e:f6:9d:c8:de:17:46:44:26:17:03:ce:
                    6b:b2:28:b9:1b:4b:7b:64:72:a3:cb:fd:53:f4:20:
                    2a:70:2a:61:a2:52:10:43:b4:26:80:16:74:12:05:
                    ec:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:DF:0A:B3:2F:19:06:96:BB:75:FB:7B:D7:A5:56:DD:B4:B2:3D:20
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/P98Ksy8ZBpa7dft716VW3bSyPSA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  201.49.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:84:3d:09:0d:30:2b:c0:9d:b6:a6:ce:9c:70:7e:7a:5b:21:
         f4:7d:83:92:0a:f4:2d:c1:1c:24:91:04:5d:f2:18:b8:30:70:
         36:32:5d:fc:cb:ca:2b:e5:0f:23:46:ad:23:d8:61:29:72:6c:
         57:63:8a:92:73:40:1e:3b:c4:6c:ae:96:eb:27:55:ce:d9:20:
         00:5f:76:e7:5f:f1:14:c5:ee:7e:60:04:08:33:fb:27:8c:69:
         4e:99:65:67:cb:57:d5:8e:70:a0:5a:00:02:ff:08:a3:cc:a7:
         85:c9:32:6b:5b:45:4e:33:ba:dd:8a:39:d4:60:c9:cd:df:ab:
         00:02:a5:dc:79:83:05:e8:2d:8f:b0:de:ba:0b:4f:44:96:41:
         0b:6a:b4:82:05:3a:70:dd:b6:b6:12:dc:e4:d8:60:77:94:1e:
         13:da:af:80:4a:f5:71:61:49:42:e7:a5:23:fe:1d:fb:8a:b0:
         60:f6:65:5a:56:fc:c3:b1:a5:1f:7d:b8:7d:2d:dc:35:f6:8c:
         e5:41:60:7e:b9:74:3b:15:a3:b7:c2:0b:32:a9:f8:b7:01:79:
         76:83:03:05:42:4f:f5:bb:6a:7f:14:39:37:c2:db:e6:97:eb:
         85:fa:c6:ec:69:87:e0:09:aa:ff:1f:2c:3a:84:4b:98:c8:6d:
         fd:be:3e:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbhQrGjQzhutt3BdAJ/7FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwMTAxMTQyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmRmMGFiMzJmMTkwNjk2YmI3NWZiN2JkN2E1NTZkZGI0YjIzZDIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgDorO/lDQSDAMjq8iPyfgMJtz5wu
ztGgnRqe+xAzKSqr8fzbBG8kwtur1R6eNYkU+euyql1+4ylkXSi9i6kEADCYJh/H
jG853lZ4SolMu6CaglLotT7UkbhS0FsDf+tC9WV+hPcOl0+LHxxEbPvm8yNfcdLg
4rfv+q30Ssjc5uk2YvoSfUUcWar//zZVeDuxdm0jFjobEjTZPgkha07ujYKC1zvf
20OAUOahc5g3vO6GFIPGw4JSdN4M1YqquFTPsEsnQiZ+QvGBEOR7L/zjfPZzGate
9p3I3hdGRCYXA85rsii5G0t7ZHKjy/1T9CAqcCpholIQQ7QmgBZ0EgXs+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD/fCrMvGQaWu3X7e9elVt20sj0gMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvUDk4S3N5OFpCcGE3ZGZ0NzE2VlczYlN5UFNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAyTG8MA0G
CSqGSIb3DQEBCwUAA4IBAQCohD0JDTArwJ22ps6ccH56WyH0fYOSCvQtwRwkkQRd
8hi4MHA2Ml38y8or5Q8jRq0j2GEpcmxXY4qSc0AeO8RsrpbrJ1XO2SAAX3bnX/EU
xe5+YAQIM/snjGlOmWVny1fVjnCgWgAC/wijzKeFyTJrW0VOM7rdijnUYMnN36sA
AqXceYMF6C2PsN66C09ElkELarSCBTpw3ba2Etzk2GB3lB4T2q+ASvVxYUlC56Uj
/h37irBg9mVaVvzDsaUffbh9Ldw19ozlQWB+uXQ7FaO3wgsyqfi3AXl2gwMFQk/1
u2p/FDk3wtvml+uF+sbsaYfgCar/Hyw6hEuYyG39vj6T
-----END CERTIFICATE-----