Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/Xbfe0yDXHFQ6uxJUi_Gn5hNOoXg.roa
File:                     Xbfe0yDXHFQ6uxJUi_Gn5hNOoXg.roa (raw, json)
Hash identifier:          nVCMzOL1/U83uRghSVprddSxjtsw9MaAjCbZVG1PX+A=
Subject key identifier:   5D:B7:DE:D3:20:D7:1C:54:3A:BB:12:54:8B:F1:A7:E6:13:4E:A1:78
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       0190EF6E59A6676E6AF93112986390687E0D
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/Xbfe0yDXHFQ6uxJUi_Gn5hNOoXg.roa
Signing time:             Fri 26 Jul 2024 14:25:04 +0000
ROA not before:           Fri 26 Jul 2024 14:25:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206930
IP address blocks:        194.15.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 00:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:ef:6e:59:a6:67:6e:6a:f9:31:12:98:63:90:68:7e:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jul 26 14:25:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5db7ded320d71c543abb12548bf1a7e6134ea178
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:93:47:28:59:6a:5a:c4:1f:cd:da:d3:6e:ce:
                    bc:3a:42:cc:72:19:9f:70:1b:b4:b3:49:27:d5:0e:
                    11:75:1b:d2:59:05:22:e9:4f:e7:b6:75:a8:2c:12:
                    fa:38:23:2f:e0:c3:ce:25:50:0e:fe:b2:5f:1b:4b:
                    11:73:22:71:68:dc:51:9b:5e:65:51:26:09:ea:fc:
                    72:9d:b5:83:d1:5e:67:11:fa:56:d4:14:c2:01:a9:
                    5b:de:f1:c0:c5:e8:8b:3f:44:c6:0c:c1:c9:aa:9b:
                    ce:e9:3b:28:a3:b6:c7:f2:7d:06:ff:e2:b4:d8:dd:
                    b7:cf:e7:bc:a8:87:92:64:51:d0:32:1b:af:8e:52:
                    1e:35:a8:2d:50:62:7e:db:94:f6:ce:fd:7d:11:c2:
                    70:af:4c:03:3a:12:ee:5a:37:f8:99:7a:21:86:5e:
                    1e:cb:55:7b:bc:c9:a4:06:43:cf:8a:95:59:2c:f4:
                    95:05:b8:20:a3:4b:66:e0:97:7c:e2:9f:87:dd:2a:
                    79:28:ee:1b:cb:9f:72:2e:aa:80:5a:62:c3:ca:46:
                    a5:7b:27:2e:61:5f:cf:62:eb:e3:71:45:44:a4:42:
                    d1:60:e7:d6:25:b1:83:f3:f0:03:f3:96:4b:02:4d:
                    58:ea:29:54:a6:86:f9:22:66:9b:97:3b:1a:85:8d:
                    4e:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:B7:DE:D3:20:D7:1C:54:3A:BB:12:54:8B:F1:A7:E6:13:4E:A1:78
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/Xbfe0yDXHFQ6uxJUi_Gn5hNOoXg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.15.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:12:a7:f0:2e:48:96:20:48:f3:38:98:cb:af:98:42:d3:14:
         e1:be:f3:15:79:86:10:48:ff:2f:75:e1:b4:e9:3f:4d:dd:a2:
         b8:4c:9c:41:07:17:4e:e0:59:2e:57:05:08:19:78:1f:84:77:
         9c:68:13:c9:75:70:ce:1f:95:1d:8f:aa:2d:64:d2:f6:60:be:
         51:5c:e5:60:d7:37:ef:ae:39:b9:69:da:c0:8b:43:79:9c:67:
         75:50:32:79:d2:0c:bf:3e:1f:cb:7d:83:dd:5f:b1:74:d9:a6:
         8d:61:68:aa:c1:2b:ef:85:30:42:b3:25:12:d5:85:71:6c:51:
         51:38:6f:9a:79:5c:fd:2d:7f:90:8b:c0:97:14:5e:be:c4:e6:
         16:66:78:11:af:a4:e1:31:4a:52:03:0a:68:ea:16:74:0b:fe:
         a7:5c:d9:a7:a4:9d:cb:ba:ca:3f:e6:4a:f4:a9:9d:7c:df:01:
         5d:f5:e1:9a:ce:5d:cd:7e:4f:94:bf:c8:df:30:ac:21:a9:46:
         f3:3f:a1:fc:7d:13:86:3a:eb:21:0d:db:0d:f4:0d:98:e1:ad:
         83:63:4e:e0:b4:ab:fc:77:90:88:60:58:08:e0:f6:8d:2b:29:
         94:a0:c7:93:48:e9:2c:82:9f:34:17:3c:cd:a9:34:85:46:c4:
         58:f1:3d:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDvblmmZ25q+TESmGOQaH4NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwNzI2MTQyNTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGI3ZGVkMzIwZDcxYzU0M2FiYjEyNTQ4YmYxYTdlNjEzNGVhMTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtJNHKFlqWsQfzdrTbs68OkLMchmf
cBu0s0kn1Q4RdRvSWQUi6U/ntnWoLBL6OCMv4MPOJVAO/rJfG0sRcyJxaNxRm15l
USYJ6vxynbWD0V5nEfpW1BTCAalb3vHAxeiLP0TGDMHJqpvO6Tsoo7bH8n0G/+K0
2N23z+e8qIeSZFHQMhuvjlIeNagtUGJ+25T2zv19EcJwr0wDOhLuWjf4mXohhl4e
y1V7vMmkBkPPipVZLPSVBbggo0tm4Jd84p+H3Sp5KO4by59yLqqAWmLDykaleycu
YV/PYuvjcUVEpELRYOfWJbGD8/AD85ZLAk1Y6ilUpob5ImablzsahY1OgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF233tMg1xxUOrsSVIvxp+YTTqF4MB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvWGJmZTB5RFhIRlE2dXhKVWlfR241aE5Pb1hnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwg+MMA0G
CSqGSIb3DQEBCwUAA4IBAQAwEqfwLkiWIEjzOJjLr5hC0xThvvMVeYYQSP8vdeG0
6T9N3aK4TJxBBxdO4FkuVwUIGXgfhHecaBPJdXDOH5Udj6otZNL2YL5RXOVg1zfv
rjm5adrAi0N5nGd1UDJ50gy/Ph/LfYPdX7F02aaNYWiqwSvvhTBCsyUS1YVxbFFR
OG+aeVz9LX+Qi8CXFF6+xOYWZngRr6ThMUpSAwpo6hZ0C/6nXNmnpJ3Luso/5kr0
qZ183wFd9eGazl3Nfk+Uv8jfMKwhqUbzP6H8fROGOushDdsN9A2Y4a2DY07gtKv8
d5CIYFgI4PaNKymUoMeTSOksgp80FzzNqTSFRsRY8T3v
-----END CERTIFICATE-----