Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/oVTl59i3y-XJP7B4lk6uP2PXRj0.roa
File:                     oVTl59i3y-XJP7B4lk6uP2PXRj0.roa (raw, json)
Hash identifier:          9v4iCmicjkac0FYcLZM1m6Ev0lFo2By3RexycRWkPfs=
Subject key identifier:   A1:54:E5:E7:D8:B7:CB:E5:C9:3F:B0:78:96:4E:AE:3F:63:D7:46:3D
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018E8561890D38BB8E86E63EEB9485F79509
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/oVTl59i3y-XJP7B4lk6uP2PXRj0.roa
Signing time:             Thu 28 Mar 2024 14:05:45 +0000
ROA not before:           Thu 28 Mar 2024 14:05:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14445
IP address blocks:        185.49.127.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:85:61:89:0d:38:bb:8e:86:e6:3e:eb:94:85:f7:95:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar 28 14:05:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a154e5e7d8b7cbe5c93fb078964eae3f63d7463d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:6b:28:50:b9:f2:4e:70:6e:e5:e0:b7:e9:bf:
                    3d:5e:63:5c:e9:1a:e6:85:d1:65:4d:40:f6:4e:70:
                    25:28:3d:ac:c9:17:c0:ba:a2:44:26:ee:e1:e5:75:
                    07:b7:7c:02:e3:3b:a4:58:a7:20:a6:d0:5d:c1:df:
                    6e:86:18:6b:fd:a9:e6:2b:e1:5f:eb:63:59:c3:16:
                    c6:b3:38:df:56:b8:b7:e3:7e:8a:28:43:bc:ef:ad:
                    05:f9:48:17:6c:e6:8b:51:1c:da:b0:31:da:b3:eb:
                    73:a6:c5:58:06:34:bc:a9:03:14:d5:e4:a5:7d:95:
                    35:8e:b1:ae:81:16:68:f9:6a:7a:4e:a7:35:2e:b1:
                    18:85:25:6b:76:2d:4e:10:1a:05:96:30:5e:cc:15:
                    bd:62:ec:78:35:d9:73:63:dc:7f:e8:f3:bd:12:36:
                    f9:23:14:1a:5b:50:9e:b9:97:c3:13:05:70:c5:2b:
                    ca:20:c7:cd:83:de:23:43:87:9c:bc:ee:8b:65:99:
                    ad:ff:11:8c:6d:ae:72:44:74:33:b7:66:28:66:a3:
                    1d:f8:9e:b1:41:31:3f:ab:5b:9c:48:cb:da:d2:a6:
                    f7:f4:99:91:60:cf:5a:14:a6:31:0e:2b:84:e3:af:
                    12:20:e3:1c:4e:28:f5:35:d1:61:f6:c9:6f:64:7d:
                    a7:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:54:E5:E7:D8:B7:CB:E5:C9:3F:B0:78:96:4E:AE:3F:63:D7:46:3D
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/oVTl59i3y-XJP7B4lk6uP2PXRj0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.49.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:7a:1c:dd:50:a3:72:a1:2b:79:eb:40:e1:4e:74:19:90:01:
         31:81:92:c3:6a:7c:f9:69:9d:78:4d:59:07:ac:49:ed:38:f5:
         45:c7:b1:44:e6:ee:bf:3c:57:e0:0b:bb:a7:63:2d:fb:d1:2b:
         0f:c6:dc:27:e3:0c:87:e7:99:28:d5:83:48:15:c1:30:6e:a5:
         19:a3:75:68:c8:e7:42:23:c3:c0:27:fd:74:b7:2e:aa:76:9e:
         da:52:b6:d3:d7:76:1a:09:37:5e:6a:0d:df:5a:c0:32:73:bc:
         80:b2:20:3f:be:4f:af:93:91:a7:1a:de:71:c4:d2:f6:28:e7:
         43:65:90:a2:40:a5:e7:61:62:8d:61:a7:93:d4:64:40:ce:34:
         0c:b8:d2:99:4b:e4:f4:ef:ae:de:55:b6:6c:77:52:59:df:ef:
         c5:4b:0c:19:53:f5:e9:6d:ce:bb:7d:a5:76:b5:a2:cf:fd:3a:
         15:ba:6e:2f:9e:69:a9:d1:6d:df:e5:ac:96:92:4f:e7:74:10:
         46:5e:88:4c:e5:0e:39:4a:c9:f5:e9:d1:e4:94:e6:af:06:01:
         be:38:d3:7e:59:c5:3e:14:f3:f7:8e:1e:48:2f:19:87:0e:8c:
         65:18:51:12:aa:86:07:f2:e9:de:76:31:6e:77:e9:d1:67:7f:
         cf:a4:5c:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6FYYkNOLuOhuY+65SF95UJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMzI4MTQwNTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTU0ZTVlN2Q4YjdjYmU1YzkzZmIwNzg5NjRlYWUzZjYzZDc0NjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2soULnyTnBu5eC36b89XmNc6Rrm
hdFlTUD2TnAlKD2syRfAuqJEJu7h5XUHt3wC4zukWKcgptBdwd9uhhhr/anmK+Ff
62NZwxbGszjfVri3436KKEO8760F+UgXbOaLURzasDHas+tzpsVYBjS8qQMU1eSl
fZU1jrGugRZo+Wp6Tqc1LrEYhSVrdi1OEBoFljBezBW9Yux4NdlzY9x/6PO9Ejb5
IxQaW1CeuZfDEwVwxSvKIMfNg94jQ4ecvO6LZZmt/xGMba5yRHQzt2YoZqMd+J6x
QTE/q1ucSMva0qb39JmRYM9aFKYxDiuE468SIOMcTij1NdFh9slvZH2nmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKFU5efYt8vlyT+weJZOrj9j10Y9MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvb1ZUbDU5aTN5LVhKUDdCNGxrNnVQMlBYUmowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTF/MA0G
CSqGSIb3DQEBCwUAA4IBAQCSehzdUKNyoSt560DhTnQZkAExgZLDanz5aZ14TVkH
rEntOPVFx7FE5u6/PFfgC7unYy370SsPxtwn4wyH55ko1YNIFcEwbqUZo3VoyOdC
I8PAJ/10ty6qdp7aUrbT13YaCTdeag3fWsAyc7yAsiA/vk+vk5GnGt5xxNL2KOdD
ZZCiQKXnYWKNYaeT1GRAzjQMuNKZS+T0767eVbZsd1JZ3+/FSwwZU/Xpbc67faV2
taLP/ToVum4vnmmp0W3f5ayWkk/ndBBGXohM5Q45Ssn16dHklOavBgG+ONN+WcU+
FPP3jh5ILxmHDoxlGFESqoYH8unedjFud+nRZ3/PpFwP
-----END CERTIFICATE-----