Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/78c577-8f98-40b2-b01d-10777f9e3685/1/B-TUg9RivxI5wc4brrl3sI5aP7o.roa
File:                     B-TUg9RivxI5wc4brrl3sI5aP7o.roa (raw, json)
Hash identifier:          UYJrDbwEYVJDMOFcI6MV3L4sgpV7b8DBHTHJPZjRtSE=
Subject key identifier:   07:E4:D4:83:D4:62:BF:12:39:C1:CE:1B:AE:B9:77:B0:8E:5A:3F:BA
Certificate issuer:       /CN=532d1e41424819bcc0cd637d8ee141fea585d00d
Certificate serial:       018CC500421526367DD15A45DEBF058EF163
Authority key identifier: 53:2D:1E:41:42:48:19:BC:C0:CD:63:7D:8E:E1:41:FE:A5:85:D0:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uy0eQUJIGbzAzWN9juFB_qWF0A0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/78c577-8f98-40b2-b01d-10777f9e3685/1/B-TUg9RivxI5wc4brrl3sI5aP7o.roa
Signing time:             Mon 01 Jan 2024 12:29:37 +0000
ROA not before:           Mon 01 Jan 2024 12:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201404
IP address blocks:        185.49.49.0/24 maxlen: 24
                          2a04:b700:ca75::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/78c577-8f98-40b2-b01d-10777f9e3685/1/Uy0eQUJIGbzAzWN9juFB_qWF0A0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/78c577-8f98-40b2-b01d-10777f9e3685/1/Uy0eQUJIGbzAzWN9juFB_qWF0A0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uy0eQUJIGbzAzWN9juFB_qWF0A0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 18:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:42:15:26:36:7d:d1:5a:45:de:bf:05:8e:f1:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=532d1e41424819bcc0cd637d8ee141fea585d00d
        Validity
            Not Before: Jan  1 12:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07e4d483d462bf1239c1ce1baeb977b08e5a3fba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:2f:88:3e:d4:d7:fa:4b:48:a9:32:4c:5a:db:
                    9a:2c:b9:9b:5e:dd:e4:08:36:ba:75:6d:40:61:6a:
                    84:36:d4:b5:38:c8:ec:26:94:ab:30:1c:b2:e5:41:
                    40:00:08:75:27:2c:38:a0:ae:87:46:85:61:49:51:
                    bb:15:4b:1c:2e:db:b5:5f:9f:17:b1:02:52:b5:1a:
                    82:57:82:60:06:7e:c8:1c:58:1d:1a:11:b3:d4:77:
                    8c:c7:cc:f4:ce:85:21:cd:e2:ca:59:33:cc:c0:69:
                    08:9e:66:27:7d:53:32:f2:f0:6b:5e:f0:a9:55:74:
                    91:4e:83:ff:e9:2a:62:7e:99:69:53:0f:24:d8:85:
                    53:e0:60:d6:f2:e3:20:ec:32:55:83:5a:6c:e1:2a:
                    16:40:d8:5a:89:3a:d8:eb:1a:b0:c9:c3:f5:33:41:
                    a8:a4:35:4a:4b:58:aa:6b:6b:99:05:53:22:d8:0e:
                    32:50:42:4b:9c:53:07:89:9c:e1:bb:6a:d8:c8:c2:
                    08:ca:e1:2c:8a:85:4b:76:dc:61:ac:f6:59:79:6b:
                    a9:9f:8e:b0:72:a4:95:12:a6:c2:f4:b1:c3:6f:25:
                    08:e4:97:c2:58:49:c9:f2:8e:c9:68:af:77:0f:af:
                    ee:fe:ed:f7:8c:2b:55:2b:db:25:28:22:98:da:04:
                    66:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:E4:D4:83:D4:62:BF:12:39:C1:CE:1B:AE:B9:77:B0:8E:5A:3F:BA
            X509v3 Authority Key Identifier:
                keyid:53:2D:1E:41:42:48:19:BC:C0:CD:63:7D:8E:E1:41:FE:A5:85:D0:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uy0eQUJIGbzAzWN9juFB_qWF0A0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/78c577-8f98-40b2-b01d-10777f9e3685/1/B-TUg9RivxI5wc4brrl3sI5aP7o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/78c577-8f98-40b2-b01d-10777f9e3685/1/Uy0eQUJIGbzAzWN9juFB_qWF0A0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.49.49.0/24
                IPv6:
                  2a04:b700:ca75::/48

    Signature Algorithm: sha256WithRSAEncryption
         bc:ab:91:3f:75:43:8d:6a:c6:73:78:9d:ef:09:2e:ed:1e:dc:
         e7:fd:5f:e4:2b:55:c7:9a:8f:0c:64:26:91:c0:5a:b2:4e:e2:
         ea:f2:d3:1c:a4:0d:f6:0b:b1:a9:58:80:2a:16:d3:34:9e:7c:
         97:ad:4a:49:4f:a0:2d:e4:26:2d:63:59:03:25:53:2b:12:0e:
         60:db:75:46:cf:6c:29:3e:54:9b:e6:40:d3:93:2d:2e:d2:7b:
         56:d5:83:9d:74:1f:81:e5:e1:12:ee:47:b9:60:14:b2:f5:1b:
         44:fa:0e:ff:61:29:58:9a:b3:b2:ee:01:5d:fd:1f:b1:86:10:
         7b:32:05:66:73:2b:b9:82:29:96:2a:19:74:b7:6a:51:39:ce:
         bf:6b:64:ec:43:82:f3:6f:b6:c6:c0:05:66:93:79:8b:63:9c:
         ee:e7:0a:a2:ea:fc:8f:c1:1b:d3:98:5f:43:5b:b0:ac:3d:a2:
         7e:8e:e7:f7:76:14:49:00:88:0e:af:04:44:5b:fd:e2:de:c0:
         3a:05:87:a8:f3:08:f8:a1:ff:ef:45:ba:66:93:88:ba:e4:62:
         6f:ab:49:a6:65:b1:f4:59:59:58:dd:69:64:bb:d3:3c:01:2f:
         d7:c8:94:97:97:05:3e:71:48:66:6b:04:5a:fd:80:36:a2:80:
         df:ad:a9:56
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzFAEIVJjZ90VpF3r8FjvFjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzMmQxZTQxNDI0ODE5YmNjMGNkNjM3ZDhlZTE0MWZlYTU4
NWQwMGQwHhcNMjQwMTAxMTIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2U0ZDQ4M2Q0NjJiZjEyMzljMWNlMWJhZWI5NzdiMDhlNWEzZmJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsy+IPtTX+ktIqTJMWtuaLLmbXt3k
CDa6dW1AYWqENtS1OMjsJpSrMByy5UFAAAh1Jyw4oK6HRoVhSVG7FUscLtu1X58X
sQJStRqCV4JgBn7IHFgdGhGz1HeMx8z0zoUhzeLKWTPMwGkInmYnfVMy8vBrXvCp
VXSRToP/6SpifplpUw8k2IVT4GDW8uMg7DJVg1ps4SoWQNhaiTrY6xqwycP1M0Go
pDVKS1iqa2uZBVMi2A4yUEJLnFMHiZzhu2rYyMIIyuEsioVLdtxhrPZZeWupn46w
cqSVEqbC9LHDbyUI5JfCWEnJ8o7JaK93D6/u/u33jCtVK9slKCKY2gRmtwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAfk1IPUYr8SOcHOG665d7COWj+6MB8GA1UdIwQY
MBaAFFMtHkFCSBm8wM1jfY7hQf6lhdANMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXkwZVFVSklHYnpBeldOOWp1RkJfcVdGMEEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC83OGM1NzctOGY5OC00MGIyLWIwMWQt
MTA3NzdmOWUzNjg1LzEvQi1UVWc5Uml2eEk1d2M0YnJybDNzSTVhUDdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC83OGM1NzctOGY5OC00MGIyLWIwMWQtMTA3NzdmOWUzNjg1
LzEvVXkwZVFVSklHYnpBeldOOWp1RkJfcVdGMEEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuTExMA8E
AgACMAkDBwAqBLcAynUwDQYJKoZIhvcNAQELBQADggEBALyrkT91Q41qxnN4ne8J
Lu0e3Of9X+QrVceajwxkJpHAWrJO4ury0xykDfYLsalYgCoW0zSefJetSklPoC3k
Ji1jWQMlUysSDmDbdUbPbCk+VJvmQNOTLS7Se1bVg510H4Hl4RLuR7lgFLL1G0T6
Dv9hKVias7LuAV39H7GGEHsyBWZzK7mCKZYqGXS3alE5zr9rZOxDgvNvtsbABWaT
eYtjnO7nCqLq/I/BG9OYX0NbsKw9on6O5/d2FEkAiA6vBERb/eLewDoFh6jzCPih
/+9FumaTiLrkYm+rSaZlsfRZWVjdaWS70zwBL9fIlJeXBT5xSGZrBFr9gDaigN+t
qVY=
-----END CERTIFICATE-----