Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS201949.roa
File:                     AS201949.roa (raw, json)
Hash identifier:          RTjVzN+7xYGuUpD3jdEd7MV4BcW+lAyMG4Ik4z6eOVU=
Subject key identifier:   BF:B8:82:FE:F6:0B:D3:A9:0C:74:BE:BB:8A:25:1A:A3:AF:F4:D8:2E
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       6A86A83A2A2DB218E0B463A6E21E686E72533FA7
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS201949.roa
Signing time:             Tue 30 Jul 2024 17:05:22 +0000
ROA not before:           Tue 30 Jul 2024 17:00:22 +0000
ROA not after:            Tue 29 Jul 2025 17:05:22 +0000
asID:                     201949
IP address blocks:        140.233.187.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:86:a8:3a:2a:2d:b2:18:e0:b4:63:a6:e2:1e:68:6e:72:53:3f:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jul 30 17:00:22 2024 GMT
            Not After : Jul 29 17:05:22 2025 GMT
        Subject: CN=BFB882FEF60BD3A90C74BEBB8A251AA3AFF4D82E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:4d:cd:60:a7:d8:b4:e4:49:ea:d3:ba:56:28:
                    2e:ef:a4:82:67:79:fe:83:bc:b7:17:b8:bf:92:1c:
                    7d:b8:6d:69:c8:2c:9b:14:e6:26:18:3d:3f:9a:99:
                    4f:48:7b:6b:84:b5:ec:f0:1c:51:4f:7b:c0:c3:22:
                    60:07:6f:c1:9f:51:b9:16:7e:0a:ec:09:60:b0:93:
                    b6:dd:46:e1:0e:bc:ca:54:b1:90:ee:3b:3d:84:12:
                    6a:55:90:0b:18:97:97:98:7a:da:85:47:3f:ef:68:
                    c1:76:45:46:15:e6:89:67:bd:60:76:33:13:4b:f0:
                    e9:dc:07:e2:65:03:97:98:76:27:8d:08:41:94:63:
                    c3:91:78:f1:d6:ab:98:96:97:bf:41:c7:d7:57:1e:
                    31:b1:d6:0c:d2:8b:2f:28:49:3a:66:46:22:c2:14:
                    72:07:5b:15:6d:6b:a8:eb:a9:32:30:89:62:8f:08:
                    5a:ad:d8:af:35:21:77:d5:3d:95:80:c2:e9:8b:80:
                    54:d7:87:02:6a:c0:59:68:79:70:32:b7:91:37:83:
                    02:73:57:10:aa:5c:0c:f5:47:a4:98:78:59:63:53:
                    18:26:d3:78:bb:8b:dc:5a:b9:d2:7d:a4:ee:ac:c3:
                    51:ab:17:87:5f:7f:ba:6f:f9:93:d9:72:ef:9a:3d:
                    1e:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:B8:82:FE:F6:0B:D3:A9:0C:74:BE:BB:8A:25:1A:A3:AF:F4:D8:2E
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS201949.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.233.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:a4:19:84:c9:38:b9:ed:10:46:5a:d5:5e:7e:36:7e:cb:5b:
         59:b2:a1:54:0e:9b:fd:78:61:d5:ea:22:bc:d6:d8:03:5b:52:
         37:c2:4e:33:00:0f:e0:68:df:56:20:5e:c7:02:b7:d4:d7:d0:
         06:95:34:bb:e5:fa:20:b8:95:72:bb:33:05:c6:e8:b9:5c:95:
         b9:b7:06:8e:a4:ef:2c:68:66:55:67:6a:43:8a:53:72:79:44:
         a2:40:d9:8e:fc:7d:20:e2:c0:e5:ce:5a:7f:c0:4c:85:dd:a6:
         5b:9b:b4:40:6e:a4:89:33:94:fd:6b:b7:f9:e4:81:5b:b5:5c:
         3c:fc:53:fc:07:52:66:ee:76:c2:53:0b:99:71:11:1c:6f:41:
         3b:5a:f0:dc:ca:b7:2c:93:19:61:b9:67:23:11:88:1a:ea:94:
         61:eb:61:46:4a:38:37:97:3a:24:03:b0:e9:a7:b7:8e:43:bd:
         e5:bf:c8:2c:20:f0:3d:4d:3f:7d:4b:8e:38:ed:55:3b:25:67:
         4a:11:ee:b2:2e:8b:97:1c:88:cc:b4:e9:07:ee:96:31:a2:0c:
         eb:75:6f:51:3c:a3:6d:18:f6:bc:71:ac:4b:83:96:5c:08:d1:
         9a:e7:8e:2e:52:00:99:5c:c3:12:38:81:3f:d6:1a:80:65:9f:
         28:27:f7:60
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUaoaoOiotshjgtGOm4h5obnJTP6cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDA3MzAxNzAwMjJaFw0yNTA3MjkxNzA1MjJaMDMxMTAvBgNV
BAMTKEJGQjg4MkZFRjYwQkQzQTkwQzc0QkVCQjhBMjUxQUEzQUZGNEQ4MkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXTc1gp9i05Enq07pWKC7vpIJn
ef6DvLcXuL+SHH24bWnILJsU5iYYPT+amU9Ie2uEtezwHFFPe8DDImAHb8GfUbkW
fgrsCWCwk7bdRuEOvMpUsZDuOz2EEmpVkAsYl5eYetqFRz/vaMF2RUYV5olnvWB2
MxNL8OncB+JlA5eYdieNCEGUY8ORePHWq5iWl79Bx9dXHjGx1gzSiy8oSTpmRiLC
FHIHWxVta6jrqTIwiWKPCFqt2K81IXfVPZWAwumLgFTXhwJqwFloeXAyt5E3gwJz
VxCqXAz1R6SYeFljUxgm03i7i9xaudJ9pO6sw1GrF4dff7pv+ZPZcu+aPR5FAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUv7iC/vYL06kMdL67iiUao6/02C4wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjAxOTQ5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjOm7
MA0GCSqGSIb3DQEBCwUAA4IBAQCGpBmEyTi57RBGWtVefjZ+y1tZsqFUDpv9eGHV
6iK81tgDW1I3wk4zAA/gaN9WIF7HArfU19AGlTS75foguJVyuzMFxui5XJW5twaO
pO8saGZVZ2pDilNyeUSiQNmO/H0g4sDlzlp/wEyF3aZbm7RAbqSJM5T9a7f55IFb
tVw8/FP8B1Jm7nbCUwuZcREcb0E7WvDcyrcskxlhuWcjEYga6pRh62FGSjg3lzok
A7Dpp7eOQ73lv8gsIPA9TT99S4447VU7JWdKEe6yLouXHIjMtOkH7pYxogzrdW9R
PKNtGPa8caxLg5ZcCNGa544uUgCZXMMSOIE/1hqAZZ8oJ/dg
-----END CERTIFICATE-----