Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/02NmrOnRudgqLoHIIB_B-q3O8qU.roa
File:                     02NmrOnRudgqLoHIIB_B-q3O8qU.roa (raw, json)
Hash identifier:          nNfx6+cZgGaZlzA7PEL4/Fl6GCAuCpQFCwEPV0L0FWY=
Subject key identifier:   D3:63:66:AC:E9:D1:B9:D8:2A:2E:81:C8:20:1F:C1:FA:AD:CE:F2:A5
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       018CC649D8FD597D2D8974524EF295CF6B1B
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/02NmrOnRudgqLoHIIB_B-q3O8qU.roa
Signing time:             Mon 01 Jan 2024 18:29:37 +0000
ROA not before:           Mon 01 Jan 2024 18:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41610
IP address blocks:        212.91.162.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 15:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:d8:fd:59:7d:2d:89:74:52:4e:f2:95:cf:6b:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jan  1 18:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d36366ace9d1b9d82a2e81c8201fc1faadcef2a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:10:4f:03:e7:9e:fb:c6:96:91:ea:e7:40:a8:
                    c7:32:e8:0d:da:66:ae:44:2d:37:8b:e7:fb:f2:e3:
                    42:f1:fe:98:73:44:80:76:9e:bd:09:ac:a2:87:61:
                    ea:11:31:67:01:ef:51:de:38:1e:bf:1f:28:47:9e:
                    16:46:80:fe:ea:12:a1:14:9f:99:9c:10:0a:a9:d6:
                    86:7b:ae:4d:9a:c8:1f:32:3a:eb:e1:17:16:09:33:
                    d4:ed:7a:a9:5a:25:cc:ae:41:f5:76:3c:23:41:f9:
                    f9:9e:d0:a8:71:ce:c4:64:68:38:25:7a:e7:34:d7:
                    21:5d:12:a2:9d:83:9b:b2:e0:7d:2d:b6:ea:e0:3f:
                    c0:27:e7:93:29:e0:6e:06:34:be:14:40:17:76:4f:
                    a9:bc:fc:6e:60:ce:95:8d:6b:10:f2:d0:3a:b6:92:
                    8a:13:37:bb:17:b9:8f:86:e4:82:58:cd:60:03:f9:
                    5b:b0:83:27:8d:ad:d9:18:06:f6:16:a9:a8:c5:92:
                    77:d6:14:6a:c4:a3:f3:a8:93:49:00:9f:a9:59:b1:
                    21:9e:a4:eb:26:05:67:52:b7:ab:4e:d3:a6:17:87:
                    ab:88:09:67:93:eb:c7:73:06:4f:01:4c:e6:2f:b4:
                    ba:20:1f:60:b3:42:8f:12:0a:f1:0c:02:a5:be:e0:
                    53:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:63:66:AC:E9:D1:B9:D8:2A:2E:81:C8:20:1F:C1:FA:AD:CE:F2:A5
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/02NmrOnRudgqLoHIIB_B-q3O8qU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.91.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:82:46:cc:23:a0:f0:32:92:c7:99:b2:5b:40:6d:e9:1a:55:
         01:82:7f:ed:3a:74:f1:a3:21:46:d1:fe:ec:2f:51:d5:39:d9:
         63:b0:a5:00:42:9e:10:2c:9d:09:c1:4f:77:42:3a:24:35:17:
         e6:77:cf:cb:81:c9:12:3d:d6:96:35:6e:3a:10:ec:48:43:0d:
         2b:e7:4d:ac:49:57:a7:e7:77:2e:db:a0:c9:8e:d5:51:44:49:
         1f:9e:34:75:b8:95:3f:31:59:7a:e9:de:d4:ad:0c:b4:74:42:
         fc:d8:03:03:f5:51:b7:c1:b4:a5:75:cd:57:b2:df:9c:9e:aa:
         42:29:f9:96:24:85:80:f5:18:32:77:83:29:10:17:48:46:6c:
         31:f9:22:2b:de:2b:c1:bf:e5:4e:f6:79:6f:67:85:67:40:f0:
         c4:55:52:dd:3c:3f:02:85:5c:c1:8b:80:7a:d5:d5:ea:a3:78:
         be:34:53:29:0e:ef:a1:e4:59:35:bd:06:26:d2:28:12:73:e8:
         aa:ad:1e:06:fe:e5:6b:9d:4d:c1:02:ff:7c:1d:67:dd:db:ee:
         43:79:dc:33:5e:8d:29:d9:86:1f:e0:bf:93:84:1d:d6:4c:53:
         f6:b9:b2:1f:4a:80:3c:e8:44:76:69:ea:9f:ec:0f:a6:0a:3d:
         1e:9c:bd:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSdj9WX0tiXRSTvKVz2sbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjQwMTAxMTgyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzYzNjZhY2U5ZDFiOWQ4MmEyZTgxYzgyMDFmYzFmYWFkY2VmMmE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjxBPA+ee+8aWkernQKjHMugN2mau
RC03i+f78uNC8f6Yc0SAdp69Cayih2HqETFnAe9R3jgevx8oR54WRoD+6hKhFJ+Z
nBAKqdaGe65NmsgfMjrr4RcWCTPU7XqpWiXMrkH1djwjQfn5ntCocc7EZGg4JXrn
NNchXRKinYObsuB9Lbbq4D/AJ+eTKeBuBjS+FEAXdk+pvPxuYM6VjWsQ8tA6tpKK
Eze7F7mPhuSCWM1gA/lbsIMnja3ZGAb2FqmoxZJ31hRqxKPzqJNJAJ+pWbEhnqTr
JgVnUrerTtOmF4eriAlnk+vHcwZPAUzmL7S6IB9gs0KPEgrxDAKlvuBT3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNNjZqzp0bnYKi6ByCAfwfqtzvKlMB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvMDJObXJPblJ1ZGdxTG9ISUlCX0ItcTNPOHFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1FuiMA0G
CSqGSIb3DQEBCwUAA4IBAQAngkbMI6DwMpLHmbJbQG3pGlUBgn/tOnTxoyFG0f7s
L1HVOdljsKUAQp4QLJ0JwU93QjokNRfmd8/LgckSPdaWNW46EOxIQw0r502sSVen
53cu26DJjtVRREkfnjR1uJU/MVl66d7UrQy0dEL82AMD9VG3wbSldc1Xst+cnqpC
KfmWJIWA9Rgyd4MpEBdIRmwx+SIr3ivBv+VO9nlvZ4VnQPDEVVLdPD8ChVzBi4B6
1dXqo3i+NFMpDu+h5Fk1vQYm0igSc+iqrR4G/uVrnU3BAv98HWfd2+5DedwzXo0p
2YYf4L+ThB3WTFP2ubIfSoA86ER2aeqf7A+mCj0enL1C
-----END CERTIFICATE-----