Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/AQVzhgv6bmzs_7o9qwdBDXD84iA.roa
File:                     AQVzhgv6bmzs_7o9qwdBDXD84iA.roa (raw, json)
Hash identifier:          sZNvSaLBYl1WXf2WqBM8NfMAe9vCWQesaNvsdYCYm9A=
Subject key identifier:   01:05:73:86:0B:FA:6E:6C:EC:FF:BA:3D:AB:07:41:0D:70:FC:E2:20
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       018CC649E01B88A54C192F4FBE458463EC3A
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/AQVzhgv6bmzs_7o9qwdBDXD84iA.roa
Signing time:             Mon 01 Jan 2024 18:29:39 +0000
ROA not before:           Mon 01 Jan 2024 18:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51581
IP address blocks:        212.36.13.0/24 maxlen: 24
                          78.83.208.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:e0:1b:88:a5:4c:19:2f:4f:be:45:84:63:ec:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jan  1 18:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=010573860bfa6e6cecffba3dab07410d70fce220
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:78:5f:61:02:c0:cd:ae:a2:71:92:ca:a9:d0:
                    65:9a:a7:93:a7:5c:c8:6b:e2:a5:68:c8:2c:cd:b4:
                    18:9c:81:7c:03:3d:ab:66:11:c3:52:74:ab:3d:95:
                    5b:88:46:f4:ea:b9:21:8e:94:69:f3:3e:90:37:74:
                    d6:56:83:c9:6d:c6:1f:49:b5:21:56:32:f2:1d:2c:
                    03:d6:b6:c3:f1:f2:f6:62:ff:0b:d5:11:85:15:99:
                    76:64:36:77:21:46:6a:bf:b4:8f:6d:3e:17:f8:68:
                    70:28:e5:75:86:83:a0:2b:ee:ee:54:49:83:42:e8:
                    71:75:bb:a0:b2:72:b2:1c:cb:0a:7f:2c:dc:0e:13:
                    49:ec:c6:ec:c4:ad:24:2f:99:b4:bc:ce:48:c7:6d:
                    3b:2b:c7:ff:d6:bb:9c:fc:78:2e:13:a6:f6:c0:62:
                    5d:f4:15:a8:fe:59:d9:64:77:30:34:36:17:ab:cd:
                    f0:ef:ef:cf:c5:ee:85:27:b1:f5:13:20:97:ae:1f:
                    22:60:99:f6:ca:59:09:fa:5e:fc:f6:af:ba:45:51:
                    ba:90:1f:43:72:66:f1:65:75:35:92:92:8e:d1:9c:
                    42:93:97:61:1f:7d:45:49:5f:5f:bd:fe:69:12:bd:
                    60:47:aa:89:a3:cb:ff:4e:c3:65:ae:f8:17:7c:a2:
                    a8:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:05:73:86:0B:FA:6E:6C:EC:FF:BA:3D:AB:07:41:0D:70:FC:E2:20
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/AQVzhgv6bmzs_7o9qwdBDXD84iA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.83.208.0/24
                  212.36.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:48:58:92:77:d3:93:31:f0:3d:64:94:c3:f2:00:de:d5:46:
         14:fd:c7:3a:6a:22:98:83:af:3f:68:5c:3c:38:94:2a:11:e8:
         84:06:c4:14:90:8d:86:70:20:11:87:9f:1c:c1:08:3a:cc:a9:
         45:96:84:26:4d:3d:8b:6e:54:a4:67:7d:84:f0:59:d2:dd:38:
         3b:9f:01:08:ec:7e:86:ee:35:3e:8c:f2:99:9a:d7:0a:60:0f:
         36:e4:a5:46:55:ca:5e:82:e3:ee:bf:8f:fa:bf:fc:f3:f1:d4:
         df:ce:23:95:89:87:05:0e:61:07:6f:b7:c6:3d:f9:c3:fb:db:
         fd:83:26:2c:58:ed:d2:71:e9:06:e7:1c:89:04:d9:04:38:f6:
         b5:31:6a:eb:50:27:36:dd:b5:83:ee:f3:86:60:75:ef:21:b2:
         18:0a:61:d2:4e:bf:2d:94:16:f2:6c:ea:52:ba:43:2c:f0:d1:
         ab:4b:da:a9:69:7a:a7:a0:d4:b4:58:32:79:22:fd:3e:49:0b:
         8f:f4:02:a9:0e:67:72:88:f5:11:3e:50:07:05:78:fe:f8:27:
         33:a5:13:01:84:29:bd:e8:49:5b:c9:84:be:60:8a:ee:93:b5:
         24:3c:db:0e:47:00:f4:1c:8c:68:7f:f0:65:b8:3c:86:5e:1a:
         75:2f:b6:74
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGSeAbiKVMGS9PvkWEY+w6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjQwMTAxMTgyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTA1NzM4NjBiZmE2ZTZjZWNmZmJhM2RhYjA3NDEwZDcwZmNlMjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAknhfYQLAza6icZLKqdBlmqeTp1zI
a+KlaMgszbQYnIF8Az2rZhHDUnSrPZVbiEb06rkhjpRp8z6QN3TWVoPJbcYfSbUh
VjLyHSwD1rbD8fL2Yv8L1RGFFZl2ZDZ3IUZqv7SPbT4X+GhwKOV1hoOgK+7uVEmD
QuhxdbugsnKyHMsKfyzcDhNJ7MbsxK0kL5m0vM5Ix207K8f/1ruc/HguE6b2wGJd
9BWo/lnZZHcwNDYXq83w7+/Pxe6FJ7H1EyCXrh8iYJn2ylkJ+l789q+6RVG6kB9D
cmbxZXU1kpKO0ZxCk5dhH31FSV9fvf5pEr1gR6qJo8v/TsNlrvgXfKKomwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAEFc4YL+m5s7P+6PasHQQ1w/OIgMB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvQVFWemhndjZibXpzXzdvOXF3ZEJEWEQ4NGlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATlPQAwQA
1CQNMA0GCSqGSIb3DQEBCwUAA4IBAQBSSFiSd9OTMfA9ZJTD8gDe1UYU/cc6aiKY
g68/aFw8OJQqEeiEBsQUkI2GcCARh58cwQg6zKlFloQmTT2LblSkZ32E8FnS3Tg7
nwEI7H6G7jU+jPKZmtcKYA825KVGVcpeguPuv4/6v/zz8dTfziOViYcFDmEHb7fG
PfnD+9v9gyYsWO3ScekG5xyJBNkEOPa1MWrrUCc23bWD7vOGYHXvIbIYCmHSTr8t
lBbybOpSukMs8NGrS9qpaXqnoNS0WDJ5Iv0+SQuP9AKpDmdyiPURPlAHBXj++Ccz
pRMBhCm96ElbyYS+YIruk7UkPNsORwD0HIxof/BluDyGXhp1L7Z0
-----END CERTIFICATE-----