Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BE5TW8awrOEi1EV8pPDKNjB6O5I.roa
File:                     BE5TW8awrOEi1EV8pPDKNjB6O5I.roa (raw, json)
Hash identifier:          V+GsQ+OrujxokGvBBQmUU8PJpEXENYTdvYEyUvTtMMU=
Subject key identifier:   04:4E:53:5B:C6:B0:AC:E1:22:D4:45:7C:A4:F0:CA:36:30:7A:3B:92
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       018CC649E609D2EF0FC2409C3E43E9039E3F
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BE5TW8awrOEi1EV8pPDKNjB6O5I.roa
Signing time:             Mon 01 Jan 2024 18:29:40 +0000
ROA not before:           Mon 01 Jan 2024 18:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198003
IP address blocks:        82.103.125.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:e6:09:d2:ef:0f:c2:40:9c:3e:43:e9:03:9e:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jan  1 18:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=044e535bc6b0ace122d4457ca4f0ca36307a3b92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:b8:58:e5:1d:8f:fb:23:55:37:8d:c3:9c:8e:
                    5f:75:0a:14:f7:bd:ee:8e:9c:6a:ff:a0:80:d1:82:
                    4c:9e:2a:c5:53:2d:1a:25:8f:2a:40:b5:a8:9a:ea:
                    c1:f8:f8:80:6e:a4:3b:7c:fb:aa:5c:c4:1f:6d:ae:
                    49:d8:01:77:e4:68:5b:51:7b:a2:bd:18:c5:c6:a6:
                    17:d2:cc:cb:59:0b:3e:2b:5a:dd:4a:f8:c5:aa:80:
                    ff:f3:d3:b6:81:e0:3a:d2:5f:6d:96:f1:63:8a:e3:
                    18:b2:a7:6d:12:5f:d7:76:3f:38:07:eb:33:69:34:
                    12:be:6c:f1:5b:41:30:a4:74:f4:fc:0e:f6:e5:76:
                    98:f7:90:6b:be:3b:0f:05:0c:be:b6:c4:24:a3:81:
                    1d:91:97:fa:a3:a6:63:cb:a4:59:8b:4a:b6:ef:da:
                    ed:b7:11:66:3d:66:32:6e:47:a4:53:80:3d:6e:8c:
                    ab:33:11:35:b4:b5:f3:ca:40:5e:5c:cb:46:90:12:
                    40:8e:de:0b:a1:d7:4e:a8:97:48:bc:49:1c:11:25:
                    27:14:5b:84:68:ea:f5:24:31:d0:eb:a0:34:a3:d6:
                    e3:dd:a5:a1:e5:61:71:b4:78:10:b7:7b:6f:ec:49:
                    6c:95:f2:c2:9f:a2:e3:d4:6c:1c:48:ec:f6:fc:84:
                    f2:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:4E:53:5B:C6:B0:AC:E1:22:D4:45:7C:A4:F0:CA:36:30:7A:3B:92
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BE5TW8awrOEi1EV8pPDKNjB6O5I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.103.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:32:cb:a6:4c:81:24:00:ed:4c:f9:db:3f:76:18:0c:70:3c:
         ad:14:3b:3f:09:88:e8:86:52:34:2f:7b:bb:da:87:1c:22:fc:
         75:6f:a6:86:27:c1:0e:70:4e:90:8b:eb:15:f0:67:cf:8b:ef:
         10:17:52:08:3f:70:78:5d:37:c2:20:a8:1d:a2:19:7f:9e:ef:
         3d:0f:bb:2f:5c:72:c3:cd:7a:67:b9:98:b3:94:5d:4a:9f:29:
         a9:e6:9c:a8:f5:9c:91:fc:02:6a:3b:8b:73:7c:87:31:db:5f:
         0e:24:0c:56:3a:94:f4:97:6f:ef:63:33:b9:01:d0:f9:5b:2f:
         1b:16:3e:97:84:2f:9e:be:29:ff:4f:24:e1:66:b7:d3:91:6f:
         da:74:83:3a:c9:62:52:0a:af:3e:8a:03:ce:42:0b:9a:a9:a4:
         f4:7d:b7:78:58:bc:3e:da:83:c2:a6:72:62:3d:ff:f0:b4:6c:
         4b:23:a6:fb:e8:76:1e:90:b5:b8:cb:ab:16:5b:98:19:6f:e9:
         0e:c1:78:53:70:81:85:66:0f:52:75:58:2a:82:c5:04:a8:ae:
         4c:62:ca:5f:14:6d:6e:f1:b6:37:8d:1d:86:40:00:6a:ef:7f:
         6f:2b:bf:39:87:6c:3a:c7:22:5c:54:36:f5:b7:26:c8:ba:f0:
         2f:95:dc:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSeYJ0u8PwkCcPkPpA54/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjQwMTAxMTgyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDRlNTM1YmM2YjBhY2UxMjJkNDQ1N2NhNGYwY2EzNjMwN2EzYjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr7hY5R2P+yNVN43DnI5fdQoU973u
jpxq/6CA0YJMnirFUy0aJY8qQLWomurB+PiAbqQ7fPuqXMQfba5J2AF35GhbUXui
vRjFxqYX0szLWQs+K1rdSvjFqoD/89O2geA60l9tlvFjiuMYsqdtEl/Xdj84B+sz
aTQSvmzxW0EwpHT0/A725XaY95BrvjsPBQy+tsQko4EdkZf6o6Zjy6RZi0q279rt
txFmPWYybkekU4A9boyrMxE1tLXzykBeXMtGkBJAjt4LoddOqJdIvEkcESUnFFuE
aOr1JDHQ66A0o9bj3aWh5WFxtHgQt3tv7ElslfLCn6Lj1GwcSOz2/ITySQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAROU1vGsKzhItRFfKTwyjYwejuSMB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvQkU1VFc4YXdyT0VpMUVWOHBQREtOakI2TzVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUmd9MA0G
CSqGSIb3DQEBCwUAA4IBAQBCMsumTIEkAO1M+ds/dhgMcDytFDs/CYjohlI0L3u7
2occIvx1b6aGJ8EOcE6Qi+sV8GfPi+8QF1IIP3B4XTfCIKgdohl/nu89D7svXHLD
zXpnuZizlF1Knymp5pyo9ZyR/AJqO4tzfIcx218OJAxWOpT0l2/vYzO5AdD5Wy8b
Fj6XhC+evin/TyThZrfTkW/adIM6yWJSCq8+igPOQguaqaT0fbd4WLw+2oPCpnJi
Pf/wtGxLI6b76HYekLW4y6sWW5gZb+kOwXhTcIGFZg9SdVgqgsUEqK5MYspfFG1u
8bY3jR2GQABq739vK785h2w6xyJcVDb1tybIuvAvldwZ
-----END CERTIFICATE-----