Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BcGKQ2w70gOW2647RH10i26Wqqw.roa
File:                     BcGKQ2w70gOW2647RH10i26Wqqw.roa (raw, json)
Hash identifier:          nGCG6H3cHD/yX5zXbLorl37lnPzlVNlGB5tL7fuHhIA=
Subject key identifier:   05:C1:8A:43:6C:3B:D2:03:96:DB:AE:3B:44:7D:74:8B:6E:96:AA:AC
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       018CC649D78FD74CF0B0290AFB73EB6C8983
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BcGKQ2w70gOW2647RH10i26Wqqw.roa
Signing time:             Mon 01 Jan 2024 18:29:37 +0000
ROA not before:           Mon 01 Jan 2024 18:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     36224
IP address blocks:        151.251.72.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:d7:8f:d7:4c:f0:b0:29:0a:fb:73:eb:6c:89:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jan  1 18:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=05c18a436c3bd20396dbae3b447d748b6e96aaac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:2d:43:67:d1:a0:99:11:87:44:6f:e2:32:c4:
                    33:49:a3:f8:b3:61:12:4a:ad:0c:ef:9a:dd:6a:51:
                    a4:1d:7a:13:2f:d2:4e:2e:5f:73:5b:1e:f2:a5:d5:
                    a8:2e:01:e4:6c:fc:51:03:a1:ef:54:30:db:54:83:
                    37:1f:5a:f6:a1:2a:d6:22:2a:ec:b9:56:0f:64:6c:
                    7f:1a:81:ea:c7:57:1e:a7:74:0c:43:80:0b:68:4c:
                    79:47:e9:8a:ef:57:f5:5f:ff:88:f0:a4:33:bd:c7:
                    85:91:99:9c:c5:7c:a5:35:21:6f:e9:2f:0a:60:a2:
                    28:6b:d5:47:bf:f5:aa:43:ea:4c:83:56:f3:53:7c:
                    64:b4:bb:a3:ac:f2:b0:bb:80:b7:3a:75:87:0c:30:
                    f3:44:d6:4a:b9:9d:91:5f:e9:71:58:00:a3:92:bd:
                    c7:52:83:d6:5f:1d:a7:27:26:1f:98:6d:3d:6f:9b:
                    39:fa:4f:74:92:a9:a6:d2:cb:6e:b9:25:e9:bf:79:
                    93:09:31:1d:4a:21:f1:df:f2:e7:86:c3:6e:d7:77:
                    36:89:b9:72:79:b9:a3:75:5b:6e:3d:aa:4c:3c:92:
                    6e:fb:ad:e7:50:5a:c4:05:77:91:f1:87:2e:ec:f8:
                    64:93:36:bf:0f:1e:9f:09:72:07:ab:2a:06:12:2e:
                    ca:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:C1:8A:43:6C:3B:D2:03:96:DB:AE:3B:44:7D:74:8B:6E:96:AA:AC
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BcGKQ2w70gOW2647RH10i26Wqqw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.251.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:7a:76:8f:58:6c:b3:b3:ee:28:58:c8:93:f4:b3:41:40:8b:
         fd:3c:47:59:9e:ca:e3:39:8b:e2:5f:26:f3:16:b6:53:a3:67:
         35:97:41:43:81:9d:41:6f:ef:a0:e3:b6:ca:7d:99:cc:88:6e:
         b4:a2:33:10:91:8e:27:53:c2:93:a6:15:fe:d1:13:a3:7b:07:
         89:cf:27:05:91:27:27:7d:fe:3f:35:96:1f:6f:66:7a:fe:4c:
         43:b9:28:69:cb:b3:23:9a:34:40:da:3a:c8:e8:a9:75:ad:86:
         f7:51:15:6f:c5:05:0c:1d:5d:84:74:ca:bc:0e:fb:9c:b2:49:
         20:f7:80:ad:ce:40:b9:6a:03:2e:77:d0:88:db:82:44:5a:1e:
         97:0d:42:34:10:16:eb:a3:36:b8:1e:b9:ee:56:c2:86:63:f6:
         2e:03:ff:0e:86:85:06:3c:cd:12:7d:36:82:e5:41:1e:5e:79:
         40:12:cc:52:9a:24:5c:34:49:e7:3e:a9:db:2a:71:1c:c4:b0:
         b7:3d:0a:d1:d8:62:df:15:6b:a1:27:df:fa:1c:66:cb:16:2a:
         b7:3d:3b:d1:d4:a4:0e:1e:9f:d9:75:bc:50:37:85:3f:41:71:
         e6:68:55:9b:8b:99:46:7a:16:40:df:31:da:5e:92:ae:fa:e5:
         16:4c:83:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSdeP10zwsCkK+3PrbImDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjQwMTAxMTgyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWMxOGE0MzZjM2JkMjAzOTZkYmFlM2I0NDdkNzQ4YjZlOTZhYWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAti1DZ9GgmRGHRG/iMsQzSaP4s2ES
Sq0M75rdalGkHXoTL9JOLl9zWx7ypdWoLgHkbPxRA6HvVDDbVIM3H1r2oSrWIirs
uVYPZGx/GoHqx1cep3QMQ4ALaEx5R+mK71f1X/+I8KQzvceFkZmcxXylNSFv6S8K
YKIoa9VHv/WqQ+pMg1bzU3xktLujrPKwu4C3OnWHDDDzRNZKuZ2RX+lxWACjkr3H
UoPWXx2nJyYfmG09b5s5+k90kqmm0stuuSXpv3mTCTEdSiHx3/LnhsNu13c2ibly
ebmjdVtuPapMPJJu+63nUFrEBXeR8Ycu7Phkkza/Dx6fCXIHqyoGEi7KqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAXBikNsO9IDltuuO0R9dItulqqsMB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvQmNHS1EydzcwZ09XMjY0N1JIMTBpMjZXcXF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/tIMA0G
CSqGSIb3DQEBCwUAA4IBAQAFenaPWGyzs+4oWMiT9LNBQIv9PEdZnsrjOYviXybz
FrZTo2c1l0FDgZ1Bb++g47bKfZnMiG60ojMQkY4nU8KTphX+0ROjeweJzycFkScn
ff4/NZYfb2Z6/kxDuShpy7MjmjRA2jrI6Kl1rYb3URVvxQUMHV2EdMq8Dvucskkg
94CtzkC5agMud9CI24JEWh6XDUI0EBbroza4HrnuVsKGY/YuA/8OhoUGPM0SfTaC
5UEeXnlAEsxSmiRcNEnnPqnbKnEcxLC3PQrR2GLfFWuhJ9/6HGbLFiq3PTvR1KQO
Hp/ZdbxQN4U/QXHmaFWbi5lGehZA3zHaXpKu+uUWTIMU
-----END CERTIFICATE-----