Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/F1aU2f5Elo7QrahAzgMYVP_DArQ.roa
File:                     F1aU2f5Elo7QrahAzgMYVP_DArQ.roa (raw, json)
Hash identifier:          Ie8AdyRtBlnqLykBZxVLLIyRTlXCc+asWMgvoFXikgg=
Subject key identifier:   17:56:94:D9:FE:44:96:8E:D0:AD:A8:40:CE:03:18:54:FF:C3:02:B4
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       018CC649D7130A0C5764B63C24A54CD8FD56
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/F1aU2f5Elo7QrahAzgMYVP_DArQ.roa
Signing time:             Mon 01 Jan 2024 18:29:37 +0000
ROA not before:           Mon 01 Jan 2024 18:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35464
IP address blocks:        82.103.104.0/24 maxlen: 24
                          82.103.80.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:d7:13:0a:0c:57:64:b6:3c:24:a5:4c:d8:fd:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jan  1 18:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=175694d9fe44968ed0ada840ce031854ffc302b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:59:3a:9c:83:bf:5d:03:59:12:31:a2:e2:27:
                    ab:6c:a2:b5:e8:75:13:2b:6c:45:74:7a:26:37:d0:
                    e8:3a:b6:84:40:e0:54:4e:09:57:a5:f5:ab:0b:e8:
                    b5:75:a0:b2:23:c1:66:bf:48:cf:31:6c:a2:15:1b:
                    42:af:8a:51:8b:92:72:8c:db:19:4e:6d:9c:18:d2:
                    7c:01:ad:aa:37:bf:27:61:02:c3:09:e8:65:19:01:
                    fe:cd:3f:85:38:32:51:04:33:d4:ed:6c:cc:fd:8c:
                    e4:57:db:e7:08:70:c3:a4:4f:b3:1b:70:9d:d0:db:
                    f1:5f:37:00:51:b6:37:11:5f:6b:42:24:18:d8:33:
                    ce:51:43:7e:0e:d4:42:8c:d0:27:ed:27:76:96:c9:
                    05:88:e0:09:95:1f:b3:08:34:9d:58:af:ad:8c:44:
                    6c:db:d8:72:6f:2c:b8:3e:e5:97:c0:1d:8c:5b:0a:
                    ed:a3:64:6c:ac:8c:eb:d4:ea:ff:09:a7:a8:6c:30:
                    7c:e6:5a:77:6b:5e:15:91:9f:92:1a:a6:dd:49:6a:
                    22:40:68:54:2a:20:22:43:0b:7b:f5:63:db:c5:c2:
                    99:00:5e:1b:9d:fa:08:09:21:1c:c2:19:4e:cd:17:
                    94:95:aa:58:d7:c9:58:de:6c:34:e3:10:af:1d:9b:
                    64:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:56:94:D9:FE:44:96:8E:D0:AD:A8:40:CE:03:18:54:FF:C3:02:B4
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/F1aU2f5Elo7QrahAzgMYVP_DArQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.103.80.0/24
                  82.103.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:21:74:a7:29:36:4e:0f:81:87:ee:dc:da:92:00:4e:74:d8:
         b7:d8:c7:f9:15:97:c3:f0:56:03:62:7a:0c:5e:42:20:32:9a:
         c9:99:d9:de:34:8c:00:f8:b8:8a:94:b2:06:06:57:da:f1:9c:
         c5:6f:7e:06:d0:04:f6:04:ae:5a:46:0f:8a:18:5e:fc:b7:95:
         ec:54:82:bf:b8:f5:c5:17:7f:e9:7a:3d:05:34:9d:38:ac:c8:
         84:6e:16:21:38:84:b5:31:a7:dc:48:2f:71:ec:eb:cc:1c:da:
         36:10:24:ed:48:0f:f7:57:fd:99:19:21:bf:3d:80:aa:82:c7:
         f8:32:de:78:3f:15:e8:14:a6:fc:0a:93:a0:6e:a6:e4:90:92:
         a7:e5:94:c5:fd:e4:69:a2:8e:f3:4c:9a:e7:59:1c:82:42:6c:
         ab:cc:35:3d:d0:41:bc:dc:f5:70:35:d1:fe:9f:35:c7:89:19:
         ed:cc:90:cb:a6:51:c5:65:f9:71:cf:8c:46:35:e8:bc:29:a4:
         13:3d:4b:a2:c7:74:d0:5c:8b:d6:da:88:e1:46:05:a6:d6:d6:
         29:c3:a5:4a:f1:d0:f5:35:eb:fc:86:15:eb:e5:76:54:d0:a2:
         0a:61:3d:94:af:df:7c:95:ea:66:f0:12:e4:39:59:16:d8:ce:
         8e:c8:bf:e4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGSdcTCgxXZLY8JKVM2P1WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjQwMTAxMTgyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzU2OTRkOWZlNDQ5NjhlZDBhZGE4NDBjZTAzMTg1NGZmYzMwMmI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsVk6nIO/XQNZEjGi4ierbKK16HUT
K2xFdHomN9DoOraEQOBUTglXpfWrC+i1daCyI8Fmv0jPMWyiFRtCr4pRi5JyjNsZ
Tm2cGNJ8Aa2qN78nYQLDCehlGQH+zT+FODJRBDPU7WzM/YzkV9vnCHDDpE+zG3Cd
0NvxXzcAUbY3EV9rQiQY2DPOUUN+DtRCjNAn7Sd2lskFiOAJlR+zCDSdWK+tjERs
29hybyy4PuWXwB2MWwrto2RsrIzr1Or/CaeobDB85lp3a14VkZ+SGqbdSWoiQGhU
KiAiQwt79WPbxcKZAF4bnfoICSEcwhlOzReUlapY18lY3mw04xCvHZtkawIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBdWlNn+RJaO0K2oQM4DGFT/wwK0MB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvRjFhVTJmNUVsbzdRcmFoQXpnTVlWUF9EQXJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUmdQAwQA
UmdoMA0GCSqGSIb3DQEBCwUAA4IBAQBQIXSnKTZOD4GH7tzakgBOdNi32Mf5FZfD
8FYDYnoMXkIgMprJmdneNIwA+LiKlLIGBlfa8ZzFb34G0AT2BK5aRg+KGF78t5Xs
VIK/uPXFF3/pej0FNJ04rMiEbhYhOIS1MafcSC9x7OvMHNo2ECTtSA/3V/2ZGSG/
PYCqgsf4Mt54PxXoFKb8CpOgbqbkkJKn5ZTF/eRpoo7zTJrnWRyCQmyrzDU90EG8
3PVwNdH+nzXHiRntzJDLplHFZflxz4xGNei8KaQTPUuix3TQXIvW2ojhRgWm1tYp
w6VK8dD1Nev8hhXr5XZU0KIKYT2Ur998lepm8BLkOVkW2M6OyL/k
-----END CERTIFICATE-----