Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/Go483qeedq-tehYUTorG8jFo70c.roa
File:                     Go483qeedq-tehYUTorG8jFo70c.roa (raw, json)
Hash identifier:          VaKDLZGOcopKHqf4EVw9dOFM2y3nRtvANiVotGDC56o=
Subject key identifier:   1A:8E:3C:DE:A7:9E:76:AF:AD:7A:16:14:4E:8A:C6:F2:31:68:EF:47
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       01909BE4FF64A540E84E924154058C943519
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/Go483qeedq-tehYUTorG8jFo70c.roa
Signing time:             Wed 10 Jul 2024 09:06:34 +0000
ROA not before:           Wed 10 Jul 2024 09:06:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51660
IP address blocks:        92.247.100.0/24 maxlen: 24
                          92.247.101.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:9b:e4:ff:64:a5:40:e8:4e:92:41:54:05:8c:94:35:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jul 10 09:06:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1a8e3cdea79e76afad7a16144e8ac6f23168ef47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:e4:a5:fd:b8:fe:03:5b:df:d2:0a:de:cf:95:
                    45:eb:18:8b:47:88:ef:25:28:45:da:f4:1e:a9:91:
                    a7:64:3c:d6:57:31:58:df:64:d2:7f:16:9e:e9:09:
                    8f:c6:2d:a3:75:9f:9e:57:3a:13:ec:ff:90:98:76:
                    d5:94:43:2e:a7:96:e7:36:80:86:aa:48:be:ee:0c:
                    6e:44:35:17:83:26:aa:76:08:1a:25:30:c4:59:ae:
                    2e:9b:1d:51:e1:b1:e0:20:52:f3:f9:d8:4e:e5:6d:
                    32:01:95:49:b6:a9:af:98:d6:08:42:d9:bb:73:75:
                    44:c1:2b:13:50:11:66:5b:89:16:5f:63:d1:65:ee:
                    fc:4f:fe:5c:62:ea:c3:ac:e4:de:32:51:25:49:84:
                    2e:8f:59:e4:cb:60:1e:a1:41:df:35:77:d1:04:12:
                    5b:1d:fd:70:d8:ac:0a:8f:50:9c:6c:2c:ca:d4:19:
                    2f:6c:63:c2:ba:17:fb:0b:e7:ad:81:28:c9:3a:49:
                    9b:04:b8:51:b8:21:80:a6:dd:77:e7:45:62:eb:03:
                    24:9d:5d:ca:51:2b:91:76:9a:38:49:3b:3e:da:ac:
                    b3:cf:a3:aa:12:dd:ea:39:e5:fa:09:55:a7:9a:86:
                    1c:f0:24:cd:a9:a0:46:ce:f8:63:50:7a:95:14:da:
                    0a:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:8E:3C:DE:A7:9E:76:AF:AD:7A:16:14:4E:8A:C6:F2:31:68:EF:47
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/Go483qeedq-tehYUTorG8jFo70c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.247.100.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3b:ac:6d:2b:2f:43:78:83:5f:6c:ad:fb:bf:bb:14:13:7a:f6:
         19:6b:53:0c:9e:f2:00:a9:a8:5b:74:66:7d:17:13:f6:07:50:
         dd:16:17:bc:31:a2:a4:db:1f:62:d2:15:1a:93:78:c2:99:6c:
         dc:4d:01:55:8c:fb:8e:f8:e6:4e:d0:8d:f1:a6:a8:d6:94:72:
         53:b1:11:68:d5:ba:41:6b:37:83:7a:f3:72:c0:c4:e8:7c:c1:
         5c:31:e9:6a:4f:72:90:84:f2:e2:9f:52:12:9f:78:ab:35:2d:
         78:4b:dc:54:ae:0b:aa:ef:01:54:a4:b2:5a:6b:0c:25:cf:47:
         84:98:ec:c4:58:50:92:d2:e6:e8:fe:7c:e0:ca:b6:11:19:ec:
         b9:f7:8a:ad:f3:92:b0:01:2e:1e:cb:7b:e7:37:d2:63:26:24:
         32:67:4a:0a:4d:76:0a:e1:c9:d6:08:70:49:54:68:c0:52:12:
         d4:51:ed:48:0c:01:98:76:ce:72:e9:b8:4e:21:32:a2:d2:e9:
         a4:cc:98:50:98:7c:e9:61:92:34:e5:92:3a:e0:c9:97:02:bb:
         8d:c1:f9:a2:11:ca:78:1b:e6:62:50:f8:8d:2b:4e:f5:13:25:
         81:e0:8b:32:64:dc:23:c3:48:92:63:cf:a8:a1:54:89:b9:34:
         bd:f7:d7:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCb5P9kpUDoTpJBVAWMlDUZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjQwNzEwMDkwNjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYThlM2NkZWE3OWU3NmFmYWQ3YTE2MTQ0ZThhYzZmMjMxNjhlZjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsOSl/bj+A1vf0grez5VF6xiLR4jv
JShF2vQeqZGnZDzWVzFY32TSfxae6QmPxi2jdZ+eVzoT7P+QmHbVlEMup5bnNoCG
qki+7gxuRDUXgyaqdggaJTDEWa4umx1R4bHgIFLz+dhO5W0yAZVJtqmvmNYIQtm7
c3VEwSsTUBFmW4kWX2PRZe78T/5cYurDrOTeMlElSYQuj1nky2AeoUHfNXfRBBJb
Hf1w2KwKj1CcbCzK1BkvbGPCuhf7C+etgSjJOkmbBLhRuCGApt1350Vi6wMknV3K
USuRdpo4STs+2qyzz6OqEt3qOeX6CVWnmoYc8CTNqaBGzvhjUHqVFNoK+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBqOPN6nnnavrXoWFE6KxvIxaO9HMB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvR280ODNxZWVkcS10ZWhZVVRvckc4akZvNzBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXPdkMA0G
CSqGSIb3DQEBCwUAA4IBAQA7rG0rL0N4g19srfu/uxQTevYZa1MMnvIAqahbdGZ9
FxP2B1DdFhe8MaKk2x9i0hUak3jCmWzcTQFVjPuO+OZO0I3xpqjWlHJTsRFo1bpB
azeDevNywMTofMFcMelqT3KQhPLin1ISn3irNS14S9xUrguq7wFUpLJaawwlz0eE
mOzEWFCS0ubo/nzgyrYRGey594qt85KwAS4ey3vnN9JjJiQyZ0oKTXYK4cnWCHBJ
VGjAUhLUUe1IDAGYds5y6bhOITKi0umkzJhQmHzpYZI05ZI64MmXAruNwfmiEcp4
G+ZiUPiNK071EyWB4IsyZNwjw0iSY8+ooVSJuTS999dw
-----END CERTIFICATE-----