Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/QRLdKDDvTJaskxOKaxAx9v_75y0.roa
File:                     QRLdKDDvTJaskxOKaxAx9v_75y0.roa (raw, json)
Hash identifier:          CkIlw8Pq5khlYUFqLzR+cVIOqxFYFJZVX5jXeslNRoA=
Subject key identifier:   41:12:DD:28:30:EF:4C:96:AC:93:13:8A:6B:10:31:F6:FF:FB:E7:2D
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       018CC649E11122B041D05950F27AF8BF83CD
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/QRLdKDDvTJaskxOKaxAx9v_75y0.roa
Signing time:             Mon 01 Jan 2024 18:29:39 +0000
ROA not before:           Mon 01 Jan 2024 18:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56371
IP address blocks:        92.247.108.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:e1:11:22:b0:41:d0:59:50:f2:7a:f8:bf:83:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jan  1 18:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4112dd2830ef4c96ac93138a6b1031f6fffbe72d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:fa:96:6d:5c:91:b4:0f:92:51:44:71:03:74:
                    9e:9a:6b:fe:0e:6a:d8:6a:e8:35:f7:de:f4:4f:81:
                    bb:13:98:c2:2d:39:85:aa:2b:cb:aa:4b:6a:5b:1c:
                    a9:a7:40:2d:15:aa:9c:be:69:e5:e9:69:64:64:1f:
                    e1:93:61:86:50:0c:4d:f0:85:de:89:16:d8:c2:0d:
                    dd:27:9c:7d:d3:69:42:b7:e0:f9:e8:c2:cc:d6:b1:
                    02:b7:28:da:7a:3d:6b:7c:aa:b1:d1:b1:2a:19:7d:
                    21:a1:56:16:66:06:79:e5:09:24:a8:f3:9c:44:00:
                    c2:4b:db:fe:a0:46:83:73:34:f9:ad:cd:65:5a:a5:
                    6c:4c:95:19:1d:40:71:4a:d4:74:3a:7e:9e:17:83:
                    db:8e:91:0e:92:6d:76:b9:a3:86:2e:05:c9:39:47:
                    9f:75:eb:80:c4:f6:09:c5:34:a4:d9:c2:93:e0:2c:
                    ec:b0:61:bf:b2:22:55:4c:e2:d8:39:cb:36:26:1f:
                    2a:cc:22:e1:f7:58:44:bf:e0:b4:f1:58:0e:cb:db:
                    c2:1b:e2:ca:1c:c9:14:7b:61:aa:90:46:84:f1:cb:
                    2a:1c:5b:d5:bc:23:04:89:87:81:da:f0:6a:36:a7:
                    a3:2b:24:79:f0:18:b0:fe:e8:a7:ae:cb:09:47:d5:
                    a6:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:12:DD:28:30:EF:4C:96:AC:93:13:8A:6B:10:31:F6:FF:FB:E7:2D
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/QRLdKDDvTJaskxOKaxAx9v_75y0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.247.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:3d:4a:ba:a6:8c:65:2f:14:75:ae:04:8d:5f:cb:35:12:28:
         fe:a2:e3:a3:c6:aa:fd:f4:c9:06:23:cf:f8:e8:3f:85:a2:2c:
         04:6e:5c:de:9f:d0:dc:16:19:3e:e5:0b:71:c6:a4:67:fa:80:
         16:de:3f:c3:de:4a:1a:b5:c1:60:55:56:d7:2a:57:a0:c5:16:
         6e:8d:40:49:0c:f2:c5:cd:75:ba:cd:84:24:f7:8d:12:04:c3:
         20:53:f6:86:45:ac:0d:0e:34:41:ce:32:86:a2:7f:27:13:75:
         c4:2d:fe:81:5a:91:c1:36:d4:16:d3:f2:e3:e2:f3:e0:90:60:
         3c:65:c4:63:0b:3d:8b:c6:30:ca:04:b7:d7:98:ff:31:6e:00:
         e5:5a:ce:51:89:fd:85:7a:e5:dd:bb:d6:48:a3:e5:3e:a0:83:
         9f:b5:6c:a0:1d:02:61:a7:c8:44:3f:52:f9:e0:8e:a8:f4:de:
         bf:8a:24:39:dd:f1:e4:fa:3f:c2:d8:ce:97:5b:1c:d9:a2:18:
         bd:83:b8:45:8f:fb:e9:94:e7:5c:28:c0:1d:34:4c:b1:cf:d1:
         b6:8d:13:56:61:10:87:6b:0a:c9:72:94:e8:31:a8:c8:f9:1f:
         74:21:f5:8f:51:e8:e3:6c:21:12:41:24:aa:61:d0:a3:83:26:
         10:35:29:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSeERIrBB0FlQ8nr4v4PNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjQwMTAxMTgyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTEyZGQyODMwZWY0Yzk2YWM5MzEzOGE2YjEwMzFmNmZmZmJlNzJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjPqWbVyRtA+SUURxA3Semmv+DmrY
aug19970T4G7E5jCLTmFqivLqktqWxypp0AtFaqcvmnl6WlkZB/hk2GGUAxN8IXe
iRbYwg3dJ5x902lCt+D56MLM1rECtyjaej1rfKqx0bEqGX0hoVYWZgZ55QkkqPOc
RADCS9v+oEaDczT5rc1lWqVsTJUZHUBxStR0On6eF4PbjpEOkm12uaOGLgXJOUef
deuAxPYJxTSk2cKT4CzssGG/siJVTOLYOcs2Jh8qzCLh91hEv+C08VgOy9vCG+LK
HMkUe2GqkEaE8csqHFvVvCMEiYeB2vBqNqejKyR58Biw/uinrssJR9WmyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEES3Sgw70yWrJMTimsQMfb/++ctMB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvUVJMZEtERHZUSmFza3hPS2F4QXg5dl83NXkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXPdsMA0G
CSqGSIb3DQEBCwUAA4IBAQBGPUq6poxlLxR1rgSNX8s1Eij+ouOjxqr99MkGI8/4
6D+FoiwEblzen9DcFhk+5QtxxqRn+oAW3j/D3koatcFgVVbXKlegxRZujUBJDPLF
zXW6zYQk940SBMMgU/aGRawNDjRBzjKGon8nE3XELf6BWpHBNtQW0/Lj4vPgkGA8
ZcRjCz2LxjDKBLfXmP8xbgDlWs5Rif2FeuXdu9ZIo+U+oIOftWygHQJhp8hEP1L5
4I6o9N6/iiQ53fHk+j/C2M6XWxzZohi9g7hFj/vplOdcKMAdNEyxz9G2jRNWYRCH
awrJcpToMajI+R90IfWPUejjbCESQSSqYdCjgyYQNSmO
-----END CERTIFICATE-----