Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/T1-ri_6dxsk1PR6w38qpb_8PtNg.roa
File:                     T1-ri_6dxsk1PR6w38qpb_8PtNg.roa (raw, json)
Hash identifier:          O7Oaqf61Q407uDC6uDvfphGgPbW7NzwOCa/OddjbnDs=
Subject key identifier:   4F:5F:AB:8B:FE:9D:C6:C9:35:3D:1E:B0:DF:CA:A9:6F:FF:0F:B4:D8
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       018CC649E33ED5458A1EE45095745CC43E33
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/T1-ri_6dxsk1PR6w38qpb_8PtNg.roa
Signing time:             Mon 01 Jan 2024 18:29:40 +0000
ROA not before:           Mon 01 Jan 2024 18:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61321
IP address blocks:        92.247.109.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:e3:3e:d5:45:8a:1e:e4:50:95:74:5c:c4:3e:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jan  1 18:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4f5fab8bfe9dc6c9353d1eb0dfcaa96fff0fb4d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:a5:af:d6:d3:af:38:71:25:f2:db:fb:b1:28:
                    bc:fe:16:44:fb:2f:c8:f6:8c:e7:6f:0b:6f:7a:07:
                    8c:3b:ef:74:ff:10:b0:ad:fe:36:f3:e0:6e:26:a9:
                    b5:80:a2:62:1b:12:2c:31:5d:e3:e5:4b:82:2d:df:
                    1d:0a:3e:4f:5f:be:60:4a:d6:17:fe:96:3d:28:60:
                    50:17:26:48:40:6b:a2:42:2d:da:90:c0:73:45:d1:
                    b4:ae:e9:85:36:7f:ce:2f:47:a3:dd:f9:de:d5:25:
                    76:31:b7:96:6a:6c:e6:5f:4f:e7:0f:e3:d1:61:74:
                    5e:ab:03:12:a9:27:2b:3b:2c:e2:b4:cf:79:22:3c:
                    79:43:70:3b:fb:31:a4:3e:a4:cc:9b:ad:f9:94:dc:
                    ea:ed:cb:5e:99:eb:00:3f:36:0a:1d:ae:03:20:8f:
                    e9:41:a2:7a:18:f3:13:f7:c5:02:2b:4f:e4:47:36:
                    d1:04:aa:0d:fd:7e:f8:b9:19:42:8a:83:f7:a6:6e:
                    f3:57:42:1d:ea:29:73:9d:47:57:25:dc:9d:72:0c:
                    43:78:99:d9:b3:39:da:a4:3f:37:83:c4:90:59:de:
                    15:cd:c2:22:db:a9:ad:b0:2d:3e:1c:c8:26:95:57:
                    a7:fd:ea:30:89:cc:19:5c:af:54:85:d4:85:99:e1:
                    45:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:5F:AB:8B:FE:9D:C6:C9:35:3D:1E:B0:DF:CA:A9:6F:FF:0F:B4:D8
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/T1-ri_6dxsk1PR6w38qpb_8PtNg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.247.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:c1:55:34:fd:73:38:f4:e9:5e:d7:96:dc:1b:8d:db:e8:54:
         80:e2:43:20:b1:c2:c3:18:99:7d:5d:6f:85:3b:6f:ef:a4:28:
         87:ac:f0:7e:b0:0f:27:6f:99:17:99:0d:e5:e5:07:6c:ef:2e:
         86:1c:34:64:5c:70:80:ed:81:48:03:58:39:1d:63:02:3f:33:
         56:8c:32:e8:c9:ae:e8:c9:ad:be:9f:80:5e:5d:5f:9a:01:06:
         2c:62:b3:a2:a5:44:b7:dd:43:6e:44:9f:3f:f2:aa:51:f5:e0:
         2c:db:d8:d1:b2:1d:9d:61:2f:94:d3:7a:cf:38:ae:ff:3b:2f:
         e3:39:fc:b6:9c:c7:eb:c5:59:44:eb:e6:35:83:06:18:33:2f:
         3c:9e:ed:08:f2:3e:a2:e2:0d:ff:b0:46:06:a8:65:ee:2d:42:
         1b:1d:16:1b:ea:e2:c0:8d:05:5d:e8:38:02:18:4f:40:d1:c1:
         17:39:a7:4f:b6:22:d5:79:d6:00:e7:52:90:bd:ee:a4:ec:b1:
         b2:3d:c7:3f:29:02:c9:9c:e8:9f:9c:32:74:10:f6:00:42:66:
         28:18:7e:1e:48:ac:4a:31:8f:7f:e9:75:8f:b2:dd:64:a1:a6:
         d9:e3:b2:cc:ba:3e:96:06:f6:f2:81:ea:4e:d0:d8:2d:03:50:
         65:f2:8c:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSeM+1UWKHuRQlXRcxD4zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjQwMTAxMTgyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjVmYWI4YmZlOWRjNmM5MzUzZDFlYjBkZmNhYTk2ZmZmMGZiNGQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjqWv1tOvOHEl8tv7sSi8/hZE+y/I
9oznbwtvegeMO+90/xCwrf428+BuJqm1gKJiGxIsMV3j5UuCLd8dCj5PX75gStYX
/pY9KGBQFyZIQGuiQi3akMBzRdG0rumFNn/OL0ej3fne1SV2MbeWamzmX0/nD+PR
YXReqwMSqScrOyzitM95Ijx5Q3A7+zGkPqTMm635lNzq7ctemesAPzYKHa4DII/p
QaJ6GPMT98UCK0/kRzbRBKoN/X74uRlCioP3pm7zV0Id6ilznUdXJdydcgxDeJnZ
sznapD83g8SQWd4VzcIi26mtsC0+HMgmlVen/eowicwZXK9UhdSFmeFFHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE9fq4v+ncbJNT0esN/KqW//D7TYMB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvVDEtcmlfNmR4c2sxUFI2dzM4cXBiXzhQdE5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXPdtMA0G
CSqGSIb3DQEBCwUAA4IBAQABwVU0/XM49Ole15bcG43b6FSA4kMgscLDGJl9XW+F
O2/vpCiHrPB+sA8nb5kXmQ3l5Qds7y6GHDRkXHCA7YFIA1g5HWMCPzNWjDLoya7o
ya2+n4BeXV+aAQYsYrOipUS33UNuRJ8/8qpR9eAs29jRsh2dYS+U03rPOK7/Oy/j
Ofy2nMfrxVlE6+Y1gwYYMy88nu0I8j6i4g3/sEYGqGXuLUIbHRYb6uLAjQVd6DgC
GE9A0cEXOadPtiLVedYA51KQve6k7LGyPcc/KQLJnOifnDJ0EPYAQmYoGH4eSKxK
MY9/6XWPst1koabZ47LMuj6WBvbygepO0NgtA1Bl8oxw
-----END CERTIFICATE-----