Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/WRq1TApwGxMTi3cQ44jWJfvVDLI.roa
File:                     WRq1TApwGxMTi3cQ44jWJfvVDLI.roa (raw, json)
Hash identifier:          oqafc+eIKPLTNB0at3bUxOcKtiRuiFFphw2TQUQyZ8k=
Subject key identifier:   59:1A:B5:4C:0A:70:1B:13:13:8B:77:10:E3:88:D6:25:FB:D5:0C:B2
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       018CC649EE0BB1E059A34A9392E1230E5BDD
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/WRq1TApwGxMTi3cQ44jWJfvVDLI.roa
Signing time:             Mon 01 Jan 2024 18:29:42 +0000
ROA not before:           Mon 01 Jan 2024 18:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203578
IP address blocks:        212.36.26.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 15:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:ee:0b:b1:e0:59:a3:4a:93:92:e1:23:0e:5b:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jan  1 18:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=591ab54c0a701b13138b7710e388d625fbd50cb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:5b:20:8e:79:25:02:ec:8f:8b:75:d4:a4:a4:
                    14:b3:25:a4:05:06:cf:dd:89:b0:09:9b:47:44:8d:
                    de:94:0a:4a:62:bb:36:b0:60:7e:26:17:c8:31:ad:
                    05:01:68:64:9e:1a:4a:a7:fe:a6:04:62:67:26:3c:
                    59:96:9d:26:a4:ea:bd:42:2f:1b:74:40:55:02:6a:
                    d5:b1:d5:33:42:9e:ea:d3:5c:3c:22:2a:52:17:2d:
                    b5:aa:8f:fd:37:07:35:d0:af:ae:50:04:a3:91:af:
                    a8:19:5e:7e:ea:05:56:5f:43:31:b9:a2:19:e2:f3:
                    61:47:a5:46:0e:1e:ef:ce:06:6f:fd:cf:70:d8:e0:
                    b7:e3:95:73:98:be:15:da:8b:e1:3e:c0:6e:3a:54:
                    a7:88:b4:c9:05:5a:d0:71:c4:34:45:14:8a:08:48:
                    17:67:15:ef:b6:43:27:6a:7d:10:fd:e5:b6:aa:cf:
                    e2:4d:05:9f:fd:26:35:30:57:f8:82:3b:4b:86:44:
                    ec:a3:be:87:14:68:db:0f:e8:d1:58:45:ce:25:81:
                    f8:e6:ce:44:b1:e8:27:dd:cc:5c:35:83:0f:ba:d6:
                    0e:06:b6:b1:da:83:d4:d1:2d:61:16:4c:9d:ab:a8:
                    76:56:c2:43:3d:fe:7c:08:31:7c:47:79:df:c3:04:
                    71:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:1A:B5:4C:0A:70:1B:13:13:8B:77:10:E3:88:D6:25:FB:D5:0C:B2
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/WRq1TApwGxMTi3cQ44jWJfvVDLI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.36.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:4b:fe:78:9b:50:79:75:67:a3:f1:67:d2:c9:02:23:26:dd:
         7f:e9:93:22:f8:3f:13:9a:90:cb:f2:81:0e:e3:0a:17:4a:7d:
         b4:ad:9f:26:8f:c3:62:8c:db:1c:ba:13:c4:21:b2:7f:ea:5b:
         d8:6a:3a:14:d6:bf:60:0a:90:af:60:b8:3e:63:a5:15:ed:dd:
         b1:e1:ca:b4:ce:7e:a1:57:7d:13:37:f4:f4:4b:3f:34:3b:d3:
         e0:03:30:27:a0:27:d2:91:3b:c5:31:57:de:48:10:87:13:ca:
         59:fd:92:08:7a:ba:c1:ac:cd:ea:98:a8:04:1e:44:75:80:4c:
         48:a0:ad:83:98:50:72:95:68:e4:96:25:bc:48:4a:dc:df:9a:
         51:3a:fa:09:eb:ff:dd:c1:af:e8:17:e1:ac:5e:d9:ce:9d:78:
         62:dc:f9:db:67:7c:d5:2f:f3:59:eb:6c:7f:8d:f2:86:41:76:
         ed:b6:c1:49:3b:82:33:51:38:75:b2:14:b8:5c:37:2f:56:e0:
         67:d9:a1:86:08:2b:49:75:ef:42:33:d3:3f:89:0c:5e:b4:8b:
         de:00:74:9b:b8:1e:79:8b:0d:78:81:be:e5:12:bb:16:e5:4e:
         f3:f1:f2:3a:6b:c4:71:94:1b:78:e3:87:50:25:8f:d6:f8:c8:
         04:c1:51:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSe4LseBZo0qTkuEjDlvdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjQwMTAxMTgyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTFhYjU0YzBhNzAxYjEzMTM4Yjc3MTBlMzg4ZDYyNWZiZDUwY2IyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi1sgjnklAuyPi3XUpKQUsyWkBQbP
3YmwCZtHRI3elApKYrs2sGB+JhfIMa0FAWhknhpKp/6mBGJnJjxZlp0mpOq9Qi8b
dEBVAmrVsdUzQp7q01w8IipSFy21qo/9Nwc10K+uUASjka+oGV5+6gVWX0MxuaIZ
4vNhR6VGDh7vzgZv/c9w2OC345VzmL4V2ovhPsBuOlSniLTJBVrQccQ0RRSKCEgX
ZxXvtkMnan0Q/eW2qs/iTQWf/SY1MFf4gjtLhkTso76HFGjbD+jRWEXOJYH45s5E
segn3cxcNYMPutYOBrax2oPU0S1hFkydq6h2VsJDPf58CDF8R3nfwwRxIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFkatUwKcBsTE4t3EOOI1iX71QyyMB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvV1JxMVRBcHdHeE1UaTNjUTQ0aldKZnZWRExJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1CQaMA0G
CSqGSIb3DQEBCwUAA4IBAQABS/54m1B5dWej8WfSyQIjJt1/6ZMi+D8TmpDL8oEO
4woXSn20rZ8mj8NijNscuhPEIbJ/6lvYajoU1r9gCpCvYLg+Y6UV7d2x4cq0zn6h
V30TN/T0Sz80O9PgAzAnoCfSkTvFMVfeSBCHE8pZ/ZIIerrBrM3qmKgEHkR1gExI
oK2DmFBylWjkliW8SErc35pROvoJ6//dwa/oF+GsXtnOnXhi3PnbZ3zVL/NZ62x/
jfKGQXbttsFJO4IzUTh1shS4XDcvVuBn2aGGCCtJde9CM9M/iQxetIveAHSbuB55
iw14gb7lErsW5U7z8fI6a8RxlBt444dQJY/W+MgEwVF9
-----END CERTIFICATE-----