Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/WbzZbFzWHdaYun4xh8_4bDX_eB4.roa
File:                     WbzZbFzWHdaYun4xh8_4bDX_eB4.roa (raw, json)
Hash identifier:          suscMEFByWM/ykgn4bfeYu4vOAvAlVms93kQxvWTju8=
Subject key identifier:   59:BC:D9:6C:5C:D6:1D:D6:98:BA:7E:31:87:CF:F8:6C:35:FF:78:1E
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       018CC649DD444E79ABF4C0A1B4114326C7AA
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/WbzZbFzWHdaYun4xh8_4bDX_eB4.roa
Signing time:             Mon 01 Jan 2024 18:29:38 +0000
ROA not before:           Mon 01 Jan 2024 18:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44525
IP address blocks:        92.247.104.0/24 maxlen: 24
                          92.247.104.0/22 maxlen: 22
                          92.247.105.0/24 maxlen: 24
                          92.247.107.0/24 maxlen: 24
                          92.247.106.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:dd:44:4e:79:ab:f4:c0:a1:b4:11:43:26:c7:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jan  1 18:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=59bcd96c5cd61dd698ba7e3187cff86c35ff781e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:cc:9d:b3:64:e7:25:98:4a:1c:40:6d:74:b6:
                    64:c4:82:96:02:b5:ce:74:42:22:11:8c:33:e2:45:
                    07:1c:36:d2:90:d3:5f:53:81:98:a2:fd:62:2e:3b:
                    34:63:8a:7e:f4:67:f8:25:8c:fb:08:2f:77:e5:82:
                    6c:31:df:f0:2e:0e:61:ac:16:53:a4:0a:4a:07:20:
                    67:f5:26:fa:1d:6f:a7:59:56:91:9c:cd:f5:f7:53:
                    07:6d:90:be:f6:fd:33:f5:cd:47:c5:9c:80:6c:f9:
                    cd:b0:44:ec:9b:f5:91:8a:fc:97:5b:7e:84:ed:3b:
                    0c:e0:13:7b:8f:23:c9:c7:fd:ef:5a:ea:69:98:6b:
                    48:ce:46:f4:79:4f:06:3f:58:0e:3a:8c:39:40:b5:
                    76:b1:a5:7a:94:e6:fe:8a:29:c5:d5:3a:2c:62:58:
                    65:89:52:10:7e:1a:98:7e:c4:33:37:eb:3d:b7:89:
                    d2:be:33:07:f6:d4:69:3c:85:7e:2b:44:c3:06:dd:
                    4a:db:6c:04:73:00:71:52:1e:ce:6e:3e:8a:67:e2:
                    18:9d:b5:d1:05:c7:44:90:2a:67:40:9d:e3:f8:84:
                    a8:76:2f:03:48:5c:da:6c:45:8d:bc:60:10:5b:44:
                    52:c5:a1:39:31:07:ee:de:b1:af:74:e4:01:10:64:
                    f9:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:BC:D9:6C:5C:D6:1D:D6:98:BA:7E:31:87:CF:F8:6C:35:FF:78:1E
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/WbzZbFzWHdaYun4xh8_4bDX_eB4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.247.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         57:43:87:48:5d:c1:3c:ee:82:02:10:3c:74:42:c3:5b:9b:1a:
         31:61:c6:a5:50:12:0e:4f:6a:f2:34:55:1f:f3:d7:70:d6:df:
         2a:74:dd:71:93:6a:09:3c:9d:d5:2b:f5:a4:df:d5:02:ee:59:
         fa:22:f5:e9:00:8d:a5:11:7c:01:07:89:a6:3d:cd:4f:e9:50:
         10:e2:ab:4b:47:97:69:33:31:cb:58:15:c0:d3:d4:46:c7:12:
         dc:a2:c6:de:56:77:2d:79:c1:af:68:57:ad:d5:d4:18:db:c5:
         34:da:cb:2d:d4:24:8d:6c:2f:58:c4:a7:eb:e1:85:47:32:28:
         49:12:de:fd:03:be:38:1c:04:f9:07:85:cb:ea:fd:85:25:c3:
         e6:66:cb:e5:76:bf:76:a7:d5:27:79:77:bc:73:f8:41:d2:87:
         3c:e5:ac:b9:8e:ee:83:54:40:b4:7e:28:51:72:82:06:56:14:
         82:c6:37:4f:ff:c4:38:66:b1:7c:bd:6e:27:66:96:e4:c7:4c:
         64:39:5f:1f:1f:91:cb:73:2c:d6:30:a7:c1:c4:50:62:4b:0e:
         5b:45:9f:4a:28:3f:82:de:ca:a4:d1:a0:5b:5e:a1:82:88:4b:
         2e:fc:e5:7f:88:39:7e:84:b6:0c:34:a6:a9:0b:42:ba:98:d4:
         d5:70:ec:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSd1ETnmr9MChtBFDJseqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjQwMTAxMTgyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWJjZDk2YzVjZDYxZGQ2OThiYTdlMzE4N2NmZjg2YzM1ZmY3ODFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAssyds2TnJZhKHEBtdLZkxIKWArXO
dEIiEYwz4kUHHDbSkNNfU4GYov1iLjs0Y4p+9Gf4JYz7CC935YJsMd/wLg5hrBZT
pApKByBn9Sb6HW+nWVaRnM3191MHbZC+9v0z9c1HxZyAbPnNsETsm/WRivyXW36E
7TsM4BN7jyPJx/3vWuppmGtIzkb0eU8GP1gOOow5QLV2saV6lOb+iinF1TosYlhl
iVIQfhqYfsQzN+s9t4nSvjMH9tRpPIV+K0TDBt1K22wEcwBxUh7Obj6KZ+IYnbXR
BcdEkCpnQJ3j+ISodi8DSFzabEWNvGAQW0RSxaE5MQfu3rGvdOQBEGT5AwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFm82Wxc1h3WmLp+MYfP+Gw1/3geMB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvV2J6WmJGeldIZGFZdW40eGg4XzRiRFhfZUI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXPdoMA0G
CSqGSIb3DQEBCwUAA4IBAQBXQ4dIXcE87oICEDx0QsNbmxoxYcalUBIOT2ryNFUf
89dw1t8qdN1xk2oJPJ3VK/Wk39UC7ln6IvXpAI2lEXwBB4mmPc1P6VAQ4qtLR5dp
MzHLWBXA09RGxxLcosbeVnctecGvaFet1dQY28U02sst1CSNbC9YxKfr4YVHMihJ
Et79A744HAT5B4XL6v2FJcPmZsvldr92p9UneXe8c/hB0oc85ay5ju6DVEC0fihR
coIGVhSCxjdP/8Q4ZrF8vW4nZpbkx0xkOV8fH5HLcyzWMKfBxFBiSw5bRZ9KKD+C
3sqk0aBbXqGCiEsu/OV/iDl+hLYMNKapC0K6mNTVcOzc
-----END CERTIFICATE-----