Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/XRJObMkFWYrI5iRnpQqax_piiR4.roa
File:                     XRJObMkFWYrI5iRnpQqax_piiR4.roa (raw, json)
Hash identifier:          Iaj2xfiOXV+clH1Cx895/EDcpfeaKSrhQgjdK9Apo/M=
Subject key identifier:   5D:12:4E:6C:C9:05:59:8A:C8:E6:24:67:A5:0A:9A:C7:FA:62:89:1E
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       018CC649EA721AEEC8C41143B541C70EACE1
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/XRJObMkFWYrI5iRnpQqax_piiR4.roa
Signing time:             Mon 01 Jan 2024 18:29:42 +0000
ROA not before:           Mon 01 Jan 2024 18:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201406
IP address blocks:        92.247.112.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:ea:72:1a:ee:c8:c4:11:43:b5:41:c7:0e:ac:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jan  1 18:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5d124e6cc905598ac8e62467a50a9ac7fa62891e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:c4:cc:38:2d:93:31:27:d0:ba:d5:3c:e7:80:
                    2c:e5:61:3f:62:39:e5:3b:3a:98:a4:cf:1f:06:51:
                    74:91:dc:4a:21:bf:f7:65:9b:d6:64:9a:34:d2:29:
                    f1:92:c4:ac:84:ca:5e:f5:87:ec:53:42:fb:c7:99:
                    03:ea:62:f0:09:57:bb:00:ba:27:02:95:c8:49:48:
                    2f:b7:eb:49:ab:10:fc:fd:01:44:7d:68:61:d6:0a:
                    4f:90:85:32:99:29:8e:91:ea:79:50:a8:95:27:10:
                    88:54:71:28:95:b1:10:32:63:48:d4:82:26:78:a5:
                    c0:cb:28:da:16:89:68:36:a6:2c:c2:f0:a2:58:19:
                    99:a6:01:99:96:39:7d:fa:73:29:8d:1e:86:65:f5:
                    a7:dc:6e:bc:e2:05:33:66:7b:e8:67:2b:88:6f:28:
                    0a:b1:d6:8d:57:19:b5:b6:24:c9:25:38:c4:35:87:
                    ba:21:fc:fe:e9:75:8e:f2:14:be:10:9c:47:ac:cd:
                    57:12:a2:42:92:ef:9c:7b:6f:8b:3f:80:37:43:9c:
                    78:d0:59:c9:9b:6b:01:e0:fa:7e:f4:c0:bb:50:0f:
                    2f:19:4d:e4:5c:08:b5:6b:a2:cf:6b:fe:c2:ef:17:
                    19:86:7f:b6:cf:98:cb:5f:c4:56:bb:04:bf:62:23:
                    50:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:12:4E:6C:C9:05:59:8A:C8:E6:24:67:A5:0A:9A:C7:FA:62:89:1E
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/XRJObMkFWYrI5iRnpQqax_piiR4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.247.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         02:9e:61:ec:19:a8:86:41:d0:60:04:43:eb:36:1e:58:4a:80:
         7d:6f:b0:d4:dc:84:31:93:13:88:34:ef:49:80:52:35:cd:93:
         cf:d4:ac:81:c5:f1:22:1c:24:02:79:4e:39:48:22:44:d9:9c:
         99:3d:dd:2f:92:ae:1e:db:50:9e:e3:db:35:29:05:1c:81:cb:
         7e:fa:4d:a9:29:59:46:2b:67:3d:b3:37:de:c6:eb:9c:53:ef:
         38:d1:6f:67:10:89:66:57:d0:93:e1:d6:23:36:8c:e5:44:aa:
         c8:9f:f5:91:a6:61:6d:c4:2a:c4:25:35:84:a6:52:ae:ae:99:
         87:8e:d2:91:ce:b0:75:ad:d3:17:63:b6:b5:44:92:e8:eb:f2:
         97:a2:cb:f6:97:da:4a:2d:6f:c2:50:39:0c:8a:2c:2e:b7:87:
         8e:6f:97:36:c6:63:dc:23:96:3d:21:ed:3b:ca:3d:0d:20:15:
         81:b2:25:65:4f:66:72:de:f4:1d:55:ee:26:5d:19:73:00:89:
         5f:85:4a:ba:41:98:46:8c:e8:16:8d:7e:93:a0:59:84:09:e4:
         cb:bb:38:26:24:0a:db:f3:8e:f4:19:ea:0b:42:35:61:2c:1e:
         4d:c6:95:b6:ae:c7:85:71:3e:69:c4:64:f4:b0:45:b2:82:7b:
         58:c4:36:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSepyGu7IxBFDtUHHDqzhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjQwMTAxMTgyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDEyNGU2Y2M5MDU1OThhYzhlNjI0NjdhNTBhOWFjN2ZhNjI4OTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmMTMOC2TMSfQutU854As5WE/Yjnl
OzqYpM8fBlF0kdxKIb/3ZZvWZJo00inxksSshMpe9YfsU0L7x5kD6mLwCVe7ALon
ApXISUgvt+tJqxD8/QFEfWhh1gpPkIUymSmOkep5UKiVJxCIVHEolbEQMmNI1IIm
eKXAyyjaFoloNqYswvCiWBmZpgGZljl9+nMpjR6GZfWn3G684gUzZnvoZyuIbygK
sdaNVxm1tiTJJTjENYe6Ifz+6XWO8hS+EJxHrM1XEqJCku+ce2+LP4A3Q5x40FnJ
m2sB4Pp+9MC7UA8vGU3kXAi1a6LPa/7C7xcZhn+2z5jLX8RWuwS/YiNQwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF0STmzJBVmKyOYkZ6UKmsf6YokeMB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvWFJKT2JNa0ZXWXJJNWlSbnBRcWF4X3BpaVI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXPdwMA0G
CSqGSIb3DQEBCwUAA4IBAQACnmHsGaiGQdBgBEPrNh5YSoB9b7DU3IQxkxOINO9J
gFI1zZPP1KyBxfEiHCQCeU45SCJE2ZyZPd0vkq4e21Ce49s1KQUcgct++k2pKVlG
K2c9szfexuucU+840W9nEIlmV9CT4dYjNozlRKrIn/WRpmFtxCrEJTWEplKurpmH
jtKRzrB1rdMXY7a1RJLo6/KXosv2l9pKLW/CUDkMiiwut4eOb5c2xmPcI5Y9Ie07
yj0NIBWBsiVlT2Zy3vQdVe4mXRlzAIlfhUq6QZhGjOgWjX6ToFmECeTLuzgmJArb
8470GeoLQjVhLB5NxpW2rseFcT5pxGT0sEWygntYxDYQ
-----END CERTIFICATE-----