Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/ZMAuGUnLstA15_XjkCfLixQW-mU.roa
File:                     ZMAuGUnLstA15_XjkCfLixQW-mU.roa (raw, json)
Hash identifier:          09fStf78x3QT+/6+lJt9t6dNQ5nMPpMNS18A9fcHs1k=
Subject key identifier:   64:C0:2E:19:49:CB:B2:D0:35:E7:F5:E3:90:27:CB:8B:14:16:FA:65
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       018CC649E8F581054D1AEAC9FAC1EA60F94C
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/ZMAuGUnLstA15_XjkCfLixQW-mU.roa
Signing time:             Mon 01 Jan 2024 18:29:41 +0000
ROA not before:           Mon 01 Jan 2024 18:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200458
IP address blocks:        78.83.235.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 06:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:e8:f5:81:05:4d:1a:ea:c9:fa:c1:ea:60:f9:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jan  1 18:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=64c02e1949cbb2d035e7f5e39027cb8b1416fa65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:af:dc:ee:02:c6:77:88:00:81:9d:71:de:58:
                    4d:99:20:cf:31:95:4d:69:ee:44:34:91:73:98:d3:
                    c4:e7:cb:eb:60:5e:2d:f7:9d:93:58:b6:50:eb:6a:
                    37:66:3c:94:70:a4:03:e9:8d:ef:c8:91:96:48:ce:
                    58:ca:f3:9b:e5:32:68:ce:37:8d:d5:6c:31:08:7e:
                    12:9a:23:8e:91:e3:32:37:7c:45:79:49:51:1f:eb:
                    31:55:49:78:c8:ae:5b:f1:e4:ff:3d:38:ae:f1:19:
                    18:71:78:a2:21:7b:38:5c:7c:83:f4:47:99:ab:33:
                    34:0a:67:d9:35:3c:d9:7a:c9:b8:8a:2d:9a:d3:6a:
                    96:64:8f:76:c9:6b:5b:51:19:81:b7:1b:5f:14:9a:
                    66:6d:98:f0:76:41:e3:e8:75:ea:3c:ae:3e:53:bf:
                    3e:ba:80:76:15:df:64:5d:42:92:70:f0:8e:3b:33:
                    eb:e4:36:af:7f:cb:c5:ec:0d:67:f6:f9:e9:02:9a:
                    5a:b7:4f:6e:d4:29:6d:d0:64:0f:63:db:21:0a:b8:
                    13:af:84:a2:53:ba:39:5a:d2:36:2e:ec:52:22:fc:
                    11:10:e1:bb:cd:ee:59:7a:02:da:37:d0:4e:de:06:
                    86:a8:02:4c:46:8a:67:c9:3d:b8:29:f5:35:bb:e7:
                    eb:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:C0:2E:19:49:CB:B2:D0:35:E7:F5:E3:90:27:CB:8B:14:16:FA:65
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/ZMAuGUnLstA15_XjkCfLixQW-mU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.83.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:1c:fb:42:a4:b3:bc:c2:d0:1a:2c:5d:40:4e:e8:8b:ed:f8:
         0a:88:0a:b6:ba:cd:78:4e:d1:bf:88:94:41:06:f7:2b:ae:9d:
         c0:4c:a3:9a:09:6c:0c:9a:65:a4:f6:3b:9a:67:d0:48:e1:f6:
         78:01:4d:d8:98:38:cd:69:61:4b:6d:0d:5b:c6:41:f7:38:86:
         99:68:7f:4b:13:be:b1:39:33:58:07:cc:1d:02:8c:79:43:27:
         e4:0b:be:b5:cc:a0:63:5c:26:a6:6a:24:51:84:2b:8d:f1:45:
         30:43:36:a1:18:63:03:2d:67:09:6f:0a:92:48:e6:aa:19:21:
         c6:d9:7c:85:79:e0:fa:1f:00:47:0c:48:0d:ff:be:4c:ae:fe:
         c0:f3:79:7a:f7:05:28:7a:0b:8b:5b:c5:13:f2:aa:74:8e:1d:
         eb:ec:fc:de:55:fb:92:2f:df:f4:4e:ca:04:bf:fc:0d:9f:0e:
         6d:19:8f:0e:20:f0:32:69:0e:e9:07:47:7e:2b:72:57:af:86:
         e0:03:af:a5:61:a9:33:53:14:9d:64:3e:37:d8:0e:ef:af:a8:
         d4:6d:0b:51:28:60:31:14:42:e1:5d:cf:36:f7:77:1e:a8:43:
         9e:a5:7f:69:61:8b:ae:f4:e2:0f:ae:93:8d:b1:6b:90:7e:dc:
         b2:b0:bf:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSej1gQVNGurJ+sHqYPlMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjQwMTAxMTgyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGMwMmUxOTQ5Y2JiMmQwMzVlN2Y1ZTM5MDI3Y2I4YjE0MTZmYTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr6/c7gLGd4gAgZ1x3lhNmSDPMZVN
ae5ENJFzmNPE58vrYF4t952TWLZQ62o3ZjyUcKQD6Y3vyJGWSM5YyvOb5TJozjeN
1WwxCH4SmiOOkeMyN3xFeUlRH+sxVUl4yK5b8eT/PTiu8RkYcXiiIXs4XHyD9EeZ
qzM0CmfZNTzZesm4ii2a02qWZI92yWtbURmBtxtfFJpmbZjwdkHj6HXqPK4+U78+
uoB2Fd9kXUKScPCOOzPr5Davf8vF7A1n9vnpAppat09u1Clt0GQPY9shCrgTr4Si
U7o5WtI2LuxSIvwREOG7ze5ZegLaN9BO3gaGqAJMRopnyT24KfU1u+frxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGTALhlJy7LQNef145Any4sUFvplMB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvWk1BdUdVbkxzdEExNV9YamtDZkxpeFFXLW1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATlPrMA0G
CSqGSIb3DQEBCwUAA4IBAQBTHPtCpLO8wtAaLF1ATuiL7fgKiAq2us14TtG/iJRB
Bvcrrp3ATKOaCWwMmmWk9juaZ9BI4fZ4AU3YmDjNaWFLbQ1bxkH3OIaZaH9LE76x
OTNYB8wdAox5QyfkC761zKBjXCamaiRRhCuN8UUwQzahGGMDLWcJbwqSSOaqGSHG
2XyFeeD6HwBHDEgN/75Mrv7A83l69wUoeguLW8UT8qp0jh3r7PzeVfuSL9/0TsoE
v/wNnw5tGY8OIPAyaQ7pB0d+K3JXr4bgA6+lYakzUxSdZD432A7vr6jUbQtRKGAx
FELhXc8293ceqEOepX9pYYuu9OIPrpONsWuQftyysL9g
-----END CERTIFICATE-----