Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/_lVaHIHyQbuz6vShHN_qsYXdkfk.roa
File:                     _lVaHIHyQbuz6vShHN_qsYXdkfk.roa (raw, json)
Hash identifier:          VjI5lvZk+5b37VJ9t1uo/Ex9P9AsOLO9dFBtleQcz7g=
Subject key identifier:   FE:55:5A:1C:81:F2:41:BB:B3:EA:F4:A1:1C:DF:EA:B1:85:DD:91:F9
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       018CC649D25210ED88AF0A44626BE7B994C2
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/_lVaHIHyQbuz6vShHN_qsYXdkfk.roa
Signing time:             Mon 01 Jan 2024 18:29:35 +0000
ROA not before:           Mon 01 Jan 2024 18:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3356
IP address blocks:        87.227.206.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:d2:52:10:ed:88:af:0a:44:62:6b:e7:b9:94:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jan  1 18:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fe555a1c81f241bbb3eaf4a11cdfeab185dd91f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:f5:72:4f:1b:9c:f7:50:af:38:fb:91:c3:f4:
                    c9:d2:25:b3:22:88:e6:d2:ea:a1:72:92:05:5f:16:
                    33:21:25:25:e3:ee:74:fe:4c:1f:da:60:44:09:90:
                    92:37:97:6d:bc:40:1a:a1:0d:61:46:54:0a:0c:5f:
                    0b:21:b7:25:c0:a3:5e:ef:65:ef:19:8b:b2:9e:2a:
                    9d:83:92:d4:33:f6:b6:b1:2e:13:f1:3b:cb:25:cd:
                    46:88:45:57:ba:96:4e:34:1f:97:5e:1b:71:09:bc:
                    87:7f:72:32:51:d3:17:a4:fa:eb:4b:b9:67:3a:89:
                    0a:65:fd:aa:3b:78:a7:cd:39:f9:2f:75:ad:a4:b6:
                    9e:c2:bc:02:8b:64:c9:8d:f2:0b:21:28:97:6c:a5:
                    b2:0c:38:d3:de:d5:7c:f4:39:bb:84:e2:8a:7e:30:
                    fd:91:2c:9a:e8:5b:9c:f2:49:c1:0b:83:b8:14:76:
                    d9:ab:b1:f6:88:48:80:9b:88:22:0f:29:85:95:a0:
                    78:50:b6:78:a5:9b:8a:e5:4a:8f:7d:4b:76:bf:71:
                    8a:e0:b1:3e:47:6f:56:74:cc:fa:55:e4:ac:67:5c:
                    fa:7a:35:d7:3b:22:b4:b6:63:bf:3b:c6:36:b9:58:
                    f3:62:00:1d:a8:01:3a:10:67:e3:a0:9b:e3:23:fb:
                    78:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:55:5A:1C:81:F2:41:BB:B3:EA:F4:A1:1C:DF:EA:B1:85:DD:91:F9
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/_lVaHIHyQbuz6vShHN_qsYXdkfk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.227.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:43:bb:9b:14:6b:26:2a:3c:3e:91:82:ee:98:ff:8e:9e:9f:
         6d:ae:bf:bb:44:7b:fb:5a:ce:67:77:7e:03:f9:96:6e:a0:6c:
         76:29:44:2c:d3:ed:42:9f:b2:85:2d:1d:e9:11:1f:65:ca:c6:
         57:90:5e:7f:91:39:ad:25:e3:f7:14:e1:82:be:af:13:fe:e0:
         68:f9:c6:a0:b2:a3:e6:24:15:61:17:6d:07:b9:53:a8:93:0b:
         43:75:c3:0d:d8:e7:b2:ce:51:7c:f6:cb:3e:2e:a8:4e:00:b7:
         b5:34:2b:a7:7f:bd:99:e4:4a:8e:52:c1:42:63:37:de:38:a3:
         3c:73:7e:d6:b7:53:e0:4d:16:e3:aa:a3:38:f8:70:c9:37:53:
         36:a2:ae:08:50:09:95:d9:52:57:79:88:4d:12:cb:95:39:eb:
         90:de:2d:12:5a:37:35:82:d8:9e:78:4e:69:9b:04:cd:6b:ab:
         63:96:63:cc:24:e8:16:1e:1c:5c:3b:1e:93:08:1b:c5:7b:8c:
         bf:30:4d:35:f4:c5:fb:6a:98:d7:c1:77:a8:c1:d7:26:cf:b4:
         93:ec:97:8f:e0:62:be:5f:4d:26:3e:64:0b:82:7d:be:98:b6:
         e3:1c:8f:50:24:cf:0f:fa:57:0d:43:5c:dd:54:b5:fd:05:5c:
         b7:c1:66:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSdJSEO2IrwpEYmvnuZTCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjQwMTAxMTgyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTU1NWExYzgxZjI0MWJiYjNlYWY0YTExY2RmZWFiMTg1ZGQ5MWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjPVyTxuc91CvOPuRw/TJ0iWzIojm
0uqhcpIFXxYzISUl4+50/kwf2mBECZCSN5dtvEAaoQ1hRlQKDF8LIbclwKNe72Xv
GYuyniqdg5LUM/a2sS4T8TvLJc1GiEVXupZONB+XXhtxCbyHf3IyUdMXpPrrS7ln
OokKZf2qO3inzTn5L3WtpLaewrwCi2TJjfILISiXbKWyDDjT3tV89Dm7hOKKfjD9
kSya6Fuc8knBC4O4FHbZq7H2iEiAm4giDymFlaB4ULZ4pZuK5UqPfUt2v3GK4LE+
R29WdMz6VeSsZ1z6ejXXOyK0tmO/O8Y2uVjzYgAdqAE6EGfjoJvjI/t4BQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP5VWhyB8kG7s+r0oRzf6rGF3ZH5MB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvX2xWYUhJSHlRYnV6NnZTaEhOX3FzWVhka2ZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+POMA0G
CSqGSIb3DQEBCwUAA4IBAQACQ7ubFGsmKjw+kYLumP+Onp9trr+7RHv7Ws5nd34D
+ZZuoGx2KUQs0+1Cn7KFLR3pER9lysZXkF5/kTmtJeP3FOGCvq8T/uBo+cagsqPm
JBVhF20HuVOokwtDdcMN2OeyzlF89ss+LqhOALe1NCunf72Z5EqOUsFCYzfeOKM8
c37Wt1PgTRbjqqM4+HDJN1M2oq4IUAmV2VJXeYhNEsuVOeuQ3i0SWjc1gtieeE5p
mwTNa6tjlmPMJOgWHhxcOx6TCBvFe4y/ME019MX7apjXwXeowdcmz7ST7JeP4GK+
X00mPmQLgn2+mLbjHI9QJM8P+lcNQ1zdVLX9BVy3wWZT
-----END CERTIFICATE-----