Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/aXlpcwSiD9cKxryIrph281IXxPw.roa
File:                     aXlpcwSiD9cKxryIrph281IXxPw.roa (raw, json)
Hash identifier:          9VNUv4yHrdnkOYaI3m8AnRQoef3ObcA5bzcPL9DTIuQ=
Subject key identifier:   69:79:69:73:04:A2:0F:D7:0A:C6:BC:88:AE:98:76:F3:52:17:C4:FC
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       018CC649EF6D62C4C68BCA226AE45C25B47E
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/aXlpcwSiD9cKxryIrph281IXxPw.roa
Signing time:             Mon 01 Jan 2024 18:29:43 +0000
ROA not before:           Mon 01 Jan 2024 18:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206410
IP address blocks:        78.83.164.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:ef:6d:62:c4:c6:8b:ca:22:6a:e4:5c:25:b4:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jan  1 18:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6979697304a20fd70ac6bc88ae9876f35217c4fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:d2:5e:b5:22:51:16:e8:2e:76:45:d1:a3:d1:
                    85:f4:04:00:19:11:d9:ff:26:18:9c:87:c4:2d:d7:
                    45:5a:83:ea:d6:54:f1:b3:8e:b7:1c:2e:60:b5:04:
                    43:80:72:f2:27:ae:78:d6:5e:01:ae:7d:cc:00:9d:
                    da:12:cf:33:d1:7a:84:31:35:0f:5b:07:75:3b:40:
                    1a:16:c9:1b:72:a0:9c:da:f4:c8:01:91:2f:09:ae:
                    56:6e:45:7f:79:3b:38:70:69:43:68:ff:fd:f8:c9:
                    81:81:39:46:8f:e3:a7:06:0a:a7:b6:1b:28:6e:85:
                    0b:f8:e6:2e:e9:68:7e:ad:86:78:36:f4:01:0c:af:
                    74:b8:7d:e0:e0:a9:4a:28:8f:95:bd:0a:48:cf:98:
                    3f:3e:5a:3a:c5:5e:c7:dd:c6:61:10:56:49:66:40:
                    60:86:c6:5e:f0:95:68:66:e1:38:d5:8f:37:11:5c:
                    55:bd:0e:7f:ee:2e:47:42:cd:78:89:93:87:df:55:
                    2c:4b:80:84:79:69:5c:86:ea:81:6f:86:59:cf:12:
                    30:81:66:a3:c7:8d:47:cf:35:51:0f:b3:57:89:c0:
                    dc:34:0d:7d:6d:5d:63:f1:8f:24:73:c7:08:7c:f5:
                    33:3d:a6:61:f9:e3:da:f4:4b:fd:4d:92:d5:64:d8:
                    31:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:79:69:73:04:A2:0F:D7:0A:C6:BC:88:AE:98:76:F3:52:17:C4:FC
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/aXlpcwSiD9cKxryIrph281IXxPw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.83.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:fc:7f:4e:01:77:af:40:85:c5:96:87:cd:8d:14:14:8e:2b:
         f8:cc:25:62:07:ee:4b:d1:54:6f:4a:4f:31:1c:65:08:62:49:
         0f:52:47:a0:fe:0a:65:da:bb:24:dc:0c:2a:3b:86:dc:aa:04:
         00:a7:69:f9:ce:13:2f:0c:7e:e5:d5:62:86:61:7c:25:b7:44:
         80:e9:da:74:b8:5c:3b:b4:c3:bb:72:69:58:ff:0b:af:57:9c:
         68:69:65:f5:69:a7:03:6d:de:45:a1:a4:1b:c7:37:8f:84:86:
         cc:73:0a:40:ab:d8:27:b6:1f:4f:a2:5d:20:56:6a:0e:b9:57:
         a7:c7:07:45:60:0d:a2:0f:2e:24:5b:56:43:d0:6e:44:5a:f7:
         e9:ff:55:31:da:24:1d:4e:46:d2:32:a4:bf:69:37:a5:a0:d1:
         2a:81:4b:22:00:8b:a6:5f:d0:81:f3:69:99:ef:1e:3f:5e:6d:
         42:be:e5:0d:1c:99:d9:18:c9:22:bb:67:8c:78:20:c2:91:e2:
         02:62:99:27:71:d4:4f:85:3d:ce:7a:41:a3:79:d6:7e:9e:db:
         7f:ed:77:c1:cd:f6:e9:d8:87:92:a8:f2:04:17:0b:94:06:41:
         88:99:e5:86:15:49:8e:cd:02:c3:32:6a:27:12:5b:f7:62:48:
         c0:e7:5b:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSe9tYsTGi8oiauRcJbR+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjQwMTAxMTgyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTc5Njk3MzA0YTIwZmQ3MGFjNmJjODhhZTk4NzZmMzUyMTdjNGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgdJetSJRFugudkXRo9GF9AQAGRHZ
/yYYnIfELddFWoPq1lTxs463HC5gtQRDgHLyJ6541l4Brn3MAJ3aEs8z0XqEMTUP
Wwd1O0AaFskbcqCc2vTIAZEvCa5WbkV/eTs4cGlDaP/9+MmBgTlGj+OnBgqnthso
boUL+OYu6Wh+rYZ4NvQBDK90uH3g4KlKKI+VvQpIz5g/Plo6xV7H3cZhEFZJZkBg
hsZe8JVoZuE41Y83EVxVvQ5/7i5HQs14iZOH31UsS4CEeWlchuqBb4ZZzxIwgWaj
x41HzzVRD7NXicDcNA19bV1j8Y8kc8cIfPUzPaZh+ePa9Ev9TZLVZNgxMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGl5aXMEog/XCsa8iK6YdvNSF8T8MB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvYVhscGN3U2lEOWNLeHJ5SXJwaDI4MUlYeFB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATlOkMA0G
CSqGSIb3DQEBCwUAA4IBAQBf/H9OAXevQIXFlofNjRQUjiv4zCViB+5L0VRvSk8x
HGUIYkkPUkeg/gpl2rsk3AwqO4bcqgQAp2n5zhMvDH7l1WKGYXwlt0SA6dp0uFw7
tMO7cmlY/wuvV5xoaWX1aacDbd5FoaQbxzePhIbMcwpAq9gnth9Pol0gVmoOuVen
xwdFYA2iDy4kW1ZD0G5EWvfp/1Ux2iQdTkbSMqS/aTeloNEqgUsiAIumX9CB82mZ
7x4/Xm1CvuUNHJnZGMkiu2eMeCDCkeICYpkncdRPhT3OekGjedZ+ntt/7XfBzfbp
2IeSqPIEFwuUBkGImeWGFUmOzQLDMmonElv3YkjA51tB
-----END CERTIFICATE-----