Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/d2yjai3pEAj04CY5iVEdCFh4CIY.roa
File:                     d2yjai3pEAj04CY5iVEdCFh4CIY.roa (raw, json)
Hash identifier:          j8LYkVq/zx8arahQjscDrtffHbliNAMbv2bMtw/qPOM=
Subject key identifier:   77:6C:A3:6A:2D:E9:10:08:F4:E0:26:39:89:51:1D:08:58:78:08:86
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       018CC649E66C03B840BDCE49F4EA7E1B7092
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/d2yjai3pEAj04CY5iVEdCFh4CIY.roa
Signing time:             Mon 01 Jan 2024 18:29:41 +0000
ROA not before:           Mon 01 Jan 2024 18:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198576
IP address blocks:        84.242.132.0/24 maxlen: 24
                          212.95.175.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:e6:6c:03:b8:40:bd:ce:49:f4:ea:7e:1b:70:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jan  1 18:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=776ca36a2de91008f4e0263989511d0858780886
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:f2:1e:82:78:0d:11:9b:9b:c8:b0:df:95:e2:
                    e3:b7:c9:ea:10:6c:c5:61:18:41:6f:ae:4a:c2:a0:
                    d7:98:e2:e7:c6:95:28:2f:1b:94:96:ac:78:46:b0:
                    76:8a:64:d7:f2:eb:26:71:71:7c:7f:34:b9:15:45:
                    22:37:29:24:58:36:7c:98:a2:03:33:83:ad:df:c9:
                    ce:f5:8d:53:05:c9:47:6f:bd:22:72:e6:bc:90:d8:
                    cf:0b:34:a0:ee:b6:26:6e:7b:b0:8d:7c:58:84:83:
                    43:1a:cd:26:ee:31:d4:7d:d2:cf:bf:d0:d6:ea:91:
                    aa:64:e5:0e:ef:16:dc:ab:e8:47:80:de:6f:a7:6c:
                    19:8c:7e:81:9a:1c:03:72:1a:6b:14:ce:30:81:35:
                    bc:04:d2:01:75:37:93:e5:f6:db:be:99:ee:41:86:
                    32:16:33:3b:90:53:b8:19:06:81:6e:01:09:c4:c2:
                    ac:3e:7d:5e:9b:55:e1:cd:f3:7f:b5:72:11:0a:10:
                    12:b0:05:f5:14:87:8b:45:f1:ba:8b:3f:c2:db:94:
                    1c:ad:54:47:29:e2:9c:a0:83:fa:9e:ab:c0:5c:df:
                    1a:bd:8e:4c:fe:23:7c:0b:95:28:58:59:0d:0f:3f:
                    a2:76:54:6d:87:a0:34:09:77:ad:2a:9f:63:4b:2a:
                    93:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:6C:A3:6A:2D:E9:10:08:F4:E0:26:39:89:51:1D:08:58:78:08:86
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/d2yjai3pEAj04CY5iVEdCFh4CIY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.242.132.0/24
                  212.95.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:07:46:f2:81:79:95:29:1a:52:7c:95:98:58:6a:30:eb:28:
         d7:40:00:a5:c1:b5:a6:a8:84:69:81:dc:cd:08:3a:07:be:2d:
         af:90:96:f2:44:3d:0f:42:cf:e0:f3:98:e3:ce:8e:a6:a8:4d:
         ff:c0:cd:e6:9a:2b:f1:41:31:dc:4f:31:d0:c5:c6:9e:e1:9a:
         a1:0f:2c:6b:e3:fb:ce:ad:80:68:0d:6b:c5:a6:b3:d2:98:7e:
         3a:60:31:a5:b2:6d:c8:ce:a1:b2:c0:48:ab:ac:c0:2d:41:ad:
         a6:c2:ae:93:c1:fe:56:a9:d9:d3:e8:37:58:1c:05:90:d0:54:
         37:ad:e9:7a:4b:1f:83:72:92:93:2b:65:64:ae:1d:69:f7:1a:
         07:de:51:bc:ce:0d:5b:dd:b6:aa:2d:a1:69:3f:9f:72:6e:f4:
         74:e4:1f:e9:92:d7:7c:00:90:4c:8f:04:a2:ea:18:af:b5:15:
         38:92:27:1e:ae:b1:e1:02:b5:68:34:69:36:44:1c:aa:a4:0f:
         93:ab:09:52:5d:01:8b:87:b9:5a:44:ec:31:4b:58:3e:6e:c4:
         4c:4f:4e:e3:7c:1c:29:37:99:11:76:4a:f1:1e:58:2c:49:01:
         d8:7c:e9:a2:aa:dc:36:3e:0b:88:27:b2:85:ec:a3:8c:13:e3:
         30:4b:db:f1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGSeZsA7hAvc5J9Op+G3CSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjQwMTAxMTgyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzZjYTM2YTJkZTkxMDA4ZjRlMDI2Mzk4OTUxMWQwODU4NzgwODg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgfIegngNEZubyLDfleLjt8nqEGzF
YRhBb65KwqDXmOLnxpUoLxuUlqx4RrB2imTX8usmcXF8fzS5FUUiNykkWDZ8mKID
M4Ot38nO9Y1TBclHb70icua8kNjPCzSg7rYmbnuwjXxYhINDGs0m7jHUfdLPv9DW
6pGqZOUO7xbcq+hHgN5vp2wZjH6BmhwDchprFM4wgTW8BNIBdTeT5fbbvpnuQYYy
FjM7kFO4GQaBbgEJxMKsPn1em1XhzfN/tXIRChASsAX1FIeLRfG6iz/C25QcrVRH
KeKcoIP6nqvAXN8avY5M/iN8C5UoWFkNDz+idlRth6A0CXetKp9jSyqToQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHdso2ot6RAI9OAmOYlRHQhYeAiGMB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvZDJ5amFpM3BFQWowNENZNWlWRWRDRmg0Q0lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVPKEAwQA
1F+vMA0GCSqGSIb3DQEBCwUAA4IBAQAiB0bygXmVKRpSfJWYWGow6yjXQAClwbWm
qIRpgdzNCDoHvi2vkJbyRD0PQs/g85jjzo6mqE3/wM3mmivxQTHcTzHQxcae4Zqh
Dyxr4/vOrYBoDWvFprPSmH46YDGlsm3IzqGywEirrMAtQa2mwq6Twf5WqdnT6DdY
HAWQ0FQ3rel6Sx+DcpKTK2Vkrh1p9xoH3lG8zg1b3baqLaFpP59ybvR05B/pktd8
AJBMjwSi6hivtRU4kicerrHhArVoNGk2RByqpA+TqwlSXQGLh7laROwxS1g+bsRM
T07jfBwpN5kRdkrxHlgsSQHYfOmiqtw2PguIJ7KF7KOME+MwS9vx
-----END CERTIFICATE-----