Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/fYEDPn-t34WegrOg3TWFxIQBCxg.roa
File:                     fYEDPn-t34WegrOg3TWFxIQBCxg.roa (raw, json)
Hash identifier:          yERlLe6P/LdQUuIQq11YRYnvinEgRcFje6t0lvQTCv4=
Subject key identifier:   7D:81:03:3E:7F:AD:DF:85:9E:82:B3:A0:DD:35:85:C4:84:01:0B:18
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       018CC649D2938F3873982CED6EA374FFACAE
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/fYEDPn-t34WegrOg3TWFxIQBCxg.roa
Signing time:             Mon 01 Jan 2024 18:29:35 +0000
ROA not before:           Mon 01 Jan 2024 18:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7155
IP address blocks:        82.103.105.0/24 maxlen: 24
                          195.34.109.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 06:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:d2:93:8f:38:73:98:2c:ed:6e:a3:74:ff:ac:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jan  1 18:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d81033e7faddf859e82b3a0dd3585c484010b18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:f3:f9:45:08:16:87:8a:6c:2a:f7:60:29:14:
                    58:3f:84:f9:29:9a:2b:91:99:24:b8:5f:f2:b2:4e:
                    d0:c6:9f:4d:83:02:c8:34:7e:11:59:f5:57:4c:92:
                    12:ab:ef:a2:80:cf:70:8f:1c:fa:64:8b:7d:a3:37:
                    c0:24:bd:de:4f:59:11:bd:ba:ba:a5:89:91:ca:d5:
                    90:3f:e4:aa:f0:95:bf:ae:ab:25:3b:d8:ed:57:14:
                    33:63:6a:f9:87:30:93:6d:7c:ea:45:6d:f1:d9:ac:
                    8b:2e:1e:ca:a9:9c:6b:7c:04:55:d7:5c:7a:2b:cb:
                    16:98:f0:01:55:59:23:2c:7e:9e:07:d2:fa:20:ca:
                    ae:8a:f0:16:af:a7:5e:e0:83:f3:b4:98:00:b1:43:
                    00:d3:14:0b:7f:22:02:59:8f:55:e8:15:01:1a:4d:
                    7f:40:c9:17:2f:a7:94:64:4b:32:a0:3f:cf:63:0c:
                    99:71:66:21:b5:24:ba:6e:f4:40:eb:51:7e:c4:09:
                    29:36:9e:9a:13:fb:83:f1:37:9e:7e:f0:8b:1e:8f:
                    b7:2b:10:bb:2a:ba:32:44:ba:2c:18:72:ea:3b:41:
                    1c:f8:ab:e6:09:29:3e:b6:2b:77:66:0d:83:2c:6e:
                    14:c1:3d:40:76:ae:01:ab:d3:bd:55:db:ff:98:09:
                    15:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:81:03:3E:7F:AD:DF:85:9E:82:B3:A0:DD:35:85:C4:84:01:0B:18
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/fYEDPn-t34WegrOg3TWFxIQBCxg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.103.105.0/24
                  195.34.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:5f:7f:04:d7:66:a9:69:ce:3d:b3:e4:b3:54:99:aa:f6:5d:
         d2:77:ab:2e:d2:08:16:12:a7:a3:14:95:86:31:69:6b:40:8e:
         84:20:c2:e2:ad:62:6b:f2:ae:37:6f:24:16:05:fd:81:af:5c:
         a4:51:7e:52:fc:63:a3:12:6d:2b:7f:d3:db:17:6a:56:f7:53:
         31:5c:16:da:8e:33:4a:17:d1:f3:96:ef:6b:bf:78:e5:c7:e9:
         64:ba:f0:5d:95:cc:9a:c7:3c:07:a2:f9:63:95:c9:1a:19:c8:
         4e:6d:e1:f5:54:bf:d1:4f:99:73:58:9f:28:76:dd:43:af:bd:
         99:49:a9:bd:7a:ec:13:0d:62:68:df:67:b5:da:39:0c:e9:9b:
         77:59:e1:1d:6c:a6:a2:c1:a1:5b:d5:aa:f3:1b:d1:8a:64:8b:
         95:a7:a2:73:7a:7b:b8:0a:43:36:18:bf:51:cb:b4:bf:7a:fc:
         7c:dc:73:e7:2f:57:02:4e:2d:8b:3d:b1:2c:29:54:f4:66:dd:
         e1:ed:3f:b7:e7:55:2c:1c:c8:82:a0:cc:4e:f6:60:11:93:9a:
         a0:89:01:45:52:6d:d4:26:fe:06:e2:e3:01:a7:65:5a:d7:ac:
         ab:45:87:b2:72:fc:d8:12:3b:14:1d:ad:7b:ff:d5:62:33:42:
         37:e0:15:f5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGSdKTjzhzmCztbqN0/6yuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjQwMTAxMTgyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDgxMDMzZTdmYWRkZjg1OWU4MmIzYTBkZDM1ODVjNDg0MDEwYjE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsvP5RQgWh4psKvdgKRRYP4T5KZor
kZkkuF/ysk7Qxp9NgwLINH4RWfVXTJISq++igM9wjxz6ZIt9ozfAJL3eT1kRvbq6
pYmRytWQP+Sq8JW/rqslO9jtVxQzY2r5hzCTbXzqRW3x2ayLLh7KqZxrfARV11x6
K8sWmPABVVkjLH6eB9L6IMquivAWr6de4IPztJgAsUMA0xQLfyICWY9V6BUBGk1/
QMkXL6eUZEsyoD/PYwyZcWYhtSS6bvRA61F+xAkpNp6aE/uD8TeefvCLHo+3KxC7
KroyRLosGHLqO0Ec+KvmCSk+tit3Zg2DLG4UwT1Adq4Bq9O9Vdv/mAkVbQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH2BAz5/rd+FnoKzoN01hcSEAQsYMB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvZllFRFBuLXQzNFdlZ3JPZzNUV0Z4SVFCQ3hnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUmdpAwQA
wyJtMA0GCSqGSIb3DQEBCwUAA4IBAQA6X38E12apac49s+SzVJmq9l3Sd6su0ggW
EqejFJWGMWlrQI6EIMLirWJr8q43byQWBf2Br1ykUX5S/GOjEm0rf9PbF2pW91Mx
XBbajjNKF9Hzlu9rv3jlx+lkuvBdlcyaxzwHovljlckaGchObeH1VL/RT5lzWJ8o
dt1Dr72ZSam9euwTDWJo32e12jkM6Zt3WeEdbKaiwaFb1arzG9GKZIuVp6Jzenu4
CkM2GL9Ry7S/evx83HPnL1cCTi2LPbEsKVT0Zt3h7T+351UsHMiCoMxO9mARk5qg
iQFFUm3UJv4G4uMBp2Va16yrRYeycvzYEjsUHa17/9ViM0I34BX1
-----END CERTIFICATE-----