Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/iUIzIhYMSHHa0l4qG9T78_Yi1EA.roa
File:                     iUIzIhYMSHHa0l4qG9T78_Yi1EA.roa (raw, json)
Hash identifier:          e3gMwLbE4CGmXUSQZwjuDQmAXzeblMHExpvWXZXaojQ=
Subject key identifier:   89:42:33:22:16:0C:48:71:DA:D2:5E:2A:1B:D4:FB:F3:F6:22:D4:40
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       018CC649DEA9E377AAEFBE710B1EA7E8AE78
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/iUIzIhYMSHHa0l4qG9T78_Yi1EA.roa
Signing time:             Mon 01 Jan 2024 18:29:39 +0000
ROA not before:           Mon 01 Jan 2024 18:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49421
IP address blocks:        78.83.238.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:de:a9:e3:77:aa:ef:be:71:0b:1e:a7:e8:ae:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jan  1 18:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=89423322160c4871dad25e2a1bd4fbf3f622d440
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:37:eb:c5:91:1a:e4:48:d8:b6:a3:98:7d:05:
                    d0:7b:36:61:60:91:a5:1d:24:e3:c2:28:11:c7:a3:
                    c7:f6:92:90:dd:08:e4:4b:5c:ff:b8:94:6d:83:23:
                    21:bc:a5:3d:64:02:a8:e4:aa:96:e3:b7:af:96:ff:
                    33:2e:90:df:8d:92:73:30:e4:04:46:8b:c4:4c:b3:
                    fb:eb:4a:c2:62:d0:1d:9d:80:c0:9b:6c:75:83:5d:
                    ed:45:3d:e9:67:b3:d4:9c:5a:c1:9e:3b:06:4c:a8:
                    62:cc:fa:33:e9:58:b0:0f:b1:ae:6b:4c:b7:7a:00:
                    a7:5a:4f:04:ed:d1:78:3f:ac:71:2b:4d:1a:93:8c:
                    db:d6:a3:ec:f0:37:b4:69:c1:e6:ef:54:ee:0b:15:
                    87:30:c8:ce:8c:e8:48:36:91:b9:2b:18:de:5f:a0:
                    b3:7d:e9:97:ef:ce:70:01:9a:2e:c9:a6:d2:e9:a6:
                    6c:e0:b1:44:07:e1:48:cb:f4:d2:39:9b:5b:b7:d7:
                    0e:50:7d:b7:90:1e:ab:2f:2d:19:dd:b4:e4:2d:50:
                    22:d2:19:c6:47:0b:34:db:db:3c:1e:19:db:7a:df:
                    78:f7:45:58:7c:0c:77:5e:74:ff:f9:0f:61:ba:c3:
                    8a:18:00:7d:73:9c:92:d6:7b:3b:b5:45:eb:89:36:
                    00:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:42:33:22:16:0C:48:71:DA:D2:5E:2A:1B:D4:FB:F3:F6:22:D4:40
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/iUIzIhYMSHHa0l4qG9T78_Yi1EA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.83.238.0/23

    Signature Algorithm: sha256WithRSAEncryption
         77:70:8a:8f:b7:1b:ae:4a:fe:7b:c9:30:69:5b:3b:2f:ba:8c:
         ec:b4:21:7a:1c:99:1e:a1:21:bf:47:83:19:00:05:5f:c1:bd:
         6d:73:2a:7d:1e:37:e6:40:14:a4:58:5d:56:4a:3e:8d:b5:00:
         cf:61:49:c5:4d:d9:ce:c1:bc:37:2e:24:ac:cd:c8:10:cf:75:
         e5:a9:50:09:1f:b8:ea:59:09:73:1f:a6:63:1b:e7:89:17:2c:
         5d:77:4e:0d:d2:a4:85:c9:9b:d0:a1:24:d1:7b:fc:f2:5d:06:
         64:19:f7:7f:c2:2b:58:76:91:cb:48:76:17:ad:ba:c4:ec:9f:
         b0:d7:97:6d:cb:15:bd:36:20:ab:0a:f6:9a:c1:96:b5:8c:8f:
         6a:8a:52:8c:64:8d:2f:44:bd:dc:d2:6a:67:df:be:00:66:40:
         39:40:73:be:41:8c:83:ba:7b:28:39:33:86:80:8f:8a:1f:2c:
         a6:0c:e3:54:bc:c8:00:0a:96:8e:c4:64:01:4f:f8:c1:2c:18:
         78:a5:f5:cd:ec:2f:a2:56:91:d9:a9:f2:45:52:78:32:d2:7e:
         9f:4d:f6:92:c5:51:8b:cf:68:21:6b:f0:85:6f:ba:55:ce:bc:
         a7:7f:f6:76:85:d1:0c:e2:20:6b:5b:35:f4:73:81:97:af:b3:
         51:ff:84:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSd6p43eq775xCx6n6K54MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjQwMTAxMTgyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTQyMzMyMjE2MGM0ODcxZGFkMjVlMmExYmQ0ZmJmM2Y2MjJkNDQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgDfrxZEa5EjYtqOYfQXQezZhYJGl
HSTjwigRx6PH9pKQ3QjkS1z/uJRtgyMhvKU9ZAKo5KqW47evlv8zLpDfjZJzMOQE
RovETLP760rCYtAdnYDAm2x1g13tRT3pZ7PUnFrBnjsGTKhizPoz6ViwD7Gua0y3
egCnWk8E7dF4P6xxK00ak4zb1qPs8De0acHm71TuCxWHMMjOjOhINpG5KxjeX6Cz
femX785wAZouyabS6aZs4LFEB+FIy/TSOZtbt9cOUH23kB6rLy0Z3bTkLVAi0hnG
Rws029s8Hhnbet9490VYfAx3XnT/+Q9husOKGAB9c5yS1ns7tUXriTYA3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIlCMyIWDEhx2tJeKhvU+/P2ItRAMB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvaVVJekloWU1TSEhhMGw0cUc5VDc4X1lpMUVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBTlPuMA0G
CSqGSIb3DQEBCwUAA4IBAQB3cIqPtxuuSv57yTBpWzsvuozstCF6HJkeoSG/R4MZ
AAVfwb1tcyp9HjfmQBSkWF1WSj6NtQDPYUnFTdnOwbw3LiSszcgQz3XlqVAJH7jq
WQlzH6ZjG+eJFyxdd04N0qSFyZvQoSTRe/zyXQZkGfd/witYdpHLSHYXrbrE7J+w
15dtyxW9NiCrCvaawZa1jI9qilKMZI0vRL3c0mpn374AZkA5QHO+QYyDunsoOTOG
gI+KHyymDONUvMgACpaOxGQBT/jBLBh4pfXN7C+iVpHZqfJFUngy0n6fTfaSxVGL
z2gha/CFb7pVzrynf/Z2hdEM4iBrWzX0c4GXr7NR/4TN
-----END CERTIFICATE-----