Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/iUMLmj6hG_R8J-yMSdy_xDCJ2IA.roa
File:                     iUMLmj6hG_R8J-yMSdy_xDCJ2IA.roa (raw, json)
Hash identifier:          qqMr0tQqmXPeASiTRsyS9v/BFkQBcoXOm8N61NI6rPc=
Subject key identifier:   89:43:0B:9A:3E:A1:1B:F4:7C:27:EC:8C:49:DC:BF:C4:30:89:D8:80
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       018CC649E4E66DA0FC5767B5C374E16D9539
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/iUMLmj6hG_R8J-yMSdy_xDCJ2IA.roa
Signing time:             Mon 01 Jan 2024 18:29:40 +0000
ROA not before:           Mon 01 Jan 2024 18:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197050
IP address blocks:        151.251.56.0/22 maxlen: 22
                          85.118.91.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:e4:e6:6d:a0:fc:57:67:b5:c3:74:e1:6d:95:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jan  1 18:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=89430b9a3ea11bf47c27ec8c49dcbfc43089d880
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:31:0c:d3:bf:c8:a9:fd:d3:87:20:e0:e9:49:
                    b3:40:83:c9:ad:59:1c:41:95:1a:7c:e4:d0:17:06:
                    62:21:9d:49:2c:c2:cd:0b:d1:03:ca:63:dd:80:2d:
                    d3:46:6c:85:f3:e8:2e:30:48:32:b1:46:6e:4f:df:
                    67:8c:69:fd:48:4d:0c:aa:68:b3:f0:40:92:e8:5e:
                    40:a1:e7:fd:cd:e9:12:3c:ec:d1:0a:4f:36:0d:c8:
                    70:46:5a:f8:4d:5e:20:28:03:b6:2c:97:a5:19:6c:
                    88:dd:9e:43:94:27:e2:e0:43:2a:1f:f3:13:a9:89:
                    68:d3:92:9e:45:3b:eb:4b:25:9d:e0:bd:5f:89:52:
                    22:44:54:18:9a:44:8c:1a:27:0f:1a:b1:7b:f1:ed:
                    ff:a3:c1:fa:85:c8:7a:26:84:02:e7:92:bb:0c:79:
                    c8:a7:df:97:cd:c0:6d:e6:0f:c7:81:dc:be:68:e0:
                    da:0f:6a:6a:3f:11:91:f2:e5:ec:4b:e0:5f:57:94:
                    72:58:db:00:41:ae:59:05:24:c4:17:ba:4a:d8:44:
                    39:5f:f1:5c:6d:6d:f1:93:d5:59:17:0a:eb:a6:c5:
                    d8:21:fe:28:ad:84:5b:b1:be:d8:f8:58:ca:55:f1:
                    55:2c:de:d7:4d:0b:a7:0a:ca:de:31:20:49:c4:30:
                    83:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:43:0B:9A:3E:A1:1B:F4:7C:27:EC:8C:49:DC:BF:C4:30:89:D8:80
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/iUMLmj6hG_R8J-yMSdy_xDCJ2IA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.118.91.0/24
                  151.251.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         20:3b:6b:86:49:5a:c7:af:67:62:37:23:db:e3:69:2b:d7:c9:
         30:d0:17:94:a0:6f:9d:fc:03:aa:85:19:2e:da:be:e2:a4:00:
         22:f3:2a:75:51:fe:0b:58:6b:ef:9e:25:93:dc:52:9a:95:1c:
         36:9b:a3:38:75:37:05:2d:95:53:fb:5a:7c:66:0c:71:0e:d0:
         3e:fd:65:c5:bf:42:e6:93:e3:e0:13:77:ab:bd:83:02:11:40:
         be:81:01:e2:48:1a:37:64:b5:e1:34:44:53:cc:e3:f1:0a:4d:
         7e:e0:af:99:1a:73:75:e5:ec:77:dd:75:e8:3d:46:9d:63:64:
         30:ca:65:b7:c7:eb:c4:87:7f:c8:86:bd:02:88:75:38:36:a7:
         eb:f4:3c:7e:df:55:f6:9e:cd:51:b2:76:69:a1:da:bd:a5:bd:
         51:af:f1:55:53:1f:2b:af:21:1b:28:d7:fa:f1:53:66:24:72:
         90:82:3c:b6:53:03:37:99:9d:18:53:7c:cf:19:86:48:24:ff:
         4a:f9:fa:73:fb:93:3a:0d:6c:20:fc:ba:1b:c6:7d:44:1a:11:
         db:27:d9:fd:fa:de:07:00:0d:ac:8d:0b:21:85:ab:08:63:21:
         72:04:58:47:2f:18:8e:b3:69:a4:6d:91:a0:16:a4:95:47:c6:
         fa:da:fe:44
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGSeTmbaD8V2e1w3ThbZU5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjQwMTAxMTgyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTQzMGI5YTNlYTExYmY0N2MyN2VjOGM0OWRjYmZjNDMwODlkODgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgzEM07/Iqf3ThyDg6UmzQIPJrVkc
QZUafOTQFwZiIZ1JLMLNC9EDymPdgC3TRmyF8+guMEgysUZuT99njGn9SE0Mqmiz
8ECS6F5Aoef9zekSPOzRCk82DchwRlr4TV4gKAO2LJelGWyI3Z5DlCfi4EMqH/MT
qYlo05KeRTvrSyWd4L1fiVIiRFQYmkSMGicPGrF78e3/o8H6hch6JoQC55K7DHnI
p9+XzcBt5g/Hgdy+aODaD2pqPxGR8uXsS+BfV5RyWNsAQa5ZBSTEF7pK2EQ5X/Fc
bW3xk9VZFwrrpsXYIf4orYRbsb7Y+FjKVfFVLN7XTQunCsreMSBJxDCDXwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIlDC5o+oRv0fCfsjEncv8QwidiAMB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvaVVNTG1qNmhHX1I4Si15TVNkeV94RENKMklBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVXZbAwQC
l/s4MA0GCSqGSIb3DQEBCwUAA4IBAQAgO2uGSVrHr2diNyPb42kr18kw0BeUoG+d
/AOqhRku2r7ipAAi8yp1Uf4LWGvvniWT3FKalRw2m6M4dTcFLZVT+1p8ZgxxDtA+
/WXFv0Lmk+PgE3ervYMCEUC+gQHiSBo3ZLXhNERTzOPxCk1+4K+ZGnN15ex33XXo
PUadY2QwymW3x+vEh3/Ihr0CiHU4Nqfr9Dx+31X2ns1RsnZpodq9pb1Rr/FVUx8r
ryEbKNf68VNmJHKQgjy2UwM3mZ0YU3zPGYZIJP9K+fpz+5M6DWwg/Lobxn1EGhHb
J9n9+t4HAA2sjQshhasIYyFyBFhHLxiOs2mkbZGgFqSVR8b62v5E
-----END CERTIFICATE-----