Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/l6-TiHn6WyIBOS91yVkJOYhjkac.roa
File:                     l6-TiHn6WyIBOS91yVkJOYhjkac.roa (raw, json)
Hash identifier:          gHTZmq68U4Gn6VAKsDB5rYl7n73/lSH7FvJxfElhmsE=
Subject key identifier:   97:AF:93:88:79:FA:5B:22:01:39:2F:75:C9:59:09:39:88:63:91:A7
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       018CC649DCC5E5DDB991E81666E439BC5B77
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/l6-TiHn6WyIBOS91yVkJOYhjkac.roa
Signing time:             Mon 01 Jan 2024 18:29:38 +0000
ROA not before:           Mon 01 Jan 2024 18:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44179
IP address blocks:        82.103.64.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:dc:c5:e5:dd:b9:91:e8:16:66:e4:39:bc:5b:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jan  1 18:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=97af938879fa5b2201392f75c9590939886391a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:37:53:f4:89:08:51:2b:d4:b0:a2:3a:79:56:
                    00:f1:c1:19:3c:12:70:3b:c0:8b:96:b0:24:df:2d:
                    75:2c:ce:11:4f:0f:d0:c6:0b:a8:e7:c2:92:70:b3:
                    34:90:f3:01:7c:9e:6a:57:5e:bb:e8:4f:a7:60:f5:
                    ad:2a:dc:3d:63:24:7c:43:2b:b0:63:eb:76:8d:14:
                    55:85:95:49:22:ae:0a:67:48:4d:a6:35:50:ec:c3:
                    51:56:73:08:8b:12:10:59:03:44:4f:85:73:08:b5:
                    e4:7e:7c:3c:26:51:3b:0b:92:27:90:90:d7:6b:26:
                    e8:9e:57:f5:78:8a:a9:7c:b5:2d:2c:dc:89:eb:c2:
                    ed:df:a5:09:50:4d:44:1c:17:b1:f1:0a:d5:ea:d2:
                    29:42:9c:61:43:bc:6a:04:72:d5:18:30:e1:87:60:
                    a3:98:79:7e:2d:9d:93:ea:a6:84:ab:5c:90:76:6e:
                    36:d4:22:2a:69:a6:ac:8f:fe:e7:54:90:3d:37:09:
                    50:99:6b:ed:d1:b0:3d:16:20:f6:49:7a:ce:c2:4c:
                    68:67:8e:8c:f9:41:dd:ad:28:8c:9f:4c:e5:a3:ad:
                    29:2c:91:1b:df:7a:07:66:32:a6:ae:6e:b3:5d:74:
                    1c:bb:c3:a9:17:2f:4c:1d:cb:b8:8b:aa:a0:bc:02:
                    d9:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:AF:93:88:79:FA:5B:22:01:39:2F:75:C9:59:09:39:88:63:91:A7
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/l6-TiHn6WyIBOS91yVkJOYhjkac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.103.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:ab:74:04:84:76:dd:23:9a:eb:de:b0:52:b7:f4:db:6f:b7:
         a2:70:bc:9c:1b:9c:3b:64:c7:9c:ff:79:ed:d1:4c:b8:97:f5:
         fd:76:d6:ce:b1:c7:05:d2:a7:ab:0b:bb:47:d9:c2:8b:e5:c4:
         15:b3:a6:d0:9e:d3:c4:5f:d5:d1:a9:ec:dc:9d:7c:8a:bd:6d:
         37:73:7a:84:1e:8a:08:f6:43:37:aa:eb:7c:2e:ac:ea:81:07:
         fd:a1:31:22:96:7c:9f:79:f1:55:5f:f0:35:49:36:ce:71:8c:
         36:e9:e3:0a:26:ab:42:13:c8:49:1d:41:dc:2f:1d:d9:a2:91:
         5f:12:c5:79:e3:92:64:10:38:4d:c6:4d:4e:5f:de:f6:7b:b9:
         ed:f6:fc:44:33:92:0d:60:71:26:25:fb:1a:21:c8:1f:b5:b6:
         1b:78:bc:e3:4c:77:20:8a:a2:fe:07:c7:82:3a:cc:b7:9e:00:
         9a:2b:76:07:a1:e7:2d:c3:68:ce:d3:97:4c:09:5a:f3:54:1e:
         bc:cf:90:02:3a:e4:cf:5f:f0:37:e9:16:3a:28:cd:1c:46:da:
         83:07:f4:16:e4:56:0f:c1:3e:4c:10:ac:b7:78:f0:01:96:18:
         48:e5:04:8f:27:c0:50:b5:ad:39:e8:58:c3:f5:c5:7b:b8:2c:
         b3:31:38:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSdzF5d25kegWZuQ5vFt3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjQwMTAxMTgyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2FmOTM4ODc5ZmE1YjIyMDEzOTJmNzVjOTU5MDkzOTg4NjM5MWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhDdT9IkIUSvUsKI6eVYA8cEZPBJw
O8CLlrAk3y11LM4RTw/Qxguo58KScLM0kPMBfJ5qV1676E+nYPWtKtw9YyR8Qyuw
Y+t2jRRVhZVJIq4KZ0hNpjVQ7MNRVnMIixIQWQNET4VzCLXkfnw8JlE7C5InkJDX
aybonlf1eIqpfLUtLNyJ68Lt36UJUE1EHBex8QrV6tIpQpxhQ7xqBHLVGDDhh2Cj
mHl+LZ2T6qaEq1yQdm421CIqaaasj/7nVJA9NwlQmWvt0bA9FiD2SXrOwkxoZ46M
+UHdrSiMn0zlo60pLJEb33oHZjKmrm6zXXQcu8OpFy9MHcu4i6qgvALZLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJevk4h5+lsiATkvdclZCTmIY5GnMB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvbDYtVGlIbjZXeUlCT1M5MXlWa0pPWWhqa2FjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUmdAMA0G
CSqGSIb3DQEBCwUAA4IBAQBWq3QEhHbdI5rr3rBSt/Tbb7eicLycG5w7ZMec/3nt
0Uy4l/X9dtbOsccF0qerC7tH2cKL5cQVs6bQntPEX9XRqezcnXyKvW03c3qEHooI
9kM3qut8LqzqgQf9oTEilnyfefFVX/A1STbOcYw26eMKJqtCE8hJHUHcLx3ZopFf
EsV545JkEDhNxk1OX972e7nt9vxEM5INYHEmJfsaIcgftbYbeLzjTHcgiqL+B8eC
Osy3ngCaK3YHoectw2jO05dMCVrzVB68z5ACOuTPX/A36RY6KM0cRtqDB/QW5FYP
wT5MEKy3ePABlhhI5QSPJ8BQta056FjD9cV7uCyzMTix
-----END CERTIFICATE-----