Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/mXzCunf-1jex3yScjWrK2jsGvNo.roa
File:                     mXzCunf-1jex3yScjWrK2jsGvNo.roa (raw, json)
Hash identifier:          /jBIhrftjUTb72Nrh55nsruXST3jfKWPIsxzJmgSOPg=
Subject key identifier:   99:7C:C2:BA:77:FE:D6:37:B1:DF:24:9C:8D:6A:CA:DA:3B:06:BC:DA
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       018CC649ED38091D8F1C250CA0F07B3686BB
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/mXzCunf-1jex3yScjWrK2jsGvNo.roa
Signing time:             Mon 01 Jan 2024 18:29:42 +0000
ROA not before:           Mon 01 Jan 2024 18:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202593
IP address blocks:        151.251.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:ed:38:09:1d:8f:1c:25:0c:a0:f0:7b:36:86:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jan  1 18:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=997cc2ba77fed637b1df249c8d6acada3b06bcda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:30:f0:e5:c6:0a:50:14:64:e2:57:19:34:c1:
                    39:ac:45:d1:af:2a:2c:f3:40:b5:71:58:27:85:eb:
                    fa:d5:ca:3c:a9:5a:45:d9:0d:a3:73:a3:bf:d9:47:
                    98:f7:35:f6:68:93:fb:a5:1c:9c:cb:86:cb:1f:3b:
                    b6:34:b2:7a:ff:a9:71:c7:26:05:e6:52:d2:3e:7b:
                    08:ba:21:88:3d:f9:28:f8:19:da:b2:ff:d8:2e:bc:
                    0e:95:54:fe:f3:0c:75:1f:e0:3b:90:d5:fa:a1:e4:
                    61:3e:01:58:a3:74:1d:8e:31:86:3f:af:31:07:2b:
                    92:7f:64:24:02:de:de:d7:73:33:3d:a6:39:25:f1:
                    52:46:67:91:a6:06:ac:b6:65:b3:60:0d:4a:1a:2b:
                    5e:7e:6c:bc:3b:aa:94:8a:08:d2:7f:35:45:97:f6:
                    df:0c:f3:3a:d6:66:b5:46:4a:ea:93:47:fe:55:aa:
                    21:33:9c:9e:5b:1e:33:f6:cf:69:87:94:78:29:3b:
                    7a:ff:4c:34:29:11:35:a2:27:df:36:c4:e1:50:98:
                    68:54:c7:53:a1:ad:de:7c:e4:07:54:91:6c:40:64:
                    a4:71:da:d1:b8:65:e6:ac:81:22:2a:9c:dc:b4:fb:
                    16:73:e7:83:f8:ce:6e:23:d3:f8:b3:a1:d8:2d:d0:
                    6c:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:7C:C2:BA:77:FE:D6:37:B1:DF:24:9C:8D:6A:CA:DA:3B:06:BC:DA
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/mXzCunf-1jex3yScjWrK2jsGvNo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.251.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:f0:88:3c:7c:c9:7b:10:61:73:eb:27:b0:65:6f:b2:78:14:
         72:a0:66:12:53:5d:6e:81:78:e0:54:25:da:c9:bf:b7:b5:7d:
         8d:cf:04:6f:68:fc:d5:7c:97:20:c4:54:86:18:37:13:fa:69:
         cf:6b:dc:e9:7f:90:8c:3b:78:44:b1:b6:7e:6f:5a:26:66:91:
         44:d0:7e:c6:86:a9:3f:5a:54:f0:52:5a:ff:8f:ec:1f:04:75:
         80:02:ce:46:8c:af:4a:b1:ea:e7:21:85:ab:c2:f1:72:0f:31:
         80:24:d1:2e:7a:99:05:8f:2c:f1:d9:83:31:43:eb:c9:b5:4d:
         30:51:3a:a1:20:36:04:65:6a:1c:16:3e:66:d6:40:e0:71:ff:
         20:37:03:3e:ce:8c:87:67:af:96:e7:bd:81:ef:7f:f5:dd:ec:
         16:2f:9b:f0:cf:31:fc:92:93:c5:a6:fb:31:48:4a:d1:7b:bb:
         6c:a7:b1:ed:e3:9c:27:8f:91:22:27:e0:e8:e0:d3:d5:59:13:
         76:fb:c6:a9:bf:2a:69:8f:b2:b3:89:d6:8a:1f:72:ea:58:b2:
         01:49:45:c6:3b:8a:10:88:bd:80:25:84:94:69:dc:e2:1c:28:
         f1:62:05:86:c1:aa:8d:36:2d:c5:8f:f7:f7:cc:35:06:51:a9:
         60:7e:22:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSe04CR2PHCUMoPB7Noa7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjQwMTAxMTgyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTdjYzJiYTc3ZmVkNjM3YjFkZjI0OWM4ZDZhY2FkYTNiMDZiY2RhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgTDw5cYKUBRk4lcZNME5rEXRryos
80C1cVgnhev61co8qVpF2Q2jc6O/2UeY9zX2aJP7pRycy4bLHzu2NLJ6/6lxxyYF
5lLSPnsIuiGIPfko+Bnasv/YLrwOlVT+8wx1H+A7kNX6oeRhPgFYo3QdjjGGP68x
ByuSf2QkAt7e13MzPaY5JfFSRmeRpgastmWzYA1KGitefmy8O6qUigjSfzVFl/bf
DPM61ma1Rkrqk0f+VaohM5yeWx4z9s9ph5R4KTt6/0w0KRE1oiffNsThUJhoVMdT
oa3efOQHVJFsQGSkcdrRuGXmrIEiKpzctPsWc+eD+M5uI9P4s6HYLdBsGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJl8wrp3/tY3sd8knI1qyto7BrzaMB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvbVh6Q3VuZi0xamV4M3lTY2pXcksyanNHdk5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/t3MA0G
CSqGSIb3DQEBCwUAA4IBAQCE8Ig8fMl7EGFz6yewZW+yeBRyoGYSU11ugXjgVCXa
yb+3tX2NzwRvaPzVfJcgxFSGGDcT+mnPa9zpf5CMO3hEsbZ+b1omZpFE0H7Ghqk/
WlTwUlr/j+wfBHWAAs5GjK9KsernIYWrwvFyDzGAJNEuepkFjyzx2YMxQ+vJtU0w
UTqhIDYEZWocFj5m1kDgcf8gNwM+zoyHZ6+W572B73/13ewWL5vwzzH8kpPFpvsx
SErRe7tsp7Ht45wnj5EiJ+Do4NPVWRN2+8apvyppj7KzidaKH3LqWLIBSUXGO4oQ
iL2AJYSUadziHCjxYgWGwaqNNi3Fj/f3zDUGUalgfiK7
-----END CERTIFICATE-----