Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/oZSkT6EgjgyAD0MFdVzXN9K99xQ.roa
File:                     oZSkT6EgjgyAD0MFdVzXN9K99xQ.roa (raw, json)
Hash identifier:          zOqzyOejc8GLucR1JrPXOUp8wuaR3SyYYOVjyEoPXFU=
Subject key identifier:   A1:94:A4:4F:A1:20:8E:0C:80:0F:43:05:75:5C:D7:37:D2:BD:F7:14
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       018CC649EE85A91B599652B6C3E50F7D1F23
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/oZSkT6EgjgyAD0MFdVzXN9K99xQ.roa
Signing time:             Mon 01 Jan 2024 18:29:43 +0000
ROA not before:           Mon 01 Jan 2024 18:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203723
IP address blocks:        212.36.18.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:ee:85:a9:1b:59:96:52:b6:c3:e5:0f:7d:1f:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jan  1 18:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a194a44fa1208e0c800f4305755cd737d2bdf714
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:84:5e:85:8b:79:05:63:d0:80:cf:68:bb:f6:
                    00:53:88:8b:0d:05:81:3e:ac:ac:46:a2:0c:53:99:
                    5c:ec:69:a5:c6:4b:1d:d5:99:46:e0:9d:ff:c1:ec:
                    ad:88:c5:1e:aa:69:95:60:dc:66:44:d2:1a:82:35:
                    a2:30:77:55:42:cd:27:1f:b7:5c:42:05:c6:34:a4:
                    32:76:76:0e:1f:4f:03:b2:d2:b2:21:a6:54:b1:9c:
                    d1:47:06:e2:cc:74:b9:0c:a2:41:e8:c4:f2:b2:a6:
                    29:c7:49:98:01:77:d2:9c:fe:a0:b8:47:28:34:3a:
                    4a:42:da:03:60:4b:91:80:5e:82:f1:30:a2:c6:8d:
                    04:32:99:24:78:0c:c5:09:f4:03:58:df:16:ef:1d:
                    aa:07:36:40:94:93:d6:38:6b:29:80:fa:bc:5c:4d:
                    07:24:98:23:4c:7f:f9:21:f9:6b:f5:e6:64:0f:73:
                    a0:c6:83:12:41:bd:33:df:f1:8a:8b:35:92:8b:1f:
                    37:01:58:04:8e:d2:f8:09:f6:1d:1d:63:b9:08:9d:
                    67:2e:7f:5a:a9:81:0b:26:2e:ab:dd:44:f1:9d:7e:
                    f6:c2:10:fd:ba:4e:67:e0:ac:46:cc:c2:5e:36:c9:
                    fc:c0:25:9a:5a:eb:a8:71:8e:0a:2e:b3:24:0f:24:
                    3e:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:94:A4:4F:A1:20:8E:0C:80:0F:43:05:75:5C:D7:37:D2:BD:F7:14
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/oZSkT6EgjgyAD0MFdVzXN9K99xQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.36.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:6b:ff:14:b5:3c:2c:6f:71:61:99:3f:2d:2b:2c:74:0c:44:
         c8:5b:f8:6a:ba:d9:cd:ff:83:6b:9b:b5:d6:81:45:ee:a9:74:
         e5:97:d2:f8:c2:05:67:a6:95:54:9a:e4:48:0c:98:58:61:d4:
         79:6d:49:35:d8:2c:8b:a9:47:ce:18:21:35:2e:a7:92:3d:14:
         5e:b1:a8:e6:e9:e9:7a:5b:fd:2c:e8:4b:a2:cb:30:d7:95:dd:
         7c:d5:0e:b0:f8:80:70:82:d3:bc:69:a2:b8:d1:bf:e7:79:06:
         b7:86:e9:0b:e5:5a:69:c1:12:8b:46:05:1d:64:f6:57:54:20:
         7e:f5:10:4f:b0:0e:34:a2:c2:7a:58:ba:84:b9:28:99:49:bb:
         fb:96:f8:cb:b8:4d:80:a2:49:66:32:37:d6:4b:b1:15:df:98:
         c2:ff:fa:23:b3:e6:46:b7:60:b3:64:51:85:21:01:6d:a2:4a:
         bb:52:44:d3:53:72:03:81:69:f0:db:1d:54:27:e6:28:6e:e7:
         13:6e:27:4a:20:b5:d0:13:20:ab:20:b8:b1:75:11:75:4f:ac:
         f4:68:f6:dd:c8:1d:2f:2c:aa:a6:04:fd:37:40:d4:5a:11:1a:
         9d:1d:28:27:72:a4:c6:28:29:66:cb:aa:a1:d8:eb:04:14:6d:
         01:b6:ee:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSe6FqRtZllK2w+UPfR8jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjQwMTAxMTgyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTk0YTQ0ZmExMjA4ZTBjODAwZjQzMDU3NTVjZDczN2QyYmRmNzE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0IRehYt5BWPQgM9ou/YAU4iLDQWB
PqysRqIMU5lc7Gmlxksd1ZlG4J3/weytiMUeqmmVYNxmRNIagjWiMHdVQs0nH7dc
QgXGNKQydnYOH08DstKyIaZUsZzRRwbizHS5DKJB6MTysqYpx0mYAXfSnP6guEco
NDpKQtoDYEuRgF6C8TCixo0EMpkkeAzFCfQDWN8W7x2qBzZAlJPWOGspgPq8XE0H
JJgjTH/5Iflr9eZkD3OgxoMSQb0z3/GKizWSix83AVgEjtL4CfYdHWO5CJ1nLn9a
qYELJi6r3UTxnX72whD9uk5n4KxGzMJeNsn8wCWaWuuocY4KLrMkDyQ+YQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKGUpE+hII4MgA9DBXVc1zfSvfcUMB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvb1pTa1Q2RWdqZ3lBRDBNRmRWelhOOUs5OXhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1CQSMA0G
CSqGSIb3DQEBCwUAA4IBAQBya/8UtTwsb3FhmT8tKyx0DETIW/hqutnN/4Nrm7XW
gUXuqXTll9L4wgVnppVUmuRIDJhYYdR5bUk12CyLqUfOGCE1LqeSPRResajm6el6
W/0s6EuiyzDXld181Q6w+IBwgtO8aaK40b/neQa3hukL5VppwRKLRgUdZPZXVCB+
9RBPsA40osJ6WLqEuSiZSbv7lvjLuE2AoklmMjfWS7EV35jC//ojs+ZGt2CzZFGF
IQFtokq7UkTTU3IDgWnw2x1UJ+YobucTbidKILXQEyCrILixdRF1T6z0aPbdyB0v
LKqmBP03QNRaERqdHSgncqTGKClmy6qh2OsEFG0Btu6u
-----END CERTIFICATE-----