Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/rBABKrwp3T0xWB9xN6JK2E0TU_g.roa
File:                     rBABKrwp3T0xWB9xN6JK2E0TU_g.roa (raw, json)
Hash identifier:          +EgcRrOw/5z3l6hYFJTrpUBwQir8k8clMLs58yG4L1I=
Subject key identifier:   AC:10:01:2A:BC:29:DD:3D:31:58:1F:71:37:A2:4A:D8:4D:13:53:F8
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       018CC649E5332966C01366A9F0FA509FF254
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/rBABKrwp3T0xWB9xN6JK2E0TU_g.roa
Signing time:             Mon 01 Jan 2024 18:29:40 +0000
ROA not before:           Mon 01 Jan 2024 18:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197184
IP address blocks:        88.203.248.0/24 maxlen: 24
                          88.203.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:e5:33:29:66:c0:13:66:a9:f0:fa:50:9f:f2:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jan  1 18:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ac10012abc29dd3d31581f7137a24ad84d1353f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:8b:72:fe:48:c2:e8:33:51:59:14:cf:95:a4:
                    a7:e6:6e:b2:c0:38:62:80:c3:fc:e2:93:a5:b7:34:
                    02:e6:d7:0b:5f:a1:51:5d:b6:20:18:aa:3c:dd:b4:
                    57:b0:fd:de:22:08:5a:d1:7c:91:a0:d0:2c:12:4f:
                    66:50:d5:8d:a7:4c:02:0f:c1:6d:83:9e:d2:11:33:
                    14:4c:3f:88:65:ac:b8:25:77:d1:cc:60:69:59:87:
                    f0:5f:0c:e7:d4:44:1f:0f:c5:f0:f4:d9:c9:12:6f:
                    3c:24:47:9c:18:00:f1:6f:eb:b7:d6:16:56:65:44:
                    b8:25:12:18:0d:68:b2:26:ac:28:64:80:aa:bd:bc:
                    9b:d4:6f:75:9d:46:cf:9b:02:5c:5f:b9:7b:4d:ba:
                    97:24:f6:da:cf:33:fd:f1:bb:4a:f0:49:ab:72:4c:
                    e9:6d:15:c2:3e:19:21:08:11:3b:e7:05:05:65:d0:
                    2c:2b:3b:e9:1f:2a:35:9e:75:11:ee:6d:6d:76:4b:
                    6c:21:0b:08:ca:41:44:ad:00:56:c8:8b:2e:2c:1f:
                    aa:ca:fc:c4:cc:bc:1e:4f:71:80:3a:d8:50:c0:e9:
                    0f:98:ea:a8:40:05:19:64:42:e4:05:61:73:e9:fb:
                    9e:19:56:9d:09:0b:e6:b2:60:be:92:80:ba:3c:13:
                    6e:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:10:01:2A:BC:29:DD:3D:31:58:1F:71:37:A2:4A:D8:4D:13:53:F8
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/rBABKrwp3T0xWB9xN6JK2E0TU_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.203.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2e:00:df:8c:c0:91:34:45:50:ba:46:90:b3:7e:b9:22:3d:4f:
         41:f9:a8:64:26:c4:29:61:88:cb:fa:91:90:e1:7d:ff:e5:6f:
         83:29:5e:72:7f:84:f1:e4:fe:a6:2c:78:5f:81:38:8e:fe:92:
         98:4e:af:68:39:d6:87:b1:b0:f7:67:a6:3e:62:f2:7e:55:ab:
         f3:83:ed:b1:4c:b1:c1:38:bd:18:82:4a:bd:3e:aa:13:5b:bc:
         6e:df:1c:7b:fb:64:04:5d:30:ea:96:1a:ca:97:9a:78:da:6e:
         da:22:b2:88:4d:90:57:66:b0:44:96:f9:06:41:11:a8:52:30:
         14:a9:8f:8c:b9:11:ec:6c:86:12:c3:17:31:ac:a1:49:b1:c5:
         e6:5f:36:82:4e:e1:4e:b2:60:7b:83:7d:83:06:b7:4e:78:63:
         aa:16:79:1b:ab:9f:41:ec:4f:d9:4f:84:2e:a7:71:46:ef:33:
         fd:76:20:d1:bd:90:0d:01:24:30:97:aa:82:cb:0e:fd:1e:00:
         c3:f6:30:23:e1:c8:48:23:3f:bd:fa:c4:8b:87:38:1b:23:07:
         91:3e:fa:ad:ec:33:c0:00:8c:b9:08:47:af:54:4f:e0:03:ef:
         20:78:86:fb:3c:0c:5c:80:c7:69:0d:7e:51:02:17:e8:4c:63:
         db:99:34:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSeUzKWbAE2ap8PpQn/JUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjQwMTAxMTgyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzEwMDEyYWJjMjlkZDNkMzE1ODFmNzEzN2EyNGFkODRkMTM1M2Y4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh4ty/kjC6DNRWRTPlaSn5m6ywDhi
gMP84pOltzQC5tcLX6FRXbYgGKo83bRXsP3eIgha0XyRoNAsEk9mUNWNp0wCD8Ft
g57SETMUTD+IZay4JXfRzGBpWYfwXwzn1EQfD8Xw9NnJEm88JEecGADxb+u31hZW
ZUS4JRIYDWiyJqwoZICqvbyb1G91nUbPmwJcX7l7TbqXJPbazzP98btK8Emrckzp
bRXCPhkhCBE75wUFZdAsKzvpHyo1nnUR7m1tdktsIQsIykFErQBWyIsuLB+qyvzE
zLweT3GAOthQwOkPmOqoQAUZZELkBWFz6fueGVadCQvmsmC+koC6PBNuSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKwQASq8Kd09MVgfcTeiSthNE1P4MB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvckJBQktyd3AzVDB4V0I5eE42SksyRTBUVV9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWMv4MA0G
CSqGSIb3DQEBCwUAA4IBAQAuAN+MwJE0RVC6RpCzfrkiPU9B+ahkJsQpYYjL+pGQ
4X3/5W+DKV5yf4Tx5P6mLHhfgTiO/pKYTq9oOdaHsbD3Z6Y+YvJ+Vavzg+2xTLHB
OL0Ygkq9PqoTW7xu3xx7+2QEXTDqlhrKl5p42m7aIrKITZBXZrBElvkGQRGoUjAU
qY+MuRHsbIYSwxcxrKFJscXmXzaCTuFOsmB7g32DBrdOeGOqFnkbq59B7E/ZT4Qu
p3FG7zP9diDRvZANASQwl6qCyw79HgDD9jAj4chIIz+9+sSLhzgbIweRPvqt7DPA
AIy5CEevVE/gA+8geIb7PAxcgMdpDX5RAhfoTGPbmTSJ
-----END CERTIFICATE-----