Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/rJ9WMUZX_1DDTPHYfppjTthZhj4.roa
File:                     rJ9WMUZX_1DDTPHYfppjTthZhj4.roa (raw, json)
Hash identifier:          qW6osaQ8QgPgfWJiLc8B2j7NXZuF70jexQ+nLK+M+Uo=
Subject key identifier:   AC:9F:56:31:46:57:FF:50:C3:4C:F1:D8:7E:9A:63:4E:D8:59:86:3E
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       018CC649D92BD3AEC619EB7A7D581312A424
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/rJ9WMUZX_1DDTPHYfppjTthZhj4.roa
Signing time:             Mon 01 Jan 2024 18:29:37 +0000
ROA not before:           Mon 01 Jan 2024 18:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41782
IP address blocks:        85.196.169.0/24 maxlen: 24
                          85.196.168.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:d9:2b:d3:ae:c6:19:eb:7a:7d:58:13:12:a4:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jan  1 18:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ac9f56314657ff50c34cf1d87e9a634ed859863e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:ef:57:1b:2a:fd:e9:04:bd:c2:d8:78:8c:e1:
                    0d:2b:25:eb:d3:ac:2e:49:71:13:d0:49:cb:5c:1d:
                    0f:9f:6e:f8:7a:15:f6:cd:81:03:94:7b:d1:05:49:
                    73:ac:58:7a:40:dd:d7:ed:96:3d:c3:f5:a5:af:29:
                    b6:9f:9c:85:da:8f:8a:e4:fb:94:5f:08:c4:b2:f0:
                    4c:bc:17:53:e7:a6:5a:44:fc:8a:22:2e:b3:3b:dc:
                    16:78:7a:d6:3d:c9:90:d7:0f:81:fa:92:ec:1d:eb:
                    1c:5a:8a:c9:fe:7c:ee:9c:4c:8b:6b:c3:99:fe:d7:
                    24:30:1a:49:2d:ee:ed:d5:fb:13:18:04:7e:a9:f6:
                    ae:d3:8b:7a:a7:99:db:24:ed:5a:c1:e6:0e:40:75:
                    ba:b4:a3:37:0c:c1:8f:62:eb:33:0d:43:5d:df:fc:
                    80:2f:f4:03:c8:eb:4c:e3:bf:a2:f0:46:33:0d:be:
                    a3:97:f0:4b:03:75:2b:5e:81:ca:45:79:52:03:e6:
                    b3:f5:d5:93:80:fe:2b:12:f4:c2:d6:2a:31:46:e7:
                    f7:b5:74:3f:df:06:a8:dd:8b:91:36:16:de:98:fa:
                    14:ab:90:41:e5:0c:f7:32:ce:43:95:b4:08:e7:9a:
                    8d:73:d3:80:e6:be:1a:cd:8f:0f:da:78:30:3e:69:
                    27:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:9F:56:31:46:57:FF:50:C3:4C:F1:D8:7E:9A:63:4E:D8:59:86:3E
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/rJ9WMUZX_1DDTPHYfppjTthZhj4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.196.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         47:86:93:07:a8:17:6f:3f:20:4c:41:2b:bc:43:1a:51:17:12:
         2a:08:44:cb:d3:42:ee:a6:f6:96:f9:dc:6e:d9:bf:3d:37:43:
         85:00:94:3c:16:e2:66:72:e2:44:f0:28:fd:74:96:69:74:d0:
         ea:2e:2e:34:5d:2b:b2:3c:b2:0d:82:92:30:90:6a:c3:ad:33:
         7a:01:9a:fd:39:a8:2d:c7:92:dc:41:15:61:12:a2:d5:0b:a2:
         08:f9:51:26:a5:1d:81:c7:4f:27:ca:0e:af:6f:40:4a:a0:b9:
         41:f2:17:89:10:47:4a:5a:7b:18:2d:3d:2e:78:8b:a0:5c:1e:
         b3:1f:cb:00:6c:81:9d:4e:c0:34:75:e1:6e:24:2b:98:70:7a:
         08:57:bc:42:b0:4a:a5:b8:60:82:13:cc:bf:a4:c4:c0:da:a9:
         ac:78:d2:63:5f:15:be:64:3f:6f:26:02:1e:69:c5:9b:a6:b9:
         7a:fe:23:af:16:ec:9d:42:10:3f:a8:30:b8:16:d1:be:b6:c1:
         92:6f:ec:ae:7d:05:57:23:e2:da:7c:ea:12:89:c4:1f:47:f4:
         81:2e:9d:d0:d3:36:e9:b8:d6:f4:9c:4c:4f:1a:19:39:41:ff:
         af:8d:53:30:4b:a7:fc:7d:d3:20:2b:37:8e:c2:26:f8:76:5a:
         b1:80:c5:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSdkr067GGet6fVgTEqQkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjQwMTAxMTgyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzlmNTYzMTQ2NTdmZjUwYzM0Y2YxZDg3ZTlhNjM0ZWQ4NTk4NjNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6+9XGyr96QS9wth4jOENKyXr06wu
SXET0EnLXB0Pn274ehX2zYEDlHvRBUlzrFh6QN3X7ZY9w/Wlrym2n5yF2o+K5PuU
XwjEsvBMvBdT56ZaRPyKIi6zO9wWeHrWPcmQ1w+B+pLsHescWorJ/nzunEyLa8OZ
/tckMBpJLe7t1fsTGAR+qfau04t6p5nbJO1aweYOQHW6tKM3DMGPYuszDUNd3/yA
L/QDyOtM47+i8EYzDb6jl/BLA3UrXoHKRXlSA+az9dWTgP4rEvTC1ioxRuf3tXQ/
3wao3YuRNhbemPoUq5BB5Qz3Ms5DlbQI55qNc9OA5r4azY8P2ngwPmkn6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKyfVjFGV/9Qw0zx2H6aY07YWYY+MB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvcko5V01VWlhfMUREVFBIWWZwcGpUdGhaaGo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVcSoMA0G
CSqGSIb3DQEBCwUAA4IBAQBHhpMHqBdvPyBMQSu8QxpRFxIqCETL00LupvaW+dxu
2b89N0OFAJQ8FuJmcuJE8Cj9dJZpdNDqLi40XSuyPLINgpIwkGrDrTN6AZr9Oagt
x5LcQRVhEqLVC6II+VEmpR2Bx08nyg6vb0BKoLlB8heJEEdKWnsYLT0ueIugXB6z
H8sAbIGdTsA0deFuJCuYcHoIV7xCsEqluGCCE8y/pMTA2qmseNJjXxW+ZD9vJgIe
acWbprl6/iOvFuydQhA/qDC4FtG+tsGSb+yufQVXI+LafOoSicQfR/SBLp3Q0zbp
uNb0nExPGhk5Qf+vjVMwS6f8fdMgKzeOwib4dlqxgMVI
-----END CERTIFICATE-----