Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/rLQ3ILLr9qLTKAUca4D05Xe6YHs.roa
File:                     rLQ3ILLr9qLTKAUca4D05Xe6YHs.roa (raw, json)
Hash identifier:          LdeNOmew0y2anJAFQjx3J72SD1LYhBvom8wHT6VCB5o=
Subject key identifier:   AC:B4:37:20:B2:EB:F6:A2:D3:28:05:1C:6B:80:F4:E5:77:BA:60:7B
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       019428282EF76F447CE196037E938BA75772
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/rLQ3ILLr9qLTKAUca4D05Xe6YHs.roa
Signing time:             Thu 02 Jan 2025 17:55:09 +0000
ROA not before:           Thu 02 Jan 2025 17:55:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206511
IP address blocks:        213.169.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 10:01:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:28:2e:f7:6f:44:7c:e1:96:03:7e:93:8b:a7:57:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jan  2 17:55:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=acb43720b2ebf6a2d328051c6b80f4e577ba607b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:84:9c:d8:58:4d:cf:f7:7d:e3:64:3f:5c:a5:
                    2b:de:b1:c1:e4:b6:78:84:fc:c3:c6:ac:19:c7:fa:
                    5a:85:4f:b2:b3:27:5f:17:5f:20:af:7a:aa:0e:17:
                    92:9c:e8:1a:c0:2f:f3:47:67:f1:66:00:fc:e2:79:
                    8b:cd:88:c1:b9:7f:96:c0:00:af:42:65:20:07:6b:
                    e0:6e:77:78:4b:3a:8f:a9:46:75:d9:ff:72:a9:00:
                    ab:fc:21:6e:7c:41:2b:08:de:20:f4:fc:43:69:95:
                    41:65:10:c4:ac:29:5e:88:37:53:fd:2b:ed:a9:36:
                    31:05:da:e3:56:36:0c:f2:86:ab:60:7b:49:58:f7:
                    67:68:dc:f2:98:76:0e:18:e6:9b:75:5f:62:fa:ac:
                    8c:93:96:31:8f:22:37:8b:03:83:f3:a9:6b:2b:a9:
                    d8:68:10:3d:ca:4e:48:a4:f8:8b:0d:5c:46:bb:c3:
                    38:24:51:28:a4:4b:04:29:34:61:17:67:ad:0c:fd:
                    9b:01:bb:af:0a:40:1f:7b:fc:42:14:e0:99:d4:1c:
                    5a:3f:60:0d:a7:ad:57:e4:da:ab:22:6f:3a:5e:09:
                    7d:b5:94:07:5a:9d:06:8d:be:b6:92:80:c3:86:57:
                    2c:38:a2:b9:b5:1a:0c:eb:6f:3c:c4:01:18:96:26:
                    ee:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:B4:37:20:B2:EB:F6:A2:D3:28:05:1C:6B:80:F4:E5:77:BA:60:7B
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/rLQ3ILLr9qLTKAUca4D05Xe6YHs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.169.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:a7:78:04:b6:ae:bb:09:1b:a3:d6:99:ef:0a:25:7f:5f:bf:
         ab:f8:f2:e3:8a:74:11:65:61:d3:30:b3:8a:4f:7f:b6:bf:46:
         cd:cd:ef:f3:be:99:57:a3:a0:15:06:6a:45:65:68:a6:52:f7:
         d5:6d:58:93:7f:71:7e:4b:82:82:91:77:db:c1:a0:69:83:74:
         43:c5:77:36:ed:3e:8f:be:87:df:e8:95:fa:79:32:37:a9:52:
         b3:e5:7a:6e:7b:88:9b:0a:cd:e6:50:d6:04:79:35:ce:b3:a8:
         fa:a9:24:fc:97:ef:48:b4:0d:37:0c:ae:ec:41:04:59:0b:c6:
         8e:64:01:ed:c7:7f:a5:8e:8c:7a:ab:6c:21:18:2a:08:a2:38:
         39:22:21:40:d3:f6:f7:01:11:c9:55:7b:dd:d4:43:be:d5:79:
         97:77:01:62:05:63:cf:0f:e6:32:c6:88:a9:17:04:02:a3:b5:
         82:18:3b:27:67:37:10:b9:4d:89:0a:21:bf:32:f0:68:b5:cb:
         9c:8d:56:49:e7:80:5c:80:54:2e:d8:2b:98:c4:56:8e:54:c6:
         27:79:1c:19:8d:ba:de:c2:3f:ab:4e:03:2f:96:93:7c:97:64:
         b3:ba:8f:d6:ea:7c:42:79:45:1d:95:e6:bc:b1:fe:a0:78:3d:
         29:f2:44:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoKC73b0R84ZYDfpOLp1dyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjUwMTAyMTc1NTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2I0MzcyMGIyZWJmNmEyZDMyODA1MWM2YjgwZjRlNTc3YmE2MDdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnoSc2FhNz/d942Q/XKUr3rHB5LZ4
hPzDxqwZx/pahU+ysydfF18gr3qqDheSnOgawC/zR2fxZgD84nmLzYjBuX+WwACv
QmUgB2vgbnd4SzqPqUZ12f9yqQCr/CFufEErCN4g9PxDaZVBZRDErCleiDdT/Svt
qTYxBdrjVjYM8oarYHtJWPdnaNzymHYOGOabdV9i+qyMk5YxjyI3iwOD86lrK6nY
aBA9yk5IpPiLDVxGu8M4JFEopEsEKTRhF2etDP2bAbuvCkAfe/xCFOCZ1BxaP2AN
p61X5NqrIm86Xgl9tZQHWp0Gjb62koDDhlcsOKK5tRoM6288xAEYlibuJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKy0NyCy6/ai0ygFHGuA9OV3umB7MB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvckxRM0lMTHI5cUxUS0FVY2E0RDA1WGU2WUhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1akkMA0G
CSqGSIb3DQEBCwUAA4IBAQBSp3gEtq67CRuj1pnvCiV/X7+r+PLjinQRZWHTMLOK
T3+2v0bNze/zvplXo6AVBmpFZWimUvfVbViTf3F+S4KCkXfbwaBpg3RDxXc27T6P
voff6JX6eTI3qVKz5Xpue4ibCs3mUNYEeTXOs6j6qST8l+9ItA03DK7sQQRZC8aO
ZAHtx3+ljox6q2whGCoIojg5IiFA0/b3ARHJVXvd1EO+1XmXdwFiBWPPD+Yyxoip
FwQCo7WCGDsnZzcQuU2JCiG/MvBotcucjVZJ54BcgFQu2CuYxFaOVMYneRwZjbre
wj+rTgMvlpN8l2Szuo/W6nxCeUUdlea8sf6geD0p8kRr
-----END CERTIFICATE-----