Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/wdbz5MEfBZBA4Fb4oHDhKqQmM5U.roa
File:                     wdbz5MEfBZBA4Fb4oHDhKqQmM5U.roa (raw, json)
Hash identifier:          mV+WnVypb96OEeGF4nZPRavy6gUbjMXTQyPS3F/Pjvw=
Subject key identifier:   C1:D6:F3:E4:C1:1F:05:90:40:E0:56:F8:A0:70:E1:2A:A4:26:33:95
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       018E13FA68FF0A5FEBC24D81D1D62A015DF0
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/wdbz5MEfBZBA4Fb4oHDhKqQmM5U.roa
Signing time:             Wed 06 Mar 2024 13:36:01 +0000
ROA not before:           Wed 06 Mar 2024 13:36:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215361
IP address blocks:        151.251.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:13:fa:68:ff:0a:5f:eb:c2:4d:81:d1:d6:2a:01:5d:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Mar  6 13:36:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c1d6f3e4c11f059040e056f8a070e12aa4263395
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:9e:8b:c3:d0:45:b4:81:8e:42:d1:1f:53:90:
                    01:f2:9b:de:11:61:7c:09:3c:33:da:93:b2:c8:5f:
                    b8:2b:1b:3d:c0:09:d8:4b:5a:5f:87:58:d1:2f:81:
                    cd:73:f8:50:91:74:5a:da:a1:6e:bf:cd:4f:d3:4a:
                    38:74:0d:55:9f:8f:1e:9c:85:c5:36:70:9c:ec:e6:
                    7f:cb:b4:56:5b:74:87:40:dd:c1:b8:53:64:b2:b0:
                    18:53:70:9d:96:c1:47:58:7b:d8:91:47:a7:2a:d0:
                    aa:98:ca:91:2a:9f:40:f0:f7:27:1b:a4:62:45:c7:
                    d1:41:01:c4:a0:65:fa:12:4c:86:2b:16:31:02:fc:
                    53:70:55:0b:a2:f7:93:ce:50:bc:cf:5d:c6:4f:d7:
                    9a:d4:47:6c:15:de:07:1c:e4:49:ad:b0:9b:3f:25:
                    8b:10:56:f9:19:f2:4f:32:28:50:91:10:ce:21:8d:
                    18:9f:0e:ed:4d:c8:ee:93:5d:da:ef:ad:17:b9:fc:
                    b4:05:21:8b:54:8a:4f:d5:c3:b8:66:75:90:34:c0:
                    e4:f4:e4:c4:0d:9c:80:b1:23:44:3f:45:90:28:1a:
                    3d:54:f8:4c:79:5c:51:d1:3b:10:98:42:b4:42:82:
                    68:8f:68:75:d9:c6:91:a7:e5:ac:86:ab:47:14:30:
                    40:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:D6:F3:E4:C1:1F:05:90:40:E0:56:F8:A0:70:E1:2A:A4:26:33:95
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/wdbz5MEfBZBA4Fb4oHDhKqQmM5U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.251.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:7e:01:c3:5c:54:ee:7c:f5:86:32:69:48:26:1a:a0:8d:c3:
         92:f4:0c:fd:d9:54:9a:da:8b:bc:0a:38:bf:4e:fc:f8:ca:68:
         3d:22:43:b9:e8:e0:43:8f:3c:ac:d9:4e:8f:23:30:5e:b2:b4:
         a3:df:8d:8e:23:76:90:f9:1a:bd:5b:17:8b:c0:e8:42:a7:3c:
         c6:f3:99:99:45:92:1f:c2:d6:b1:55:ae:d6:61:8e:a8:04:b8:
         81:be:48:57:1f:ee:30:fc:01:17:35:d5:a6:37:81:c9:61:4d:
         99:84:bc:f1:d4:cb:2d:49:77:3c:70:0d:1c:ee:00:e7:da:25:
         36:78:e1:7b:60:64:98:be:b2:06:72:ce:21:8b:3f:1d:c1:a2:
         ab:91:2c:80:a5:8b:a4:2f:4d:6e:cc:00:09:8f:75:c2:35:d8:
         b2:47:ed:aa:da:0a:96:67:2c:5a:16:f5:75:06:e4:ad:e6:87:
         c4:7d:e4:86:49:b8:7d:a0:dc:14:fa:1c:da:4f:1d:c3:e6:63:
         4a:8b:50:08:1a:03:80:d7:c0:c1:59:dc:e0:69:13:50:41:f8:
         30:38:30:fd:ad:0e:fe:4e:18:52:55:a7:aa:fa:d0:cb:f3:cf:
         e6:94:c4:49:8d:e4:58:bc:a1:a7:15:29:49:f1:0c:89:d6:6d:
         f9:98:46:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4T+mj/Cl/rwk2B0dYqAV3wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjQwMzA2MTMzNjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWQ2ZjNlNGMxMWYwNTkwNDBlMDU2ZjhhMDcwZTEyYWE0MjYzMzk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxp6Lw9BFtIGOQtEfU5AB8pveEWF8
CTwz2pOyyF+4Kxs9wAnYS1pfh1jRL4HNc/hQkXRa2qFuv81P00o4dA1Vn48enIXF
NnCc7OZ/y7RWW3SHQN3BuFNksrAYU3CdlsFHWHvYkUenKtCqmMqRKp9A8PcnG6Ri
RcfRQQHEoGX6EkyGKxYxAvxTcFULoveTzlC8z13GT9ea1EdsFd4HHORJrbCbPyWL
EFb5GfJPMihQkRDOIY0Ynw7tTcjuk13a760Xufy0BSGLVIpP1cO4ZnWQNMDk9OTE
DZyAsSNEP0WQKBo9VPhMeVxR0TsQmEK0QoJoj2h12caRp+WshqtHFDBAawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMHW8+TBHwWQQOBW+KBw4SqkJjOVMB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvd2RiejVNRWZCWkJBNEZiNG9IRGhLcVFtTTVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/smMA0G
CSqGSIb3DQEBCwUAA4IBAQCHfgHDXFTufPWGMmlIJhqgjcOS9Az92VSa2ou8Cji/
Tvz4ymg9IkO56OBDjzys2U6PIzBesrSj342OI3aQ+Rq9WxeLwOhCpzzG85mZRZIf
wtaxVa7WYY6oBLiBvkhXH+4w/AEXNdWmN4HJYU2ZhLzx1MstSXc8cA0c7gDn2iU2
eOF7YGSYvrIGcs4hiz8dwaKrkSyApYukL01uzAAJj3XCNdiyR+2q2gqWZyxaFvV1
BuSt5ofEfeSGSbh9oNwU+hzaTx3D5mNKi1AIGgOA18DBWdzgaRNQQfgwODD9rQ7+
ThhSVaeq+tDL88/mlMRJjeRYvKGnFSlJ8QyJ1m35mEab
-----END CERTIFICATE-----