Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/yGT7DMSit1TsnWTA54ki8LAMsJo.roa
File:                     yGT7DMSit1TsnWTA54ki8LAMsJo.roa (raw, json)
Hash identifier:          zlgYyN9wUjc1lc7bYerJVVYdRC2GzSzr3LO2q7qGCpk=
Subject key identifier:   C8:64:FB:0C:C4:A2:B7:54:EC:9D:64:C0:E7:89:22:F0:B0:0C:B0:9A
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       018CC649D988197C4639172012A2821D3AC2
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/yGT7DMSit1TsnWTA54ki8LAMsJo.roa
Signing time:             Mon 01 Jan 2024 18:29:37 +0000
ROA not before:           Mon 01 Jan 2024 18:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41889
IP address blocks:        88.203.239.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 15:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:d9:88:19:7c:46:39:17:20:12:a2:82:1d:3a:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jan  1 18:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c864fb0cc4a2b754ec9d64c0e78922f0b00cb09a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:c1:66:f1:f1:a3:35:9e:cb:53:f5:a2:51:ea:
                    44:fa:ee:94:c4:ff:83:fa:fc:42:20:5e:88:82:55:
                    15:43:64:6a:12:01:06:3a:a2:7d:80:8d:37:28:7d:
                    7e:86:91:c3:70:64:d0:bc:15:86:eb:c9:dd:46:e2:
                    28:8a:bb:5d:e2:43:4b:d4:f7:6a:91:f7:0a:05:73:
                    82:a9:6c:0d:69:f2:86:eb:6f:a3:bc:71:71:4e:5e:
                    b8:5f:cd:49:f9:a1:18:9d:ee:45:6b:48:3b:58:88:
                    2f:2a:0a:51:75:ac:59:a8:f8:bd:e6:d7:e8:24:50:
                    c0:d5:e8:53:46:9b:55:76:62:57:64:67:ca:85:e7:
                    c5:2f:38:f1:97:cd:05:05:b2:9c:2a:27:96:e5:39:
                    a2:54:56:ed:03:9b:d6:1a:3c:11:02:fe:0e:2b:86:
                    34:d7:91:7a:6c:80:55:e2:41:bf:8a:a0:3a:2c:2b:
                    f5:6e:d6:ad:83:2c:03:a5:e2:2d:b8:55:3a:6c:9e:
                    6d:69:81:b1:e4:7f:84:aa:ef:2f:cd:ea:51:b4:68:
                    e3:b8:c6:8d:9f:70:c5:3f:95:a3:49:30:57:da:9e:
                    91:2f:e8:0a:ec:13:f5:31:2f:cd:83:cc:0d:59:39:
                    bd:6c:cd:a2:41:89:36:65:e3:8b:f5:ef:60:49:97:
                    02:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:64:FB:0C:C4:A2:B7:54:EC:9D:64:C0:E7:89:22:F0:B0:0C:B0:9A
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/yGT7DMSit1TsnWTA54ki8LAMsJo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.203.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:61:0f:76:5d:20:d5:d4:86:f1:3d:79:4b:34:c9:8c:fe:d5:
         ed:fd:76:2c:7a:ce:77:2d:1d:48:c2:bb:4d:5f:3a:b7:03:1b:
         f4:8d:5a:2d:06:b8:d1:3d:b2:d8:f2:a4:c6:87:59:87:18:62:
         35:f0:25:2d:41:f0:b7:2a:36:58:4f:0c:01:07:df:80:35:b7:
         61:5c:6b:d5:0a:33:4e:f2:2e:4b:b1:c3:45:0e:9f:a5:7a:1e:
         c3:3c:f0:44:c3:84:3f:d9:72:ff:58:0e:99:ea:1e:5f:5d:9f:
         c8:02:5c:22:9e:51:d3:be:b3:84:34:88:73:fe:7d:84:89:0a:
         6d:b5:7c:cf:a2:bc:b2:e8:fe:ef:8f:2e:6a:9f:2e:70:c0:43:
         42:1f:8a:1f:05:f9:32:07:d9:47:45:b3:cc:1b:49:82:12:e9:
         9a:f6:d8:81:a0:6d:01:b2:56:6a:70:1d:8f:64:57:ff:c3:b0:
         4a:1c:29:f9:54:9a:27:43:54:c5:91:ed:f8:cc:3d:be:16:ed:
         8d:8d:d3:b1:8e:a2:be:07:b4:e4:42:19:ab:3e:a7:a0:c7:a7:
         fb:10:44:30:3c:e5:33:4e:35:51:f8:54:14:e9:b5:63:9d:35:
         92:46:b7:aa:66:b1:cf:9c:ae:9a:fc:81:12:14:19:8f:a5:df:
         3a:9c:a5:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSdmIGXxGORcgEqKCHTrCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjQwMTAxMTgyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODY0ZmIwY2M0YTJiNzU0ZWM5ZDY0YzBlNzg5MjJmMGIwMGNiMDlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAscFm8fGjNZ7LU/WiUepE+u6UxP+D
+vxCIF6IglUVQ2RqEgEGOqJ9gI03KH1+hpHDcGTQvBWG68ndRuIoirtd4kNL1Pdq
kfcKBXOCqWwNafKG62+jvHFxTl64X81J+aEYne5Fa0g7WIgvKgpRdaxZqPi95tfo
JFDA1ehTRptVdmJXZGfKhefFLzjxl80FBbKcKieW5TmiVFbtA5vWGjwRAv4OK4Y0
15F6bIBV4kG/iqA6LCv1btatgywDpeItuFU6bJ5taYGx5H+Equ8vzepRtGjjuMaN
n3DFP5WjSTBX2p6RL+gK7BP1MS/Ng8wNWTm9bM2iQYk2ZeOL9e9gSZcCYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMhk+wzEordU7J1kwOeJIvCwDLCaMB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEveUdUN0RNU2l0MVRzbldUQTU0a2k4TEFNc0pvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWMvvMA0G
CSqGSIb3DQEBCwUAA4IBAQBrYQ92XSDV1IbxPXlLNMmM/tXt/XYses53LR1IwrtN
Xzq3Axv0jVotBrjRPbLY8qTGh1mHGGI18CUtQfC3KjZYTwwBB9+ANbdhXGvVCjNO
8i5LscNFDp+leh7DPPBEw4Q/2XL/WA6Z6h5fXZ/IAlwinlHTvrOENIhz/n2EiQpt
tXzPoryy6P7vjy5qny5wwENCH4ofBfkyB9lHRbPMG0mCEuma9tiBoG0BslZqcB2P
ZFf/w7BKHCn5VJonQ1TFke34zD2+Fu2NjdOxjqK+B7TkQhmrPqegx6f7EEQwPOUz
TjVR+FQU6bVjnTWSRreqZrHPnK6a/IESFBmPpd86nKUg
-----END CERTIFICATE-----