Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/yuReSn8zQp7CCzuYUfI-bf6uOh8.roa
File:                     yuReSn8zQp7CCzuYUfI-bf6uOh8.roa (raw, json)
Hash identifier:          SS3LZ3c1AXv4pUEX+eA9zgBBT8HIubgO97hN8e7T3Nw=
Subject key identifier:   CA:E4:5E:4A:7F:33:42:9E:C2:0B:3B:98:51:F2:3E:6D:FE:AE:3A:1F
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       018CC649E18482042966ADBC7319B7DDC6AA
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/yuReSn8zQp7CCzuYUfI-bf6uOh8.roa
Signing time:             Mon 01 Jan 2024 18:29:39 +0000
ROA not before:           Mon 01 Jan 2024 18:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56539
IP address blocks:        78.83.236.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:e1:84:82:04:29:66:ad:bc:73:19:b7:dd:c6:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jan  1 18:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cae45e4a7f33429ec20b3b9851f23e6dfeae3a1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:24:82:3e:db:28:0f:48:81:6c:43:43:21:4e:
                    46:71:b8:cd:3f:9f:67:bf:99:2e:7d:09:48:34:d6:
                    57:ae:c3:25:79:a0:e6:ef:73:15:27:04:65:a2:cc:
                    14:90:13:a5:17:2e:6e:16:34:b7:47:d5:82:6b:26:
                    92:79:0f:0c:19:d9:70:17:5b:eb:ac:40:d4:0d:ae:
                    af:ca:22:d9:eb:7c:31:d7:a5:6b:4a:ac:29:e0:f7:
                    9b:8c:74:89:23:92:6a:b5:ee:8b:12:0e:45:e4:74:
                    70:2b:17:8e:e0:73:8f:26:25:b7:b6:09:83:09:2c:
                    45:52:21:8c:7e:1a:98:5d:db:2a:a8:37:41:4c:e8:
                    02:31:d0:a2:ee:5c:13:3c:55:b1:2c:0e:5c:87:96:
                    74:38:1e:b7:7e:b8:2b:d5:df:25:36:4e:b2:3e:73:
                    83:20:1f:ac:ce:f7:e2:3f:8c:dd:54:c8:b0:a1:f5:
                    cb:21:b2:8f:91:d1:da:4d:d3:b5:d0:41:90:f1:6b:
                    b9:22:87:d2:7a:97:be:8c:85:87:36:8d:42:e2:4a:
                    83:41:b5:0b:70:dc:49:e4:d1:c3:a0:97:72:4a:94:
                    b8:94:e0:1b:ea:e5:af:19:df:73:70:af:7c:25:3f:
                    61:74:f0:d8:5c:3e:6b:64:d9:4a:2e:ea:38:93:b5:
                    7f:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:E4:5E:4A:7F:33:42:9E:C2:0B:3B:98:51:F2:3E:6D:FE:AE:3A:1F
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/yuReSn8zQp7CCzuYUfI-bf6uOh8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.83.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:26:7a:95:62:7b:7f:ee:36:9f:0b:e3:ac:42:c2:99:9b:e9:
         22:9f:d6:69:0b:4b:40:1b:76:11:36:73:aa:15:7a:e1:e0:30:
         5b:1e:d5:b2:64:a4:56:57:69:87:14:0d:3e:17:0f:a8:31:3a:
         42:7f:b0:6f:80:b3:f6:1d:1a:d4:fc:c7:a9:3a:68:b5:e8:25:
         6c:d6:6c:8c:55:cf:ff:58:99:ef:25:bf:99:12:67:f8:6e:2d:
         cb:ea:e1:e7:78:99:ee:36:d8:a7:79:1a:c3:24:82:39:3f:41:
         e1:a2:39:5d:8a:cd:97:2e:be:9d:3b:1a:9c:39:9a:00:f3:3f:
         20:e3:4f:c5:1c:98:36:be:24:f2:7b:8b:e5:42:9c:1c:f6:63:
         75:08:d1:fc:f5:c1:f1:57:5b:dd:8e:38:a8:16:0f:d6:86:c0:
         b6:e7:a3:59:20:19:e6:1b:c8:8a:1f:8d:c1:85:16:7c:a1:88:
         39:21:7f:94:ce:bf:ee:0e:12:6f:8a:7b:0f:1b:d0:3a:91:48:
         46:b6:e1:ad:a5:0f:92:c2:47:3f:50:a3:8e:59:17:0a:b9:6f:
         5c:5e:44:b9:8e:bb:d9:c7:00:94:b2:4f:f7:27:24:9b:91:f0:
         dd:b3:72:55:8f:d1:e0:33:af:e0:a1:61:b5:fa:f8:d6:fe:47:
         45:d0:6b:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSeGEggQpZq28cxm33caqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjQwMTAxMTgyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWU0NWU0YTdmMzM0MjllYzIwYjNiOTg1MWYyM2U2ZGZlYWUzYTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4CSCPtsoD0iBbENDIU5GcbjNP59n
v5kufQlINNZXrsMleaDm73MVJwRloswUkBOlFy5uFjS3R9WCayaSeQ8MGdlwF1vr
rEDUDa6vyiLZ63wx16VrSqwp4PebjHSJI5Jqte6LEg5F5HRwKxeO4HOPJiW3tgmD
CSxFUiGMfhqYXdsqqDdBTOgCMdCi7lwTPFWxLA5ch5Z0OB63frgr1d8lNk6yPnOD
IB+szvfiP4zdVMiwofXLIbKPkdHaTdO10EGQ8Wu5IofSepe+jIWHNo1C4kqDQbUL
cNxJ5NHDoJdySpS4lOAb6uWvGd9zcK98JT9hdPDYXD5rZNlKLuo4k7V/owIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMrkXkp/M0Kewgs7mFHyPm3+rjofMB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEveXVSZVNuOHpRcDdDQ3p1WVVmSS1iZjZ1T2g4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATlPsMA0G
CSqGSIb3DQEBCwUAA4IBAQBeJnqVYnt/7jafC+OsQsKZm+kin9ZpC0tAG3YRNnOq
FXrh4DBbHtWyZKRWV2mHFA0+Fw+oMTpCf7BvgLP2HRrU/MepOmi16CVs1myMVc//
WJnvJb+ZEmf4bi3L6uHneJnuNtineRrDJII5P0Hhojldis2XLr6dOxqcOZoA8z8g
40/FHJg2viTye4vlQpwc9mN1CNH89cHxV1vdjjioFg/WhsC256NZIBnmG8iKH43B
hRZ8oYg5IX+Uzr/uDhJvinsPG9A6kUhGtuGtpQ+Swkc/UKOOWRcKuW9cXkS5jrvZ
xwCUsk/3JySbkfDds3JVj9HgM6/goWG1+vjW/kdF0Gvx
-----END CERTIFICATE-----