Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/5dkAhCFCQunQhKDugh-ctk4uH-k.roa
File:                     5dkAhCFCQunQhKDugh-ctk4uH-k.roa (raw, json)
Hash identifier:          j8cdFuN+PoJ4ybZitXqxuIAM5RKpsR6R7AdeqgKjQk8=
Subject key identifier:   E5:D9:00:84:21:42:42:E9:D0:84:A0:EE:82:1F:9C:B6:4E:2E:1F:E9
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       018CC2DADC8E551FBF4F4B8071181EACF2F2
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/5dkAhCFCQunQhKDugh-ctk4uH-k.roa
Signing time:             Mon 01 Jan 2024 02:29:32 +0000
ROA not before:           Mon 01 Jan 2024 02:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200539
IP address blocks:        195.136.52.0/22 maxlen: 22
                          195.136.56.0/21 maxlen: 21
                          195.136.100.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:dc:8e:55:1f:bf:4f:4b:80:71:18:1e:ac:f2:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 02:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e5d90084214242e9d084a0ee821f9cb64e2e1fe9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:f5:89:a1:3d:e7:99:b1:e0:9c:63:fc:e2:25:
                    cf:a2:79:6f:c1:48:40:56:98:5b:c3:9c:33:15:4f:
                    d0:c1:9c:db:ae:74:43:dc:5e:a1:94:36:43:4d:22:
                    11:5d:f0:b9:f9:18:2c:9f:cf:99:c0:e6:8d:84:68:
                    53:82:d9:7e:30:54:f8:36:f2:64:00:50:84:bc:19:
                    5e:d7:d8:d4:de:91:34:7a:c4:b1:d9:63:50:38:13:
                    fa:a7:5b:fa:00:19:58:64:65:9f:2d:fa:1c:0b:c7:
                    2e:c9:95:a5:98:e7:bd:ad:5f:2e:15:0e:b8:66:fa:
                    d0:f7:8c:8b:d4:55:f4:df:83:99:fc:25:63:71:ca:
                    cc:54:ab:cc:91:f6:9d:05:76:7d:96:5f:29:61:4f:
                    7c:e7:bc:f6:6d:4b:65:02:20:fa:48:13:0b:6d:d1:
                    e6:21:a9:b5:47:30:c8:28:7e:8c:35:3e:1c:88:4a:
                    0d:59:21:ca:54:9a:e1:e9:3b:0f:76:b9:1a:d4:94:
                    c0:fd:d7:ff:c2:8e:8d:e8:17:27:c0:9e:7d:9e:0c:
                    53:71:12:e4:5e:b6:34:c1:b5:23:98:bb:ff:c8:cf:
                    b2:6f:7a:1d:b5:3f:f3:5b:52:51:92:fc:f1:8a:db:
                    d0:a9:d7:e3:23:dc:a7:7b:da:af:7e:43:80:96:64:
                    c9:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:D9:00:84:21:42:42:E9:D0:84:A0:EE:82:1F:9C:B6:4E:2E:1F:E9
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/5dkAhCFCQunQhKDugh-ctk4uH-k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.136.52.0-195.136.63.255
                  195.136.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         79:b4:29:34:f5:36:59:2e:50:30:4c:d2:76:89:27:96:4d:e9:
         40:57:92:3e:c7:a8:0c:35:3f:44:68:25:0e:03:d0:6e:86:fa:
         0f:d0:9c:fa:b8:d0:ae:e4:f7:81:07:67:ee:eb:aa:4c:14:f6:
         56:de:63:fa:5a:fc:06:9d:81:2f:6a:7d:cb:8c:6b:de:06:61:
         c5:50:62:b6:17:03:37:89:b6:a4:89:0d:09:e5:b4:bd:73:68:
         d5:45:2e:ed:33:2b:e3:1c:75:3b:cd:01:f0:91:6e:51:e2:d7:
         d7:63:42:9b:7a:5e:7e:37:bb:16:1c:f9:77:2a:47:2e:02:c4:
         31:5c:20:52:2b:7a:fd:58:91:4a:08:ea:f0:00:ac:63:e2:e2:
         73:bd:c3:23:42:28:7b:9f:04:18:21:8c:18:e7:c6:15:96:a5:
         fa:dc:8b:e3:7e:b4:ec:e6:ec:1a:cb:14:95:9d:8c:7f:7b:60:
         8f:80:00:ec:a6:43:3e:10:2b:63:c7:0b:ef:d6:df:df:8a:3a:
         dc:da:65:43:a4:46:01:84:e3:1d:ba:24:5b:42:dc:e5:3d:22:
         46:5c:49:62:ce:c3:37:f3:c0:36:59:46:50:1a:b9:ac:0f:2a:
         6f:d4:ca:b4:ae:b7:47:97:b8:f9:17:07:65:c0:4a:7c:d6:d4:
         fd:83:af:ca
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzC2tyOVR+/T0uAcRgerPLyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjQwMTAxMDIyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWQ5MDA4NDIxNDI0MmU5ZDA4NGEwZWU4MjFmOWNiNjRlMmUxZmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/WJoT3nmbHgnGP84iXPonlvwUhA
Vphbw5wzFU/QwZzbrnRD3F6hlDZDTSIRXfC5+Rgsn8+ZwOaNhGhTgtl+MFT4NvJk
AFCEvBle19jU3pE0esSx2WNQOBP6p1v6ABlYZGWfLfocC8cuyZWlmOe9rV8uFQ64
ZvrQ94yL1FX034OZ/CVjccrMVKvMkfadBXZ9ll8pYU9857z2bUtlAiD6SBMLbdHm
Iam1RzDIKH6MNT4ciEoNWSHKVJrh6TsPdrka1JTA/df/wo6N6BcnwJ59ngxTcRLk
XrY0wbUjmLv/yM+yb3odtT/zW1JRkvzxitvQqdfjI9yne9qvfkOAlmTJ5wIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFOXZAIQhQkLp0ISg7oIfnLZOLh/pMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvNWRrQWhDRkNRdW5RaEtEdWdoLWN0azR1SC1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBALDiDQD
BAbDiAADBALDiGQwDQYJKoZIhvcNAQELBQADggEBAHm0KTT1NlkuUDBM0naJJ5ZN
6UBXkj7HqAw1P0RoJQ4D0G6G+g/QnPq40K7k94EHZ+7rqkwU9lbeY/pa/AadgS9q
fcuMa94GYcVQYrYXAzeJtqSJDQnltL1zaNVFLu0zK+McdTvNAfCRblHi19djQpt6
Xn43uxYc+XcqRy4CxDFcIFIrev1YkUoI6vAArGPi4nO9wyNCKHufBBghjBjnxhWW
pfrci+N+tOzm7BrLFJWdjH97YI+AAOymQz4QK2PHC+/W39+KOtzaZUOkRgGE4x26
JFtC3OU9IkZcSWLOwzfzwDZZRlAauawPKm/UyrSut0eXuPkXB2XASnzW1P2Dr8o=
-----END CERTIFICATE-----