Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/8Gdb_V2CoNz4ORFY7zYFQMCy2Hg.roa
File:                     8Gdb_V2CoNz4ORFY7zYFQMCy2Hg.roa (raw, json)
Hash identifier:          rH42V+ML6kJFqUo7+7YUbs6AGGN0Emk9KqZlG7M2Rsg=
Subject key identifier:   F0:67:5B:FD:5D:82:A0:DC:F8:39:11:58:EF:36:05:40:C0:B2:D8:78
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       018CC2DAE93D527558962160A9584D960CEF
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/8Gdb_V2CoNz4ORFY7zYFQMCy2Hg.roa
Signing time:             Mon 01 Jan 2024 02:29:35 +0000
ROA not before:           Mon 01 Jan 2024 02:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212251
IP address blocks:        82.177.68.0/22 maxlen: 22
                          82.177.102.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 16:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:e9:3d:52:75:58:96:21:60:a9:58:4d:96:0c:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 02:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f0675bfd5d82a0dcf8391158ef360540c0b2d878
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:0c:e3:06:b6:47:71:14:f0:9f:db:c9:b7:0c:
                    6d:fc:a5:ee:d9:15:3c:f7:03:3d:67:0f:1d:ab:33:
                    78:52:cc:b0:fd:0f:fb:70:44:0a:d7:96:51:3e:f3:
                    d2:18:c9:ff:3b:b9:13:c3:2c:e8:da:a9:a4:9e:d1:
                    ca:cc:a3:1d:99:54:2b:58:41:17:41:c7:e4:d8:63:
                    56:17:61:42:f0:82:02:fa:ee:d6:26:68:33:22:cc:
                    73:e1:cd:63:82:47:6b:e0:fd:a7:82:b2:03:04:1e:
                    a7:5c:43:f5:2b:f2:9a:dc:30:43:a2:e9:79:7a:a4:
                    83:94:6a:69:c0:e3:7a:a8:e9:a6:1c:db:01:49:f5:
                    4d:0c:a0:f5:2a:8a:e0:19:24:02:ef:21:bf:c2:fd:
                    99:31:4e:98:d8:68:97:61:ca:48:02:d9:43:33:15:
                    fd:2f:ac:31:89:5d:9d:1f:58:23:b8:66:c3:3c:96:
                    33:ae:e8:23:f0:eb:c6:a3:dc:9f:e2:bf:32:a0:e2:
                    6c:9f:85:49:21:ec:c1:a0:42:4b:b2:b3:20:52:dc:
                    b4:f1:cc:10:c8:f2:52:0c:3e:68:2c:e1:cc:8d:c8:
                    30:ff:d1:6a:36:b9:8d:09:99:14:77:37:8d:e0:b3:
                    ee:44:d7:4c:9e:85:32:f9:cf:80:d5:9e:c5:ab:e1:
                    6a:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:67:5B:FD:5D:82:A0:DC:F8:39:11:58:EF:36:05:40:C0:B2:D8:78
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/8Gdb_V2CoNz4ORFY7zYFQMCy2Hg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.177.68.0/22
                  82.177.102.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b5:09:06:1c:20:29:b1:a5:63:ed:52:b3:54:72:68:9b:46:97:
         69:5a:cf:73:e1:b3:fb:50:85:79:69:5a:30:60:80:5e:dc:7c:
         74:d6:be:25:06:f8:28:d6:7d:3a:f9:e4:85:90:db:20:ed:01:
         d9:19:bb:6a:be:6d:53:a2:23:75:cd:b2:bb:4d:26:3e:09:00:
         c2:84:f0:75:fe:1c:0e:df:79:d8:86:b0:39:9d:f4:c7:fb:d4:
         a0:77:0f:8b:ad:bd:e6:eb:77:0a:4c:b2:8e:ba:9f:44:eb:91:
         bf:88:58:27:fc:f4:f3:6e:b1:1c:8b:9d:8e:dd:ab:85:58:4b:
         cb:43:60:e6:21:91:a9:ff:59:a8:69:f8:6f:18:41:c4:8b:bc:
         de:57:22:a5:90:ed:7d:b2:99:73:69:de:02:22:95:9f:94:be:
         25:f7:9c:2b:88:2f:cf:6f:49:a3:55:ce:14:6a:04:31:da:89:
         87:91:62:15:a8:dd:a7:85:22:87:9f:ff:73:5a:2b:9f:06:82:
         d3:c6:34:d9:41:79:45:df:3f:99:b8:28:3a:87:b1:b3:4f:2e:
         ff:79:87:d6:dd:08:d5:ab:82:05:fe:0b:a3:ae:5c:75:4b:57:
         f8:53:88:33:ef:4b:56:7d:56:9d:f4:f7:6b:da:6a:7e:87:18:
         62:3c:31:b5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2uk9UnVYliFgqVhNlgzvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjQwMTAxMDIyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDY3NWJmZDVkODJhMGRjZjgzOTExNThlZjM2MDU0MGMwYjJkODc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtAzjBrZHcRTwn9vJtwxt/KXu2RU8
9wM9Zw8dqzN4Usyw/Q/7cEQK15ZRPvPSGMn/O7kTwyzo2qmkntHKzKMdmVQrWEEX
Qcfk2GNWF2FC8IIC+u7WJmgzIsxz4c1jgkdr4P2ngrIDBB6nXEP1K/Ka3DBDoul5
eqSDlGppwON6qOmmHNsBSfVNDKD1KorgGSQC7yG/wv2ZMU6Y2GiXYcpIAtlDMxX9
L6wxiV2dH1gjuGbDPJYzrugj8OvGo9yf4r8yoOJsn4VJIezBoEJLsrMgUty08cwQ
yPJSDD5oLOHMjcgw/9FqNrmNCZkUdzeN4LPuRNdMnoUy+c+A1Z7Fq+Fq6wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPBnW/1dgqDc+DkRWO82BUDAsth4MB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvOEdkYl9WMkNvTno0T1JGWTd6WUZRTUN5MkhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCUrFEAwQB
UrFmMA0GCSqGSIb3DQEBCwUAA4IBAQC1CQYcICmxpWPtUrNUcmibRpdpWs9z4bP7
UIV5aVowYIBe3Hx01r4lBvgo1n06+eSFkNsg7QHZGbtqvm1ToiN1zbK7TSY+CQDC
hPB1/hwO33nYhrA5nfTH+9Sgdw+Lrb3m63cKTLKOup9E65G/iFgn/PTzbrEci52O
3auFWEvLQ2DmIZGp/1moafhvGEHEi7zeVyKlkO19splzad4CIpWflL4l95wriC/P
b0mjVc4UagQx2omHkWIVqN2nhSKHn/9zWiufBoLTxjTZQXlF3z+ZuCg6h7GzTy7/
eYfW3QjVq4IF/gujrlx1S1f4U4gz70tWfVad9Pdr2mp+hxhiPDG1
-----END CERTIFICATE-----