Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/8TFNPYb9d5nVMbbLAk25gljdUMI.roa
File:                     8TFNPYb9d5nVMbbLAk25gljdUMI.roa (raw, json)
Hash identifier:          K4cmnZmEgq09b2LtYRUNfJwv+o8B5RyKFQ5sTxZVzW8=
Subject key identifier:   F1:31:4D:3D:86:FD:77:99:D5:31:B6:CB:02:4D:B9:82:58:DD:50:C2
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       018CC2DAD1C780F9DC443A87EFBD6AC0BFF5
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/8TFNPYb9d5nVMbbLAk25gljdUMI.roa
Signing time:             Mon 01 Jan 2024 02:29:29 +0000
ROA not before:           Mon 01 Jan 2024 02:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42877
IP address blocks:        82.177.242.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:d1:c7:80:f9:dc:44:3a:87:ef:bd:6a:c0:bf:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 02:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f1314d3d86fd7799d531b6cb024db98258dd50c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:76:e2:ea:19:0b:93:84:e2:d9:79:01:7d:e9:
                    d7:4a:0f:98:9c:27:9b:2a:aa:c5:bd:5a:cd:a3:04:
                    02:25:0d:13:11:a3:aa:b0:7d:6a:d5:95:63:57:77:
                    3c:d9:97:57:a3:a8:4f:88:59:f8:ca:62:ce:a4:f8:
                    bd:7d:7f:6c:8c:d8:55:20:a8:eb:47:e7:0b:01:c6:
                    11:65:65:3a:cd:94:81:12:56:10:f4:4d:b5:78:0f:
                    c9:54:ed:8d:19:c4:f3:5c:f3:ad:6f:fd:dc:67:17:
                    57:e3:7b:39:4d:3a:f0:8d:4c:67:f5:70:98:60:78:
                    3f:7f:cf:aa:32:cc:7f:ec:62:5c:1d:04:0b:2b:05:
                    49:79:ab:79:c3:3d:03:93:07:ea:2b:d2:80:d0:33:
                    3e:63:7b:e7:bf:69:04:4f:74:49:3a:24:30:b8:04:
                    ed:7d:e0:e5:ed:96:2c:3e:77:4e:f7:42:e4:53:ee:
                    8b:8f:3c:9a:a7:40:37:31:7f:3c:6a:bb:7d:e9:4c:
                    1e:67:bb:ea:7a:9e:41:c8:ac:4a:c9:fa:00:69:11:
                    9e:ef:44:a1:92:71:da:67:ff:0e:a1:99:93:40:e5:
                    46:fa:9a:69:9d:e0:8e:44:e6:a4:e4:91:0e:17:4a:
                    53:7a:a1:b8:0e:07:86:09:c1:25:91:77:26:49:37:
                    00:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:31:4D:3D:86:FD:77:99:D5:31:B6:CB:02:4D:B9:82:58:DD:50:C2
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/8TFNPYb9d5nVMbbLAk25gljdUMI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.177.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         25:26:30:63:f2:0d:51:13:c4:bf:c8:32:c1:bd:09:ef:7f:59:
         cd:74:c1:d9:f2:c8:5f:50:c3:f3:40:3e:3f:a6:0e:b7:29:34:
         26:eb:49:06:e7:7b:71:e0:3b:10:c5:aa:5f:21:2e:93:d3:8a:
         5c:8d:54:9d:26:13:62:1b:1a:05:d2:71:1d:6f:f4:a4:73:d6:
         55:15:c8:73:a9:33:82:0d:23:0f:61:17:32:b3:12:dd:4f:77:
         b4:aa:5d:c4:76:30:f5:91:c8:50:aa:14:fa:10:c0:12:22:7e:
         d1:29:d7:d5:67:9c:b8:c1:92:84:b0:e4:ea:5d:33:66:e9:58:
         52:7e:6e:b6:df:2d:82:be:54:b3:7e:af:43:e4:f7:78:e0:ed:
         bb:38:c2:f2:22:7b:e7:94:75:79:84:19:2d:c7:2c:5d:3b:67:
         bf:58:6d:df:16:d5:3a:ac:a9:e6:4a:68:bf:c0:34:69:e7:07:
         1a:ed:77:ef:a3:31:44:29:7d:54:c9:7b:f3:4d:d4:aa:f2:39:
         1b:cb:07:4c:8c:f9:e3:f8:55:53:b2:d7:2a:5f:7f:eb:06:57:
         47:f0:4f:d7:9a:d6:51:ef:a3:e3:02:ee:21:fa:f4:5c:7f:c4:
         4a:86:54:05:7e:fb:dc:2b:f4:14:1e:ca:63:98:5d:7a:5b:90:
         d9:7f:a0:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2tHHgPncRDqH771qwL/1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjQwMTAxMDIyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTMxNGQzZDg2ZmQ3Nzk5ZDUzMWI2Y2IwMjRkYjk4MjU4ZGQ1MGMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqnbi6hkLk4Ti2XkBfenXSg+YnCeb
KqrFvVrNowQCJQ0TEaOqsH1q1ZVjV3c82ZdXo6hPiFn4ymLOpPi9fX9sjNhVIKjr
R+cLAcYRZWU6zZSBElYQ9E21eA/JVO2NGcTzXPOtb/3cZxdX43s5TTrwjUxn9XCY
YHg/f8+qMsx/7GJcHQQLKwVJeat5wz0DkwfqK9KA0DM+Y3vnv2kET3RJOiQwuATt
feDl7ZYsPndO90LkU+6Ljzyap0A3MX88art96UweZ7vqep5ByKxKyfoAaRGe70Sh
knHaZ/8OoZmTQOVG+pppneCOROak5JEOF0pTeqG4DgeGCcElkXcmSTcA8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPExTT2G/XeZ1TG2ywJNuYJY3VDCMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvOFRGTlBZYjlkNW5WTWJiTEFrMjVnbGpkVU1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUrHyMA0G
CSqGSIb3DQEBCwUAA4IBAQAlJjBj8g1RE8S/yDLBvQnvf1nNdMHZ8shfUMPzQD4/
pg63KTQm60kG53tx4DsQxapfIS6T04pcjVSdJhNiGxoF0nEdb/Skc9ZVFchzqTOC
DSMPYRcysxLdT3e0ql3EdjD1kchQqhT6EMASIn7RKdfVZ5y4wZKEsOTqXTNm6VhS
fm623y2CvlSzfq9D5Pd44O27OMLyInvnlHV5hBktxyxdO2e/WG3fFtU6rKnmSmi/
wDRp5wca7XfvozFEKX1UyXvzTdSq8jkbywdMjPnj+FVTstcqX3/rBldH8E/XmtZR
76PjAu4h+vRcf8RKhlQFfvvcK/QUHspjmF16W5DZf6AS
-----END CERTIFICATE-----