Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/FJ5Y-evex4GzaF1apkCNGqLGMf8.roa
File:                     FJ5Y-evex4GzaF1apkCNGqLGMf8.roa (raw, json)
Hash identifier:          iBj7EfZH4XZ54XWuq4kc0KP8tFE9sWKAniazBQaqkzM=
Subject key identifier:   14:9E:58:F9:EB:DE:C7:81:B3:68:5D:5A:A6:40:8D:1A:A2:C6:31:FF
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       018CC2DAD601985BA97F3DCCA3BED6F36A05
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/FJ5Y-evex4GzaF1apkCNGqLGMf8.roa
Signing time:             Mon 01 Jan 2024 02:29:30 +0000
ROA not before:           Mon 01 Jan 2024 02:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57480
IP address blocks:        195.136.37.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:d6:01:98:5b:a9:7f:3d:cc:a3:be:d6:f3:6a:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 02:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=149e58f9ebdec781b3685d5aa6408d1aa2c631ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:c8:e5:27:34:b4:64:f0:9c:d4:d0:a6:56:45:
                    09:b9:3f:81:6a:83:67:46:75:8b:ba:54:2c:84:24:
                    aa:c3:2a:0e:aa:8b:60:32:92:fc:e4:e8:b1:16:66:
                    c1:bb:34:37:ce:b5:50:72:bf:67:ef:c4:09:00:32:
                    ec:b6:09:71:1c:cc:73:3b:08:6d:7c:ff:a1:f1:d0:
                    d1:46:4d:b8:4b:96:87:de:45:d8:27:29:d1:c5:f5:
                    59:80:c3:4d:42:12:70:76:bc:a7:01:4e:f4:d4:ff:
                    19:11:44:f1:3e:1e:97:da:72:39:d0:05:c6:83:04:
                    52:e7:33:c4:4f:49:be:6f:ba:a5:f4:02:17:64:ea:
                    b3:44:af:41:fa:38:90:78:c4:80:2a:a9:24:5d:84:
                    27:ba:22:79:9d:ef:c4:f7:44:b8:a7:b5:40:43:af:
                    c0:ab:90:89:72:b1:fc:49:3f:0e:4a:df:fa:ca:f2:
                    31:f0:cb:bd:85:e5:34:6c:76:f4:63:90:f4:d7:bc:
                    62:60:25:54:89:7f:19:1b:2a:f0:9e:f2:8f:62:ab:
                    f9:15:97:50:20:7e:aa:b9:05:7c:a9:45:fc:7a:e8:
                    6d:5c:b4:f1:e1:69:2f:62:00:4f:f6:7e:f6:bf:1a:
                    7c:50:ce:2c:0d:bb:12:cf:90:e2:15:6e:0b:74:55:
                    16:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:9E:58:F9:EB:DE:C7:81:B3:68:5D:5A:A6:40:8D:1A:A2:C6:31:FF
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/FJ5Y-evex4GzaF1apkCNGqLGMf8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.136.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:42:50:9d:26:bf:29:58:ad:ed:e6:d7:c4:1f:bd:be:7a:0c:
         a1:36:3a:96:a2:05:c4:39:97:cc:60:17:b3:c5:83:cb:23:d9:
         7f:26:20:e3:e1:bb:41:55:36:72:7e:6b:4f:85:e6:96:1d:f4:
         24:b4:c1:9e:02:9f:73:b5:84:5b:70:b3:a5:78:22:b0:52:a9:
         80:ee:eb:e4:96:d5:11:7a:b1:39:a0:69:38:03:c3:28:f3:40:
         f5:b9:b1:42:0b:27:ec:f2:29:0b:a0:c6:62:22:ee:bb:3d:a8:
         ff:1d:a8:b4:19:1d:5f:50:88:8c:05:93:89:33:71:08:f4:4f:
         af:e9:46:96:2b:07:63:fe:aa:96:6a:a3:bf:5f:bf:5c:d6:54:
         bc:7c:d8:3e:76:a2:95:45:53:d1:33:ba:76:6e:e0:a5:80:c0:
         f3:cf:19:f3:10:61:11:50:87:db:30:f6:51:9c:a2:3d:4d:c1:
         ce:bf:c8:72:8c:1b:04:dd:df:94:63:f6:9b:27:00:af:05:c1:
         96:71:d3:da:d6:46:d9:57:14:bd:b7:d2:ab:65:fa:b0:c8:20:
         53:b8:e6:51:eb:27:6d:9c:08:17:23:00:a7:a7:e6:02:07:52:
         72:78:bb:91:da:87:1a:82:68:c4:eb:bf:27:8f:0f:cd:d9:f5:
         ff:d2:1d:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2tYBmFupfz3Mo77W82oFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjQwMTAxMDIyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDllNThmOWViZGVjNzgxYjM2ODVkNWFhNjQwOGQxYWEyYzYzMWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj8jlJzS0ZPCc1NCmVkUJuT+BaoNn
RnWLulQshCSqwyoOqotgMpL85OixFmbBuzQ3zrVQcr9n78QJADLstglxHMxzOwht
fP+h8dDRRk24S5aH3kXYJynRxfVZgMNNQhJwdrynAU701P8ZEUTxPh6X2nI50AXG
gwRS5zPET0m+b7ql9AIXZOqzRK9B+jiQeMSAKqkkXYQnuiJ5ne/E90S4p7VAQ6/A
q5CJcrH8ST8OSt/6yvIx8Mu9heU0bHb0Y5D017xiYCVUiX8ZGyrwnvKPYqv5FZdQ
IH6quQV8qUX8euhtXLTx4WkvYgBP9n72vxp8UM4sDbsSz5DiFW4LdFUWAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBSeWPnr3seBs2hdWqZAjRqixjH/MB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvRko1WS1ldmV4NEd6YUYxYXBrQ05HcUxHTWY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4glMA0G
CSqGSIb3DQEBCwUAA4IBAQBUQlCdJr8pWK3t5tfEH72+egyhNjqWogXEOZfMYBez
xYPLI9l/JiDj4btBVTZyfmtPheaWHfQktMGeAp9ztYRbcLOleCKwUqmA7uvkltUR
erE5oGk4A8Mo80D1ubFCCyfs8ikLoMZiIu67Paj/Hai0GR1fUIiMBZOJM3EI9E+v
6UaWKwdj/qqWaqO/X79c1lS8fNg+dqKVRVPRM7p2buClgMDzzxnzEGERUIfbMPZR
nKI9TcHOv8hyjBsE3d+UY/abJwCvBcGWcdPa1kbZVxS9t9KrZfqwyCBTuOZR6ydt
nAgXIwCnp+YCB1JyeLuR2ocagmjE678njw/N2fX/0h0Z
-----END CERTIFICATE-----