Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/GTVJFrWgXqsHIy3uKQNmJLVAi7U.roa
File:                     GTVJFrWgXqsHIy3uKQNmJLVAi7U.roa (raw, json)
Hash identifier:          a80GPvDiouT6sOYRWRHZ7IdWJbSJsKdcUTD5W8N3mT4=
Subject key identifier:   19:35:49:16:B5:A0:5E:AB:07:23:2D:EE:29:03:66:24:B5:40:8B:B5
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       018FA9382F95268C0A2D72C485A1CA6451BE
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/GTVJFrWgXqsHIy3uKQNmJLVAi7U.roa
Signing time:             Fri 24 May 2024 06:09:42 +0000
ROA not before:           Fri 24 May 2024 06:09:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44284
IP address blocks:        82.177.36.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:a9:38:2f:95:26:8c:0a:2d:72:c4:85:a1:ca:64:51:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: May 24 06:09:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=19354916b5a05eab07232dee29036624b5408bb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:7e:8b:e7:51:73:30:eb:08:c6:93:90:85:fb:
                    aa:8a:29:a5:6c:89:d5:8c:d7:89:78:03:a3:90:d1:
                    7b:f4:59:8d:1d:d2:c9:9b:15:b2:cc:8b:7c:62:d9:
                    db:0b:13:ba:f0:9a:76:ac:02:97:6a:57:6b:d6:16:
                    57:0b:5f:ab:f8:05:b4:ad:a1:a7:53:b6:f2:74:be:
                    ca:19:ea:55:3b:66:59:0f:5d:9b:a6:91:3f:28:b8:
                    98:cb:26:67:ca:d2:83:a6:b0:aa:1d:d7:6e:39:75:
                    00:de:c1:9d:46:ce:4f:ed:9c:ab:b3:8c:14:e5:8a:
                    e6:6c:36:64:b7:77:ec:82:f1:69:87:ca:ac:c7:06:
                    5d:fd:ce:1f:1e:90:70:38:45:de:b2:04:56:d0:76:
                    e3:9c:29:7c:8e:ac:9c:6a:a3:22:ae:db:ec:eb:5d:
                    14:17:75:4f:d9:8c:2d:88:17:88:4d:e7:fe:af:5a:
                    5a:77:be:2e:ad:9e:13:ed:59:3b:0a:78:62:4c:f5:
                    0e:56:24:44:15:45:a7:3c:5d:ac:63:08:8a:3c:74:
                    7a:72:d1:60:57:87:10:7b:38:db:24:15:7e:87:1f:
                    fc:71:21:79:c5:ac:9b:e2:b1:56:15:d7:fc:1f:02:
                    a3:4c:2a:99:02:8f:56:89:d5:cd:06:7c:15:c5:46:
                    73:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:35:49:16:B5:A0:5E:AB:07:23:2D:EE:29:03:66:24:B5:40:8B:B5
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/GTVJFrWgXqsHIy3uKQNmJLVAi7U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.177.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:52:ef:65:05:43:b4:f5:fd:e2:29:c1:44:d9:c0:6e:46:95:
         08:92:76:7f:3e:6c:19:1f:d7:4f:c8:ce:b8:40:76:88:a3:05:
         5b:7a:73:ce:5a:a3:c4:66:d3:06:9e:4b:e2:f7:11:8c:05:b8:
         45:2b:fc:aa:3b:4c:34:c7:dc:5e:fa:38:ab:cf:1e:f3:87:86:
         52:61:59:ee:99:0d:84:71:d6:61:49:ab:c2:ef:d0:f1:3c:b5:
         29:6c:cd:c7:f9:b7:9d:47:03:70:e1:f0:69:23:a0:ff:60:fb:
         61:91:5d:7b:98:d8:b0:85:dd:c9:6a:c3:2a:44:72:71:09:83:
         51:9a:ea:4f:4a:ed:5a:58:f2:03:93:87:48:96:5c:d9:29:8a:
         2f:d4:cb:9f:d5:c8:c6:d5:2c:bc:d4:83:31:3d:65:d9:91:08:
         a8:6b:b9:b2:8a:3e:f5:34:29:a3:20:95:9d:76:16:c9:00:d0:
         a9:05:b0:be:f0:43:09:1d:bc:6f:f2:87:16:4a:fc:68:11:09:
         56:2a:8e:ff:a4:48:a9:7b:68:6a:14:10:57:0d:62:1b:f8:84:
         44:0f:02:d1:fb:54:f8:c7:5e:cc:41:1e:30:2c:bd:fc:61:4a:
         5e:b4:9f:df:1b:7a:b6:ca:b5:9c:22:53:88:0e:b0:c7:ce:ed:
         0b:7f:98:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+pOC+VJowKLXLEhaHKZFG+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjQwNTI0MDYwOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTM1NDkxNmI1YTA1ZWFiMDcyMzJkZWUyOTAzNjYyNGI1NDA4YmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA336L51FzMOsIxpOQhfuqiimlbInV
jNeJeAOjkNF79FmNHdLJmxWyzIt8YtnbCxO68Jp2rAKXaldr1hZXC1+r+AW0raGn
U7bydL7KGepVO2ZZD12bppE/KLiYyyZnytKDprCqHdduOXUA3sGdRs5P7Zyrs4wU
5YrmbDZkt3fsgvFph8qsxwZd/c4fHpBwOEXesgRW0HbjnCl8jqycaqMirtvs610U
F3VP2YwtiBeITef+r1pad74urZ4T7Vk7CnhiTPUOViREFUWnPF2sYwiKPHR6ctFg
V4cQezjbJBV+hx/8cSF5xayb4rFWFdf8HwKjTCqZAo9WidXNBnwVxUZzmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBk1SRa1oF6rByMt7ikDZiS1QIu1MB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvR1RWSkZyV2dYcXNISXkzdUtRTm1KTFZBaTdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUrEkMA0G
CSqGSIb3DQEBCwUAA4IBAQBAUu9lBUO09f3iKcFE2cBuRpUIknZ/PmwZH9dPyM64
QHaIowVbenPOWqPEZtMGnkvi9xGMBbhFK/yqO0w0x9xe+jirzx7zh4ZSYVnumQ2E
cdZhSavC79DxPLUpbM3H+bedRwNw4fBpI6D/YPthkV17mNiwhd3JasMqRHJxCYNR
mupPSu1aWPIDk4dIllzZKYov1Muf1cjG1Sy81IMxPWXZkQioa7myij71NCmjIJWd
dhbJANCpBbC+8EMJHbxv8ocWSvxoEQlWKo7/pEipe2hqFBBXDWIb+IREDwLR+1T4
x17MQR4wLL38YUpetJ/fG3q2yrWcIlOIDrDHzu0Lf5hz
-----END CERTIFICATE-----