Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/IsQzcARoUDIFPDDvV8o9aXiGZbM.roa
File:                     IsQzcARoUDIFPDDvV8o9aXiGZbM.roa (raw, json)
Hash identifier:          uChX/+oTHj1v8N4u0RJBaAO9X8301aVEKk9QQz0EyNQ=
Subject key identifier:   22:C4:33:70:04:68:50:32:05:3C:30:EF:57:CA:3D:69:78:86:65:B3
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       018CC2DAE5895FC1BE93E7064D5A2C2AC740
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/IsQzcARoUDIFPDDvV8o9aXiGZbM.roa
Signing time:             Mon 01 Jan 2024 02:29:34 +0000
ROA not before:           Mon 01 Jan 2024 02:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206526
IP address blocks:        82.177.251.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:e5:89:5f:c1:be:93:e7:06:4d:5a:2c:2a:c7:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 02:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22c4337004685032053c30ef57ca3d69788665b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:3d:e4:bf:be:08:49:fd:90:02:f5:74:58:e0:
                    55:85:ec:97:35:1d:55:59:b9:a7:f6:78:c0:d4:52:
                    29:64:01:f9:08:85:f8:fc:95:78:39:0b:a7:e6:f7:
                    7a:d3:03:ac:38:28:5e:fb:a6:19:59:85:b9:52:a5:
                    19:95:5d:27:92:e3:50:83:cd:6e:88:96:1c:cb:fc:
                    a9:6e:98:be:66:50:39:e6:0b:9f:fb:f5:6d:1f:28:
                    2c:d6:ac:8f:4e:75:17:4a:5c:aa:ec:26:9b:47:21:
                    63:ba:90:0e:d1:66:27:be:ad:7e:40:b8:39:25:20:
                    b0:4b:3d:b7:61:9d:64:66:0f:32:e1:58:9b:d4:9d:
                    ee:49:2d:b3:91:47:a5:5c:12:ee:20:ae:13:55:43:
                    36:c2:5e:e6:c0:74:eb:78:85:0c:2d:58:4d:33:9a:
                    7d:b9:78:b6:bd:d5:f0:0d:52:4d:46:c8:9c:ed:70:
                    23:88:77:a1:a3:5c:e0:21:46:68:02:20:81:60:45:
                    ed:03:a7:ce:dd:bd:4b:61:c5:a4:3d:47:c8:0d:d0:
                    39:a3:5a:06:6e:67:aa:1b:b7:03:d9:26:ef:06:4b:
                    23:6c:61:f6:e1:c3:72:46:fe:28:73:46:74:7f:4e:
                    cd:fc:f6:07:93:dc:81:3a:a6:4e:be:80:89:70:27:
                    3e:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:C4:33:70:04:68:50:32:05:3C:30:EF:57:CA:3D:69:78:86:65:B3
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/IsQzcARoUDIFPDDvV8o9aXiGZbM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.177.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:56:11:2b:1b:ea:cf:e2:ed:93:03:b3:c3:59:76:46:73:76:
         2e:93:af:fc:a7:df:ad:af:ab:a9:8e:c9:98:76:db:21:d1:f2:
         be:95:f1:b4:ec:d9:34:b5:c6:ac:ee:4f:dc:e8:a7:99:43:aa:
         c1:22:2c:a8:1d:90:2a:c1:46:73:b3:fe:3c:17:ba:be:42:43:
         47:f7:5c:13:0a:ba:43:ed:69:8f:f9:81:65:f1:15:86:36:b9:
         2e:d4:4e:30:17:d4:69:fc:bf:d3:16:7d:ed:82:ee:ef:8f:e4:
         03:df:93:5e:e0:b4:8a:ab:d7:7d:f4:30:8d:83:37:cd:c6:ba:
         e6:d4:51:d5:da:28:e5:c2:44:1c:36:09:98:0d:a0:f2:6e:88:
         cc:c7:58:02:15:60:25:11:b9:50:08:9b:2a:7c:e2:5b:7e:3e:
         7a:70:8f:41:85:d5:d9:7b:94:fa:61:61:25:7f:4f:36:55:92:
         ac:c2:2a:eb:25:c7:cc:7e:a3:24:af:d9:a2:5f:8c:9f:19:63:
         de:86:4d:4e:66:4e:8e:93:11:91:b0:47:8f:a2:89:f8:86:aa:
         82:8c:1f:da:8d:4a:61:7d:21:1f:5e:71:a6:54:e7:c5:fc:3f:
         bf:0d:a6:60:33:7c:e1:78:52:4e:2e:51:24:8d:14:94:b3:26:
         6a:80:cb:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2uWJX8G+k+cGTVosKsdAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjQwMTAxMDIyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmM0MzM3MDA0Njg1MDMyMDUzYzMwZWY1N2NhM2Q2OTc4ODY2NWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAij3kv74ISf2QAvV0WOBVheyXNR1V
Wbmn9njA1FIpZAH5CIX4/JV4OQun5vd60wOsOChe+6YZWYW5UqUZlV0nkuNQg81u
iJYcy/ypbpi+ZlA55guf+/VtHygs1qyPTnUXSlyq7CabRyFjupAO0WYnvq1+QLg5
JSCwSz23YZ1kZg8y4Vib1J3uSS2zkUelXBLuIK4TVUM2wl7mwHTreIUMLVhNM5p9
uXi2vdXwDVJNRsic7XAjiHeho1zgIUZoAiCBYEXtA6fO3b1LYcWkPUfIDdA5o1oG
bmeqG7cD2SbvBksjbGH24cNyRv4oc0Z0f07N/PYHk9yBOqZOvoCJcCc+BQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCLEM3AEaFAyBTww71fKPWl4hmWzMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvSXNRemNBUm9VRElGUEREdlY4bzlhWGlHWmJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUrH7MA0G
CSqGSIb3DQEBCwUAA4IBAQBSVhErG+rP4u2TA7PDWXZGc3Yuk6/8p9+tr6upjsmY
dtsh0fK+lfG07Nk0tcas7k/c6KeZQ6rBIiyoHZAqwUZzs/48F7q+QkNH91wTCrpD
7WmP+YFl8RWGNrku1E4wF9Rp/L/TFn3tgu7vj+QD35Ne4LSKq9d99DCNgzfNxrrm
1FHV2ijlwkQcNgmYDaDybojMx1gCFWAlEblQCJsqfOJbfj56cI9BhdXZe5T6YWEl
f082VZKswirrJcfMfqMkr9miX4yfGWPehk1OZk6OkxGRsEePoon4hqqCjB/ajUph
fSEfXnGmVOfF/D+/DaZgM3zheFJOLlEkjRSUsyZqgMsy
-----END CERTIFICATE-----