Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/J8hq1WTvK-y6RPeVMixMdDBQ8nY.roa
File:                     J8hq1WTvK-y6RPeVMixMdDBQ8nY.roa (raw, json)
Hash identifier:          5WFQ+Xh5IwOnpqFUobemGLox6uCdJtKrqHug06ZHOF4=
Subject key identifier:   27:C8:6A:D5:64:EF:2B:EC:BA:44:F7:95:32:2C:4C:74:30:50:F2:76
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       018CC2DAD4289C3F280C23CD4F811B1123F2
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/J8hq1WTvK-y6RPeVMixMdDBQ8nY.roa
Signing time:             Mon 01 Jan 2024 02:29:30 +0000
ROA not before:           Mon 01 Jan 2024 02:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50830
IP address blocks:        82.177.17.0/24 maxlen: 24
                          81.15.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:d4:28:9c:3f:28:0c:23:cd:4f:81:1b:11:23:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 02:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=27c86ad564ef2becba44f795322c4c743050f276
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:7a:2c:c3:5e:01:c3:97:9d:f2:2c:7d:4d:f9:
                    85:81:cd:89:87:e6:d1:65:69:7b:33:8c:5f:aa:de:
                    48:54:a5:23:cb:ea:8d:e3:ad:2e:5e:a9:92:f2:03:
                    72:56:39:e2:b4:64:b0:2a:7f:6e:2e:a7:a7:d7:0c:
                    86:bc:35:b9:86:d5:5c:dc:27:02:b0:4d:0c:1b:2e:
                    3e:90:ef:d3:68:d0:bb:39:de:a4:d3:b9:1b:41:fc:
                    40:84:2f:74:ba:a5:28:8f:a3:8a:9f:6a:9f:ac:d3:
                    dc:91:7c:6a:c1:b1:2c:fd:30:cd:b9:9c:38:0b:c1:
                    7b:31:33:52:88:6e:01:6d:55:7b:c0:82:7a:40:5b:
                    94:ff:e0:3a:6d:31:60:cb:7c:97:14:17:be:05:93:
                    e8:c0:b4:d3:69:e3:59:15:0f:ae:0d:1a:ab:3f:85:
                    6c:47:b4:dd:9b:35:8b:b0:47:39:02:3a:7a:9b:2d:
                    e2:7d:8a:2a:31:64:06:41:d8:e8:6b:55:ef:4f:fc:
                    d6:c6:1f:9f:18:f9:8e:7f:a3:b3:45:cc:c4:b7:9d:
                    ec:9a:2d:d7:5d:46:b1:56:a8:20:cd:7c:2b:1c:8a:
                    d0:8b:9f:22:6d:1b:7e:04:6b:69:84:a8:e6:86:dc:
                    5c:1a:ca:f5:bc:66:2f:36:52:66:6c:a6:94:b0:4f:
                    81:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:C8:6A:D5:64:EF:2B:EC:BA:44:F7:95:32:2C:4C:74:30:50:F2:76
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/J8hq1WTvK-y6RPeVMixMdDBQ8nY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.15.243.0/24
                  82.177.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:c1:12:49:6f:02:b7:30:6e:ec:96:bf:23:ff:90:15:37:a4:
         16:da:fb:ba:35:71:bd:e8:da:cc:5c:37:ca:70:15:64:cb:d4:
         ea:d3:5c:3b:db:c2:d3:03:86:02:6e:07:89:d2:b5:e8:cc:92:
         b7:88:df:99:e2:7f:8c:7a:a1:21:67:d8:22:6e:7c:74:21:63:
         57:93:38:ed:af:70:bd:d8:89:7a:7c:77:0a:9d:e4:5b:d1:55:
         b4:c1:bf:fd:60:02:22:a8:08:fe:3e:40:92:fc:a5:89:bf:c5:
         fd:49:a1:30:70:df:43:65:97:f4:43:26:aa:40:38:76:14:10:
         47:09:bb:bf:f3:bc:8b:01:02:e7:d1:db:c3:6d:69:87:da:64:
         d4:df:2e:b1:55:f0:40:17:02:23:92:44:8c:28:53:95:ab:18:
         bd:c3:2e:05:42:19:71:06:47:89:f7:3d:fb:b7:04:82:a4:36:
         90:8c:63:9d:14:8d:b6:c4:74:02:27:b3:19:6f:a8:93:3f:b6:
         19:28:33:89:85:46:07:82:6c:d0:c8:c5:33:2f:0e:21:bf:f5:
         38:d3:68:86:5b:a9:07:47:e3:fd:a5:8b:88:ce:99:8d:eb:85:
         cd:2d:d9:ad:ed:b8:c3:e6:5f:5c:dc:59:0e:ce:0a:f4:f2:95:
         5c:15:46:a6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2tQonD8oDCPNT4EbESPyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjQwMTAxMDIyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2M4NmFkNTY0ZWYyYmVjYmE0NGY3OTUzMjJjNGM3NDMwNTBmMjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp3osw14Bw5ed8ix9TfmFgc2Jh+bR
ZWl7M4xfqt5IVKUjy+qN460uXqmS8gNyVjnitGSwKn9uLqen1wyGvDW5htVc3CcC
sE0MGy4+kO/TaNC7Od6k07kbQfxAhC90uqUoj6OKn2qfrNPckXxqwbEs/TDNuZw4
C8F7MTNSiG4BbVV7wIJ6QFuU/+A6bTFgy3yXFBe+BZPowLTTaeNZFQ+uDRqrP4Vs
R7TdmzWLsEc5Ajp6my3ifYoqMWQGQdjoa1XvT/zWxh+fGPmOf6OzRczEt53smi3X
XUaxVqggzXwrHIrQi58ibRt+BGtphKjmhtxcGsr1vGYvNlJmbKaUsE+B6wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCfIatVk7yvsukT3lTIsTHQwUPJ2MB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvSjhocTFXVHZLLXk2UlBlVk1peE1kREJROG5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUQ/zAwQA
UrERMA0GCSqGSIb3DQEBCwUAA4IBAQCjwRJJbwK3MG7slr8j/5AVN6QW2vu6NXG9
6NrMXDfKcBVky9Tq01w728LTA4YCbgeJ0rXozJK3iN+Z4n+MeqEhZ9gibnx0IWNX
kzjtr3C92Il6fHcKneRb0VW0wb/9YAIiqAj+PkCS/KWJv8X9SaEwcN9DZZf0Qyaq
QDh2FBBHCbu/87yLAQLn0dvDbWmH2mTU3y6xVfBAFwIjkkSMKFOVqxi9wy4FQhlx
BkeJ9z37twSCpDaQjGOdFI22xHQCJ7MZb6iTP7YZKDOJhUYHgmzQyMUzLw4hv/U4
02iGW6kHR+P9pYuIzpmN64XNLdmt7bjD5l9c3FkOzgr08pVcFUam
-----END CERTIFICATE-----