Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/JKKzLfOh2w51nVMY1IBEG1URHhA.roa
File:                     JKKzLfOh2w51nVMY1IBEG1URHhA.roa (raw, json)
Hash identifier:          1+VjKFKX/NLGaWKCE6k4iLYtFUdPOL31j6hOi/gQ8gc=
Subject key identifier:   24:A2:B3:2D:F3:A1:DB:0E:75:9D:53:18:D4:80:44:1B:55:11:1E:10
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       018CC2DAD0268B4374F9259BA09F84913262
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/JKKzLfOh2w51nVMY1IBEG1URHhA.roa
Signing time:             Mon 01 Jan 2024 02:29:29 +0000
ROA not before:           Mon 01 Jan 2024 02:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39039
IP address blocks:        195.136.190.0/23 maxlen: 23
                          195.136.110.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:d0:26:8b:43:74:f9:25:9b:a0:9f:84:91:32:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 02:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=24a2b32df3a1db0e759d5318d480441b55111e10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:7d:07:92:c1:f6:26:a3:74:8c:5a:6b:9f:dd:
                    1a:2a:ae:4a:93:37:4c:dd:7d:1a:7f:bd:a8:5b:69:
                    21:bf:73:e1:a7:73:c7:1c:06:26:ca:06:ae:d8:1b:
                    c9:cc:1f:df:a0:d0:67:09:3f:2e:14:de:d8:a8:47:
                    24:f2:64:ca:39:c7:90:2e:cd:cd:4b:27:7f:d5:f7:
                    38:6d:fb:f6:6e:6f:a9:75:d0:66:28:46:31:df:10:
                    b9:3e:b9:56:27:ac:e4:3c:e5:df:43:d5:0c:ee:e5:
                    02:b2:2a:f2:ed:1a:f4:b3:29:74:79:c8:c2:87:9a:
                    16:ca:9c:f9:71:2a:8a:b8:9e:6f:b5:32:fc:54:d3:
                    bf:0c:9e:96:d1:fd:82:a9:1c:65:52:10:37:5c:4a:
                    43:9a:44:89:87:4e:e8:91:86:48:48:da:7a:0c:b7:
                    b4:e9:86:86:3f:4e:51:a9:99:e2:3c:ec:4f:2d:6a:
                    df:ad:e3:c3:5b:c9:38:94:56:46:14:00:c5:da:eb:
                    63:57:7f:35:16:1a:23:3b:1b:0d:4a:0c:be:ee:ee:
                    68:ee:c6:31:31:33:b5:6b:ce:7c:3f:08:d0:75:da:
                    5b:69:d1:65:59:54:38:ec:f6:63:ca:1d:23:81:ed:
                    c6:94:f1:28:66:c4:e5:7b:66:bd:d2:f7:38:8f:07:
                    09:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:A2:B3:2D:F3:A1:DB:0E:75:9D:53:18:D4:80:44:1B:55:11:1E:10
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/JKKzLfOh2w51nVMY1IBEG1URHhA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.136.110.0/23
                  195.136.190.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2b:ea:71:e3:5a:3f:7e:6f:ae:42:b4:97:a0:ea:63:47:59:53:
         0d:6d:f7:3c:cc:3c:ae:e8:b1:d8:7b:d0:f9:bd:37:72:7d:7c:
         61:17:c8:0b:15:62:06:87:c6:34:03:c6:e3:ee:30:60:cd:6a:
         0c:de:a9:a7:9a:58:69:40:5b:f9:8f:45:f5:76:6f:35:d6:ec:
         d1:c4:19:26:0e:57:9d:3c:c9:c7:4c:ee:82:93:e7:d9:b4:70:
         ea:73:0a:8e:59:e0:bb:6f:b2:b9:d0:a5:78:b3:0b:68:c3:ee:
         13:f1:8f:c7:04:c0:b4:f9:7c:67:bd:73:1e:12:45:4e:d7:68:
         c5:30:ad:2e:fa:83:6a:33:f4:3b:e1:1d:f8:ac:f9:eb:93:ec:
         b0:13:e5:de:4d:57:b0:c2:53:7a:0f:65:6d:47:06:56:e5:60:
         15:6d:d2:89:1e:5b:64:52:db:f2:5a:a6:66:4e:63:fb:ba:75:
         4e:cf:18:65:a0:e5:46:8e:9e:10:a5:47:c5:e6:ef:be:2c:52:
         9d:eb:5c:da:fe:9f:23:25:8e:1d:5d:8a:5f:00:a0:c3:92:66:
         ca:99:6b:7f:d6:ed:82:fd:b2:e5:bb:e0:08:2e:b8:b1:25:98:
         1d:e0:7f:00:eb:7e:b5:c1:98:22:c4:a7:74:65:aa:6e:24:01:
         92:ee:7b:9a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2tAmi0N0+SWboJ+EkTJiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjQwMTAxMDIyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGEyYjMyZGYzYTFkYjBlNzU5ZDUzMThkNDgwNDQxYjU1MTExZTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk30HksH2JqN0jFprn90aKq5KkzdM
3X0af72oW2khv3Php3PHHAYmygau2BvJzB/foNBnCT8uFN7YqEck8mTKOceQLs3N
Syd/1fc4bfv2bm+pddBmKEYx3xC5PrlWJ6zkPOXfQ9UM7uUCsiry7Rr0syl0ecjC
h5oWypz5cSqKuJ5vtTL8VNO/DJ6W0f2CqRxlUhA3XEpDmkSJh07okYZISNp6DLe0
6YaGP05RqZniPOxPLWrfrePDW8k4lFZGFADF2utjV381FhojOxsNSgy+7u5o7sYx
MTO1a858PwjQddpbadFlWVQ47PZjyh0jge3GlPEoZsTle2a90vc4jwcJOQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCSisy3zodsOdZ1TGNSARBtVER4QMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvSktLekxmT2gydzUxblZNWTFJQkVHMVVSSGhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBw4huAwQB
w4i+MA0GCSqGSIb3DQEBCwUAA4IBAQAr6nHjWj9+b65CtJeg6mNHWVMNbfc8zDyu
6LHYe9D5vTdyfXxhF8gLFWIGh8Y0A8bj7jBgzWoM3qmnmlhpQFv5j0X1dm811uzR
xBkmDledPMnHTO6Ck+fZtHDqcwqOWeC7b7K50KV4swtow+4T8Y/HBMC0+XxnvXMe
EkVO12jFMK0u+oNqM/Q74R34rPnrk+ywE+XeTVewwlN6D2VtRwZW5WAVbdKJHltk
UtvyWqZmTmP7unVOzxhloOVGjp4QpUfF5u++LFKd61za/p8jJY4dXYpfAKDDkmbK
mWt/1u2C/bLlu+AILrixJZgd4H8A6361wZgixKd0ZapuJAGS7nua
-----END CERTIFICATE-----