Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/JMKQRTywvIjQxNX7jc-ObBrOGzE.roa
File:                     JMKQRTywvIjQxNX7jc-ObBrOGzE.roa (raw, json)
Hash identifier:          lqXcFcOw2ezw8wNn0hLc4VSMZH5g9GtgPcZwk9d5KgI=
Subject key identifier:   24:C2:90:45:3C:B0:BC:88:D0:C4:D5:FB:8D:CF:8E:6C:1A:CE:1B:31
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       01955BB4093AC41676CB6BFA7785AE999B89
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/JMKQRTywvIjQxNX7jc-ObBrOGzE.roa
Signing time:             Mon 03 Mar 2025 11:11:20 +0000
ROA not before:           Mon 03 Mar 2025 11:11:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197682
IP address blocks:        82.177.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:5b:b4:09:3a:c4:16:76:cb:6b:fa:77:85:ae:99:9b:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Mar  3 11:11:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=24c290453cb0bc88d0c4d5fb8dcf8e6c1ace1b31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:e3:86:9d:2c:3f:09:db:df:2b:16:97:47:53:
                    c7:0a:67:46:61:94:0b:7c:53:a3:50:f3:93:ba:9a:
                    ec:23:1c:f5:42:7a:ec:52:2f:60:ea:c6:eb:7f:29:
                    15:e4:be:ac:c6:c2:6b:bb:45:37:d2:85:b6:6c:22:
                    f2:fc:3b:0f:6a:92:08:37:5f:34:68:04:81:51:bb:
                    05:4b:4e:13:5b:13:5a:08:2b:b2:6b:5d:86:55:31:
                    6f:18:d3:e0:61:6c:db:0a:75:13:e4:c4:e3:ca:48:
                    7e:ab:fb:3c:14:10:3a:cc:62:19:de:61:f3:c4:a8:
                    cd:5a:10:0b:74:19:89:82:6f:aa:aa:33:9a:02:9e:
                    ec:30:0b:cb:46:d0:50:42:27:e2:df:99:99:d9:a0:
                    24:9c:f2:78:e2:f3:f8:ae:03:e8:b9:f9:1d:52:c5:
                    0f:bc:bc:2c:83:0c:51:25:6d:a9:e6:ed:aa:c8:5b:
                    5b:5f:6e:bc:26:bd:d1:de:ec:69:5b:1e:f1:7c:34:
                    bb:d4:0c:20:bb:03:c2:0e:d7:cd:c4:2d:33:8f:32:
                    7d:5c:30:8d:75:fd:da:91:4f:70:ce:54:e7:ff:c7:
                    b2:48:6e:a7:f8:7b:2d:66:02:7d:1e:28:20:26:e0:
                    75:81:8e:97:8d:2e:90:5b:23:76:81:17:b5:96:30:
                    e2:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:C2:90:45:3C:B0:BC:88:D0:C4:D5:FB:8D:CF:8E:6C:1A:CE:1B:31
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/JMKQRTywvIjQxNX7jc-ObBrOGzE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.177.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:ed:0f:d2:28:dd:8d:3a:97:71:84:ac:50:cd:3b:e1:1c:0a:
         a2:a6:6a:6e:82:6c:3d:a7:19:50:07:a6:37:b0:46:17:7f:89:
         aa:56:c7:68:2b:2a:2b:66:4c:ec:b0:63:55:1e:0f:77:71:fe:
         fb:03:6a:e3:e6:8f:73:13:0f:69:ca:6d:37:50:81:69:1d:7c:
         09:3b:ff:1b:46:71:54:29:68:8e:0c:6c:32:0a:97:d7:35:83:
         05:2d:cc:88:12:82:b5:b4:87:7e:54:77:e2:44:37:4b:90:1f:
         2e:85:34:f2:be:2d:ce:a3:cb:92:de:57:69:96:a3:20:4a:28:
         5e:ad:84:d7:36:02:51:59:0d:73:99:96:db:78:1b:2d:99:89:
         89:ea:6d:6d:d2:c4:31:10:91:35:ba:25:ea:78:e4:1f:75:47:
         7d:13:5c:00:89:95:0b:10:06:ad:9c:ab:7b:55:11:03:26:a2:
         7d:77:25:b8:b6:6a:02:d0:e6:f7:18:b2:e0:8f:e0:e5:be:f4:
         c1:09:e5:5d:07:44:e0:73:b3:f8:f4:c3:06:dd:cd:fa:5f:13:
         80:1e:a6:8a:69:f5:a3:99:f6:0a:18:57:7a:ef:75:7c:d6:1a:
         27:f4:c4:99:a2:84:f3:d5:bf:fb:6c:5d:7d:53:98:95:16:d9:
         5a:c3:15:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVbtAk6xBZ2y2v6d4WumZuJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjUwMzAzMTExMTIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGMyOTA0NTNjYjBiYzg4ZDBjNGQ1ZmI4ZGNmOGU2YzFhY2UxYjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx+OGnSw/CdvfKxaXR1PHCmdGYZQL
fFOjUPOTuprsIxz1QnrsUi9g6sbrfykV5L6sxsJru0U30oW2bCLy/DsPapIIN180
aASBUbsFS04TWxNaCCuya12GVTFvGNPgYWzbCnUT5MTjykh+q/s8FBA6zGIZ3mHz
xKjNWhALdBmJgm+qqjOaAp7sMAvLRtBQQifi35mZ2aAknPJ44vP4rgPoufkdUsUP
vLwsgwxRJW2p5u2qyFtbX268Jr3R3uxpWx7xfDS71AwguwPCDtfNxC0zjzJ9XDCN
df3akU9wzlTn/8eySG6n+HstZgJ9HiggJuB1gY6XjS6QWyN2gRe1ljDiowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCTCkEU8sLyI0MTV+43PjmwazhsxMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvSk1LUVJUeXd2SWpReE5YN2pjLU9iQnJPR3pFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUrGuMA0G
CSqGSIb3DQEBCwUAA4IBAQAI7Q/SKN2NOpdxhKxQzTvhHAqipmpugmw9pxlQB6Y3
sEYXf4mqVsdoKyorZkzssGNVHg93cf77A2rj5o9zEw9pym03UIFpHXwJO/8bRnFU
KWiODGwyCpfXNYMFLcyIEoK1tId+VHfiRDdLkB8uhTTyvi3Oo8uS3ldplqMgSihe
rYTXNgJRWQ1zmZbbeBstmYmJ6m1t0sQxEJE1uiXqeOQfdUd9E1wAiZULEAatnKt7
VREDJqJ9dyW4tmoC0Ob3GLLgj+DlvvTBCeVdB0Tgc7P49MMG3c36XxOAHqaKafWj
mfYKGFd673V81hon9MSZooTz1b/7bF19U5iVFtlawxXD
-----END CERTIFICATE-----