Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/PiCUkIA_OoW5c2SuhGsX8rmoadY.roa
File:                     PiCUkIA_OoW5c2SuhGsX8rmoadY.roa (raw, json)
Hash identifier:          6fYXFm1+MxUySvyBErpIVcIrnFr21uX47p+KSl0V3e8=
Subject key identifier:   3E:20:94:90:80:3F:3A:85:B9:73:64:AE:84:6B:17:F2:B9:A8:69:D6
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       019421B230DD2AB791EC788483AEEC40904F
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/PiCUkIA_OoW5c2SuhGsX8rmoadY.roa
Signing time:             Wed 01 Jan 2025 11:48:33 +0000
ROA not before:           Wed 01 Jan 2025 11:48:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204953
IP address blocks:        195.136.154.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:30:dd:2a:b7:91:ec:78:84:83:ae:ec:40:90:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 11:48:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3e209490803f3a85b97364ae846b17f2b9a869d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:54:f7:88:b4:8c:30:3e:42:18:d2:78:43:bd:
                    89:90:e4:21:70:13:5e:3f:b7:1b:d0:97:37:3f:20:
                    13:dc:bd:5f:d9:21:65:7a:c2:5c:a2:3b:28:63:ef:
                    20:34:de:8e:1f:44:e1:bd:a6:5f:b3:1f:5a:11:e7:
                    f9:c3:8e:f9:a3:55:d1:6c:1f:d1:d8:e8:ae:d1:66:
                    f3:2d:48:74:1a:92:2d:43:da:22:6b:98:4e:b4:2b:
                    3b:eb:5f:05:80:9c:d1:d3:be:ce:a9:f7:12:6b:f3:
                    89:25:f7:fe:f3:a8:26:a3:32:ee:3e:0c:08:c9:45:
                    c8:83:a9:bf:01:93:6f:25:08:a4:85:12:08:fc:fa:
                    f0:31:7d:d9:9b:6e:10:ba:9e:95:8b:14:9b:18:9b:
                    74:2f:17:69:d0:e1:11:a3:fc:e0:5b:bd:2e:34:6a:
                    69:0b:bf:60:56:fd:bd:f7:08:08:6f:87:81:82:22:
                    b7:af:16:5a:de:8f:c2:64:74:4b:4c:af:ed:80:4d:
                    07:97:af:e0:57:e2:79:05:41:7e:e4:71:5d:df:83:
                    1c:af:02:86:9c:af:9e:5b:58:b9:a0:d7:97:c4:a5:
                    be:35:44:60:c5:8c:22:3c:bf:ca:9d:6c:b8:dc:5d:
                    e3:c7:62:46:42:59:57:d8:f0:cf:60:ed:fa:9a:71:
                    80:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:20:94:90:80:3F:3A:85:B9:73:64:AE:84:6B:17:F2:B9:A8:69:D6
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/PiCUkIA_OoW5c2SuhGsX8rmoadY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.136.154.0/23

    Signature Algorithm: sha256WithRSAEncryption
         47:ab:f8:1f:12:9b:4e:57:65:f4:de:b8:87:16:a4:7a:d1:20:
         a2:a6:c3:65:3a:91:f8:18:49:7d:12:a4:00:d4:d8:33:db:cb:
         95:ed:8e:33:4c:7f:21:1e:e0:9c:27:69:70:f0:77:42:3d:34:
         f1:c1:ca:80:f9:04:71:a8:8f:d6:d7:85:30:9b:92:d7:27:09:
         d1:56:75:9c:1d:d0:5f:91:06:ca:fd:8b:99:a3:87:7c:78:3f:
         b8:a6:4f:dd:40:8c:95:00:82:83:e5:a3:bc:43:e9:1d:19:3c:
         6d:cd:19:cb:f6:76:47:fa:6f:bb:15:dd:e8:8b:81:14:c8:ea:
         c9:f2:e3:0e:aa:d8:4a:9b:4b:98:92:72:5f:d8:f4:fc:b4:f3:
         18:1b:6b:f0:bd:49:8d:cc:9a:8a:b4:e1:48:3b:90:77:f4:55:
         b3:1d:1e:f7:db:38:a5:56:d6:a6:79:c0:cb:a2:dd:a8:27:50:
         a3:c0:a7:d1:a8:d9:62:79:fb:61:81:d7:03:58:9a:83:76:09:
         d5:c1:65:8a:72:49:eb:3b:3a:34:de:d3:94:f0:ea:86:ae:3c:
         8a:99:77:d6:2f:58:6a:07:73:8b:63:d6:4b:eb:37:00:4b:99:
         e2:63:6b:7e:bf:07:b7:e5:d5:6c:ec:01:1a:04:5c:e5:53:6a:
         6e:0b:d8:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsjDdKreR7HiEg67sQJBPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjUwMTAxMTE0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTIwOTQ5MDgwM2YzYTg1Yjk3MzY0YWU4NDZiMTdmMmI5YTg2OWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVT3iLSMMD5CGNJ4Q72JkOQhcBNe
P7cb0Jc3PyAT3L1f2SFlesJcojsoY+8gNN6OH0ThvaZfsx9aEef5w475o1XRbB/R
2Oiu0WbzLUh0GpItQ9oia5hOtCs7618FgJzR077OqfcSa/OJJff+86gmozLuPgwI
yUXIg6m/AZNvJQikhRII/PrwMX3Zm24Qup6VixSbGJt0Lxdp0OERo/zgW70uNGpp
C79gVv299wgIb4eBgiK3rxZa3o/CZHRLTK/tgE0Hl6/gV+J5BUF+5HFd34McrwKG
nK+eW1i5oNeXxKW+NURgxYwiPL/KnWy43F3jx2JGQllX2PDPYO36mnGAPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD4glJCAPzqFuXNkroRrF/K5qGnWMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvUGlDVWtJQV9Pb1c1YzJTdWhHc1g4cm1vYWRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw4iaMA0G
CSqGSIb3DQEBCwUAA4IBAQBHq/gfEptOV2X03riHFqR60SCipsNlOpH4GEl9EqQA
1Ngz28uV7Y4zTH8hHuCcJ2lw8HdCPTTxwcqA+QRxqI/W14Uwm5LXJwnRVnWcHdBf
kQbK/YuZo4d8eD+4pk/dQIyVAIKD5aO8Q+kdGTxtzRnL9nZH+m+7Fd3oi4EUyOrJ
8uMOqthKm0uYknJf2PT8tPMYG2vwvUmNzJqKtOFIO5B39FWzHR732zilVtamecDL
ot2oJ1CjwKfRqNliefthgdcDWJqDdgnVwWWKcknrOzo03tOU8OqGrjyKmXfWL1hq
B3OLY9ZL6zcAS5niY2t+vwe35dVs7AEaBFzlU2puC9jJ
-----END CERTIFICATE-----