Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/Qx-AlZpaPdNQ0LyZ1UVVAnRYN0A.roa
File:                     Qx-AlZpaPdNQ0LyZ1UVVAnRYN0A.roa (raw, json)
Hash identifier:          5//IeIpErwDlVRK68Pg/0m1ERprloSOpJFCdTQsOyVk=
Subject key identifier:   43:1F:80:95:9A:5A:3D:D3:50:D0:BC:99:D5:45:55:02:74:58:37:40
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       018CC2DAD193BCA5F739550151CDAAF28003
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/Qx-AlZpaPdNQ0LyZ1UVVAnRYN0A.roa
Signing time:             Mon 01 Jan 2024 02:29:29 +0000
ROA not before:           Mon 01 Jan 2024 02:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42246
IP address blocks:        82.177.201.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:d1:93:bc:a5:f7:39:55:01:51:cd:aa:f2:80:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 02:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=431f80959a5a3dd350d0bc99d545550274583740
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:22:eb:88:5d:5d:2d:6a:9d:c1:09:6d:79:86:
                    64:50:f5:b1:5f:0c:78:50:d4:ea:a8:72:3a:a9:9a:
                    9e:48:ba:7b:c7:dc:e3:f9:73:aa:5c:21:b8:d3:d4:
                    10:15:1c:75:11:1b:71:cb:f2:65:d0:bc:fb:c0:d2:
                    f9:26:46:1c:0f:e0:ff:17:91:31:54:5f:fe:6f:2a:
                    61:c2:ed:91:9b:ad:c1:6f:e7:c9:22:d5:fa:ce:3a:
                    0f:26:6b:c7:77:fe:ef:8a:23:e5:9a:03:d5:d8:93:
                    1e:bb:a1:3b:c1:4f:55:21:0e:1a:75:fc:14:57:36:
                    1e:5b:0f:07:2d:a9:8e:45:3c:90:ff:55:be:e9:77:
                    36:c5:05:27:09:67:20:d1:57:1c:01:a2:65:62:76:
                    a8:57:61:8c:88:61:e9:96:2f:4a:1f:ab:d8:1e:8a:
                    b3:95:5e:e1:51:ee:7a:7e:9b:ac:d8:0a:09:2b:af:
                    ea:45:9b:54:2f:72:49:9c:58:73:13:d7:d5:93:db:
                    6d:4e:f1:c8:7e:e9:ba:fe:81:d4:39:34:cc:ca:54:
                    7d:53:7e:24:9f:0a:ac:55:b0:97:ef:27:2c:85:da:
                    80:87:8f:57:68:8c:b5:f7:28:3f:75:3b:96:85:c3:
                    ed:93:40:a2:58:81:59:9b:24:1b:59:69:13:f7:52:
                    d3:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:1F:80:95:9A:5A:3D:D3:50:D0:BC:99:D5:45:55:02:74:58:37:40
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/Qx-AlZpaPdNQ0LyZ1UVVAnRYN0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.177.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:15:dd:41:43:e3:87:23:34:d6:6f:e2:c1:cd:af:a8:c5:d4:
         dc:60:4a:86:eb:d3:d0:06:57:2d:a1:d0:bf:8a:02:71:5f:cf:
         37:6d:e4:92:d9:22:ec:a0:0f:67:4b:3d:84:de:7b:8f:bc:7f:
         05:12:fd:f0:e2:b0:69:f8:e0:11:a8:00:d8:31:39:3b:81:df:
         ef:60:0a:3c:f9:68:25:fa:9f:e8:fc:47:92:c7:0b:8a:f0:99:
         6c:b0:e4:9a:da:ef:47:c7:d2:24:50:c4:d9:98:b5:6d:1a:00:
         c0:57:92:56:5b:fe:b1:cf:e9:7e:b7:ec:33:4e:b7:ae:7b:ee:
         c9:6c:6a:0b:71:cc:62:3a:50:5c:6f:19:3e:6d:c4:48:c5:66:
         e6:d3:ad:b8:74:87:0b:5d:a7:41:8c:c5:e0:91:ea:59:e3:1e:
         5e:07:9f:be:d5:d3:37:66:fb:e3:82:87:72:46:7a:c5:a8:73:
         a7:e0:9a:a4:18:7d:58:73:a2:00:8c:6c:98:1b:53:b5:c1:95:
         fa:29:92:c3:8c:a9:40:3c:cc:6e:b2:6a:3e:24:7c:f6:d9:b1:
         f4:62:83:36:19:87:f5:46:02:48:25:81:a2:4e:08:6a:39:9e:
         cd:63:6b:17:12:d8:29:c1:3c:6b:62:27:92:c2:1a:e8:d0:47:
         af:25:87:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2tGTvKX3OVUBUc2q8oADMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjQwMTAxMDIyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzFmODA5NTlhNWEzZGQzNTBkMGJjOTlkNTQ1NTUwMjc0NTgzNzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9SLriF1dLWqdwQlteYZkUPWxXwx4
UNTqqHI6qZqeSLp7x9zj+XOqXCG409QQFRx1ERtxy/Jl0Lz7wNL5JkYcD+D/F5Ex
VF/+byphwu2Rm63Bb+fJItX6zjoPJmvHd/7viiPlmgPV2JMeu6E7wU9VIQ4adfwU
VzYeWw8HLamORTyQ/1W+6Xc2xQUnCWcg0VccAaJlYnaoV2GMiGHpli9KH6vYHoqz
lV7hUe56fpus2AoJK6/qRZtUL3JJnFhzE9fVk9ttTvHIfum6/oHUOTTMylR9U34k
nwqsVbCX7ycshdqAh49XaIy19yg/dTuWhcPtk0CiWIFZmyQbWWkT91LTBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEMfgJWaWj3TUNC8mdVFVQJ0WDdAMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvUXgtQWxacGFQZE5RMEx5WjFVVlZBblJZTjBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUrHJMA0G
CSqGSIb3DQEBCwUAA4IBAQAHFd1BQ+OHIzTWb+LBza+oxdTcYEqG69PQBlctodC/
igJxX883beSS2SLsoA9nSz2E3nuPvH8FEv3w4rBp+OARqADYMTk7gd/vYAo8+Wgl
+p/o/EeSxwuK8JlssOSa2u9Hx9IkUMTZmLVtGgDAV5JWW/6xz+l+t+wzTreue+7J
bGoLccxiOlBcbxk+bcRIxWbm0624dIcLXadBjMXgkepZ4x5eB5++1dM3Zvvjgody
RnrFqHOn4JqkGH1Yc6IAjGyYG1O1wZX6KZLDjKlAPMxusmo+JHz22bH0YoM2GYf1
RgJIJYGiTghqOZ7NY2sXEtgpwTxrYieSwhro0EevJYca
-----END CERTIFICATE-----