Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/TAVs2KKJJiL83KvNG6upB5UmXYg.roa
File:                     TAVs2KKJJiL83KvNG6upB5UmXYg.roa (raw, json)
Hash identifier:          eQNZhXFXt/RLMZ3mr4iNR8r+ilIlXzaJglLtWTIJ8t0=
Subject key identifier:   4C:05:6C:D8:A2:89:26:22:FC:DC:AB:CD:1B:AB:A9:07:95:26:5D:88
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       018CC2DAD0C4A92C2D092D42F583677F88F4
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/TAVs2KKJJiL83KvNG6upB5UmXYg.roa
Signing time:             Mon 01 Jan 2024 02:29:29 +0000
ROA not before:           Mon 01 Jan 2024 02:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39437
IP address blocks:        195.136.79.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:d0:c4:a9:2c:2d:09:2d:42:f5:83:67:7f:88:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 02:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c056cd8a2892622fcdcabcd1baba90795265d88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:ab:02:91:e9:7f:3a:38:8f:31:1a:c3:44:b8:
                    37:8f:0a:f1:52:dc:ce:25:e1:ae:de:74:45:7b:5d:
                    30:85:0c:25:2a:6d:13:0d:0b:8c:eb:86:ac:8d:83:
                    e9:9a:73:81:92:f8:66:43:1e:7c:e1:b0:12:41:bf:
                    92:59:af:7c:1e:2a:63:39:4b:e5:ed:11:81:51:23:
                    53:5d:84:80:3d:04:39:85:72:64:83:39:6b:9b:ff:
                    a2:f2:46:9a:dc:2c:33:71:37:00:50:b9:b9:4c:4e:
                    2d:50:9d:ca:21:11:1d:bf:18:d8:c5:1d:4f:28:b8:
                    06:fd:2b:f5:da:49:a3:d9:73:41:3b:83:37:df:94:
                    be:58:21:44:a9:74:d9:97:37:4c:91:b0:5b:4f:8a:
                    31:a2:ee:3b:d8:8c:20:b9:24:4a:5e:c7:2a:f8:c9:
                    57:0c:eb:d4:11:00:25:f7:10:75:c4:5e:c9:68:72:
                    0c:81:b5:81:eb:3c:34:66:ce:e5:b5:ef:cc:ea:d9:
                    d6:bc:1e:1a:58:64:62:c8:ec:8d:cb:bb:02:c6:91:
                    b9:bd:0f:76:ae:01:24:34:fd:c9:8d:2c:f7:11:e6:
                    d6:23:40:bc:5b:26:ee:12:f4:7c:53:06:69:47:9d:
                    2c:f1:c1:35:f0:d1:1b:67:e5:92:49:7c:2b:2a:e9:
                    47:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:05:6C:D8:A2:89:26:22:FC:DC:AB:CD:1B:AB:A9:07:95:26:5D:88
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/TAVs2KKJJiL83KvNG6upB5UmXYg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.136.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:1a:9e:cf:21:9c:6b:06:eb:30:d6:92:bd:c0:a6:f0:44:48:
         0c:4a:11:4d:71:e4:ab:d1:77:45:4f:9c:76:35:a7:0e:41:2a:
         7f:66:ea:b0:0d:fa:61:94:93:c5:b4:a0:82:54:94:bd:69:77:
         4c:78:42:a8:ef:39:39:14:ff:59:bd:ce:34:02:f2:35:18:b0:
         61:fe:f2:83:8a:a0:dd:f9:93:d8:7d:0a:3c:47:df:3e:12:e5:
         a0:53:fe:a0:b3:3a:07:07:9b:4f:92:76:4d:25:9a:a8:a0:f1:
         ce:0f:96:f7:6a:c6:85:90:de:0a:07:af:e8:08:ee:b8:ff:db:
         93:7a:d5:b7:f3:d1:fd:c4:3a:a2:42:e2:17:02:95:78:fc:a1:
         4c:9c:82:5d:05:51:b6:3e:5a:ea:22:f8:68:04:87:f6:7b:20:
         b1:10:5f:2d:ed:8d:b4:8a:07:b6:cd:45:16:8c:e4:dc:f9:4c:
         c3:1a:29:8a:c7:f7:89:e6:e9:8f:ec:e0:03:53:0f:32:11:25:
         1a:21:dc:73:22:89:54:dd:f1:4b:05:e9:d6:5a:3a:a5:8c:9d:
         af:dc:13:58:05:75:05:df:19:f2:bd:43:73:64:cd:cc:1b:9a:
         6b:22:0f:c7:dc:3a:13:cc:7d:52:66:06:59:53:65:ad:cf:aa:
         a7:5f:65:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2tDEqSwtCS1C9YNnf4j0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjQwMTAxMDIyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzA1NmNkOGEyODkyNjIyZmNkY2FiY2QxYmFiYTkwNzk1MjY1ZDg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtasCkel/OjiPMRrDRLg3jwrxUtzO
JeGu3nRFe10whQwlKm0TDQuM64asjYPpmnOBkvhmQx584bASQb+SWa98HipjOUvl
7RGBUSNTXYSAPQQ5hXJkgzlrm/+i8kaa3CwzcTcAULm5TE4tUJ3KIREdvxjYxR1P
KLgG/Sv12kmj2XNBO4M335S+WCFEqXTZlzdMkbBbT4oxou472IwguSRKXscq+MlX
DOvUEQAl9xB1xF7JaHIMgbWB6zw0Zs7lte/M6tnWvB4aWGRiyOyNy7sCxpG5vQ92
rgEkNP3JjSz3EebWI0C8WybuEvR8UwZpR50s8cE18NEbZ+WSSXwrKulHCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEwFbNiiiSYi/NyrzRurqQeVJl2IMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvVEFWczJLS0pKaUw4M0t2Tkc2dXBCNVVtWFlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4hPMA0G
CSqGSIb3DQEBCwUAA4IBAQAuGp7PIZxrBusw1pK9wKbwREgMShFNceSr0XdFT5x2
NacOQSp/ZuqwDfphlJPFtKCCVJS9aXdMeEKo7zk5FP9Zvc40AvI1GLBh/vKDiqDd
+ZPYfQo8R98+EuWgU/6gszoHB5tPknZNJZqooPHOD5b3asaFkN4KB6/oCO64/9uT
etW389H9xDqiQuIXApV4/KFMnIJdBVG2PlrqIvhoBIf2eyCxEF8t7Y20ige2zUUW
jOTc+UzDGimKx/eJ5umP7OADUw8yESUaIdxzIolU3fFLBenWWjqljJ2v3BNYBXUF
3xnyvUNzZM3MG5prIg/H3DoTzH1SZgZZU2Wtz6qnX2Vg
-----END CERTIFICATE-----